 Posted - 12/22/2025 : 09:33:19
There are several previous threads - and some apparent confusion - about PCI requirements and the need for expensive, ongoing third-party penetration testing for stores that use the PayPal Advanced Checkout option in the cart’s PayPal Settings. I am very skeptical of the recurring "VikingCloud" emails with the subject " Your PCI compliance status requires attention". These read like PayPal partner spam intended to extract recurring fees from merchants, rather than legitimate compliance notices. PayPal’s current documentation ( https://developer.paypal.com/studio/checkout/advanced) uses the term "Advanced Checkout" in the URL, while the page itself refers to "PayPal Expanded Checkout". That page says: " PayPal Card Fields is a PCI DSS service provider. Use the Card Fields integration to comply with PCI compliance when collecting card information from buyers." So my questions are: 1 - Is the "PayPal Expanded Checkout" described on that page the integration currently used by the latest PayPal implementation in ECT? 2 - If so, doesn’t PayPal’s documentation indicate that PCI exposure for the store owner should be minimal, and effectively handled by PayPal? I am trying to reconcile PayPal’s published guidance with those persistent "VikingCloud" emails I have ignored so far, which claim that recurring PCI audits and expensive third-party scanning are required.
Edited by - pauld on 12/22/2025 10:07:20
| 
All Forums
PayPal Advanced Checkout and PCI Compliance