Mandatory PCI Compliance: With PayPal, it’s easy

PayPal and PCI compliance

PayPal adheres to international PCI (payment card industry) compliance standards for data security. With PayPal Payments Standard, Email Payments, and Payflow Link*, PayPal handles the payment card information for you. So you don’t have to worry about your buyers’ payment card security or about compliance with PCI DSS for your business.††

If you’re using PayPal Payments Pro, Payflow Pro, or Virtual Terminal, consult our free guide to help ensure that you’re PCI compliant.

What is PCI compliance?
Payment Card Industry Data Security Standards (PCI DSS) are network security and business practice guidelines adopted by Visa, MasterCard, American Express, Discover Card, and JCB to establish a “minimum security standard” to protect customer’s payment card information. It’s a requirement for all merchants that store, transmit, or process payment card information.

How does my business become PCI compliant?
You can either use PayPal Payments Standard, Email Payments, or Payflow Link.* Or if you are storing, transmitting, or processing payment card information, you must:

  • Build and maintain a secure network to protect payment card information
  • Maintain a vulnerability management program
  • Implement strong access control measures
  • Regularly monitor and test networks
  • Pass quarterly remove vulnerability scans
  • And more …

PayPal helps
PayPal has partnered with ScanAlert, a Visa and MasterCard-certified PCI vendor, to help our customers comply at no cost for the first year. Enroll online with ScanAlert at:

For more information about PCI compliance, download our free guide to winning your customers’ trust.

Our PCI Compliance can be validated at
* PayPal is not responsible for PCI Compliance if you store, transmit, or process payment card information.
†† All card data must be stored, transmitted, and processed by PayPal and not by the merchant.