How can data be migrated using the PayPal Credit Card Vault tool?

Use the PayPal Credit Card Vault to import or export sensitive customer data, such as credit card data, to or from a payment gateway while maintaining PCI compliance.

Legend

  • Admin - The PayPal account executive, account manager, or integration engineer.
  • Merchant - The merchant who wants to move their existing consumer profile data to and from PayPal.
  • Payment processor - The external payment processor to which the merchant's consumer profile data is currently or needs to be migrated.
  • PayPal - The merchant's new or current payment processor.
  • Import report - The merchant report that contains the consumer identity and new payment token generated as part of the migration process.
  • Export report - The merchant report that contains the card details as part of the export migration process.

Vetting process

The merchant must contact the sales team to initiate the migration process. The merchant must undergo our vetting process (business model review, risk, and compliance). A dedicated technical integration resource (i.e., an integration engineer) will be assigned to each merchant once this process has been completed.

Note: Getting Risk approval is a mandatory process. The merchant is advised not to initiate the migration process without vetting their business model and getting the necessary approval.

Fees

None.

Time frame

1 - 2 weeks.

Data Import Process

Note:

  • We require that all files be encrypted with our PGP public key before being transmitted to us.
  • We only accept files in encrypted CSV format (.csv.gpg).
  • We only accept encrypted credit card files from PCI-compliant SFTP servers.

The easiest way for us to import your data from a payment processor is for you to work with them to provide us with an encrypted CSV file that includes at least the following fields:

  • Consumer ID: A unique number to identify the consumer.
  • First name: Consumer first name.
  • Middle name: Consumer middle name (optional).
  • Last name: Consumer last name.
  • Email: Consumer email address.
  • Card ID: A unique number to identify the credit card in case there are multiple cards for a single consumer.
  • Credit card number: Full credit card number.
  • Expiration date month: Two-digit month format (MM).
  • Expiration date year: Two-digit year format (YY).
  • Address street1: Consumer billing address street.
  • Address street2: Consumer billing address street 2 (optional).
  • Address city: Consumer billing address city.
  • Address state: Two-digit consumer billing address state.
  • Address zip code: Consumer billing address zip code.
  • Country code: Valid country code (2-digit or 3-digit).

Additional fields required for Recurring Billing:

  • Profile name: A valid profile name.
  • AMT: The dollar amount to be billed (use 34.00, not 34 and 1199.95, not 1,199.95).
  • Start: The beginning date for the recurring billing cycle (use tomorrow's date or a date in the future).
  • Term: The number of payments to be made over the life of the agreement (use 0 if payments should continue until the profile is deactivated).
  • Pay period: How often the payment occurs, e.g. DAYS, WEEK, BIWK, SMMO, FRWK, MONT, QTER, SMYR, YEAR (use with the Frequency field).
  • Frequency: If the pay period = DAYS and the frequency = 100, a payment is collected once every 100 days.
  • Max fail payments: Payment periods for which the transaction can fail before a profile is cancelled (optional).
  • Retry num days: The number of consecutive days that a failed transaction should be retried until it's approved (optional).
  • Company name: The company name associated with this profile (optional).

Note: The first line of the CSV file should be the header.

Samples

Sample CSV credit card file for credit card data import process:

#customer_id,first_name,middle_name,last_name,email,card_id,acct,exp_month,exp_year,street1,street2,city,state,zip code,country
1,Kevin,Silvia,James,kevintest@test.com,125212,4916100304079232,01,20,"1 Main St","Bldg A","San Jose",CA,95131,US


Sample CSV credit card file for credit card recurring profile import process:

#customer_id,first_name,middle_name,last_name,email,card_id,acct,exp_month,exp_year,street1,street2,city,state,zip code,country,profile_name,amount,start,pay_period,frequency,term,max_fail_payments,retry_num_days,company_name
1,Kevin,Silvia,James,kevintest@test.com,125212,4916100304079232,01,20,"1 Main St","Bldg A","San Jose",CA,95131,US,"magazine subscription",122.30,09092018,WEEK,52,0,2,2,"ABC Ltd."


Note: These examples don't cover every type of import. If you need to deviate from this standard approach, please get in touch with the dedicated technical integration resource to discuss your options. Once the import is complete, we will provide a report containing the customer IDs, card IDs, and new payment tokens we created in the gateway. We ask that no more than two imports be required: one initial load of customer information and another load of the delta while your processing was switched over. We import data Monday through Friday, 10:00 AM to 4:00 PM PST (US), excluding holidays.

Data portability process

  • The merchant should provide the email address of the payment processor contact. The admin will set up a DropZone folder for the merchant and payment processor.
  • The merchant should send an official email to the payment processor to initiate the consumer credit card file export process.
  • The payment processor should use the PayPal PGP public key, given below, to encrypt the exported credit card file and upload it to the DropZone folder shared by the admin.
  • The payment processor should email the merchant (or admin) with the uploaded file's name.
  • The admin should start the migration process on the Credit Card Vault (Rogue) tool.
  • The admin should generate the report with the new payment token generated and upload it to the DropZone folder shared with the merchant.
  • The merchant should download the new report and update their system, replacing their old payment token with the new PayPal payment token.
  • The merchant should inform the admin once they are live with PayPal as the payment processor.
  • The merchant should revoke any third-party permissions given to the tool.
  • The admin should delete/deactivate any account created on behalf of the user in PayPal for the data import process and inform the merchant.

PayPal PGP public key for encrypting Credit Card files

When you send us your sensitive customer data, you must use our public key below to encrypt all files.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: BCPG v1.67

mQENBGQO7FwBCACvlss+eQxRZ7FmLsK4v/Fim3btVeR6JeeOOPv8XcQ7Q0d5cnPT
kVt2CmvKsu/RKljRP/x/AiCDD91pO827CPL+0zKn6d+uHiPDrUCzeIHAzrScq6SG
PcfJphy5B3cgVkKIDLGtsEi5nE6NRBSbn8OpBML7B9WnzVgvaAM43xhQzuPcsZ2g
xI0UdhTGGlRS0SMP+uYUn61Z9p3k1Q3/qBmLvkH9mW7YclG1DWgzTbiEaSBsTOdN
SE1GKvW+pJ3STEYcpsLB75xtnZ8cwtimdX00sNUO0xiSWbQMrSajjy1XB+nTM0ie
pfVaOHi+L52Zw68wv5cQd3WVjTHG9y+Dcv3TABEBAAG0F3BheXBhbF9jcmVkaXR2
YXVsdF80MDk2iQE4BBMBAgAiBQJkDuxcAhsDBAsJCAcGFQgCCQoLAh4BBQkDwmcA
A4UB/wAKCRCBFfleETQW4+W3B/9PzMvhs2LsWP5b7DUn1EUOK3QhEKwcyEairWhH
Mznd8EIB1EOcZNe7lyqHXQNJmTNxk49Mn40pYdrwRrD17HEEIyE/AJMsdbB0CF3J
AzlvWRxrzjAw+dDHFSGvYy73M4h3IXZgOE5UW7bXSwLBWRDOc2LxjNG4OgmA4f+F
RvMSohn07t3aduo1kP84Es3RvqLVucgF4CBWB6W8xuNvmsO7RnErnL6xmOMKZYPY
wEDlBn3m/URNxPo69S8C0enJzPvAv20Nd2Jb7bOx4vCHW1FJfbmg9agHrYYkKzEl
8SKDk27hReIMWwx6tZFMxaYYdOeEjrk6DXVekkrZDuSCLVGquQENBGQO7FwBCAC0
fTMxWI5Uhnct1z43GVHkBJs79nagn+Y9L3kPq6yBKehGDmSOm9+eFpCTEku5Abz/
8sNXI2LgVG57RRoIy+DjJjwYaMpAWYGNlX0NuwQRoYbZu54G4yw5QxLZ+quYr5Xx
HJJtPXxnOiGnWfXYECYTaXYJg+mdbkiTcVcWDD44LoJiakoURWgP6dqRi7Qx1eZC
hIqTToautNZVccXk0V5SP7FGZckNEeRWXRti57Id4fP0hqmB3eeLrNQbHPf54EGC
/rTzL+s+mkL8hKBNkGaZXz5IIXBn9oh0EvqwIIS4kWceCrmTZC8U8z/wRYA4p6Xp
h7EDGHz0r/+1EzwaQqlbABEBAAGJASkEGAECABMFAmQO7F0CGwwFCQPCZwADhQH/
AAoJEIEV+V4RNBbjtNAH/1hxj6qJI9jaCb40SkPt2xivzQhyZjVmXwObSCbLfkpH
GxgQMPU0LWYqOPLfMZKNsdY26ZmOcBGCLreO/nOr90KSGpA2XVW0vjvqz5xgQW0t
HxyMrsJwt2cNvCigpA+lEBa2n99MVCGtPLOnZ4PnkWDha479g6Uq5/E2i7aVvaBW
eoxCji1d4oVVQ62aznpSkY2vRUUnN7rcfAjbe0+c2YcNwdA5XSYc72SxYULVra59
iwlWplsH62BBQtWVetPsoFgAzfLFw2drR7qYY24sBMrOeTpIhY70pDUafS6cKdyx
UH4GirnLxV8WaSBBAhs5eQ+gCeFwS+eZjFJGKl0RTNg=
=teqY
-----END PGP PUBLIC KEY BLOCK-----

PayPal PGP public key for encrypting SFTP credentials

When you send us your sensitive SFTP credentials, you'll need to use our public key below to encrypt your SFTP credentials.

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: BCPG v1.67

mQENBGQO+dABCAC1Aa6I+HwCSzWliRWeGu0Ps6nXCJFv2qxgTHrJU+9mcfoLDrRo
uowXopXFKA+sAlnkv+bp7AFM0tvapP8pqeFaXNwi8HcYla0vjJRO36a5exPFNEwN
fo3ljTHbxYnW07GSKK0FhuVFd9msneeFv/nYepzOH1K177BHUulI5hemZkyBXKFj
ubd4NX/3fnL2CypCaqNrfLXNk2r4aeNJSYbHIlK8TNOYuwL5ibRRERR5D2rAdyT3
R6PWHpfhEtI1S6jAs1MzdOJngbA9Xo9/I1mVJ1SCjGB/NXxzqoLNN5RONOHe8wFd
y1TTzsUaTEPn3nUgpDDmh+3gKJYfY0/RKCRJABEBAAG0FXBheXBhbF9wcm9jZXNz
b3JfNDA5NokBOAQTAQIAIgUCZA750AIbAwQLCQgHBhUIAgkKCwIeAQUJA8JnAAOF
Af8ACgkQXOXxXTLJc9iaWgf/XrOkI8Ii34jxXGHF7a9JTWrrKW+dnd8FBd6o+vTL
Ie/VnZ689METhACChr1NxwAOTwsgNqKwWWCVBqt+dC5aqr3XOAFBOBvSPWNWMK8Y
uhtD3qU1qlQNy74okZagJS79LkhC8Cmi8RSR9ACgpLCxIR24FZ9PAM7GhgoMI1K6
kl9ssZJqhwaevgAbPupDm8rhCl/yYlQflQysEzk44moLR3+7Kgir4ptev8HhJQ/K
NfpXU8lRrnCCbpD5+RmKxaFsk6nRC1l1Jh2iX6n7NJcyTfo71Ge6wI85+Mg+NmtC
N36iPzIZnmvc2UTEURTt9FmcJAZcv16URp9TcjdVmhADCLkBDQRkDvnQAQgAvyI1
IHdm2uOt1qGFKTPDf67wyQyjWPR3btlTPHthjNugIpsWk0eh2KpiSLD6hwx6CzTs
ox+E2Ilg2nwDfaNI0VP+UeXJ/tLi+PlZz2c4RDomyPCG5pfEQ8q7/yDrcsuCWEK3
x21VZJtMYpvzFKJGQd8FIxtzjx+5lnPxqkVgjl2pWp/KJ8WVMiKrrbPM1gGxILEV
fjj64YdTBRVSTS4NIs1mbmbKiSGWmbeOUSqrkeGzn22ENIgt+/t/TCYcH5jfyYCO
Uh8kGMr2SivFyhav1ENgk4+5i7mCe9TQQY+ci7pFQS+SOig+RxdPkv9i2n3/p6qn
Ics5SB60t3M/HVG8+QARAQABiQEpBBgBAgATBQJkDvnQAhsMBQkDwmcAA4UB/wAK
CRBc5fFdMslz2FBDB/wNOvMUM2qHK2t5UN/NBQ12XBgFKO5MZPZe3iVT7c9MBjg5
v1N9YGiLgGA/60y6BxDkRVLpg02UFcesw8Hr+Ntc6c022ekDj2G0N5wb3RCFvQUQ
O1FPyVx4OyFe3zgtZjNW9CFGwaLo6tj49QwgUhr5vshHDR4Hx/HO0y0ShcUHTKkG
HLSMHfjw0SCUo7UTz8tXszunvtHYjntDPowj42LQ6ZM57FfncpSCiEYoWhzFwPOU
h6wSPhkb+lJohm++J9VlX23HvIIhrIH38b2u8ydE+qOcnAWs8b63F9I1QrbE3kH1
bYUB5/8nQ7xEuTtLEOGANsFcTNkv6046NKV65rZ6
=wPuI
-----END PGP PUBLIC KEY BLOCK-----

Data export process

To initiate an export process, send a request via email to dl-paypal-payflow-data-migration@paypal.com with the following information:

  • Name:
  • Phone:
  • email:
  • Company Name:
  • Service: (i.e., Payflow/PayPal integration)
  • Login Name: (if Payflow)
  • 3rd party vendor, they are moving to:

A representative will reach out to discuss the migration.

Requirements to initiate an Export

  • Contract - We will countersign the contract last.
    • List the gateway/vendor/third-party information at the bottom where the file will be delivered via SFTP.
    • On the top of page one, enter your company name and business address.
  • Certificate - The third-party vendor receiving the credit card information must provide their most recent PCI-Compliance Attestation of Compliance (AoC) certificate.
    • This PCI scan will be validated with our PCI-compliance team.
  • SFTP (Port 22) - URL, Username, and public key.
    • We will deliver the information after it's pulled on our end via SFTP to the vendor that supplied the valid PCI AoC certificate (not to the merchant directly). We must know the SFTP location to deliver to and the appropriate information (username/password, etc.) to do this. SFTP must be on Port 22.
    • The public key must be in PGP format, with the extension *.asc. Or you can send your PGP Block, and we can save it accordingly in the correct format.


There are four types of payment identifiers for an Export Migration:

PayPal Transaction

1. PayPal Transaction IDs

  • We will need all the PayPal Transaction IDs.
  • The list must be in line-separated Notepad.txt format.

Sample Input Transaction File for PayPal Transaction IDs:

3WF269588Y247415G
0DJ26409TS592692K


Sample export file for PayPal Transaction IDs:

#transaction_id,result,first_name,last_name,credit_card_num,exp_month,exp_year,phone_number,address1,city,state,country_code,zip_code,currency_code
3WF269588Y247415G,Success,PayPal,MTS,4716123113346438,12,2021,,12312 Port Grace Blv,La Vista,NE,US,68128,USD


2. PayPal Recurring Profiles

  • We will need all the Profile IDs.
  • The list must be in line-separated Notepad.txt format.

Sample Input File for PayPal Recurring Profiles:

I-66HLJ9WHR3K4

Sample export file for PayPal Recurring Profiles:

#profile_id,decrypted_profile_id,result,subscriber_name,credit_card_num,exp_month,exp_year,phone_number,address1,line2,city,state,country_code,postal_code,currency_code,status,start_date,initial_amount,amount_paid,delinquent_amount,profile_reference,current_period_id,next_billing_time,num_failed_payments,trial_amount_paid,outsanding_balance_paid,ipn_notify_url,period_number,period_type,bill_period,bill_frequency,total_bill_cycles,bill_cycles_used,amount,ship_amount,tax_amount,period_start_time
I-66HLJ9WHR3K4,2121412,Success,Global Test Tool,4556969247882919,01,2022,,,,,,,,,A,Fri Jul 31 2020 16:00:00 GMT-0700 (Pacific Daylight Time),0,0,0,RPInvoice123,3122479,Sat Aug 01 2020 03:00:00 GMT-0700 (Pacific Daylight Time),0,0,,,1,T,D,1,4,0,200,2,2,Wed Dec 31 1969 16:00:00 GMT-0800 (Pacific Standard Time)


Payflow Transactions

3. Payflow PNREFs

  • We will need all the Payflow Transaction IDs (PNREFs).
  • The Payflow PNREFs/Transaction IDs must be within the last 12 months.
  • We must know the Partner Name and Vendor Name of your Payflow account.
  • We will create a new User-role in your Payflow account to complete the export.
  • The list must be in line-separated Notepad.txt format.

Sample Input File for Payflow PNREFs:

B50P0C291FCB

Sample export file for Payflow PNREFs:

#transaction_id,result,first_name,last_name,credit_card_num,exp_month,exp_year,phone_number,line1,line2,city,state,company,country,postal_code,email,currency_code
B50P0C291FCB,0,John,Smith,6840,10,20,,123 Main St,,SanJose,CA,,US,68128,,USD


4. Payflow Recurring Profiles

  • We will need all the Payflow Recurring Profile IDs.
  • We can only pull for “active profiles”.
  • We must know the account's Partner Name and Vendor Name.
  • We will create a new User-role in your Payflow account to complete the export.
  • The list must be in line-separated Notepad.txt format.

The Sample Input File for Payflow Recurring Profiles:

RP0000001223

Sample export file for Payflow Recurring Profiles:

#profile_id,decrypted_profile_id,result,first_name,last_name,credit_card_num,exp_month,exp_year,phone_number,line1,line2,city,state,company,country,postal_code,email,currency_code,subscriber_name,status,start,term,next_payment,end,pay_period,creation_date,last_changed,cancel_date,next_payment_num,comment1,frequency,tender,amt,payments_left,aggregate_amt,aggregate_optional_amt,max_fail_payments,num_fail_payments,retry_num_days
RP0000001223,,0,,,4916XXXXXXXX6840,,,,123 Main St,,,,,,68128,customer@email.com,USD,GlobalTest Profile Creation,ACTIVE,04302020,0,08132020,,WEEK,04172020,08092020,,16,,1,C,0.01,,0.00,0.00,0,15,3


An integration engineer will work with your new external payment processor to acquire their PGP key during the export process. The admin will share a PayPal DropZone folder with the member from the new payment processor. All the credit card details associated with the payment identifiers provided in the input files will be exported as an encrypted file (with the given PGP key). The encrypted file will be uploaded into the shared DropZone folder. Each card record will be on its own row.

Note:

  • We only export files encrypted with the PGP public key acquired from the payment processor.
  • We only send encrypted credit card files to a PCI-compliant SFTP server.

PayPal DropZone Access

DropZone is our file transfer platform that securely sends files, receives files, and automates regular file transfers.
For more information about accessing DropZone, see What is DropZone and how do I use it to send files to PayPal?

Still Have Questions?

If you have questions about importing your customers' data into PayPal, email our Data Migration Support team.

If you have questions about exporting your customers' data, email our Support team.

More ways we can help

We’ll use cookies to improve and customize your experience if you continue to browse. Is it OK if we also use cookies to show you personalized ads? Learn more and manage your cookies