Can PayPal take care of PCI for me?

As a merchant accepting card payments you are required to comply with PCI DSS. As a service provider, PayPal is also required to comply with PCI DSS. The majority of our products can form part of your PCI DSS compliance solution by easing the burden of PCI compliance for you, however, for some of our products you are responsible for ensuring you are compliant.

PCI compliance handled by PayPal

With Website Payments Standard, Online Invoicing, Express Checkout and Website Payments Pro Hosted, PayPal handles the payment card information on your behalf and so greatly eases the burden of PCI compliance.

PCI compliance handled by you

If you use Website Payments Pro or Virtual Terminal, it means that you handle card data directly and will need to ensure you are PCI compliant. You can use one of our PCI compliant partners or register with Trustwave to help you become compliant.

Why comply?

PCI DSS is a mandatory industry regulation. Becoming compliant can help your business and avoid future problems with data security.

How PCI DSS can help your business:

  • Identify risks in the way you store or transmit customer data
  • Set a clear path of action to address any data security risks
  • Make sure your service providers do not put your data security at risk
  • Show your customers that you take data security seriously

How PCI DSS can help you avoid problems:

  • Reduce the risk of liabilities such as the cost of any fraud on compromised card accounts
  • If your security is breached, legal and investigation costs can be substantial
  • Protect your reputation and build trust with your customers
  • Prevent disruption to your business

What happens if my business doesn't comply?

From a PayPal perspective, your Website Payments Pro account may be limited and eventually suspended. You can also be fined by the card schemes (MasterCard, Visa etc) when a data breach occurs.

Get help with PCI compliance
See our list of PCI compliant partners or register with Trustwave.