How PayPal helps keep you secure.

Apr 30 2018 | Alice Wong, Small business - North Americas, PayPal

Learn how everything we do around security aims to live up to our commitment that PayPal is the "secure way to pay and be paid." 
As a strategic business priority, we work hard every day to fight cybercrime, and we also invest heavily in trying to keep our sites and services as secure as possible. Here are just a few ways we help you stay secure:
 
1. PayPal security key.
Using the PayPal security key is optional, but it’s a highly recommended way to keep your account secure. The PayPal security key is a two-step authentication that sends you a one-time personal identification number (PIN), which is unique for each login session. You use this temporary code, and your password, to log in to your PayPal account. Activate your security key here.

2. Data encryption. 
End-to-end encryption is an important element in helping keep your data and PayPal transactions secure. Our team of security and compliance experts is dedicated to educating customers on industry standards, and implementing methods like:
  • Secure HTTPS connections and strong TLS configurations. When you register or log into PayPal from your computer or mobile device, we make sure it’s a secure HTTPS connection (HSTS), and a strong TLS configuration*. Strong TLS configurations are the current industry standard for trusted communication channels and allow your information to transmit across the internet in a secure manner. And, only allowing HTTPS connections helps to reduce your susceptibility to some passive and active attacks.
  • Key pinning. We implement key pinning when you access PayPal via an IOS or Android app. When your mobile device establishes a TLS connection, key pinning ensures it connects to a true PayPal server, instead of someone posing us.  
  • Data protection compliance. We comply with stringent data protection requirements, while in transit and at rest, such as PCI-DSS. In addition to industry and regulatory encryption requirements, PayPal’s Information Security Policies and Controls are reviewed by independent third parties to the following industry standards and guidelines: American Institute of Certified Public Accountants SSAE16 SOC1, AT101 SOC2, Sarbanes-Oxley.
3. Email confirmations. 
Anytime you send or receive a PayPal payment, we'll send you an email to confirm the transaction. If you ever receive a confirmation email for a transaction you didn't make, let us know right away, and we'll launch an investigation.
 

Our security measures help protect your information, but you should also take some steps to beef up security. There are lots of ways you can be proactive about protecting yourself from the threat of malicious software.
 
You can access additional information about protecting your online security by reviewing our FAQs at the bottom of this page.
 

The contents of this site are provided for informational purposes only. You should always obtain independent, professional accounting, financial, and legal advice before making any business decision.

*TLS 1.2 or higher by the end of June 2018.

Was this content helpful?

Frequently asked questions.

No. PayPal does not sell your personal data. 
You get the same security you’re used to with PayPal:
  • We automatically encrypt your confidential info in transit from your computer to ours using the Secure Sockets Layer protocol (SSL) with an encryption key length of 128-bits (the highest level commercially available). Before you even register or log in to the PayPal site, our server checks that you're using an approved browser   one that uses SSL 3.0 or higher.
Learn more about how PayPal keeps your information secure here.
 
Will any of my information be shared?
The only information available publicly through your PayPal.Me link will be your Profile photo (if you have one), the name associated with the account, a cover photo if you added one, the personal note, and your city and state/country according to your preferences. 
 
This information is displayed to reassure your friends and family that they are paying the right person.
 
Someone else is using a PayPal.Me link that infringes my intellectual property rights. What can I do about that?
Use of a PayPal.Me link that infringes the intellectual property rights of a third person is prohibited under the PayPal.Me Terms and Conditions. It is our policy to deactivate any infringing links that are reported to us together with adequate supporting information. To submit a report, please follow the instructions in our Infringement Report Policy.
 
What are PayPal Confirmed Charities?
PayPal Confirmed Charities is a process for confirming that every entity that registers with PayPal as a charity is properly registered and in good-standing according to local regulations, and that these charities own the bank accounts they provide to PayPal, ensuring funds you donate reach the charity you selected. Whenever you donate through PayPal.Me, look for the ribbon symbol next to the charity name to ensure that the charity is confirmed.

You can correct your data by logging into PayPal. You can also contact us and request we correct the data for you.

We can only correct personal data when requested by the owner of that data or by a party authorized by the account holder.  

If you want us to correct data that we’re legally required to verify as a financial services provider we may request additional information from you to confirm your personal data (ex., marriage license to confirm a name change).

As part of any request to correct data, we’ll conduct reasonable verification checks to ensure the security of the data. We reserve the right to not allow data to be altered if we’re unable to verify your identity, if there is a conflicting legal obligation, or if doing so would put PayPal or other parties at risk. 

You can access your personal data by logging into PayPal. If requested, PayPal will also provide you with a copy of this data. Contact us to submit your request.   

We only disclose personal data to the owner of that data or to a party authorized by the account holder.

We can usually authenticate you when you log into your account but reserve the right to disallow access to data if we’re unable to verify your identity, if there’s a conflicting legal obligation, or if doing so would put PayPal or other parties at risk. To ensure the security of your personal data, in these very specific and infrequent cases, we’ll conduct reasonable ID and verification checks as part of any request to access data to make sure you’re the account holder.  

We’ll use cookies to improve and customize your experience if you continue to browse. Is it OK if we also use cookies to show you personalized ads? Learn more and manage your cookies