Okay, here's what's not being said in any of these replies. The PCI Compliance of PayPal is important, but when using Virtual Terminal you hold a lot of responsibility for PCI Compliance yourself. Think about it. If you have malware on the computer that you use to type a card number into Virtual Terminal, that isn't PayPal's fault or responsibility. YOU are responsible for the security of the card number from the time you type it in until it leaves your network to go to PayPal. That means at a minimum, your PC and potentially your network are "in scope" for PCI. It doesn't matter that PayPal is PCI compliant if the problem lies on your side. You need to go to pcisecuritystandards.org and review SAQ C-VT. Those are the requirements that could potentially apply to your network. If you are not prepared to meet those security requirements (and a lot of people aren't) then you might need to reconsider whether you should be using Virtual Terminal.
... View more