2023 Global Impact Report
Advancing our mission to revolutionize commerce globally
MayMay202420
T A B L E O F C O N T E N T S
Message from Our President & CEO
About PayPal
Corporate Sustainability & Impact Strategy | 5 |
Issue Prioritization & Stakeholder Engagement | 6 |
Governance & Corporate Sustainability & Impact Oversight | 7 |
Responsible Business Practices
Cybersecurity & Secure Transactions | 9 |
Data Management & Privacy | 11 |
Risk Management & Compliance | 13 |
Business Ethics | 14 |
Social Innovation
Economic Empowerment | 16 |
Financial Health & Consumer Convenience | 19 |
Giving | 20 |
Employees & Culture
Global Talent Management | 22 |
Belonging | 25 |
Employee Community Impact | 27 |
Environmental Sustainabilty
Climate-Related Risk Management | 29 |
Natural Resource Management | 31 |
Appendix
U.N. Sustainable Development Goals Index | 33 |
Corporate Sustainability & Impact Performance Metrics Table | 34 |
Independent Limited Assurance Statement | 45 |
Additional Resources | 47 |
Endnotes | 48 |
Please visit our Global Impact websiteand Additional Resources section of this report for further public information on our corporate sustainability and impact ("CS&I") strategies, practices, and policies. We are committed to transparent communication with our stakeholders and welcome feedback on this report and other CS&I matters. Questions or requests for additional information can be directed to Sustainability@paypal.com.
Forward-Looking Statements
This report contains forward-looking statements within the meaning of Section
27A of the Securities Act of 1933 and Section 21E of the Securities Exchange Act of 1934, including statements that involve expectations, plans or intentions (such as those relating to future business, future results of operations or financial condition, new or planned features or services, mergers or acquisitions, or management strategies). These forward-looking statements can be identified by words such as "may," "will," "would," "should," "could," "expect," "anticipate," "believe," "estimate," "intend," "continue," "strategy," "future," "opportunity," "plan," "project," "strive," "aim," "forecast," and other similar expressions. These forward-looking statements involve risks and uncertainties that could cause our actual results and financial condition to differ materially from those expressed or implied in our forward-looking statements. Such risks and uncertainties include, among others, those discussed in the "Risk Factors," "Quantitative and Qualitative Disclosures about Market Risk" and "Management's Discussion and Analysis of Financial Condition and Results of Operations" sections of our Annual Report on Form 10-K for the year ended December 31, 2023 and our subsequent filings with the U.S. Securities and Exchange Commission (SEC). We do not intend, and undertake no obligation except as required by law, to update any of our forward-looking statements after the date of this document to reflect actual results, new information or future events or circumstances. Given these risks and uncertainties, readers are cautioned not to place undue reliance on such forward- looking statements. The standards of measurement and performance contained in this report are developing and may be based on assumptions, estimates or information collected on a delayed or incomplete basis. The inclusion of information in this report is not an indication that we deem such information to be material or important to an understanding of our business or an investment decision with respect to our securities.
Incorporation by Reference
All website addresses contained in this report are intended to provide inactive, textual references only. The content on, or accessible through, any website identified in this report is not a part of, and is not incorporated by reference into, this report or in any other report or document that we file with the SEC.
Cover image: PayPal merchant Yuki Matano is a Tokyo, Japan-based artist and owner of traditional craft shop Tsugu Tsugu. Yuki relies on PayPal to connect people around the world with the art of kintsugi, a repair technique using lacquer and gold powder to extend the life of broken ceramic vessels.
May 2024
MESSAGE FROM OUR PRESIDENT & CEO l ABOUT PAYPAL l RESPONSIBLE BUSINESS PRACTICES l SOCIAL INNOVATION l EMPLOYEES & CULTURE l ENVIRONMENTAL SUSTAINABILTY l APPENDIX | 3 | |
Message from Our President & CEO
For more than 25 years, PayPal has been revolutionizing commerce for customers around the world. When I joined the Company last fall, I was energized by the opportunity to deliver innovative products and services to consumers and businesses while making a positive impact on the communities where we live and work. Our Global Impact Report details how we operate responsibly while strengthening our foundation for sustainable growth.
Putting Employees First
Our employees are central to advancing our mission, and we strive to create an environment where everyone can do their best work with a sense of purpose and belonging. As I've spoken with employees around the world, I've been inspired by our team's commitment to serving our customers, their passion to fulfill our mission, and their focus on strengthening our communities. We strive to maintain a culture of accountability, transparency, and continual learning, ensuring we attract and retain the best and brightest talent.
Focusing on Our Customers and Communities
Small businesses are critical to the success and strength of families, communities, and the overall global economy. As someone who has made a career of championing small businesses, I've come to understand the challenges our customers must navigate as they build and grow. Business owners like Yuki Matano, featured on the cover of this year's report and the owner of Tsugu Tsugu, inspire our team to work harder every day. Yuki turned her curiosity about kintsugi, the traditional Japanese art form of repairing broken ceramics, into a thriving
business selling kintsugi kits and offering in-studio and online artist instruction. We're committed
to supporting businesses of all sizes, from large enterprises to microbusinesses, as they contribute to their communities and help create thriving local economies.
Evolving Our Organization
PayPal is continually evolving, and we've recently taken steps to accelerate our growth and impact. We've reorganized around the customers we serve
- consumers, small businesses, and enterprises - enabling us to better focus on the unique challenges each faces. We continue to innovate and bring new products to market, moving at an increased velocity that reflects the urgency of our customers' needs. And we have refined our Leadership Principles, with three distinct areas of impact: Put People First, Work Customer Back, and Win Together. Our Leadership Principles are PayPal's values-based framework that defines performance expectations and guides our decision-making, ensuring we're focused on what
matters most. These changes will enable us to focus on our core priorities, scale our impact, and move quickly as we fulfill our mission.
While we have embraced change throughout our organization and will continue to do so, one aspect of our culture that will not change is our commitment to making a positive impact in the world. Serving our customers and making a difference within our communities is what gets us out of bed every day. Within this report, you will find inspiring stories and data-driven evidence of how we deliver innovative products and services, protect our customers, create economic opportunity, advance environmental sustainability, and support each other as we work together to achieve our mission.
I'm excited for the year ahead and all that we will accomplish together as One PayPal. I'm grateful to our employees, customers, shareholders, and partners for joining us on our journey.
ALEX CHRISS
President and CEO,
PayPal Holdings, Inc.
May 2024
MESSAGE FROM OUR PRESIDENT & CEO l ABOUT PAYPAL l RESPONSIBLE BUSINESS PRACTICES l SOCIAL INNOVATION l EMPLOYEES & CULTURE l ENVIRONMENTAL SUSTAINABILTY l APPENDIX | 4 | |
About PayPal
PayPal Holdings, Inc.1 is a leading technology platform that enables digital payments and simplifies commerce experiences on behalf of merchants and consumers worldwide.
PayPal is committed to revolutionizing commerce globally so that every person and business can grow and thrive in the digital economy. By leveraging technology to make sending money and shopping more convenient, affordable, and secure, our goal is to expand economic opportunity and improve financial health for all. We believe that effective management of non-financial risks and opportunities, including corporate sustainability and impact ("CS&I")2 matters, helps to create long-term value for our stakeholders and deliver on our business strategy and mission.
We operate a global, two-sided network at scale that connects merchants and consumers with 426 million active accounts - consisting of 391 million consumer active accounts and 35 million merchant active accounts - across approximately 200 markets as of December 31, 2023.
Building on our more than 25 years of technology leadership, PayPal continues to be a trusted, everyday app for consumers and an essential tool to help merchants - including small- and medium-sized businesses (SMBs), marketplaces, and large enterprises - manage and grow their business.
Put people first
- Build the next generation, unlocking their superpowers
- Provide and seek constructive feedback - clear is kind
- Choose inclusion and foster belonging
Our Leadership Principles
Work customer back
- Focus on our customers' greatest needs, sweating every detail
- Solve with tech and innovation
- Create simple and valuable customer experiences
Win together
- Do the right thing
- Operate with velocity and an ownership mindset
- Deliver great end-to-end results
- Work as One PayPal
PayPal's Payment Solutions3
Merchants integrate with PayPal | Consumers use PayPal for financial products |
to manage their business | and services and shopping tools |
Integrated with Our Values: Inclusion l Innovation l Collaboration l Wellness
Our Values in Action
Checkout | Processing | Digital Wallets | Merchant Services |
We live each day guided by our core values of Inclusion, Innovation, Collaboration, and Wellness. Together, our values ensure that we work together as one global team
"Our ability to empower consumers and help businesses reach their full potential is in direct
Consumer Financial Services
Credit Cards and
Debit Cards
Credit Crypto
Giving P2P Savings
Shopping and Rewards
Deals Loyalty Rewards
Fraud Protection and
Risk Management
Omnichannel and
Point-of-Sale
Solutions
Payouts
with our customers at the center of everything we do - and they inspire us to take care of ourselves, each other, and our communities.
We believe that our core values help stimulate the creativity and engagement of our global workforce to deliver products and services designed to meet the diverse needs of our customers. Our Leadership Principles are integrated with our core values and outline a common set of expectations for all employees for how they drive positive impact through their work.
service to our sustained success as a company. We are committed to driving innovation while staying
true to our core values, leading with inclusion, innovation, collaboration, and wellness and delivering products that encompass these values."
SUZAN KEREERE
President, Global Markets
New York, NY, U.S.
May 2024
MESSAGE FROM OUR PRESIDENT & CEO l ABOUT PAYPAL l RESPONSIBLE BUSINESS PRACTICES l SOCIAL INNOVATION l EMPLOYEES & CULTURE l ENVIRONMENTAL SUSTAINABILTY l APPENDIX | 5 | |
Corporate Sustainability & Impact Strategy
Our CS&I strategy is designed to support our business priorities and create sustainable stakeholder value by driving and protecting brand reputation, managing financial and non-financial risks and opportunities, demonstrating competitive differentiation, positioning PayPal as an employer of choice, and paving the way for future growth and innovation. Our CS&I priorities are embedded throughout the organization and categorized across four focus areas - Responsible Business Practices, Social Innovation, Employees & Culture, and Environmental Sustainability.
Our Business Priorities | Our Stakeholder Value Creation |
"PayPal's products have a huge impact on our customers. As we drive our future growth, we will always start with solving our customers' needs to ensure PayPal continues to create a meaningful difference and generate value for all our stakeholders."
JAMIE MILLER
EVP, Chief Financial Officer
New York, NY, U.S.
Prioritizing | Leveraging | Innovating | Setting | |||
excellence | technology to | the future of | measurable | |||
of our core | personalize | commerce | goals and | |||
products and | experiences for | communicating | ||||
services | customers | consistently | ||||
Our CS&I Focus Areas
Creating value for PayPal and our stockholders by prioritizing and investing in growth opportunities and managing risk.
Driving and protecting brand value through strong governance, ethics, and compliance across our value chain.
Providing customers with superior products that enable digital payments and simplify commerce experiences on behalf of merchants and customers worldwide.
Responsible Business Practices
Our commitment and approach to operating ethically and responsibly
Employees & Culture
Our embodiment of our core values from the inside out
Social Innovation
Our work to realize our mission and build a more inclusive global economy
Environmental
Sustainability
Our efforts to manage our footprint and advance sustainability
Positioning PayPal as an employer of choice by fostering an inclusive culture.
Engaging with, and positively contributing to, the local communities in which we live and work around the world.
Mitigating environmental impacts to our business, meeting regulatory requirements, and addressing investor and other stakeholder expectations.
May 2024
MESSAGE FROM OUR PRESIDENT & CEO l ABOUT PAYPAL l RESPONSIBLE BUSINESS PRACTICES l SOCIAL INNOVATION l EMPLOYEES & CULTURE l ENVIRONMENTAL SUSTAINABILTY l APPENDIX | 6 | |
Issue Prioritization & Stakeholder Engagement
To help ensure our CS&I strategy reflects the non-financial issues most relevant to our business success and long-term growth, PayPal periodically reviews and refreshes our CS&I significance4 assessment. Aligned to our four CS&I focus areas, our significance map identifies 18 key non-financial topics, eight of which are designated as priority issues.5
2023 Corporate Sustainability & Impact Significance Map
INCREASING IMPORTANCE | Cybersecurity & | |
secure transactions | ||
Belonging | ||
concern) | Climate change | Data privacy |
mitigation | ||
Empowering entrepreneurs, | Financial health | |
stakeholder | ||
& inclusion | ||
small businesses & nonprofits | ||
Corporate | Employee wellness, | |
governance | ||
health & safety | ||
of | ||
Social product | ||
(Degree | ||
innovation | ||
Employee recruitment & development | ||
Perspective | Human rights | Community engagement |
Compliant, ethical & | ||
Sustainable supply | humane use of products | |
In 2023, our annual review of our non-financial topic prioritization reaffirmed the importance of our previously designated priority issues and elicited minor adjustments to our significance map based on stakeholder feedback. To ensure continued alignment between our business and CS&I strategies, evolving stakeholder priorities, and emerging regulations, we intend to conduct a refreshed assessment to identify the non-financial matters most significant to PayPal's business and those where PayPal has significant impact externally.
Approach to Stakeholder Engagement
Stakeholder feedback is taken seriously as part of our overall approach to managing non-financial risks and opportunities and helps inform our significance assessment.
We regularly engage with our diverse stakeholder set, including our investors, global workforce, customers, regulators, partners, suppliers, and others, via a variety of channels, such as surveys, roundtables, and direct conversations. The insights gained from these interactions help inform our CS&I programs, strategies, and disclosures.
Key CS&I-Related Engagement Topics
Investors: Board composition and risk oversight, data privacy, cybersecurity, employee retention and compensation, intersection of CS&I and business strategies, human rights
Customers: CS&I approach, product education, business ethics, climate risk, supplier diversity
Employees: Business strategy, product innovation, sustainability, workplace inclusion, community engagement
Regulators: Cybersecurity, risk oversight, CS&I strategy, climate risk
Partners: Civic engagement, small business support, employee wellness, climate risk
Suppliers: Business ethics, climate risk, diversity
Stakeholder | chain management | ||||||||
Natural resources | |||||||||
Business ethics | |||||||||
management | Climate change | ||||||||
adaptation | |||||||||
External | |||||||||
Environmental | INCREASING | ||||||||
product innovation | IMPORTANCE | ||||||||
PayPal Perspective (Impact on business) | |||||||||
CATEGORIES: |
Responsible Business Practices | Social Innovation | Employees & Culture | Environmental Sustainability |
About This Report
The 2023 Global Impact Report covers CS&I strategies, activities, progress, metrics, and performance from calendar year 2023 unless otherwise noted. The disclosures herein provide updates on key CS&I topics and are informed by stakeholder feedback, annual benchmarking of industry peers, and relevant international reporting standards and frameworks. This report is aligned with the Global Reporting Initiative (GRI) standards, relevant industry standards from the International Financial Reporting Standards (IFRS) Foundation's Sustainability Accounting Standards Board (SASB), the Ten Principles of the United Nations (U.N.) Global Compact, the Stakeholder Capitalism Metrics, and the U.N. Sustainable Development Goals (SDGs). See the Appendix for specific reporting aligned to these frameworks.
May 2024
MESSAGE FROM OUR PRESIDENT & CEO l ABOUT PAYPAL l RESPONSIBLE BUSINESS PRACTICES l SOCIAL INNOVATION l EMPLOYEES & CULTURE l ENVIRONMENTAL SUSTAINABILTY l APPENDIX
Governance & Corporate Sustainability & Impact Oversight
7
Board of Directors Diversity6
Robust corporate governance practices are critical to executing our business strategy and driving long-term, durable value creation. Our overall governance framework is designed to drive strong oversight, create Board and management accountability, and demonstrate PayPal's commitment to transparency. We seek to apply the same approach to the oversight, management, and implementation of our CS&I strategy.
Our commitment to strong corporate governance is detailed in our Proxy Statement, which provides extensive disclosure on our Board structure and composition, strategy and risk oversight, stockholder engagement, executive compensation, and other key governance topics.
Board & Leadership Composition
We seek to ensure our Board is composed of directors with highly relevant skills, professional experiences, and backgrounds who bring diverse viewpoints and perspectives and effectively represent the long-term interests of our stockholders.
The Board conducts in-depth reviews of business strategy and engages with leaders on key topics of interest, including business objectives, the competitive landscape, capital allocation, and CS&I matters.
The Board values succession and refreshment as critical components of promoting and supporting the Company's long-term strategy. The Governance Committee regularly oversees and plans for director succession and Board refreshment, and the Board reviews executive succession planning at least annually.
50%
of our directors are
women or from diverse
ethnic groups7
Executive Leadership Diversity8
Corporate Sustainability & Impact Governance
We believe our approach to managing corporate sustainability and impact matters is linked to long-term value creation for our stakeholders, including stockholders, employees, customers, and the communities and markets where we operate.
The Corporate Governance and Nominating Committee (Governance Committee), which is solely comprised of independent directors, oversees PayPal's CS&I program and regularly reports to the Board. In addition, the Compensation Committee and Audit, Risk, and Compliance Committee (ARC Committee) have oversight of non-financial risks
and opportunities associated with their respective areas of responsibility.
Our CS&I program is directed and managed in collaboration
with executives, including our Chief Financial Officer, Chief People Officer, EVP and General Manager - Consumer Group & Global Marketing and Communications, and Chief Enterprise Services Officer, and implemented by cross-functional working groups with guidance and direction from a dedicated steering committee.
Representatives from the steering committee brief Board committees and executive leadership on CS&I issues periodically and meet with a subcommittee of the Enterprise Risk Management Committee at least annually to review current and emerging non-financial risks.
itte | e | & | W | |||||||||||||||||||||||||
m | o | |||||||||||||||||||||||||||
m | r | |||||||||||||||||||||||||||
o | ||||||||||||||||||||||||||||
C | k | i | ||||||||||||||||||||||||||
n | ||||||||||||||||||||||||||||
g | g | |||||||||||||||||||||||||||
n | G | |||||||||||||||||||||||||||
r | ||||||||||||||||||||||||||||
i | r | |||||||||||||||||||||||||||
e | ||||||||||||||||||||||||||||
e | ve Mana | g | o | |||||||||||||||||||||||||
t | ti | e | me | u | ||||||||||||||||||||||||
u | p | |||||||||||||||||||||||||||
S | c | |||||||||||||||||||||||||||
e | ||||||||||||||||||||||||||||
x | n | |||||||||||||||||||||||||||
E | t | |||||||||||||||||||||||||||
Governance | ||||||||||||||||||||||||||||
PayPal Board | ||||||||||||||||||||||||||||
of Directors | ||||||||||||||||||||||||||||
Compensation | ARC | |||||||||||||||||||||||||||
O | h | |||||||||||||||||||||||||||
versig | t | |||||||||||||||||||||||||||
M | n | |||||||||||||||||||||||||||
a | e | t | ||||||||||||||||||||||||||
nagem | ||||||||||||||||||||||||||||
I | m | ti | n | |||||||||||||||||||||||||
pl | a | o | ||||||||||||||||||||||||||
e ment |
Oversight
Our Board of Directors is actively engaged on corporate sustainability and impact ("CS&I") matters that impact business strategy.
- Governance Committee: Oversight of PayPal's management of CS&I topics, including overall CS&I strategy, risks and opportunities, stakeholder engagement and programs and initiatives in social innovation and environmental sustainability
- ARC Committee: Oversight of the Company's risk framework and enterprise-wide compliance program, including cybersecurity and privacy matters
- Compensation Committee: Oversight of the Company's strategies and responsibilities related to human capital (global talent) management, including belonging, pay equity efforts and corporate culture
Management
Our executive management directs and manages the execution of our enterprise-wide CS&I strategy to help ensure non- financial risks and opportunities are appropriately integrated across the enterprise, including through the Enterprise Risk and Compliance Management Program (ERCM Program).
Implementation
A steering committee and cross-functional working groups with representatives from diverse functions across the business are responsible for overall program implementation.
71%
of the Executive
Leadership Team are
women and/or
from diverse ethnic
groups7
Ethnically Diverse Women Ethnically Diverse Men
Women Men Did Not Disclose
Incorporating CS&I-Related Performance into Our Executive Compensation Program
As part of our executive compensation program, we continued to incorporate risk and compliance ratings and other CS&I-related actions and outcomes for each senior executive in our
2023 Annual Incentive Plan. Please see our Proxy Statementfor more information.
May 2024
MESSAGE FROM OUR PRESIDENT & CEO l ABOUT PAYPAL l RESPONSIBLE BUSINESS PRACTICES l SOCIAL INNOVATION l EMPLOYEES & CULTURE l ENVIRONMENTAL SUSTAINABILTY l APPENDIX | 8 | |
Responsible Business Practices
Maintaining customer trust and adhering to ethical business practices are crucial to achieving the Company's long-term business strategy. Our commitment to these principles is illustrated by our approach to risk management, governance, and oversight, including policies and standards designed to protect our customers and platform.
Across PayPal, we are dedicated to the responsible management of our infrastructure, safeguarding the data of our customers and our Company, upholding a high standard of business ethics, and responsibly managing our supply chain.
IN THIS SECTION
- Cybersecurity & Secure Transactions
- Data Management & Privacy
- Risk Management & Compliance
- Business Ethics
2023 Summary Highlights
- Introduced new fraud protection services, including early fraud detection and real time app alerts to the PayPal wallet.
- Expanded our Responsible AI framework to further incorporate and codify human oversight requirements, including in PayPal's use of generative AI.
- Collaborated with influential organizations like AARP and the Better Business Bureau to advance consumer protection efforts.
- 100% training completion by all employees in 2023 annual compliance training cycle.
Notable Awards & Recognitions
Newsweek World's | JUST Capital's JUST |
Most Trustworthy | 100 List 2023 |
Companies |
SDGS REFLECTED IN THIS SECTION
Held our 2023 Data Week conference to build and sustain our data-driven culture and responsible practices
40+ | 11 | 60 |
virtual | offices | speakers |
sessions |
"As a leader in the payments industry, maintaining strong trust among the many consumers and merchants who rely upon our platform is critical to our ability to realize
our mission at scale. As PayPal continues to evolve and grow, we remain committed to championing a culture of transparency and accountability in all that we do."
KAUSIK RAJGOPAL
EVP, Strategy, Corporate Development & Partnerships
San Francisco, CA, U.S.
May 2024
MESSAGE FROM OUR PRESIDENT & CEO l ABOUT PAYPAL l RESPONSIBLE BUSINESS PRACTICES l SOCIAL INNOVATION l EMPLOYEES & CULTURE l ENVIRONMENTAL SUSTAINABILTY l APPENDIX | 9 | |
Cybersecurity & Secure Transactions
Protecting our customers and our platform remains a principal focus for PayPal. We are committed to upholding a proactive security philosophy, including robust governance structures, to keep our platform and data safe. Our Chief Information Security Officer spearheads our global cybersecurity management function, with oversight from the Board's Audit, Risk, and Compliance (ARC) Committee, as well as support from regional security officers across key markets and jurisdictions.
PayPal's Cyber & Information Security Program supports the prioritization of security in product design and execution across our family of brands, as well as driving the modernization of our day-to-day cybersecurity practices. Through this Program, which is an integrated, essential component of our overall Enterprise Risk and Compliance Management (ERCM) framework, we aim to empower our employees to manage today's threats effectively while solving for the security challenges of the future.
PayPal's Cyber & Information Security Principles
- PROTECT - Protecting the data and accounts of our customers is at the core of PayPal's trusted global brand.
- PROPEL - Our program can be a powerful enabler for PayPal to provide best-in-class experiences for customers and accelerate our business.
- PARTNER - PayPal's security is strengthened by taking an active and collaborative role within the global cybersecurity community.
Cyber Attack Risk Response &
Incident Management
PayPal's cybersecurity teams, in coordination with the Company's Cyber Defense Center (CDC), defend against and mitigate risks to our systems. PayPal's CDC operates 24/7 to respond to cyber attacks and protect the data we process and store.
Our Fraud Defense Cyber Center focuses on uncovering, aggregating, and synthesizing intelligence data to develop proactive monitoring to prevent fraud and abuse and mitigate risk to our products, services, and customer data. The teams also engage with the broader security ecosystem through partnerships and research to expand our understanding of sophisticated fraud techniques.
Our security and fraud teams perform 24/7 monitoring and measurement to promote system reliability and maintain the integrity of PayPal's production and corporate environments, and to share insights to detect potential incidents and enable timely responses. In addition to cyber threat monitoring and quarterly cybersecurity risk assessments, we review and conduct exercises on our disaster recovery and business continuity plans at least annually. We also have an established breach response process to protect the integrity of PayPal's platform.
Our established incident response process provides a coordinated approach across our CDC and PayPal Command Center response teams to manage incidents affecting the confidentiality, integrity, and availability of our systems and data. We focus on quick and effective mitigation, as well as recovery actions, communications, and root cause corrections. We conduct regular exercises of our incident program intended to ensure our readiness for the evolving range of incidents we may encounter.
External Validation & Certification of Our Information Security Program
Our dedication to security is exemplified through our commitment to industry best practices, including alignment of our Cyber & Information Security Program with the latest National Institute of Standards and Technology (NIST) Cybersecurity Framework and our attainment of ISO 27001 certification. As part of this commitment, independent third- party audits are conducted annually covering ISO 27001, PCI-DSS,PCI-P2PE, PCI PIN, SOC-1, and SOC-2 standards. This rigorous external validation is further reinforced by scrutiny of our program's design and implementation by PayPal's internal audit and oversight testing functions.
PayPal takes pride in our longstanding contributions to the Board of Advisors for the Payment Card Industry (PCI) Security Standards Council, through which PayPal contributes to the enhancement of security standards industry-wide. We also engage with other trusted industry and government partners worldwide to defend against significant evolving cyber threats and risks.
Japan Live Hack Event
In September 2023, more than 50 ethical hackers from 27 countries participated in PayPal's fourth annual Live Hack event, held for the first time in Tokyo, Japan, and hosted in partnership with HackerOne.
These events directly support the security of our systems as vulnerabilities are identified and fixed. They also allow PayPal to engage with our Bug Bounty contributors and provide a platform to strengthen researcher collaboration, with more than $1 million USD in bounties awarded overall during the 2023 event.
Live Hack events support PayPal in maintaining one of the largest Bug Bounty programs in the industry, while developing partnerships with the security research community to help secure our products and protect our customers.
May 2024
MESSAGE FROM OUR PRESIDENT & CEO l ABOUT PAYPAL l RESPONSIBLE BUSINESS PRACTICES l SOCIAL INNOVATION l EMPLOYEES & CULTURE l ENVIRONMENTAL SUSTAINABILTY l APPENDIX | 10 | |
Platform Security & Fraud Protection
Protecting our customers from fraud and securing our platform is a collective effort across PayPal. To manage risk effectively while providing a great customer experience, we leverage industry-leading tools, develop proprietary capabilities, and use the data we collect to tackle fraud and protect our platforms, with a focus on maximizing approvals for good users while helping to prevent bad actors from abusing our platforms.
Our data enables advanced anti-fraud risk measures designed to provide transaction safety and security for our customers while also allowing merchants to use our data science models and products to drive their business forward.
In 2023, PayPal made substantial investments to enhance seamless login methods with the global expansion of passkeys. This initiative attracted approximately 25 million customers9 by the end of 2023, contributing to a 9% year-over-year increase in the share of passwordless checkouts on the PayPal platform globally.
In the U.S., we rolled out freeearly fraud detectionand real-time app alerts for eligible cards added to the PayPal wallet, providing 24/7 card monitoring and notifications to help stop potential fraud sooner, and plan to expand availability to additional markets in 2024. Additionally, PayPal's implementation of Brand Indicators for Message Identificationfor our emails to consumers has helped empower individuals to
Partnerships to Prevent Fraud & Strengthen Security
We continued to collaborate with organizations to advance global security protection capabilities throughout 2023, including:
- Developed training in partnership with the American Association of Retired Persons (AARP) for customer service agents at peer-to-peer payment platforms that teaches them to identify signs of financial exploitation of older consumers. Since its rollout in November 2023, approximately 10,000 PayPal and Venmo employees have received the training.
- Continued to serve as a member of the Federal Trade Commission'sScams Against Older Adults Advisory Groupon the Industry Training Committee. We partnered to establish training for financial industry professionals to identify and prevent scams targeting older adults and developed best practices for educating employees about current scams.
- Partnered with our university collaborators, including Arizona State University, North Carolina State University, Georgia Institute of Technology, and the CISPA Helmholtz Center for Information Security, to publish research papers atIEEE Security and Privacyand ACM Conference on Computer and Communications Securityon topics such as passwordless authentication, SMS spam, ecommerce scams, and cryptocurrency fraud, helping PayPal protect its customers from sophisticated fraud attacks while championing ecosystem security.
Utilizing the data from our two-sided network and PayPal's machine learning capabilities, merchants on our platform can tailor their fraud prevention and mitigation strategies according to their specific needs. Fraud Protection Advancedprovides merchants with the ability to fine-tune rules and filters designed to identify and block suspected fraud. For those merchants that prefer PayPal to manage fraud risks end-to-end,Chargeback Protectionhandles all fraud management and reimburses merchants for eligible chargebacks. Dispute Automationenables merchants to respond to up to 100% of chargebacks in instances of so-calledfriendly fraudwith customizable response templates where they can include evidence such as proof of services provided and payment history with customizable response templates.
quickly recognize legitimate PayPal and Venmo messages and more easily identify phishing attempts and email fraud.
Our continued efforts to reduce fraud on our platform have enabled PayPal to maintain low transaction loss rates while total payment volume has increased.
Annual Transaction Loss Rate10
(% OF TOTAL PAYMENT VOLUME)
2023 | 0.08% | |||||
2022 | 0.09% | |||||
2021 | 0.09% | |||||
0.00% | 0.04% | 0.08% | 0.12% |
Employee Awareness & Education
Our Information Security Training and Awareness program focuses on providing our employees educational resources on cyber hygiene best practices, understanding and identifying cyber attacks, and incident reporting. In addition to required annual information security compliance training for all employees and contractors, we offer ongoing learning opportunities to increase security awareness across PayPal, with specialized security training programs for our engineers.
Our 2023 Cybersecurity Awareness Month featured PayPal's internal Cybersecurity Conference, CyberCon. We engaged with our employees globally throughout the month, providing a broad range of opportunities, including a keynote address by PayPal's Chief Product Officer, John Kim, fireside chats with external industry experts, and educational cyber escape room challenges.
Launch of BBB Partnership
In September 2023, PayPal partnered with the Better Business Bureau's (BBB) Institute for Marketplace Trust as a new member of its Corporate Trust Council,
a coalition working collaboratively on strategic initiatives aimed at protecting today's consumers by:
- Building a community of better businesses by developing best practices and educational resources.
- Identifying new threats to a trusted marketplace and creating strategies to address them.
- Delivering programs, resources, and tools to protect consumers and build trust between consumers and businesses in the marketplace.
As part of the partnership, PayPal will engage with the BBB's Scam Tracker tool to help further reduce fraud on our platform, while staying abreast of online fraud and scam trends.
May 2024
Attachments
- Original Link
- Original Document
- Permalink
Disclaimer
PayPal Holdings Inc. published this content on 07 May 2024 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 07 May 2024 15:05:31 UTC.