How PayPal helps keep you secure.

Apr 30 2018 | Alice Wong, Small business - North Americas, PayPal

Learn how everything we do around security aims to live up to our commitment that PayPal is the "secure way to pay and be paid." 
As a strategic business priority, we work hard every day to fight cybercrime, and we also invest heavily in trying to keep our sites and services as secure as possible. Here are just a few ways we help you stay secure:
1. PayPal security key.
Using the PayPal security key is optional, but it’s a highly recommended way to keep your account secure. The PayPal security key is a two-step authentication that sends you a one-time personal identification number (PIN), which is unique for each login session. You use this temporary code, and your password, to log in to your PayPal account. Activate your security key here.

2. Data encryption. 
End-to-end encryption is an important element in helping keep your data and PayPal transactions secure. Our team of security and compliance experts is dedicated to educating customers on industry standards, and implementing methods like:
  • Secure HTTPS connections and strong TLS configurations. When you register or log into PayPal from your computer or mobile device, we make sure it’s a secure HTTPS connection (HSTS), and a strong TLS configuration*. Strong TLS configurations are the current industry standard for trusted communication channels and allow your information to transmit across the internet in a secure manner. And, only allowing HTTPS connections helps to reduce your susceptibility to some passive and active attacks.
  • Key pinning. We implement key pinning when you access PayPal via an IOS or Android app. When your mobile device establishes a TLS connection, key pinning ensures it connects to a true PayPal server, instead of someone posing us.  
  • Data protection compliance. We comply with stringent data protection requirements, while in transit and at rest, such as PCI-DSS. In addition to industry and regulatory encryption requirements, PayPal’s Information Security Policies and Controls are reviewed by independent third parties to the following industry standards and guidelines: American Institute of Certified Public Accountants SSAE16 SOC1, AT101 SOC2, Sarbanes-Oxley.
3. Email confirmations. 
Anytime you send or receive a PayPal payment, we'll send you an email to confirm the transaction. If you ever receive a confirmation email for a transaction you didn't make, let us know right away, and we'll launch an investigation.

Our security measures help protect your information, but you should also take some steps to beef up security. There are lots of ways you can be proactive about protecting yourself from the threat of malicious software.
You can access additional information about protecting your online security by reviewing our FAQs at the bottom of this page.

The contents of this site are provided for informational purposes only. You should always obtain independent, professional accounting, financial, and legal advice before making any business decision.

*TLS 1.2 or higher by the end of June 2018.

Was this content helpful?

Frequently asked questions.

The PayPal Secure FTP Server is a secure File Transfer Protocol (SFTP) server, provided to enable business partners and large merchants to programmatically retrieve results of PayPal processing in the form of output data, such as PayPal reports. You can get programmatic access to the server through any SFTP client of your choice, such as WinSCP, Cyberduck, or FileZilla.

Customers must apply for access to PayPal's secure FTP server, and once they have it, must create a unique user account.
  • If you have an Account Manager - Contact your PayPal Account Manager to sign up for access to the secure FTP server. Your Account Manager will send a notice to your primary email address when access has been granted.
  • If you don't have an Account Manager - Contact Merchant Support. Agents are available from 6:00 A.M. Central Time to 11:00 P.M. Central Time Monday through Friday, and 8:00 A.M. to 10:00 P.M. Central Time Saturday and Sunday.
  • Outside of the US  - Contact PayPal Technical Support via your local PayPal phone numbers.

Creating a secure FTP server user account
Here's how to create a secure FTP server user account once your SFTP access has been approved:
  1. Click the Settings icon next to "Log out."
  2. Click Account access under "Account & Security" on the left of the page.
  3. Click Update next to "Secure FTP."
  4. On the Secure FTP Server Users page, click Add.
  5. On the Security Measures page, confirm your identity by re-entering the full bank account number associated with your PayPal account, then click Submit.
  6. On the Create Secure FTP Server User page, choose a Name, Access Type and Password for your account. Agree to the Terms of Use, then click Create User.
  7. The Secure FTP Server Users page displays the new user information.
  • It can take up to 48 hours to create a Secure FTP Server user.
  • Once the user has been created and the Secure FTP Server is ready for use, PayPal sends an email message to the business partner’s primary email address.

Accessing reports via SFTP

The hostname of PayPal's SFTP server is The server uses the following directory structure: ppreports/outgoing (to hold report files).

You'll find the file naming conventions for individual reports on the Secure FTP Server detailed in the Secure FTP Server Specification. This specification includes an excellent example of a UNIX shell script for retrieving reports.
Yes. Your organization is responsible for ensuring that PCI standards are met for all electronic donations, regardless of dollar amount or number of transactions. However, if your organization uses PayPal Payments, the PCI burden is lessened to PayPal because all financial transactions take place on PayPal’s secure servers. For PayPal transactions, your organization won’t have access to or be responsible for sensitive transactional data.
PayPal Payments Standard is the easiest way to securely accept debit and credit cards, PayPal and PayPal Credit. It takes the hassle out of accepting payments online. You handle the sales. We handle everything from the checkout process to security and mobile compatibility. Plus:
  • No advanced programming is needed.
  • Your customers don’t need a PayPal account to pay you.
  • It’s optimized for customers on smartphones or tablets.
And unlike many full payment-processing solutions, PayPal Payments Standard has no application, setup or monthly fees, or long-term commitments. You start paying when you start selling.

What can I do with PayPal Payments Standard?

PayPal Payments Standard lets you accept credit and debit cards on your website or through an online marketplace such as eBay or Etsy. Buying is straightforward: We handle the checkout process and then send customers back to your site. Fees are a flat amount per transaction, so selling is just as simple. To see all discounts and fees, take a look at our fees page.

You can use PayPal Payments Standard to send invoices online too, so you can get paid sooner. For offline payments, you can add PayPal Here, a mobile payments solution, to your account to let you take payments on the go using your smartphone or tablet. (alternate rates apply).

With PayPal Payments Standard, you’re also eligible to apply for the free PayPal Business Debit MasterCard®.

As with all of our payment solutions, PayPal Payments Standard helps protect your business with our Automatic Fraud Screening, industry-leading data security and reliable customer service.

Get Started Now.
Connect with PayPal, formerly known as Log In with PayPal, allows customers to sign in to your website using their PayPal login credentials. Customers who click the Connect with PayPal button can sign up, log in, and buy items without having to remember another user identity. In addition, their user account data is dynamically updated. This streamlines your sign-up and sign-in processes and gives you access to PayPal's 200 million active users.

Integrating Connect with PayPal means that PayPal takes responsibility for customer financial information. Once you've integrated Connect with PayPal with your app, you can also integrate Express Checkout to provide your customers with a seamless checkout experience.

Connect with PayPal uses the OpenID Connect standard, allowing you to trust that your users are securely logged in. Your system must manage the login and logout sessions, as well as any of the user information provided through PayPal.

See Integrate Connect with PayPal for more information.
Here's how to integrate Connect with PayPal:
  1. Create your PayPal application. See Manage your application for details.
  2. Enable Connect with PayPal for your application. Next, learn how to Provide information for a Connect with PayPal app.
  3. Create a Connect with PayPal dynamic button to integrate to your site.

We’ll use cookies to improve and customize your experience if you continue to browse. Is it OK if we also use cookies to show you personalized ads? Learn more and manage your cookies