How PayPal helps keep you secure.
1. PayPal security key.
Using the PayPal security key is optional, but it’s a highly recommended way to keep your account secure. The PayPal security key is a two-step authentication that sends you a one-time personal identification number (PIN), which is unique for each login session. You use this temporary code, and your password, to log in to your PayPal account. Activate your security key here.
2. Data encryption.
End-to-end encryption is an important element in helping keep your data and PayPal transactions secure. Our team of security and compliance experts is dedicated to educating customers on industry standards, and implementing methods like:
- Secure HTTPS connections and strong TLS configurations. When you register or log into PayPal from your computer or mobile device, we make sure it’s a secure HTTPS connection (HSTS), and a strong TLS configuration*. Strong TLS configurations are the current industry standard for trusted communication channels and allow your information to transmit across the internet in a secure manner. And, only allowing HTTPS connections helps to reduce your susceptibility to some passive and active attacks.
- Key pinning. We implement key pinning when you access PayPal via an IOS or Android app. When your mobile device establishes a TLS connection, key pinning ensures it connects to a true PayPal server, instead of someone posing us.
- Data protection compliance. We comply with stringent data protection requirements, while in transit and at rest, such as PCI-DSS. In addition to industry and regulatory encryption requirements, PayPal’s Information Security Policies and Controls are reviewed by independent third parties to the following industry standards and guidelines: American Institute of Certified Public Accountants SSAE16 SOC1, AT101 SOC2, Sarbanes-Oxley.
Anytime you send or receive a PayPal payment, we'll send you an email to confirm the transaction. If you ever receive a confirmation email for a transaction you didn't make, let us know right away, and we'll launch an investigation.
Our security measures help protect your information, but you should also take some steps to beef up security. There are lots of ways you can be proactive about protecting yourself from the threat of malicious software.
You can access additional information about protecting your online security by reviewing our FAQs at the bottom of this page.
The contents of this site are provided for informational purposes only. You should always obtain independent, professional accounting, financial, and legal advice before making any business decision.
*TLS 1.2 or higher by the end of June 2018.
Frequently asked questions.
- We automatically encrypt your confidential info in transit from your computer to ours using the Secure Sockets Layer protocol (SSL) with an encryption key length of 128-bits (the highest level commercially available). Before you even register or log in to the PayPal site, our server checks that you're using an approved browser one that uses SSL 3.0 or higher.
You can correct your data by logging into PayPal. You can also contact us and request we correct the data for you.
We can only correct personal data when requested by the owner of that data or by a party authorized by the account holder.
If you want us to correct data that we’re legally required to verify as a financial services provider we may request additional information from you to confirm your personal data (ex., marriage license to confirm a name change).
As part of any request to correct data, we’ll conduct reasonable verification checks to ensure the security of the data. We reserve the right to not allow data to be altered if we’re unable to verify your identity, if there is a conflicting legal obligation, or if doing so would put PayPal or other parties at risk.
You can access your personal data by logging into PayPal. If requested, PayPal will also provide you with a copy of this data. Contact us to submit your request.
We only disclose personal data to the owner of that data or to a party authorized by the account holder.
We can usually authenticate you when you log into your account but reserve the right to disallow access to data if we’re unable to verify your identity, if there’s a conflicting legal obligation, or if doing so would put PayPal or other parties at risk. To ensure the security of your personal data, in these very specific and infrequent cases, we’ll conduct reasonable ID and verification checks as part of any request to access data to make sure you’re the account holder.