How PayPal helps keep you secure.

Apr 30 2018 | Alice Wong, Small business - North Americas, PayPal

Learn how everything we do around security aims to live up to our commitment that PayPal is the "secure way to pay and be paid." 
As a strategic business priority, we work hard every day to fight cybercrime, and we also invest heavily in trying to keep our sites and services as secure as possible. Here are just a few ways we help you stay secure:
 
1. PayPal security key.
Using the PayPal security key is optional, but it’s a highly recommended way to keep your account secure. The PayPal security key is a two-step authentication that sends you a one-time personal identification number (PIN), which is unique for each login session. You use this temporary code, and your password, to log in to your PayPal account. Activate your security key here.

2. Data encryption. 
End-to-end encryption is an important element in helping keep your data and PayPal transactions secure. Our team of security and compliance experts is dedicated to educating customers on industry standards, and implementing methods like:
  • Secure HTTPS connections and strong TLS configurations. When you register or log into PayPal from your computer or mobile device, we make sure it’s a secure HTTPS connection (HSTS), and a strong TLS configuration*. Strong TLS configurations are the current industry standard for trusted communication channels and allow your information to transmit across the internet in a secure manner. And, only allowing HTTPS connections helps to reduce your susceptibility to some passive and active attacks.
  • Key pinning. We implement key pinning when you access PayPal via an IOS or Android app. When your mobile device establishes a TLS connection, key pinning ensures it connects to a true PayPal server, instead of someone posing us.  
  • Data protection compliance. We comply with stringent data protection requirements, while in transit and at rest, such as PCI-DSS. In addition to industry and regulatory encryption requirements, PayPal’s Information Security Policies and Controls are reviewed by independent third parties to the following industry standards and guidelines: American Institute of Certified Public Accountants SSAE16 SOC1, AT101 SOC2, Sarbanes-Oxley.
3. Email confirmations. 
Anytime you send or receive a PayPal payment, we'll send you an email to confirm the transaction. If you ever receive a confirmation email for a transaction you didn't make, let us know right away, and we'll launch an investigation.
 

Our security measures help protect your information, but you should also take some steps to beef up security. There are lots of ways you can be proactive about protecting yourself from the threat of malicious software.
 
You can access additional information about protecting your online security by reviewing our FAQs at the bottom of this page.
 

The contents of this site are provided for informational purposes only. You should always obtain independent, professional accounting, financial, and legal advice before making any business decision.

*TLS 1.2 or higher by the end of June 2018.

Was this content helpful?

Frequently asked questions.

No. PayPal does not sell your personal data. 
PayPal Payments Standard is the easiest way to securely accept debit and credit cards, PayPal and PayPal Credit. It takes the hassle out of accepting payments online. You handle the sales. We handle everything from the checkout process to security and mobile compatibility. Plus:
  • No advanced programming is needed.
  • Your customers don’t need a PayPal account to pay you.
  • It’s optimized for customers on smartphones or tablets.
And unlike many full payment-processing solutions, PayPal Payments Standard has no application, setup or monthly fees, or long-term commitments. You start paying when you start selling.

What can I do with PayPal Payments Standard?

PayPal Payments Standard lets you accept credit and debit cards on your website or through an online marketplace such as eBay or Etsy. Buying is straightforward: We handle the checkout process and then send customers back to your site. Fees are a flat amount per transaction, so selling is just as simple. To see all discounts and fees, take a look at our fees page.

You can use PayPal Payments Standard to send invoices online too, so you can get paid sooner. For offline payments, you can add PayPal Here, a mobile payments solution, to your account to let you take payments on the go using your smartphone or tablet. (alternate rates apply).

With PayPal Payments Standard, you’re also eligible to apply for the free PayPal Business Debit Mastercard®.

As with all of our payment solutions, PayPal Payments Standard helps protect your business with our Automatic Fraud Screening, industry-leading data security and reliable customer service.

Get Started Now.

Personal data is any information that, by itself or in combination with other information, may be used to identify an individual. Examples of personal information include name, home address, email address, phone number, or financial information. 

As explained in our Privacy Statement, we use your personal data to process payments, prevent fraud and abuse, resolve disputes, create a personalized experience, and inform you about offers, products and services. We may also use your personal data with your consent. 

We understand how important your data is to you. We’re committed to keeping it secure and in line with applicable laws and regulations, as well as industry-leading privacy standards. 

If you’d like more information about PayPal’s data practices including what data we collect and how we use it, visit our Privacy Statement

The PayPal Developer Portal offers support for developers who have questions about technical topics, such as APIs or integration. Below is a list of common topics searched for by developers. You can also browse and search on the Developer Portal for additional topics.

Account Authentication
Information about validating your visitor's PayPal account.

Encrypted Website Payments
To make online payments more secure, you can make Encrypted Website Payment buttons that rely on standard public key encryption for protection.

Identity API
PayPal offers a secure commerce Identity API that lets your customers sign in to your web site using their PayPal credentials.

Instant Payment Notification
Instant Payment Notification is a message service that automatically notifies merchants of events related to PayPal transactions.

Invoicing
Merchants, developers, and business solution providers use Invoicing APIs to automate the creation, delivery, tracking, and reconciliation of invoices with an integrated payments solution.

Mobile SDK
Accept PayPal, credit cards and other payments methods through mobile apps.

Name-Value Pair (NVP) API
Information and support on name value pairs and NVP SDKs.

PayPal Checkout
PayPal Checkout gives your buyers a simplified and secure checkout experience that keeps them local to your website or mobile app throughout the payment process.

Payflow Gateway
Payflow Pro is a high performance TCP/IP-based client-server architecture solution. It includes a secure payment gateway that gives merchants total control over the payment process.

PayPal Sandbox Support
Information and support for users testing in the PayPal Sandbox environment.

PayPal Shopping Cart
The PayPal Shopping Cart system allows buyers to select multiple items on your website and pay for them with a single payment.

Permissions Service API
PayPal's permissions service enables you to request and obtain authorization to make API calls and take action on behalf of your customers.

SOAP
The PayPal SOAP API is based on open standards known collectively as web services, which include the Simple Object Access Protocol (SOAP), Web Services Definition Language (WSDL), and the XML Schema Definition language (XSD).

Testing Your Apps in Sandbox
A guide for developers testing their apps in the PayPal Sandbox environment.

Virtual Terminal
Information about PayPal's Virtual Terminal - a web-based application that processes credit and debit cards, replacing swipe machines.

Website Payments Pro
PayPal's Website Payments Pro is an API-based solution that enables merchants and developers to accept credit cards, debit cards, and PayPal payments directly on their website.
 
PayPal Payments Standard
You can accept credit cards online easily and offers a streamlined checkout experience to customers using mobile devices.

We’ll use cookies to improve and customize your experience if you continue to browse. Is it OK if we also use cookies to show you personalized ads? Learn more and manage your cookies