Trust Center

Start your security review
View & download sensitive information
Search items
ControlK

Welcome to PayPal's Trust Center. Our commitment to data privacy and security is embedded in every part of our business. Use this Trust Center to learn about our security posture and request access to our security documentation.

Documents

ISO 27001
Knowledge Base (FAQ)
    The PCI DSS Attestation of Compliance (AoC) documents are at version 3.2.1, while PCI DSS version 4.0 became mandatory on April 1, 2024. Why this might be happening?
    Why am I not able to access the view and download features?
    What should I do if I don't receive the email within a few minutes?
    I have additional question(s) about compliance reports. How can I get support with these questions?
    I can’t find the report that I’m looking for listed, are there other reports available?
View more
Trust Center Updates

PCI Compliance for Braintree Merchant

ComplianceCopy link

Are you a Braintree Merchant who is seeking support with PCI Compliance?

Braintree and SecurityMetrics – An Exclusive Partnership for PCI DSS Compliance and PFI Forensic Analysis.

As a business accepting credit cards online who touches, stores, or transmits card details, you are required to meet specific payment card security standards to ensure your business has the right controls in place to reduce your risk of cyber incident. Payment Card Industry Data Security Standard (PCI DSS) compliance is mandatory, regardless of company size – because the risk of a cyberattack is real.

Braintree has partnered with SecurityMetrics to provide your business with exclusive access to our PCI DSS solution portal.

SecurityMetrics has over 20 years of cybersecurity and compliance experience and is a partner of Braintree Payments. SecurityMetrics helps businesses of all sizes close data security and compliance gaps. By taking the complexity out of PCI, they provide user-friendly tools, dedicated support, and a full range of security solutions. SecurityMetrics is an Approved Scanning Vendor and is certified to perform PCI scans, onsite PCI audits, payment application software audits, point-of-sale terminal security audits, penetration tests, and forensic analysis (to assess card data compromises).

SecurityMetrics solution is provided to all Level 3 & 4* Braintree merchants at no cost.

Level 1 & 2* Braintree merchants are eligible to receive discounted pricing for any QSA services and Audits as part of our partnership.

Look out for emails from: noreply@securitymetrics.com giving you complimentary access to the PCI DSS compliance portal, which includes:

• Easy-to-use, self-assessment questionnaire (SAQ) for PCI DSS reporting. • Convenient ASV Certified scanning tool to check your website for external vulnerabilities. • Always-on reporting dashboard to verify PCI compliance status and schedule and review website scans. • If you should need assistance with your PCI Compliance, live customer service is available to ask questions and get expert guidance to keep your customer card data secure – and your business compliant.

If you have any questions – please reach out to our Braintree PCI support team here and submit a ticket.

*Your PCI level is determined by the number of card transactions processed annually – more information can be found here.

Published at N/A

PCI Compliance for PayPal Merchant

ComplianceCopy link

Are you a PayPal Merchant looking for help with PCI Compliance?

PayPal and VikingCloud – An Exclusive Partnership for Credit Card Compliance and Business Cyber Protection.

As a business accepting credit cards online who touches, stores, or transmits card details, you are required to meet specific payment card security standards to ensure your business has the right controls in place to reduce your risk of cyber incident. Payment Card Industry Data Security Standard (PCI DSS) compliance is mandatory, regardless of company size – because the risk of a cyberattack is real.

PayPal has partnered with VikingCloud to provide your business with exclusive access to our PCI DSS solution portal.

VikingCloud is the global leader in PCI DSS compliance – trusted by more than 4 million businesses in over 70 countries. SecureTrust was acquired by VikingCloud in 2021 and is a wholly owned subsidiary of VikingCloud. VikingCloud delivers proven – and easy-to-use PCI DSS compliance via your PayPal portal with self-guided, simple, and convenient tools to improve your data security and report your compliance with the PCI DSS. VikingCloud is ASV Certified – an Approved Sanning Vendor by the PCI Security Standards Council - delivering external vulnerability scans with real-time threat intelligence required for your PCI compliance.

VikingCloud’s solution is a paid-for benefit to Level 3 & 4* PayPal merchants.

Have you recently signed up for PayPal processing? Look out for emails from: donotreply@securetrust.com giving you complimentary access to the PCI DSS compliance portal, which includes:

• Easy-to-use, self-assessment questionnaire (SAQ) for PCI DSS reporting. • Convenient ASV Certified scanning tool to check your website for external vulnerabilities. • Always-on reporting dashboard to verify PCI compliance status and schedule and review website scans. • If you should need assistance with your PCI Compliance, live customer service is available to ask questions and get expert guidance to keep your customer card data secure – and your business compliant.

If you have any questions – please login into your PayPal account click Contact Us for support.

*Your PCI level is determined by the number of card transactions processed annually – more information can be found here.

Published at N/A

Bridge Letter Availability

ComplianceCopy link

A Service Organization Control (SOC) Reports' bridge letter, also known as a gap letter, is a document that bridges the gap between the service organization’s report date and the user entity’s year-end.

We are pleased to inform you that the latest Bridge Letter is now available on our Trust Service Portal. These bridge letters provide important updates and assurances about our control environment since the last issued report.

You can access the bridge letter directly through your portal account. If you have any questions or need further assistance, please do not hesitate to contact our support team.

Thank you for your continued trust in our services.

Published at N/A

PayPal has completed Zettle PCI DSS certification

ComplianceCopy link

We are pleased to share the news that PayPal has received PCI DSS certification for Zettle. The Zettle Attestation of Compliance is available under the PCI Document card.

Published at N/A

PayPal has completed PCI 3-D Secure (3DS) compliance

ComplianceCopy link

We are pleased to share that PayPal has successfully completed its inaugural PCI 3-D Secure (3DS) certification for our authentication service.

The PCI 3DS is a security protocol designed to prevent unauthorized use of credit and debit cards for online transactions. It adds an additional layer of security by requiring cardholders to authenticate themselves with their card issuer during the online checkout process and it prevents online fraud, thereby enhancing the safety of online shopping for both merchants and consumers.

Published at N/A*

If you need help using this Trust Center, please contact us.

Powered bySafeBase Logo