Enabling Effective Cybersecurity Management The security of our customers and platform is one of our top priorities. We continue to implement a proactive security Securing Our Customers & Platform philosophy intended to provide strong oversight structures to achieve our security goals. Our Chief Information Security Officer (CISO) oversees our cybersecurity management function across our global enterprise, with Board We continue to invest our time and resources in oversight from the ARC Committee. As part of our ERCM Program, our Information Security Program is designed to strengthening the security of our products and services support the Company in identifying, protecting, detecting, responding to and recovering from cybersecurity threats. to remain one of the world’s most trusted payment platforms. PayPal’s Collaborative Approach In 2022, PayPal implemented enhanced passwordless Prioritizing External Validation & authentication for our customers through the Engagement on Our Information to Further Customer Protection introduction of passkeys and for employees accessing Security Program PayPal’s unique two-sided network gives us the devices and applications that leverage corporate- opportunity to enhance customer protection through managed identities. See our Social Innovation section Our commitment to security is evident in our a combination of sophisticated risk models, fraud for more information. efforts to adhere to industry best practices detection and data security controls. PayPal’s Incident Management process provides a and alignment with top frameworks such as coordinated approach to promote effective and timely the NIST Cybersecurity Framework and ISO PayPal’s cybersecurity teams, in coordination with the risk response and management of highly impactful 27001 certification. Reinforcing our dedication Cyber Defense Center, defend against and mitigate events. Our program aims to prepare us for a range of to maintaining high standards, we have proudly risks to the availability of our systems, as well as protect incidents we may encounter, including those pertaining served on the Board of Advisors for the Payment the data we process and store. PayPal’s anti-fraud to technology, fraud, cybersecurity, security and our Card Industry (PCI) Security Standards Council teams, in coordination with the Fraud Defense Cyber brand. We focus on quick and effective mitigation of since 2015. Center, focus on operationalizing fraud intelligence to incidents, restoration of services, recovery of impacts, PayPal’s internal audit and oversight testing proactively prevent fraud and abuse and mitigate risk as well as communications and root cause and functions regularly review our information security to our products, services and customer data. corrective feedback mechanisms. programs. In addition, our information security Protecting our customers and platform is a joint effort Maintaining PayPal’s Thorough Cyber PayPal helps protect customers from phishing through program is externally validated, including annual of these crucial functions. Our security and fraud Attack Risk Response Process security awareness initiatives, proactive phishing site audits conducted by independent third parties teams work alongside customer support to collaborate In addition to cyber threat monitoring and takedowns and improved phishing detection across the covering ISO 27001, PCI-DSS, PCI-P2PE, PCI PIN, and share insights to empower internal and external quarterly cybersecurity risk assessments, we ecosystem. For example, last year we published a new SOC-1 and SOC-2. We also actively contribute partners to enhance PayPal’s customer and data review and conduct exercises on our disaster consumer awareness video tutorial on how to detect to security standards through PCI and remain protection capabilities. We perform 24/7 monitoring and recovery and business continuity plans at least and report phishing to PayPal. In 2022, we also released engaged with governments worldwide to stay measurement to promote system reliability and maintain annually. We have an established breach response findings from our two-year research project on new abreast of evolving threats and manage risk. the integrity of PayPal’s production and corporate process to protect the integrity of PayPal’s techniques to defend against advancements in phishing environments. platform. websites at the ACM Computer and Communications Security Conference.