• Is PayPal PCI Complaint?

    by
    pciadmin
    Published on 11-12-2011 07:29 PM
    Many companies use PayPal to run their online hosted business website by means of payments. PayPal is one of the easiest and most comfortable ways to accept credit cards and other payments. This is why in such situations it is crucial to be PCI compliant and to ensure cardholder data as well as for millions of customers and business that run an online business using this service. Whether a transaction requires debit cards, bank transfers, credit cards or balance payments, PayPal is known as being a secure solution.




    In this way, all users of PayPal can be confident that this solution is PCI compliant, fact which can be validated at http://www.visa.com/cisp. PayPal offers the below payment solutions:

    • PayPal Website Payments Standard
    • Payflow Link
    • Email Payments

    Regardless of the solution chosen by the user, PayPal handles all cardholder information. This is a great alternative through which many businesses become PCI compliant by means of the services offered and developed by PayPal.
    When using PayPal as a method of payment, in the final shopping stage the customer selects the PayPal payment button existent on your website. Next, he/she is being redirected to the official PayPal website where he/she is required to complete secure payment using the preferred method of payment. In the end, the customer returns to your website while the transaction was completed safely and successfully. However, it is critical to make sure that all cardholder data is stored, processed and transmitted only by PayPal and not by the merchant.


    Why choose to build your business using PayPal?
    Nowadays, it is more affordable if you use an already safe payment method that is PCI compliant instead of applying on your own for becoming PCI compliant. Many costs are being avoided and your customers’ safety is still successfully ensured.
    This is the case of PayPal, where by means of their above solutions you easily build your business by simply introducing basic details about your business, products and services and add the PayPal payment button on your official website. This is how you become aware online by means of PayPal, and you also become PCI compliant.
    In addition, by choosing PayPal to cash in money from your customers you also enjoy great offers in the first year since there are no costs incurred. This is due to the partnership with ScanAlert which is a MasterCard and Visa PCI compliant vendor. You can enrol your business online and enjoy this offer in the first year, an opportunity that will further decrease your costs.
    Similarly, by choosing to use PayPal as a method payment, you increase your array of customers since PayPal has millions of users at world-wide level and ensure security because the industry-leading use of encryption helps PayPal to secure all transactions performed.
    Ultimately, PayPal fits any type of business since it is easily integrated with any type of shopping cart. If you think there could be problems in this area, you can anytime contact the PayPal Integration Center for further information and resources to effectively implement PayPal Website Payment Standard on your website.


    Will my business become PCI compliant?
    If you will decide to implement one of the three main payment options offered by PayPal: PayPal Website Payments Standard, Payflow Link or Email Payments, then you will become PCI complaint.
    However, if you choose to store, transmit or further process the cardholder information, then PayPal will not be held responsible for PCI compliance. In this case you should make sure that you develop and maintain a secure network that will effectively protect payment card information of your customers. Likewise, you should implement strong control measures for access to your system and customers’ accounts. The networks developed by you through which you store and process cardholder information you should be regularly monitored and tested. Finally, you should maintain a management vulnerability program which should be also frequently scanned.


    In conclusion, PayPal adheres to international Payment Card Industry (PCI), fact which can be validated at http://www.visa.com/cisp, and by means of their payment solutions an online business can safely ensure cardholder information data and process payments of its customers. However, there are some restrictions that should be taken into consideration, most frequently related to the storage and processing of cardholder data, situation when PayPal is no longer responsible.
    For more information regarding the PayPal methods suitable for your business and the PCI compliance issues you can check the official website of PayPal.