PayPal · PayPal User Agreement

MFA Compliance Attestation for Business Account SAML SSO Users

Medium severity
Share 𝕏 Share in Share 🔒 PDF
Watch PayPal Get alerts when this provision or policy changes.
Watch — $9.99/mo

Why it matters (compliance & risk perspective)

This is an unusual contractual attestation that shifts cybersecurity compliance liability directly onto the business user — if PayPal's account is compromised via SSO and the business was not MFA-compliant, the business may bear full liability.

Consumer impact (what this means for users)

PayPal's User Agreement significantly affects your financial rights and access to funds — PayPal can place holds on your money for up to 180 days and limit or suspend your account at its discretion. You waive the right to participate in class action lawsuits and must resolve all disputes through individual binding arbitration, which is generally more costly and less accessible for small-dollar claims. You can opt out of the arbitration agreement by sending a written notice to PayPal's Legal Department at 2211 North First Street, San Jose, CA 95131 within 30 days of first accepting the User Agreement.

How other platforms handle this

Nintendo Medium

If the Nintendo Parties are subject to any actual or threatened claims, costs, damages, losses, or other liabilities (collectively, "Covered Losses") as a result of your use of any of the Services, or any data, information, or other item you make available through the Services including User Content...

Comcast Medium

YOU AGREE TO DEFEND, INDEMNIFY, AND HOLD US AND EACH RELEASED ENTITY HARMLESS FROM AND AGAINST ANY DAMAGES, LOSSES, OR EXPENSES (INCLUDING, WITHOUT LIMITATION, REASONABLE ATTORNEYS' FEES AND COSTS) INCURRED IN CONNECTION WITH ANY CLAIMS, SUITS, JUDGMENTS, AND CAUSES OF ACTION ARISING OUT OF (a) YOUR...

Shopify Medium

You agree to indemnify, defend and hold harmless Shopify and our parent, subsidiaries, affiliates, partners, officers, directors, agents, contractors, licensors, service providers, subcontractors, suppliers, interns and employees, harmless from any claim or demand, including reasonable attorneys' fe...

See all platforms with this clause type →

This clause could change without notice.

Get alerted when PayPal updates this policy — with plain-language summaries and severity ratings.

Watch PayPal Need compliance memos? Professional →
View original clause language
If you, or any other person associated with your account, use SAML SSO (Security Assertion Markup Language Single Sign-On) to allow access to your accounts with PayPal, you attest that you are compliant with applicable state and Federal Multi-Factor Authentication ("MFA") regulations (e.g., NY DFS Part 500 and 16 CFR Part 314: Standards For Safeguarding Customer Information).

Provision details

Document information
Document
PayPal User Agreement
Entity
PayPal
Document last updated
April 29, 2026
Tracking information
First tracked
March 6, 2026
Last verified
April 9, 2026
Record ID
CA-P-002285
Document ID
CA-D-00044
Evidence Provenance
Source URL
https://www.paypal.com/us/legalhub/useragreement-full
Wayback Machine
View archived versions →
SHA-256
787aedff80f89f2d9da4fd79756bbd226f8a5338c9e19c15b2a2fa0d01f59a90
Verified
✓ Snapshot stored   ✓ Change verified
How to Cite
ConductAtlas Policy Archive
Entity: PayPal | Document: PayPal User Agreement | Record: CA-P-002285
Captured: 2026-03-06 20:26:28 UTC | SHA-256: 787aedff80f89f2d…
URL: https://conductatlas.com/platform/paypal/paypal-user-agreement/mfa-compliance-attestation-for-business-account-saml-sso-users/
Accessed: May 4, 2026
Classification
Severity
Medium
Categories
Indemnification

Other risks in this policy

Don't miss changes to this clause.

PayPal has updated this policy before. Get alerted on the next change.

Watch PayPal

Frequently Asked Questions

What does PayPal's MFA Compliance Attestation for Business Account SAML SSO Users clause do?

This is an unusual contractual attestation that shifts cybersecurity compliance liability directly onto the business user — if PayPal's account is compromised via SSO and the business was not MFA-compliant, the business may bear full liability.

Is ConductAtlas affiliated with PayPal?

No. ConductAtlas is an independent monitoring service. We are not affiliated with, endorsed by, or sponsored by PayPal.