Is PayPal PCI DSS Compliant?

Published on : 30 Jul 2021


Is PayPal PCI DSS Compliant

PayPal provides an online payment service that facilitates payment for all types of e-commerce businesses and organizations. It is a widely known, and accepted form of payment in the industry. The online payment service is PCI Compliant and achieved PCI DSS compliance certification under various programs and standards.

However, there is often confusion about its compliance status as businesses believe that although having availed a third-party payment service they are still required to be PCI DSS Compliant. 

So to set things clear, although PayPal is PCI Compliant, yet Merchants availing their services are also required to ensure compliance with PCI DSS. This is simply because even though PayPal stores processes and transmits the cardholder data, but as a Merchant, your business is the one accepting that information.

Your online environment from where the transaction occurs can affect the security of the payment process/transaction. So, it is equally important that your online environment is secure and for those reasons, Merchants are also required to be PCI DSS Compliant.

Although availing of the third-party services limits the scope of compliance but, that does not mean the merchants are not subject to PCI DSS. In this scenario, both PayPal as a payment processor and Merchants are required to be PCI DSS Compliant. 

Narendra Sahoo
Narendra Sahoo

Narendra Sahoo (PCI QPA, PCI QSA, PCI SSF ASSESSOR, CISSP, CISA, CRISC, 27001 LA) is the Founder and Director of VISTA InfoSec, a global Information Security Consulting firm, based in the US, Singapore & India. Mr. Sahoo holds more than 25 years of experience in the IT Industry, with expertise in Information Risk Consulting, Assessment, & Compliance services. VISTA InfoSec specializes in Information Security audit, consulting and certification services which include GDPR, HIPAA, CCPA, NESA, MAS-TRM, PCI DSS Compliance & Audit, PCI PIN, SOC2 Compliance & Audit, PDPA, PDPB to name a few. The company has for years (since 2004) worked with organizations across the globe to address the Regulatory and Information Security challenges in their industry. VISTA InfoSec has been instrumental in helping top multinational companies achieve compliance and secure their IT infrastructure.