Risk Factors Dashboard
Once a year, publicly traded companies issue a comprehensive report of their business, called a 10-K. A component mandated in the 10-K is the ‘Risk Factors’ section, where companies disclose any major potential risks that they may face. This dashboard highlights all major changes and additions in new 10K reports, allowing investors to quickly identify new potential risks and opportunities.
View risk factors by ticker
Search filings by term
Risk Factors - PYPL
-New additions in green
-Changes in blue
-Hover to see similar sentence in last filing
Item 1A. Risk Factors” of this Form 10-K, as well as in our consolidated financial statements, related notes, and the other information appearing in this report and our other filings with the Securities and Exchange Commission (“SEC”). We do not intend, and undertake no obligation except as required by law, to update any of our forward-looking statements after the date of this report to reflect actual results, new information, or future events or circumstances. Given these risks and uncertainties, readers are cautioned not to place undue reliance on such forward-looking statements. You should read the information in this report in conjunction with the audited consolidated financial statements and the related notes that appear in this report.
Our Program is built on a three lines of defense model integrated into our overall Enterprise Risk and Compliance Management Program (“ERCM Program”).Our Information Security Program is built on a three lines of defense model integrated into our overall Enterprise Risk and Compliance Management Program (“ERCM Program”). It shares common methodologies, reporting channels, and governance processes that apply across the ERCM Program to other legal, compliance, strategic, operational, and financial risk areas. The Program is governed by the Technology, Information Security, and Privacy Risk Management Committee and overseen by our Board of Directors (“Board”) and its Risk and Compliance Committee (“R&C Committee”).
For a description of risks from known cybersecurity threats, including as a result of any prior cybersecurity incidents, that have materially affected or are reasonably likely to materially affect us, including our operations, business strategy, results of operations, or financial condition, see “Item 1A. Risk Factors” under the captions “Cyberattacks and security vulnerabilities could result in serious harm to our reputation, business, and financial condition” and “Business interruptions or systems failures may impair the availability of our websites, applications, products or services, or otherwise harm our business.”
Our Board considers cybersecurity risk as part of its risk oversight function and has delegated to our R&C Committee oversight of cybersecurity and other information technology risks. The R&C Committee oversees PayPal’s overall risk framework, including management’s implementation of our cybersecurity risk management program, and reports to the full Board of Directors on a regular basis on cybersecurity and information technology risk management. The R&C Committee receives quarterly reports from the Chief Information Security Officer (“CISO”) on our cybersecurity risks. Management also updates the R&C Committee, as necessary, regarding cybersecurity incidents.
Our cybersecurity teams, overseen by our CISO, are responsible for assessing and managing our risks from cybersecurity threats, including defining security policy and Board reporting of security risk. The CISO approves all security policies and oversees the identification, assessment, and management of cybersecurity risks, which is designed to provide a proactive and comprehensive approach to safeguarding our information assets. The CISO approves all security policies and oversees the identification, assessment, and management of cybersecurity risks, which provides a proactive and comprehensive approach to safeguarding our information assets. The teams have primary responsibility for our overall Program and supervise both our internal cybersecurity personnel and our external cybersecurity consultants. The teams have primary responsibility for our overall Information Security Program and supervise both our internal cybersecurity personnel and our external cybersecurity consultants. Our cybersecurity teams’ expertise includes cybersecurity incident response, in-depth security assessments, security emulation exercises to evaluate security profiles, security research, education and outreach, and security tool development. Our cybersecurity teams’ experience includes cybersecurity incident response, in-depth security assessments, and security emulation exercises to evaluate security profile, security research, education and outreach, and security tool development.
ITEM 1. BUSINESS
OVERVIEW
At PayPal Holdings, Inc., our mission is to revolutionize commerce globally. Our products are designed to enable digital payments and simplify commerce experiences for consumers and merchants to make selling, shopping, and sending and receiving money simple, personalized, and secure, whether online or in-person.
We operate a global, two-sided network at scale that connects consumers and merchants with 439 million active accounts across approximately 200 markets as of December 31, 2025.
•Consumers: We provide consumers with digital wallets and other solutions that allow them to shop and pay with PayPal and Venmo—both online and in-person—manage their finances (including saving and buying and selling cryptocurrencies), and send and receive money between friends and family. When shopping, we offer consumers flexibility in how they pay, which may include a bank account, a PayPal or Venmo account balance, PayPal-branded consumer credit and debit products, other credit and debit cards, certain cryptocurrencies, or other stored value products such as gift cards, and eligible rewards.
•Merchants: We help merchants connect with customers, increase conversion rates and sales, and grow their businesses in the markets where our services are available. We provide large enterprises and small and medium businesses with online branded checkout solutions, including PayPal and Venmo; online unbranded payments processing; PayPal buy now, pay later (“BNPL”) solutions; in-person point of sale solutions; business financing; payouts capabilities; and risk tools. We provide large enterprises and small and medium businesses with online branded checkout solutions, including PayPal and Venmo; online unbranded payments processing, including Braintree and PayPal Complete Payments; our buy now, pay later solutions, which we refer to as PayPal Pay Later; in-person point of sale systems, including Zettle; business financing, including PayPal Working Capital (“PPWC”) and PayPal Business Loan (“PPBL”); payouts capabilities; and risk tools.
We earn revenues primarily by charging fees for completing payment transactions for our customers and other payment-related services, which are typically based on the volume of activity processed on our payments platform. We also generate revenue from customers for currency conversion, for instant transfers from their PayPal or Venmo account to their bank account or debit card, and to facilitate the purchase and sale of cryptocurrencies; however, we generally do not charge customers to fund or draw from their accounts. We also earn revenue by providing other value-added services, which primarily comprise revenue earned through partnerships, interest and fees from our consumer and merchant credit products, interest earned on certain assets underlying customer balances, referral fees, subscription fees, and gateway services. We also earn revenue by providing other value added services, which primarily comprise revenue earned through partnerships, interest and fees from our consumer and merchant credit products, interest earned on certain assets underlying customer balances, referral fees, subscription fees, and gateway services.
Unless otherwise expressly stated or the context otherwise requires, references to “we,” “our,” “us,” “the Company,” or “PayPal” refer to PayPal Holdings, Inc. and its consolidated subsidiaries.
 | FY 2025 FORM 10-K | 4 | ||||||||||||
KEY PERFORMANCE METRICS
In 2025, we processed $1.79 trillion of total payment volume (“TPV”), an increase of 7% compared to 2024, and 25.4 billion payment transactions, a decrease of 4% compared to 2024. As of December 31, 2025, we had 439 million active accounts, an increase of 1% compared to December 31, 2024.
We measure the scale of our platform and the relevance of our products and services to our customers through certain metrics, including TPV, payment transactions, and active accounts:
TPV is the value of payments, net of payment reversals, successfully completed on our payments platform or enabled by PayPal via a partner payment solution, not including gateway-exclusive transactions.
Number of payment transactions is the total number of payments, net of payment reversals, successfully completed on our payments platform or enabled by PayPal via a partner payment solution, not including gateway-exclusive transactions.
An active account is an account registered directly with PayPal or a platform access partner that has completed a transaction on our platform, not including gateway-exclusive transactions, within the past 12 months. A platform access partner is a third party whose customers are provided access to PayPal’s platform or services through such third-party’s login credentials, including individuals and entities that utilize Hyperwallet’s payout capabilities. A user may register on our platform to access different products and may register more than one account to access a product. Accordingly, a user may have more than one active account. The number of active accounts provides management with additional perspective on the overall scale of our platform, but may not have a direct relationship to our operating results.
OUR STRENGTHS
Our business is built on a strong foundation designed to drive profitable growth and differentiate us from our competitors. We believe that our competitive strengths include the following:
•Two-sided platform—we facilitate online and offline transactions for millions of consumers and merchants. Our relationship on both sides of a transaction enables us to utilize data to innovate and offer unique product experiences designed to remove friction, drive sales, and enhance shopping experiences. Our relationship on both sides of a transaction enables us to offer unique product experiences designed to remove friction, drive sales, and enhance shopping experiences.
•Trusted brands—we have built well-recognized and trusted brands, including PayPal and Venmo. Our communications and marketing efforts across multiple geographies and demographic groups play an important role in building brand visibility, usage, and overall preference among customers.
•Platform agnostic—we are technology and platform agnostic. This approach allows our merchants to offer and use a variety of our branded and unbranded payment processing solutions and business financing products, alongside other tools. We give consumers flexibility to make and receive payments using a wide variety of funding options and digital wallet solutions, including their bank account, PayPal and Venmo account balance, BNPL, certain cryptocurrencies, and debit and credit card options.
•Scale—our global scale helps us to drive organic growth. As of December 31, 2025, we had 439 million active accounts across approximately 200 markets1 around the world.
•Customer-back innovation—we are orienting and transforming our culture towards innovating in ways that benefit our customers and drive profitable growth. We have released numerous products, services, and improvements to our platform in 2025.
•Risk and compliance management—our enterprise risk and compliance management program is designed to help keep customer information secure and to help ensure we process legitimate transactions around the world, while identifying and minimizing illegal, high-risk, or fraudulent transactions.
•Regulatory licenses—we believe that our regulatory licenses, which enable us to operate in markets around the world, are a distinct advantage and help support business growth.
1A market is a geographic area or political jurisdiction, such as a country, territory, or protectorate, in which we offer some or all of our products and services. A country, territory, or protectorate is identified by a distinct set of laws and regulations.
| FY 2025 FORM 10-K | 5 | ||||||||||||
CONSUMER AND MERCHANT PAYMENT SOLUTIONS
Consumer solutions
We help consumers transact securely with merchants, manage their finances, and send to and receive money from friends and family around the globe. Our goal is to create the simplest checkout experience possible for consumers online or in-person including mobile. We drive increased consumer engagement by providing them with a wide range of services to manage their finances and enhance their ability to shop online and offline. We drive increased consumer engagement by providing consumers with a wide range of services to manage their finances and enhance their ability to shop online and offline. Our PayPal and Venmo branded checkout experiences allow consumers to complete purchases in just a few steps without having to enter payment and address information. We also focus on simplifying and personalizing shopping experiences for our consumers by offering tools for product discovery, price tracking, saving through deals and offers, convenient package tracking, and earning and redeeming of shopping rewards. The PayPal- and Venmo-branded debit and credit cards, as well as our contactless mobile wallet using near-field communication (“NFC”) capabilities, give consumers the ability to transact in-person through our platform and earn incentives, including cash-back rewards.
We also offer consumers person-to-person (“P2P”) payment solutions for domestic and international transfers through our PayPal, Venmo, and Xoom products and services. Our Venmo digital wallet in the United States (“U.S.”) is a leading mobile application used to move money between friends and family. Our Xoom international money transfer service enables our customers to send money to bank accounts, mobile wallets, and cash pick-up destinations around the world in a secure, fast, and cost-effective way. Our Xoom international money transfer service enables our customers to send money to people around the world in a secure, fast, and cost-effective way. P2P is an important source of customer engagement and also serves as a customer acquisition channel that facilitates organic growth by enabling potential users to establish active accounts with PayPal or Venmo at the time they make or receive a P2P payment.
We offer credit products to eligible consumers in certain markets as a funding source at checkout. Our consumer credit offerings include our BNPL products in the U.S., Germany, France, United Kingdom (“U.K.”), and Australia, among other markets, and in Japan through our Paidy brand. A key attribute of our short-term BNPL products is the absence of interest or consumer late fees for missed payments in most of the geographies where we offer them. A key attribute of our buy now, pay later products is the absence of interest or consumer late fees for missed payments in most of the geographies where we offer them. Further, we offer interest-bearing installment products for consumers in the U.S. (issued by an independent chartered financial institution) and in Germany, among other markets. In the U.S., consumers may apply for the PayPal- and Venmo-branded consumer credit cards, including the PayPal Credit revolving consumer credit product, which are issued through a partnership with an independent chartered financial institution. We offer a PayPal-issued PayPal Credit product in the U.K. We believe that our consumer credit products help us to increase engagement with consumers and merchants on our two-sided network.
We generate revenue from consumers from: foreign currency conversions, instant transfers from their PayPal or Venmo account to their bank account or debit card, and facilitating the purchase and sale of cryptocurrencies; interest, fees, or other revenue from our credit products; and other miscellaneous fees. We also earn revenue from interest earned on certain assets underlying customer balances.
Merchant solutions
Merchants use our solutions to increase conversion rates and grow and manage their business. We employ a technology and platform agnostic approach intended to enable merchants of all sizes to utilize our various products. Our diversified suite of products and services is tailored to meet the needs of merchants regardless of their size or business complexity. We offer a seamless omnichannel solution that helps merchants manage and grow their business.
Our PayPal and Venmo branded checkout experiences allow customers to complete purchases in just a few steps without having to enter payment and address information. These seamless experiences reduce cart abandonment and drive higher conversion rates for merchants. Our BNPL solutions are embedded into our branded checkout experiences, which can help increase consumer spend and enable merchants to grow sales. Our buy now, pay later solutions are embedded into our branded checkout experiences, which can help increase consumer spend and enable merchants to grow sales.
Our unbranded payments processing solutions allow merchants to quickly and easily provide digital checkout online with a variety of popular ways to pay, including debit and credit cards, digital wallets, BNPL, certain cryptocurrencies, and local payment methods.
We offer a suite of value added services, including payouts, payments orchestration, and fraud prevention and risk management solutions that help reduce merchant losses through our proprietary protection programs. We also offer omnichannel solutions that allow merchants to make sales in person using our PayPal Point of Sale app, card reader, or point of sale systems. We also offer omnichannel solutions that allow merchants to make sales in person using our Zettle by PayPal app, card reader, or point of sale systems.
| FY 2025 FORM 10-K | 6 | ||||||||||||
In certain markets, we offer access to merchant financing products for eligible small and medium-sized businesses through our PayPal Working Capital (“PPWC”) and PayPal Business Loan (“PPBL”) products, which we collectively refer to as our merchant financing solutions. Our PPWC product allows businesses to access a loan or cash advance (depending on a merchant’s home country) for a fixed fee, based on their annual payment volume processed by PayPal. The PPWC product allows businesses to access a loan or cash advance for a fixed fee, based on their annual payment volume processed by PayPal. Our PPBL product provides businesses with access to short-term financing for a fixed fee based on an evaluation of the applying business as well as the business owner. The PPBL product provides businesses with access to short-term financing for a fixed fee or interest based on an evaluation of the applying business as well as the business owner. In the U.S., these products are provided under a program agreement with an independent chartered financial institution. We believe that our merchant financing solutions enable us to deepen our engagement with our existing small and medium-sized merchants and expand services to new merchants by providing access to capital that may not be available from traditional banks or other lenders.
We generate revenues from merchants primarily by charging fees for completing their payment transactions and other payment-related services. We also earn revenues from fees earned on our merchant loans and advances and interest earned on certain assets underlying customer balances. We also earn revenues from interest and fees earned on our merchant loans and advances and interest earned on certain assets underlying customer balances.
PROTECTING CONSUMERS AND MERCHANTS
Protecting consumers and merchants on our payments platform from financial and fraud loss is important to successfully compete and sustainably grow our business. Fraudulent activities, such as account takeovers, identity theft (including stolen financial information), and malicious activities by counterparties, represent a significant risk to consumers and merchants, as well as their payment partners. Fraudulent activities, such as account takeover, identity theft (including stolen financial information), and malicious activities by counterparties, represent a significant risk to consumers and merchants, as well as their payment partners. In addition to the protections afforded by applicable law, we provide consumers and merchants with protection programs for certain purchase transactions completed on our payments platform. Our protection programs help protect both consumers and merchants from financial loss resulting from, among other things, counterparty non-performance. These programs are designed to promote confidence on the part of both consumers, who will be reimbursed in certain circumstances, such as not receiving their purchased eligible item in the condition significantly as described, as well as merchants, who will receive payment in certain circumstances, such as establishing proof of shipment or delivery of an eligible item to the customer. These programs are designed to promote confidence on the part of both consumers, who will be reimbursed in certain circumstances, such as not receiving their purchased item in the condition significantly as described, as well as merchants, who will receive payment in certain circumstances, such as establishing proof of shipment or delivery of an item to the customer. We believe that these programs are generally consistent with or broader than protections provided by other participants in the payments industry.
Our ability to help protect both consumers and merchants is based largely on our proprietary, end-to-end payments platform and our ability to utilize the data from both sides of transactions on our two-sided network, specifically from buyers and sellers and from senders and receivers of payments. Our ongoing investment in systems and processes is designed to enhance the safety and security of our products and reflects our goal of having PayPal recognized as one of the world’s most trusted payments brands.
COMPETITION
The global payments industry is highly competitive, dynamic, innovative, and subject to regulatory scrutiny and oversight. Many of the areas in which we compete evolve rapidly with innovative and disruptive technologies, shifting preferences, needs, and price sensitivity of consumers and merchants, and frequent introductions of new products and services. Many of the areas in which we compete evolve rapidly with innovative and disruptive technologies, shifting user preferences and needs, price sensitivity of consumers and merchants, and frequent introductions of new products and services. Competition also may intensify as new competitors emerge, businesses combine or enter into new partnerships, and established companies in other segments expand to become competitive with various aspects of our business.
Our business faces competition from a wide range of businesses and from all forms of physical and electronic payments. We face competition from banks and financial institutions, which provide traditional payment methods (particularly credit cards and debit cards (collectively, “payment cards”), electronic bank transfers, credit, and installment methods), payment networks that facilitate payments for payment cards or proprietary retail networks, payment card processors, and “card on file” services. We also face competition from providers offering a variety of payment products and services ranging from broader platform solutions to point solutions focused on a specific functionality or feature, including tokenized and contactless payment cards, digital wallets and mobile payments solutions, credit, installment or other buy now, pay later methods, real-time payment systems, P2P payments and money remittance services, card readers and other devices or technologies for payment at point of sale (such as contactless cards, tokenized cards, NFC based solutions, and Quick Response (“QR”) code based solutions), value added services related to payments (such as payouts, adaptive payment optimization, foreign exchange and risk solutions), virtual currencies (such as cryptocurrencies and stablecoins) and distributed ledger technologies, and tools that simplify and personalize shopping experiences for consumers and merchants. We also face competition from providers offering a variety of payment products and services ranging from broader platform solutions to point solutions focused on a specific functionality or feature, including tokenized and contactless payment cards, digital wallets and mobile payments solutions, credit, installment or other buy now, pay later methods, real-time payment systems, P2P payments and money remittance services, card readers and other devices or technologies for payment at point of sale (such as contactless cards, tokenized cards, Near Field Communication (NFC) based solutions, and Quick Response (QR) code based solutions), value added services related to payments (such as payouts, payment orchestration, foreign exchange and risk solutions), virtual currencies (such as cryptocurrencies and stablecoins) and distributed ledger technologies, and tools that simplify and personalize shopping experiences for consumers and merchants. Our products and services also face competition from paper-based payments (primarily cash and checks).
| FY 2025 FORM 10-K | 7 | ||||||||||||
We differentiate ourselves to consumers through our broad acceptance and the ability to use our products and services across multiple commerce channels, including e-commerce, mobile, and offline payments, and without sharing their financial information with the merchant or any other party they are paying; our customer service, dispute resolution, and purchase protection programs; and our ability to simplify and personalize shopping experiences. In addition, we differentiate ourselves to merchants through our ability to innovate and develop products and services that offer new payment experiences or functionality for our merchants, demonstrate that they may achieve incremental sales by using and offering our services to consumers, and support transactions on our payments platform across varied technologies and payment methods; through the simplicity and transparency of our fee structure; and through our seller protection programs, analytics, and risk management, as well as other merchant services. We invest resources to improve our products and services and expand their acceptance, offer choice in payment options, provide excellent customer service, and build brands that both consumers and merchants trust.
In addition to the discussion in this section, see “Item 1A. Risk Factors” under the caption “We face substantial and increasingly intense competition worldwide in the global payments industry” for further discussion of the potential impact of competition on our business.
STRATEGY
Our ability to grow revenue is affected by, among other things, the macroeconomic environment and its impact on commerce and economic growth, consumer spending patterns, adoption of digital payment methods, the growth of multiple commerce channels, the growth of mobile devices and commerce and payment applications on those devices, the growth of consumers and merchants globally with internet and mobile access, the pace of transition from cash and checks to digital forms of payment, our share of digital payments, and our ability to innovate and introduce new products, services, and features that consumers and merchants value. Our strategy to drive growth in our business includes the following:
•Accelerating growth in our branded checkout business: by improving our user experience, including by reducing friction and enhancing rewards, we will drive consumer selection and increase conversion rates for merchants. This strategy will increase our customers’ engagement with our products and services. A critical element of our overall growth strategy involves driving an increase in monthly active accounts, which we expect will contribute to growth in payment transactions, TPV, and net revenues.
•Expanding our value proposition for consumers and merchants to drive daily use: by providing consumers with simple, secure, and flexible ways to shop and move money across different markets, merchants, and platforms, including offering BNPL options, purchase protection programs, and simplifying their shopping experiences; by being technology and platform agnostic; and by expanding and launching capabilities that allow consumers to shop in and pay wherever they want to make a purchase—online, in-person and through artificial intelligence (“AI”) agents; by partnering with our merchants to grow and expand their business online and offline, including offering merchants risk management and seller protection programs; and by delivering payment-adjacent capabilities.
•Unlocking the power of data: by responsibly utilizing data in our two-sided platform to personalize consumer offerings, we will create more value for our customers, improve the interconnectedness of our platform, and tap into new sources of revenue and profitable growth.
•Increasing omnichannel engagement: through the PayPal-branded debit and credit cards, rewards programs, and seamless integration into digital wallets that support in-person payments, we are giving consumers more reasons to use PayPal and Venmo for in-person as well as online (including agentic) purchases. Providing consumers more opportunities to use PayPal for omnichannel purchases will help us to drive engagement.
•Building and expanding strategic partnerships: by building new strategic partnerships and deepening existing ones to provide better experiences for our customers, offer greater choice and flexibility, acquire new customers, and reinforce our role in the payments and commerce ecosystem.
•One PayPal platform: by investing in state-of-the-art technology, architecture, and processes to deliver high-quality products and services to our customers more efficiently and effectively.
•Seeking new areas of growth: innovate the future of commerce by focusing on creating new products and services in both the digital and physical worlds, including crypto and digital currencies (such as the PayPal USD stablecoin), agentic commerce, advertising-related services, and cross-wallet interoperability through PayPal World, and finding opportunities to expand and improve upon our existing products and capabilities.
| FY 2025 FORM 10-K | 8 | ||||||||||||
TECHNOLOGY
Our payments platform utilizes a combination of proprietary and third-party technologies and services intended to facilitate transactions efficiently and securely between millions of consumers and merchants worldwide across different channels, markets, and networks. Our payments platform connects with financial services providers around the world and allows consumers to make purchases using a wide range of payment methods, regardless of where a merchant is located. Consumers who use our payments platform can send payments in approximately 200 markets around the world and in approximately 140 currencies, withdraw funds to their bank accounts in 57 currencies, and hold balances in their eligible PayPal accounts in 24 currencies.
We have developed intuitive user interfaces, customer tools, transaction management databases, and payment network integrations on our platform designed to enable our customers to utilize our suite of products and services. Our payments platform, open application programming interfaces, and developer tools are designed to enable developers to innovate efficiently and offer robust solutions to our consumers and merchants globally, while at the same time helping to maintain the security of our customers’ information. Our payments platform, open application programming interfaces, and developer tools are designed to enable developers to innovate with ease and offer robust solutions to our global ecosystem of consumers and merchants, while at the same time helping to maintain the security of our customers’ information.
The technology infrastructure supporting our payments platform is designed to simplify the storage and processing of large amounts of data and facilitate the deployment and operation of large-scale global products and services whether hosted by third-party cloud service providers or our own data centers. Our technology infrastructure is designed around industry best practices intended to reduce downtime and help ensure the resiliency of our payments platform in the event of outages or catastrophic occurrences. Our payments platform incorporates multiple layers of protection for business continuity and system redundancy purposes and to help mitigate cybersecurity risks. We have a comprehensive cybersecurity program designed to protect our technology infrastructure and payments platform against cybersecurity threats, which includes regularly testing our systems to identify and address potential vulnerabilities. We continue to make multi-year investments in our technology infrastructure, including those associated with cloud-related initiatives, intended to support the scalability, resiliency, and efficiency of our payments platform. In addition, we are investing in initiatives intended to modernize our infrastructure and support future enhancements to our products and services. We strive to continually improve our technology infrastructure and payments platform to enhance the customer experience and to increase efficiency, scalability, and security.
For additional information regarding risks relating to our technology infrastructure and cybersecurity, see the information in “Item 1A. Risk Factors” under the captions “Cyberattacks and security vulnerabilities could result in serious harm to our reputation, business, and financial condition” and “Business interruptions or systems failures may impair the availability of our websites, applications, products or services, or otherwise harm our business.”
RESEARCH AND DEVELOPMENT
Our total research and development expense was $1.5 billion in both 2025 and 2024 and $1.6 billion in 2023.
INTELLECTUAL PROPERTY
The protection of our intellectual property, including our trademarks, copyrights, domain names, trade dress, patents, and trade secrets, is important to the success of our business. We seek to protect our intellectual property rights by relying on applicable laws, regulations, and administrative procedures in the U.S. and internationally. We have registered our core brands as domain names and as trademarks in the U.S. and many international jurisdictions. We also have an active program to secure and enforce trademarks and domain names that correspond to our brands in markets of interest. We have filed and continue to file patent applications in the U.S. and in international jurisdictions covering certain aspects of our proprietary technology and new innovations. We also rely on contractual restrictions to protect our proprietary rights when offering or procuring products and services. We routinely enter into confidentiality and invention assignment agreements with our employees and contractors, and non-disclosure agreements with parties with whom we conduct business to control access to, and use and disclosure of, our proprietary information.
For additional information regarding risks relating to our intellectual property, see the information in “Item 1A. Risk Factors” under the captions “Third parties may allege that we are infringing their patents and other intellectual property rights” and “We may be unable to protect or enforce our intellectual property.”
| FY 2025 FORM 10-K | 9 | ||||||||||||
GOVERNMENT REGULATION
We operate globally and in a rapidly evolving regulatory environment characterized by a heightened focus by regulators globally on all aspects of the payments industry, including anti-money laundering, countering terrorist financing, privacy, cybersecurity, and consumer protection. The laws and regulations applicable to us, including those enacted prior to the advent of digital payments, continue to evolve through legislative and regulatory action and judicial interpretation. New or changing laws and regulations, including changes to their interpretation and implementation, as well as increased penalties and enforcement actions related to non-compliance, could have a material adverse impact on our business, results of operations, and financial condition. We monitor these areas closely and are focused on designing compliant solutions for our customers.
Government regulation impacts key aspects of our business. We are subject to the laws and regulations applicable to the payments industry in the markets we operate, which are subject to interpretation and change.
Payments regulation. Various laws and regulations govern the payments industry in the U.S. and internationally. In the U.S., PayPal, Inc. (a wholly-owned subsidiary) holds licenses to operate as a money transmitter (or its equivalent) in the states where such licenses are required, as well as in the District of Columbia and certain territories. These licenses include not only our PayPal-branded products and services, but also our Venmo, Hyperwallet, Xoom, and PayPal Open products and services, to the extent offered in these locations. As a licensed money transmitter, PayPal is subject to, among other requirements, restrictions on the investment of customer funds, reporting requirements, bonding requirements, and inspection by state regulatory agencies. In certain cases, these licenses also generally cover PayPal’s service enabling customers to buy, hold, transfer, and sell cryptocurrency directly from their PayPal or Venmo account. PayPal holds a full Bitlicense issued by the State of New York Department of Financial Services to offer cryptocurrency services in the state. In the State of New York, PayPal holds a full Bitlicense issued by the New York Department of Financial Services to offer cryptocurrency services in the state. Other states have enacted or are expected to enact licensing requirements relating to our cryptocurrency business. Additionally, in July 2025, Congress enacted the Guiding and Establishing National Innovation for U.S. Stablecoins Act of 2025 (the “GENIUS Act”), establishing a federal framework for stablecoin regulation that includes requirements for cryptocurrency businesses, including PayPal. Congress may enact and federal agencies may adopt additional licensing or regulatory requirements relating to our cryptocurrency business.
Outside the U.S., we provide similar services customized for various countries and foreign jurisdictions through our foreign subsidiaries. The activities of those non-U.S. entities are, or may be, supervised by a financial regulatory authority in the jurisdictions in which they operate. Among other regulatory authorities, the Luxembourg Commission de Surveillance du Secteur Financier (the “CSSF”), the U.K. Financial Conduct Authority (“FCA”), the Australian Prudential Regulation Authority, the People’s Bank of China, the Monetary Authority of Singapore, the Reserve Bank of India, and the Central Bank of Brazil have asserted jurisdiction over some or all of our activities in their respective jurisdictions. This list is not exhaustive, and there are numerous other regulatory agencies that have asserted or may assert jurisdiction over our activities.
In addition, financial services regulators in various jurisdictions, including the U.S. and the European Union (“EU”), have implemented payment authentication requirements for banks and payment processors intended to reduce online fraud, which could impose significant costs, make it more difficult for new customers to open PayPal accounts, and reduce the ease of use of our products.
Financial Services supervision. We serve our customers in the EU through PayPal (Europe) S.à.r.l. et Cie, S.C.A. (“PayPal (Europe)”), a wholly-owned subsidiary that is licensed and subject to regulation as a credit institution in Luxembourg by the CSSF. We serve our customers in the U.K. through PayPal U.K. Limited (“PayPal U.K.”), a wholly-owned subsidiary that is subject to regulation as an electronic money institution in the U.K. by the FCA. Accordingly, we must comply with rules and regulations applicable to electronic money institutions in the U.K. and credit institutions in the E.U., including those related to capitalization, funds management, corporate governance, anti-money laundering, consumer rights, disclosure, reporting, and inspection. We are, or may be, subject to financial services-related regulations in other countries now or in the future related to our role in the financial services industry. In addition, based on our relationships with our partner financial institutions, we are, or may be, subject to indirect regulation and examination by the regulators of these partner financial institutions.
In December 2025, we submitted applications to the Utah Department of Financial Institutions and the Federal Deposit Insurance Corporation to establish PayPal Bank, a proposed Utah-chartered industrial loan company. There is no assurance that our applications to establish PayPal Bank will receive regulatory approval.
| FY 2025 FORM 10-K | 10 | ||||||||||||
Lending regulation. Our U.S. consumer short-term, interest-free, installment product is subject to federal and state laws governing consumer credit and debt collection, and PayPal holds multiple state licenses as the lender for this product. In Australia, PayPal Credit Pty Limited offers a consumer short-term, interest-free, installment product pursuant to a credit license and subject to other laws which cover the provision of financial services, credit reporting, debt collection, and privacy. In Australia, PayPal Credit Pty Limited offers a consumer short-term, interest-free, installment product that is exempt from regulation by the primary consumer credit legislation, but is subject to other laws which cover the provision of financial services, credit reporting, debt collection, and privacy. PayPal’s consumer short-term, interest-free, installment products in the U.K., France, Germany, Spain, and Italy are currently generally exempt from primary consumer credit legislation but certain consumer lending, consumer protection, and banking transparency regulations apply to this activity., France, Germany, Spain, and Italy are generally exempt from primary consumer credit legislation; however, certain consumer lending laws, consumer protection, and banking transparency regulations apply to this activity. This will change in the E.U. markets with the implementation of the revised Consumer Credit Directive which will take effect in November 2026 and result in formerly “unregulated” credit products being generally (and subject to the principle of proportionality in particular regarding underwriting obligations) subject to the same laws as fully regulated credit. Paidy, Inc. holds multiple licenses for the issuance of its consumer installment products in Japan and is registered with the Ministry of Economy, Trade and Industry as a Comprehensive Credit Purchase Intermediary. In Canada, PayPal Canada Co. offers a consumer short-term, interest-free installment product pursuant to multiple provincial credit licenses and subject to other laws which cover consumer protection, debt collection and privacy.
Our U.S. consumer interest-bearing installment product is subject to federal and state laws and is offered by an independent chartered financial institution. PayPal holds multiple state licenses to market and service this product. PayPal’s interest-bearing installment products for consumers in Germany, Italy, and Spain are subject to applicable local laws such as consumer (lending) laws, consumer protection, or banking transparency regulations. PayPal’s interest-bearing installment product for consumers in Germany is subject to applicable local laws such as consumer (lending) laws, consumer protection, or banking transparency regulations.
PayPal and Venmo co-branded consumer credit cards and the PayPal Credit revolving consumer credit product are issued by an independent chartered financial institution in the U.S., and are subject to laws and regulations governing these programs. PayPal Credit in the U.K. is a regulated, revolving consumer credit product subject to applicable local laws and regulations.
Our U.S. merchant lending products are subject to federal and state regulations and are offered by an independent chartered financial institution. Our merchant lending products offered in Germany, France, and the Netherlands are subject to the laws of Luxembourg and certain local laws, and our merchant lending cash advance product offered in the U.K. is subject to U.K. regulation. Our merchant lending product in Australia is subject to the laws of Australia. Our merchant lending product in Australia is subject to the laws of Australia and is originated by PayPal Credit Pty Limited.
Consumer Financial Protection Bureau (“CFPB”) and state consumer protection agencies.Consumer Financial Protection Bureau (“CFPB”). The CFPB and state regulators, including state attorneys general, have significant authority to regulate consumer financial products in the U.S., including consumer credit, deposits, payments, and similar products. As a large market participant of remittance transfers, we are subject to the direct supervisory authority of the CFPB. The CFPB and similar regulatory agencies in other jurisdictions may have broad consumer protection mandates that could result in the promulgation and interpretation of rules and regulations that may materially impact our business.
Anti-money laundering, counter-terrorist financing, and sanctions. PayPal is subject to anti-money laundering (“AML”) laws and regulations in the U.S. and other jurisdictions, as well as laws designed to prevent the use of the financial systems to facilitate terrorist activities. Our AML program is designed to prevent our payments platform from being used to facilitate money laundering, terrorist financing, and other illicit activities, or to do business in countries or with persons and entities included on designated country or person lists promulgated by the U.S. Department of the Treasury’s Office of Foreign Assets Control and equivalent authorities in other countries. Our AML and sanctions compliance programs, which are overseen by our AML/Bank Secrecy Act Officer, are composed of policies, procedures, and internal controls, and are designed to address these legal and regulatory requirements and assist in managing money laundering and terrorist financing risks. Our AML and sanctions compliance programs, overseen by our AML/Bank Secrecy Act Officer, are composed of policies, procedures, and internal controls, and are designed to address these legal and regulatory requirements and assist in managing money laundering and terrorist financing risks.
Interchange fees. Interchange fees (the transaction fees for processing credit and debit card transactions) are subject to regulation in certain jurisdictions. For example, in the EU, the Multilateral Interchange Fee Regulation caps interchange fees and provides for business rules to be complied with by any company dealing with payment card transactions. Interchange fees are being reviewed or challenged in various jurisdictions. As a result, the fees that we collect in certain jurisdictions may become the subject of regulatory challenge.
Data protection and privacy. We are subject to a number of laws, rules, directives, and regulations (“privacy and data protection laws”) relating to the collection, use, retention, security, processing, and transfer (collectively, “processing”) of personally identifiable information about our customers, our merchants’ customers, and employees (“personal data”) in the countries where we operate. Our business relies on the processing of personal data in many jurisdictions and the movement of data across national borders. As a result, much of the personal data that we process, which may include certain financial information associated with individuals, is subject to one or more privacy and data protection laws in one or more jurisdictions. In many cases, these laws apply not only to third-party transactions, but also to transfers of information between or among us, our subsidiaries, and other parties with which we have commercial relationships.
| FY 2025 FORM 10-K | 11 | ||||||||||||
Regulatory scrutiny of privacy, data protection, cybersecurity practices, and the processing of personal data is increasing around the world. Regulatory authorities are continuously considering numerous legislative and regulatory proposals and interpretive guidelines that may contain additional privacy and data protection obligations. Many jurisdictions in which we operate have adopted or are in the process of adopting or amending data protection and privacy legislation or regulation aimed at creating and enhancing individual privacy rights and data protection obligations. In addition, the interpretation and application of these privacy and data protection laws in the U.S., Europe, and elsewhere are subject to change and may subject us to increased regulatory scrutiny and business costs.
Anti-corruption. PayPal is subject to applicable anti-corruption laws, such as the U.S. Foreign Corrupt Practices Act, the U.K. Bribery Act, and similar laws in the jurisdictions in which we operate. Anti-corruption laws generally prohibit offering, promising, giving, accepting, or authorizing others to provide anything of value, either directly or indirectly, to or from a government official or private party to influence official action or otherwise gain an unfair business advantage, such as to obtain or retain business. We have implemented policies, procedures, and internal controls that are designed to comply with these laws and regulations.
Artificial Intelligence regulation. We use AI and machine learning technologies in various aspects of our business, including fraud prevention, risk management, product optimization and customer service. Governments and regulators globally are increasingly focused on the oversight of AI technologies and have proposed or enacted laws aimed at ensuring transparency, fairness, and accountability. For example, the EU has adopted the Artificial Intelligence Act, which provides a comprehensive framework for regulating AI, and other jurisdictions are considering similar frameworks. Compliance with existing and emerging AI regulations may require operational changes, increased costs, or limit the use of AI in our business. Evolving interpretations or enforcement of these regulations could also affect our ability to deploy certain AI-driven features and may subject us to additional regulatory scrutiny.
Additional regulatory developments. Various regulatory agencies continue to examine and implement laws governing a wide variety of issues, including virtual currencies, identity theft, account management guidelines, disclosure rules, cybersecurity, competition, and marketing, which may impact PayPal’s business. Certain governments around the world are adopting laws and regulations pertaining to environmental, social, and governance matters, and corporate sustainability performance, transparency, and reporting (e.g., the EU Corporate Sustainability Reporting Directive, Australia’s Treasury Laws Amendment, and states such as California), as well as topical reporting and risk management disclosure requirements, such as obligations related to disclosure of the management of climate-related risks., the EU Corporate Sustainability Reporting Directive), as well as topical reporting and risk management disclosure requirements, such as obligations related to disclosure of the management of climate-related risks.
For additional discussion on governmental regulation affecting our business, please see “Item 1A.For an additional discussion on governmental regulation affecting our business, please see “Item 1A. Risk Factors” and “Item 3. Legal Proceedings” included in this Form 10-K.
HUMAN CAPITAL
At PayPal, we consider the management of our global talent (human capital) to be essential to the ongoing success of our business. As of December 31, 2025, we employed approximately 23,800 people globally, with 46% in the Americas, 42% in Asia-Pacific, and 12% in Europe and the Middle East. As of December 31, 2024, we employed approximately 24,400 people globally, with 44% in the Americas, 44% in Asia-Pacific, and 12% in Europe and the Middle East. Our global employees work predominantly full-time and represent 142 nationalities, across 28 countries, including approximately 9,600 located in the U.S. Across our workforce, we reached approximately 42% global gender diversity and 58% U.S. ethnic diversity, as of December 31, 2025.
As a leading technology company, we compete for top talent from around the world. We believe that a culture focused on employee listening and experiences that enable career growth and development are essential to the successful acquisition, development, and retention of global talent. We believe that a strong culture focused on employee experiences that enable advancement, learning, and individual career insights is essential to the successful acquisition, development, and retention of global talent.
In 2025, we invested in our employees’ growth with programs to help employees take charge of their careers: a clear career framework, better development tools, and greater visibility into what growth looks like. With our new leadership capabilities launched, we also introduced a refreshed leadership program for our VP+ population, a program that we will expand to Senior Directors in 2026. Our employee listening informs the ongoing development of our employee programs. In addition to administering a periodic enterprise-wide survey to gather input from our global workforce, we also conducted specific surveys to gather direct employee feedback on specific topics. In addition to administering an annual survey to gather input from our global workforce, we also conducted specific surveys to gather direct employee feedback on specific topics.
We continue to support employee well-being, including providing resources, programs, and services to support our employees’ physical, mental, and financial wellness.We remain focused on promoting the holistic well-being of our employees, including providing resources, programs, and services to support our employees’ physical, mental, and financial wellness. PayPal offers a comprehensive benefits package designed to support employees at every stage of life while also helping our employees to prepare for the future.
| FY 2025 FORM 10-K | 12 | ||||||||||||
CORPORATE SUSTAINABILITY & IMPACT MANAGEMENT
Our management of priority Corporate Sustainability & Impact (“CS&I”) risks and opportunities in respect of our business is organized across employees and culture, social impact, responsible business practices, and environmental sustainability. We believe this integrated, enterprise-wide approach to managing our global business helps enable us to create value for our stakeholders, including our stockholders, employees, partners, and communities. We endeavor to provide transparent disclosures with respect to our CS&I risks and opportunities through our annual Global Impact Report and other communications.
AVAILABLE INFORMATION
The address of our principal executive offices is PayPal Holdings, Inc., 2211 North First Street, San Jose, California 95131. Our website is located at www.paypal.com, and our investor relations website is located at https://investor.pypl.com. From time to time, we may use our investor relations site and other online and social media channels, including the PayPal Newsroom (https://newsroom.paypal-corp.com/), the PayPal Corporate website (https://about.pypl.com), PayPal’s LinkedIn page (https://www.linkedin.com/company/paypal), PayPal’s Facebook page (https://www.facebook.com/PayPalUSA/), PayPal’s Youtube channel (https://www.youtube.com/paypal), Jamie Miller’s LinkedIn profile (https://www.linkedin.com/in/jamiesmiller/), and Steven Winoker’s LinkedIn profile (https://www.linkedin.com/in/steven-winoker-0764548/), as a means of disclosing information about the Company, including information which could be deemed to be material to investors. Our Form 10-K, quarterly reports on Form 10-Q, current reports on Form 8-K, and amendments to those reports are available free of charge on our investor relations website as soon as reasonably practicable after they are electronically filed with, or furnished to, the SEC. The SEC maintains an internet site that contains reports, proxy and information statements, and other information regarding issuers that file electronically with the SEC at http://www.sec.gov.
The content of our websites and information we may post on, provide to, or accessible through online and social media channels, including those mentioned above, are not a part of, and are not incorporated by reference into, this Form 10-K or in any other report or document we file with, or furnish to, the SEC. Any references to our websites or online and social media contained in this Form 10-K are intended to be inactive textual references only.
| FY 2025 FORM 10-K | 13 | ||||||||||||
ITEM 1A. RISK FACTORS
You should carefully consider the risks and uncertainties described below, in addition to other information appearing in this Form 10-K, including our consolidated financial statements and related notes, for important information regarding risks and uncertainties that could affect us. These risk factors do not identify all risks we face, and additional risks and uncertainties that we are unaware of, or that we currently believe are not material, may also become important factors that adversely affect our business. If any of the following risks actually occur, our business, financial condition, results of operations, future prospects, and the trading price of our common stock could be materially and adversely affected.
CYBERSECURITY AND TECHNOLOGY RISKS
Cyberattacks and security vulnerabilities could result in serious harm to our reputation, business, and financial condition.
Techniques used to attempt to obtain unauthorized or illegal access to systems and information (including customers’ personal data), disable or degrade service, exploit vulnerabilities, or sabotage systems are continuously evolving.The techniques used to attempt to obtain unauthorized or illegal access to systems and information (including customers’ personal data), disable or degrade service, exploit vulnerabilities, or sabotage systems are continuously evolving. These attempts may not be recognized or detected until after they have been launched against a target. Unauthorized parties continuously attempt to gain access to our systems or facilities through various means, including through hacking into our systems or facilities or those of our customers, partners, or vendors, and attempting to fraudulently induce users of our systems (including customers, employees, and partner and vendor personnel) into disclosing user names, passwords, payment card information, multi-factor authentication application access or other sensitive information used to gain access to such systems or facilities. This information may, in turn, be used to access our customers’ confidential personal or proprietary information and financial instrument data that are stored on or accessible through our information technology (“IT”) systems and those of third parties with whom we partner. This information may also be used to execute fraudulent transactions or other activity. This information may also be used to execute fraudulent transactions or otherwise engage in fraudulent actions. Numerous and evolving cybersecurity and related threats, including advanced and persisting cyberattacks, artificial intelligence (“AI”)-enabled threats, cyberextortion, distributed denial-of-service attacks, ransomware, spear phishing and social engineering schemes, the introduction of computer viruses or other malware, and the destruction of all or portions of our IT and infrastructure and those of third parties with whom we partner or that are part of our IT supply chain, are becoming increasingly sophisticated and complex, may be difficult to detect, and could compromise the confidentiality, availability, and integrity of the data in our systems, as well as the systems themselves. Numerous and evolving cybersecurity and related threats, including advanced and persisting cyberattacks, cyberextortion, distributed denial-of-service attacks, ransomware, spear phishing and social engineering schemes, the introduction of computer viruses or other malware, and the physical destruction of all or portions of our information technology and infrastructure and those of third parties with whom we partner or that are part of our information technology supply chain, are becoming increasingly sophisticated and complex, may be difficult to detect, and could compromise the confidentiality, availability, and integrity of the data in our systems, as well as the systems themselves.
We believe that hostile actors, who may comprise individuals, coordinated groups, sophisticated organizations, or nation-state supported entities, may target PayPal due to our name, brand recognition, types of data (including sensitive payments- and identity-related data) that customers provide to us, and the widespread adoption and use of our products and services. We have experienced from time to time, and may experience in the future, cybersecurity incidents, including breaches of our security measures, network breaches, and compromise of personally identifiable customer information due to human error, deception, malfeasance, insider threats, system errors, defects, vulnerabilities, or other issues. Any of the foregoing events may subject us to fines, penalties, regulatory or other enforcement actions, and adversely affect our business, reputation, or financial condition. Any of the foregoing events may subject us to fines, penalties, regulatory or other enforcement actions, and our business, reputation or financial condition may be adversely affected.
Any cybersecurity incidents, including cyberattacks or data security breaches affecting the IT or infrastructure of our customers, partners, or vendors (including data center and cloud computing providers) or of companies we acquire, could have similar negative effects.
We have experienced, and may experience in the future, breaches involving customer information for which we have notified, and may notify, regulators, customers and other third parties. We have experienced, and may experience in the future, breaches involving customer information for which we have notified, and may notify, regulators, customers and other third parties. These or other cybersecurity breaches and other exploited security vulnerabilities have subjected us and could further subject us to significant costs and third-party liabilities, result in improper disclosure of data and violations of applicable privacy and other laws, require us to change our business practices, cause us to incur significant remediation costs, lead to loss of customer confidence in, or decreased use of, our products and services, damage our reputation and brands, divert the attention of management from the operation of our business, result in significant compensation or contractual penalties from us to our customers and their business partners as a result of losses to or claims by them, or expose us to litigation, regulatory investigations, and significant fines and penalties. Moreover, under payment card network rules and our contracts with our payment processors, if there is a breach of payment card information stored by us or our direct payment card processing vendors, we could be liable to the payment card issuing banks, including for their cost of issuing new cards and related expenses. While we maintain insurance to help offset the financial impact of these risks, our coverage may be insufficient to cover all our losses caused by security breaches and other damage to or unavailability of our systems.
| FY 2025 FORM 10-K | 14 | ||||||||||||
Business interruptions or systems failures may impair the availability of our websites, applications, products or services, or otherwise harm our business.
Our systems and operations and those of our service providers and partners have experienced from time to time, and may experience in the future, business interruptions or degradation of service because of distributed denial-of-service and other cyberattacks, insider threats, hardware and software defects or malfunctions, human error, earthquakes, hurricanes, floods, fires, and other natural disasters, public health crises (including pandemics), power losses, disruptions in telecommunications services, fraud, military or political conflicts, terrorist attacks, computer viruses or other malware, or other events. The frequency and intensity of weather events related to climate change are increasing, which could increase the likelihood and severity of such disasters as well as related damage and business interruption. Our corporate headquarters are located in the San Francisco Bay Area, a seismically active region in California. A catastrophic event that results in a disruption to or failure of our systems or operations could result in significant losses and require substantial recovery time and significant expenditures to resume or maintain operations. A catastrophic event that could lead to a disruption or failure of our systems or operations could result in significant losses and require substantial recovery time and significant expenditures to resume or maintain operations. Some of our systems, including those of companies that we have acquired, are not fully redundant and any failure of these systems, including due to a catastrophic event, may lead to operational outages or delays. Further, some of our systems, including those of companies that we have acquired, are not fully redundant and any failure of these acquired systems, including due to a catastrophic event, may lead to operational outages or delays. While we engage in disaster recovery planning and testing intended to mitigate risks from outages or delays, our planning and testing may not be effective or sufficient for all possible outcomes or events. As a provider of payments solutions, we are also subject to heightened scrutiny by regulators that may require specific business continuity, resiliency and disaster recovery plans, and rigorous testing of such plans, which may be costly and time-consuming to implement, and may divert our resources from other business priorities. Any of the foregoing risks could have a material adverse impact on our business, financial condition, and results of operations.
We have experienced, and expect to continue to experience, system failures, cyberattacks, unplanned outages, and other events or conditions that have or may interrupt the availability, or reduce or adversely affect the speed or functionality, of our products and services.We have experienced, and expect to continue to experience, system failures, cyberattacks, unplanned outages, and other events or conditions from time to time that have and may interrupt the availability, or reduce or adversely affect the speed or functionality, of our products and services. While we continue to undertake system upgrades and re-platforming efforts designed to improve the availability, reliability, resiliency, and speed of our platform, these efforts are costly and time-consuming, involve significant technical complexity and risk, may divert our resources from new features and products, and may ultimately not be effective. While we continue to undertake system upgrades and re-platforming efforts designed to improve the availability, reliability, resiliency, and speed of our payments platform, these efforts are costly and time-consuming, involve significant technical complexity and risk, may divert our resources from new features and products, and may ultimately not be effective. A prolonged interruption of, or reduction in, the availability, speed, or functionality of our products and services could materially harm our business and financial condition. For example, in August 2025, PayPal experienced a temporary service disruption triggered by a coding error in a system update, which primarily impacted a limited number of customers and partners in Germany. In connection with this disruption, we experienced some fraudulent transaction activity for a limited time period. We have incurred transaction losses and other expenses as a result, including claims under our protection programs, and this or other disruptions may subject us to increased regulatory scrutiny, fines, penalties and litigation. Frequent or persistent interruptions in or disruptions to our services could permanently harm our relationship with our customers and partners and our reputation. Frequent or persistent interruptions in our services could permanently harm our relationship with our customers and partners and our reputation. If any system failure or similar event results in damage to our customers or their business partners, they could seek significant compensation or contractual penalties from us for their losses. These claims, even if unsuccessful, would likely be time-consuming and costly for us to address.
We rely on facilities, components, applications, software, and services supplied by third parties, including data center facilities and cloud data storage and processing services. From time to time, we have experienced interruptions in the provision of such facilities and services provided by these third parties. If these third parties experience operational interference or disruptions (including a cybersecurity incident), fail to perform their obligations, or breach their agreements with us, our operations could be disrupted or negatively affected, which could result in customer dissatisfaction, regulatory scrutiny, and damage to our reputation and brands, and materially and adversely affect our business. While we maintain business interruption insurance, our coverage may be insufficient to cover all our losses caused by interruptions in our service due to systems failures and similar events.
In addition, any failure to successfully implement new information systems and technologies or improvements or upgrades to existing information systems and technologies in a timely manner could lead to regulatory scrutiny, significant fines and penalties, and mandatory and costly changes to our business, adversely impact our business, internal controls, results of operations, and financial condition, and ultimately cause us to lose existing licenses that we need to operate or prevent or delay us from obtaining additional licenses that may be required for our business.
If we cannot keep pace with rapid technological developments to provide new and innovative products and services, the use of our products and services and, consequently, our revenues, could decline.
Rapid, significant, and disruptive technological changes impact the industries in which we operate, including payment technologies (including real-time payments, payment card tokenization, virtual currencies, distributed ledger and blockchain technologies, and proximity payment technology such as Near Field Communication and other contactless payments); web browser technologies that enable users to easily store their payment card information for use on any retail or e-commerce
| FY 2025 FORM 10-K | 15 | ||||||||||||
website; AI; developments in technologies supporting our regulatory and compliance obligations; and in-store, digital, agentic and social commerce.
We expect that new technologies applicable to the industries in which we operate, including the development, adoption, and use of generative AI technologies and autonomous AI agents, will continue to emerge and may be superior to, or render obsolete, the technologies we currently use in our products and services.We expect that new technologies applicable to the industries in which we operate, including the development, adoption, and use of generative AI technologies, will continue to emerge and may be superior to, or render obsolete, the technologies we currently use in our products and services. We cannot predict the effects of technological changes on our business, which technological developments or innovations will become widely adopted, and how those technologies may be regulated. Developing and incorporating new technologies into new and existing products and services may require significant investment, take considerable time, and may not ultimately be successful. For example, AI algorithms that we use may be flawed or may be based on datasets that are biased or insufficient. In addition, any latency, disruption, or failure in our AI systems or infrastructure could result in delays or errors in our offerings. There also may be real or perceived social harm, unfairness, or other outcomes that undermine public confidence in the use of our products or of AI. In addition, third parties may deploy AI technologies in a manner that reduces customer demand for our products and services.
We rely in part on third parties, including some of our competitors, for the development of and access to new or evolving technologies. These third parties may restrict or prevent our access to, or utilization of, those technologies, as well as their platforms or products. Our ability to adapt our existing products and services to incorporate new technologies or develop future and new products and services using new technologies may be limited or restricted by industry-wide standards, platform providers, payments networks, changes to laws and regulations, changing customer expectations, third-party intellectual property rights, and other factors. Our ability to develop, provide or incorporate new technologies and adapt our existing products and services or develop future and new products and services using new technologies may be limited or restricted by industry-wide standards, platform providers, payments networks, changes to laws and regulations, changing customer expectations, third-party intellectual property rights, and other factors. If we are unable to develop and incorporate new technologies and adapt to technological changes and evolving industry standards in a timely or cost-effective manner, our business, results of operations, or reputation could be harmed.
LEGAL, REGULATORY AND COMPLIANCE RISKS
Our business is subject to extensive government regulation and oversight. Our failure to comply with extensive, complex, overlapping, and frequently changing rules, regulations, and legal interpretations could materially harm our business.
Our business is subject to complex and changing laws, rules, regulations, policies, licensing schemes, and legal interpretations in the markets where (and relating to the industries and merchants to which) we offer services directly or through partners, including, but not limited to, those governing: banking, credit, deposit taking, cross-border and domestic money transmission, prepaid access, foreign currency exchange, privacy, data protection, data governance, cybersecurity, banking secrecy, digital payments, cryptocurrency, payment services (including payment processing and settlement services), lending, fraud detection, consumer protection, antitrust and competition, economic and trade sanctions, anti-money laundering, and counter-terrorist financing.Our business is subject to complex and changing laws, rules, regulations, policies, and legal interpretations in the markets in which we offer services directly or through partners, including, but not limited to, those governing: banking, credit, deposit taking, cross-border and domestic money transmission, prepaid access, foreign currency exchange, privacy, data protection, data governance, cybersecurity, banking secrecy, digital payments, cryptocurrency, payment services (including payment processing and settlement services), lending, fraud detection, consumer protection, antitrust and competition, economic and trade sanctions, anti-money laundering, and counter-terrorist financing.
Regulators and legislators globally continue to establish, evolve, and increase their regulatory authority, oversight, and enforcement, and it may be difficult to predict how these may be applied to our business and the way we conduct our operations. As we introduce new products and services and expand into new markets and support new industries and merchants, including through acquisitions, we expect to become subject to additional regulations, restrictions, and licensing requirements. As we introduce new products and services and expand into new markets, including through acquisitions, we expect to become subject to additional regulations, restrictions, and licensing requirements. As we expand and localize our international activities, we expect that our obligations in the markets in which we operate will continue to increase. In addition, because we facilitate sales of goods and provide services to customers worldwide, one or more jurisdictions may claim that we or our customers are required to comply with their laws and regulations, which may impose different, more specific, and/or conflicting obligations on us, as well as broader liability. In addition, because we facilitate sales of goods and provide services to customers worldwide, one or more jurisdictions may claim that we or our customers are required to comply with their laws, which may impose different, more specific, or conflicting obligations on us, as well as broader liability.
We may not be able to respond quickly or effectively to regulatory, legislative, and other developments, and any failure or perceived failure to comply with existing or new laws, regulations, or orders of any government authority (including changes to or expansion of their interpretation) may result in audits, inquiries, investigations, whistleblower complaints, and adverse media coverage; subject us to significant fines, penalties, monetary damages, injunctive relief, criminal and civil lawsuits, forfeiture of significant assets, and enforcement actions in one or more jurisdictions; result in additional compliance and licensure requirements; cause us to temporarily or permanently lose existing licenses or prevent or delay us from obtaining additional licenses that may be required for our business; increase regulatory scrutiny of our business; divert management’s time and attention from our business; restrict our operations; lead to increased friction for customers; lead to loss of banking and other commercial partner relationships; force us to make changes to our business practices, products, or operations; require us to engage in remediation activities; or delay planned transactions, product launches, or improvements. Any of the foregoing could, individually or in the aggregate, harm our reputation, damage our brands and business, and adversely affect our results of operations and financial condition. The complexity of U.S. federal and state and international regulatory and enforcement regimes, coupled with the global scope of our operations and the evolving global regulatory environment, could result in a single event prompting a large number of overlapping investigations and legal and regulatory proceedings by multiple
| FY 2025 FORM 10-K | 16 | ||||||||||||
government authorities in different jurisdictions. While we have implemented policies and procedures designed to help ensure compliance with applicable laws and regulations, there can be no assurance that our employees, contractors, and agents will not violate such laws and regulations.
Payments Regulation
In the U.S., PayPal, Inc. (a wholly-owned subsidiary) holds licenses to operate as a money transmitter (or its equivalent) in the states where such licenses are required, as well as in the District of Columbia and certain territories. If we fail to comply with applicable laws or regulations required to maintain our licenses, we could be subject to liability and/or additional restrictions, forced to cease doing business with residents of certain states or territories, forced to change our business practices, or required to obtain additional licenses or regulatory approvals, which could impose substantial costs and harm our business.
While we currently allow our customers to send payments from approximately 200 markets, we allow customers in only approximately half of those markets (including the U.S.) to also receive payments, in some cases with significant restrictions on the manner in which customers can hold balances or withdraw funds. These restrictions may limit our ability to grow our business.
We principally provide our services to customers in the European Economic Area (“EEA”) through PayPal (Europe) S.à.r.l. et Cie, S.C.A. (“PayPal (Europe)”), our wholly-owned subsidiary that is licensed and subject to regulation as a credit institution in Luxembourg, and to our customers in the United Kingdom (“U. (“PayPal (Europe)”), our wholly-owned subsidiary that is licensed and subject to regulation as a credit institution in Luxembourg and PayPal U. K.”) through PayPal U.K. Limited (“PayPal U.K.”), a wholly-owned subsidiary that is subject to regulation as an electronic money institution and a consumer credit firm (and registered as a crypto asset business) in the U.K. by the Financial Conduct Authority (“FCA”). PayPal (Europe) or PayPal U.K. may be subject to enforcement actions and significant fines and penalties if they violate applicable requirements. If the business activities of PayPal (Europe) exceed certain thresholds, or if the European Central Bank (“ECB”) so determines, PayPal (Europe) may be deemed a significant supervised entity and certain activities of PayPal (Europe) would become directly supervised by the ECB, rather than by the Luxembourg Commission de Surveillance du Secteur Financier. PayPal (Europe) is also subject to regulation by the ECB under the oversight framework for electronic payment instruments, schemes and arrangements (“PISA”). Compliance with applicable laws and regulations could become more costly and operationally difficult to manage due to additional supervision, potentially inconsistent interpretations, and domestic regulations by various countries in the EEA. Applicable regulation relating to payments, anti-money laundering, and digital services, which are key focus areas of European regulators and subject to extensive new regulation, could subject us to additional and complex obligations, risks, and associated costs, and impact our ability to expand our business in Europe. Applicable regulation relating to payments, anti-money laundering, and digital services, which are key focus areas of regulators and subject to extensive new regulation, could subject us to additional and complex obligations, risks, and associated costs, and impact our ability to expand our business in Europe.
For many of our other markets outside the U.S., we provide services on a cross-border basis through PayPal Pte. Ltd., our wholly-owned subsidiary based in Singapore. PayPal Pte. Ltd. is supervised by the Monetary Authority of Singapore (“MAS”), and in July 2023 was issued a Major Payment Institution license by the MAS under the Payment Services Act 2019. In order to maintain this license and certain other licenses or registrations we hold in certain markets, we are required to comply with applicable regulatory requirements, which have imposed and will continue to impose increasing operational complexity and costs for our Singapore and international operations. has been issued a Major Payment Institution license by the MAS under the Payment Services Act 2019. In order to maintain this license and certain other licenses or registrations we hold in certain markets, we are required to comply with applicable regulatory requirements, which have imposed and will continue to impose increasing operational complexity and costs for our Singapore and international operations. Moreover, in many non-U.S. markets (other than Singapore) where customers of PayPal Pte. Ltd. or local branches or subsidiaries subject to local regulatory supervision or oversight, as the case may be, are located, there may be uncertainty whether our Singapore-based service is subject only to Singapore law or also to other local laws, and whether such local laws might require a payment processor like us to be licensed as a payments service, bank, financial institution, or otherwise.
There are substantial costs and potential product and operational considerations involved in maintaining and renewing licenses, certifications, and approvals, and we could be subject to enforcement actions, fines, penalties, and litigation if we are found to violate any of these requirements. There can be no assurance that we will be able to (or decide to) continue to apply for or obtain any licenses, renewals, certifications, and approvals in any jurisdiction. In certain markets, we may need to rely on local banks or other partners to process payments and conduct foreign currency exchange transactions in local currency, and local regulators may use their authority, including over such local partners, to prohibit, restrict, or limit us from doing business. Any of the foregoing could, individually or in the aggregate, result in substantial additional costs, delay or preclude planned transactions, geographical expansion, or product launches or improvements, require significant and costly operational changes, impose restrictions, limitations, or additional requirements on our business, products and services, or prevent or limit us from providing our products or services in a given market. Any of the foregoing could, individually or in the aggregate, result in substantial additional costs, delay or preclude planned transactions, geographical expansions, or product launches or improvements, require significant and costly operational changes, impose restrictions, limitations, or additional requirements on our business, products and services, or prevent or limit us from providing our products or services in a given market.
Cryptocurrency Regulation and Related Risks
Our customer cryptocurrency offerings may subject us to additional regulations, licensing requirements, or other obligations or liabilities. Within the U.S., we are regulated by the New York State Department of Financial Services as a virtual currency
| FY 2025 FORM 10-K | 17 | ||||||||||||
business, which does not permit us to engage in securities brokerage or dealing activities. Additionally, we are a digital asset service provider under the Guiding and Establishing National Innovation for U.S. Stablecoins Act of 2025 (the “GENIUS Act”), which subjects us to obligations relating to our cryptocurrency business and may affect the competitive landscape for payment stablecoins. The regulatory status of particular cryptocurrencies is unclear under existing law. The evolving legislative and regulatory landscapes with respect to cryptocurrency in addition to stablecoins may subject us to additional licensing and regulatory obligations or to inquiries or investigations from various regulators and governmental authorities, and require us to change, restrict or discontinue product offerings in certain markets, implement additional and potentially costly controls, or take other actions. The rapidly evolving 17Table of Contentslegislative and regulatory landscapes with respect to cryptocurrency may subject us to additional licensing and regulatory obligations or to additional inquiries or investigations from the SEC or other regulators and governmental authorities, and require us to make product changes, restrict or discontinue product offerings in certain markets, implement additional and potentially costly controls, or take other actions.
In August 2023, a third-party issuer with which we have partnered commercially (the “PYUSD Issuer”) launched a U.S. dollar-denominated stablecoin named PayPal USD (“PYUSD”), which is available to PayPal customers and Venmo customers in certain markets. These PayPal and Venmo customers may, if provisioned for external transfers and subject to our sanctions and anti-money laundering controls, send PYUSD to external wallets not controlled by PayPal. The PYUSD Issuer may also allow institutional users to directly purchase PYUSD from the PYUSD Issuer (as per the PYUSD Issuer’s stablecoin terms and conditions). The regulatory treatment of stablecoins is evolving and has drawn significant attention from legislative and regulatory bodies around the world. The recently enacted GENIUS Act provides a regulatory framework that is in the process of being implemented. While PYUSD is designed to comply with this U.S. framework, there remain uncertainties on how ongoing changes to international laws and regulations will apply to stablecoins in practice, and we and the PYUSD Issuer may face substantial costs and risks to operationalize and comply with any additional or changed requirements. If we or the PYUSD Issuer fail to comply with regulations, requirements, prohibitions or other obligations applicable to us, or make operational errors, we could face regulatory or other enforcement actions, potential fines, penalties, and other consequences. If we or the PYUSD Issuer fail to comply with regulations, requirements, prohibitions or other obligations applicable to us, we could face regulatory or other enforcement actions, potential fines, penalties, and other consequences. In addition, we could face reputational harm through our relationship with the PYUSD Issuer if the PYUSD Issuer were to face regulatory scrutiny or make operational errors or if PYUSD is alleged to be used for transactions in connection with illicit or illegal activities. In addition, we could face reputational harm through our relationship with the PYUSD Issuer if the PYUSD Issuer were to face regulatory scrutiny, PYUSD is deemed to be a security, or PYUSD is alleged to be used for transactions in connection with illicit or illegal activities.
We hold our customers’ cryptocurrency assets through one or more third-party custodians. Financial and third-party risks related to our customer cryptocurrency offerings, such as inappropriate access to, theft, or destruction of cryptocurrency assets held by our custodians, insufficient insurance coverage by a custodian to fully reimburse us for such losses, a custodian’s failure to maintain effective controls over the custody and settlement services provided to us, a custodian’s inability to purchase or liquidate cryptocurrency holdings, the failure of the PYUSD Issuer to maintain sufficient reserve assets backing PYUSD, and defaults on financial or performance obligations by a custodian, banks with which the PYUSD Issuer maintains reserve assets or counterparty financial institutions, could expose us and our customers to loss and significantly harm our business, financial condition, and reputation. Financial and third-party risks related to our customer cryptocurrency offerings, such as inappropriate access to, theft, or destruction of cryptocurrency assets held by our custodians, insufficient insurance coverage by a custodian to reimburse us for all such losses, a custodian’s failure to maintain effective controls over the custody and settlement services provided to us, a custodian’s inability to purchase or liquidate cryptocurrency holdings, the failure of the PYUSD Issuer to maintain sufficient reserve assets backing PYUSD and defaults on financial or performance obligations by a custodian, banks with which the PYUSD Issuer maintains reserve assets or counterparty financial institutions, could expose our customers and us to loss, and significantly harm our business, financial condition, and reputation.
We have selected custodian partners and the PYUSD Issuer, and may in the future select additional custodian partners and stablecoin issuing entities subject to regulatory oversight, capital requirements, maintenance of audit and compliance industry certifications, and cybersecurity procedures and policies. Any operational disruptions at any such custodian or issuer, or such custodians’ or issuer’s failure to safeguard cryptocurrency holdings (or reserve assets), could result in losses of customer assets, expose us to customer claims, reduce consumer confidence, harm our reputation, and materially impact our cryptocurrency product offerings and our operating results. Nevertheless, any operational disruptions at any such custodian or issuer, or such custodians’ or issuer’s failure to safeguard cryptocurrency holdings (or reserve assets), could result in losses of customer assets, expose us to customer claims, reduce consumer confidence and materially impact our cryptocurrency product offerings and our operating results.
Custodial arrangements to safeguard cryptocurrency assets involve unique risks and uncertainties in the event of a custodian’s bankruptcy. While other types of assets and some custodied cryptocurrencies have been deemed not to be part of the custodian’s bankruptcy estate under various regulatory regimes, bankruptcy courts have not yet definitively determined the appropriate treatment of custodial holdings of digital assets in a bankruptcy proceeding. In the event of a custodian’s bankruptcy, the lack of precedent and the highly fact-dependent nature of the determination could delay or preclude the return of custodied cryptocurrency assets to us or to our customers. Although we contractually require our custodians to segregate our customer assets and not commingle them with proprietary or other assets, we cannot assure that these contractual obligations, even if duly observed by a custodian, will be effective in preventing such assets from being treated as part of the custodian’s estate under bankruptcy or other insolvency law. Although we contractually require our custodians to segregate our customer assets and not commingle them with proprietary or other assets, we cannot be certain that these contractual obligations, even if duly observed by a custodian, will be effective in preventing such assets from being treated as part of the custodian’s estate under bankruptcy or other insolvency law. In that event, our claim on behalf of such customers against a custodian’s estate for our customers’ cryptocurrency assets could be treated as a general unsecured claim against the custodian, in which case our customers could seek to hold us liable for any resulting losses.
Lending Regulation
We hold a number of U.S. state lending licenses for our U.S. consumer short-term installment loan product, which is subject to federal and state laws governing consumer credit and debt collection. Similarly, the consumer short-term installment loan products that we offer outside the U.S. may be subject to consumer credit legislation, licensing requirements, consumer lending laws, consumer protection or banking transparency regulations. Increased global regulatory focus on short-term installment
| FY 2025 FORM 10-K | 18 | ||||||||||||
products and consumer credit more broadly could result in laws or regulations requiring changes to our product offerings, policies, procedures, and operations, and restrict or limit our ability to offer credit products.
Consumer Protection
Violations of consumer protection law in applicable jurisdictions, including federal and state laws and regulations in the U.S. such as the Electronic Fund Transfer Act (“EFTA”) and Regulation E as implemented by the Consumer Financial Protection Bureau (“CFPB”), could result in the assessment of significant actual damages or statutory damages or penalties (including treble damages in some instances) and plaintiffs’ attorneys’ fees. We are subject to, and have paid amounts in settlement of, lawsuits alleging that our business violated the EFTA and Regulation E or otherwise advancing claims for relief relating to our business practices (e. We are subject to, and have paid amounts in settlement of, lawsuits containing allegations that our business violated the EFTA and Regulation E or otherwise advance claims for relief relating to our business practices (e. g., that we improperly held consumer funds or otherwise improperly limited consumer accounts).
Anti-Money Laundering and Counter-Terrorist Financing; Economic and Trade Sanctions
Regulators globally continue to increase standards and expectations regarding anti-money laundering and counter-terrorist financing, and to expand the scope of existing laws and regulations to emerging products and markets, which may require us to revise or expand our compliance program globally and/or in specific jurisdictions, including the procedures we use to verify the identity of our customers and to monitor international and domestic transactions. Such changes could increase the costs and complexity of compliance, lead to increased friction for customers, and result in a decrease in business. Such changes could have the effect of making compliance more costly and operationally difficult to manage, lead to increased friction for customers, and result in a decrease in business. Regulators regularly re-examine the transaction volume thresholds at which we must obtain and keep applicable records or the circumstances in which we must verify identities of customers, and any change to such obligations could result in greater compliance costs and negatively impact our business. We are also required to comply with economic and trade sanctions administered by the U.S., the European Union (“EU”) and its member states, the U.K., and other jurisdictions in which we operate. Non-compliance with anti-money laundering laws and regulations or economic and trade sanctions may subject us to significant fines, penalties, lawsuits, and enforcement actions, result in regulatory sanctions and additional compliance requirements, increase regulatory scrutiny of our business, restrict our operations, and damage our reputation and brands. In the ordinary course of business we may identify and voluntarily report, and have reported, potential compliance issues to regulatory authorities, including the U.S. Department of the Treasury’s Office of Foreign Assets Control (“OFAC”), and our compliance history may be considered by OFAC and other regulators as part of any potential future investigation regarding our compliance with sanctions.
Privacy and Protection of Customer Data
The legal and regulatory environment relating to privacy and data protection laws continues to develop and evolve in ways we cannot predict, including with respect to technologies such as cloud computing, AI (including generative AI), cryptocurrency, and blockchain technology. Any failure or alleged failure by us to comply with our privacy policies as communicated to customers or with applicable privacy and data protection laws relating to our collection, use, storage, transfer, or sharing of customer data with third parties could result in proceedings or actions against us by data protection authorities, other government agencies, our customers or others, which could subject us to significant fines, penalties, judgments, and negative publicity, require us to change our business practices, increase the costs and complexity of compliance, damage our reputation, and materially harm our business. Compliance with inconsistent privacy and data protection laws may also restrict or limit our ability to provide products and services to our customers.
Many jurisdictions in which we operate globally have enacted, or are in the process of enacting, data privacy legislation or regulations aimed at creating and enhancing individual privacy rights, including with respect to the use of personal data for personalization and cross-contextual advertising. For example, numerous U.S. states have enacted or are in the process of enacting state-level data privacy laws and regulations governing the collection, use, and retention of their residents’ personal information as well as specific privacy obligations with respect to youth. The continued proliferation of privacy laws in the jurisdictions in which we operate is likely to result in a disparate array of privacy rules with unaligned or conflicting provisions, accountability requirements, individual rights, and national or local enforcement powers, which could lead to unintended consumer confusion and may subject us to increased regulatory scrutiny and business costs.
Artificial Intelligence (AI)
The legal and regulatory landscape surrounding AI technologies is rapidly evolving and uncertain, including areas such as consumer protection, intellectual property, cybersecurity, and privacy and data protection. In addition, there is uncertainty around the validity and enforceability of intellectual property rights related to the use, development, and deployment of AI systems, including issues arising from both the inputs they rely on and the outputs they generate. Compliance with new and emerging laws, regulations or industry standards relating to AI in the U.S. and internationally, such as U.S. state regulations and the Artificial Intelligence Act in the EU, may impose significant operational costs and limit or restrict our ability to develop,
| FY 2025 FORM 10-K | 19 | ||||||||||||
deploy or use existing or future AI technologies. As a result, our ability to adapt our existing products and services or develop future and new products and services using AI may be limited or restricted, which could adversely impact our business.
We are subject to regulatory scrutiny and may be subject to legal proceedings under antitrust and competition laws.
We are subject to scrutiny by various government agencies regarding antitrust and competition laws and regulations in the U.S. and internationally, including in connection with proposed or implemented business combinations, acquisitions, investments, partnerships, commercial agreements and business practices. Some jurisdictions also provide private rights of action for competitors or consumers to assert claims of anticompetitive conduct. Companies, consumers, and government agencies have alleged, and may in the future allege, that our actions (or actions of companies with which we have commercial agreements) violate the antitrust or competition laws in the U.S. or other jurisdictions in which we operate or otherwise constitute unfair competition, or that our products and services are used so broadly that otherwise uncontroversial business practices could be deemed anticompetitive. Any claims or investigations, even if without merit, may be costly to defend or respond to, involve negative publicity, cause substantial diversion of management’s time and effort, and could result in reputational harm, significant judgments, fines and other remedial actions against us, require us to change our business practices, make product or operational changes, or delay or preclude planned transactions, product launches or improvements.
We are regularly subject to general litigation, regulatory scrutiny, and government inquiries.
We are regularly subject to claims, individual and class action lawsuits, arbitration proceedings, government and regulatory investigations, inquiries, actions or requests, and other proceedings alleging violations of laws, rules, and regulations with respect to competition, antitrust, intellectual property, privacy, data protection, information security, anti-money laundering, counter-terrorist financing, sanctions, anti-bribery, anti-corruption, consumer protection (including unfair, deceptive, or abusive acts or practices), the terms of our customer agreements, fraud, accessibility, securities, tax, labor and employment, commercial disputes, services, charitable fundraising, contract disputes, escheatment of unclaimed or abandoned property, product liability, use of our services for illegal purposes, the matters described in “Note 13—Commitments and Contingencies—Litigation and Regulatory Matters—General Matters” to our consolidated financial statements, and other matters. We expect that the number and significance of these disputes and inquiries will continue to increase as our products, services, and business expand in complexity, scale, scope, and geographic reach, including through acquisitions of businesses and technology, and as a result of expanded enforcement of certain existing laws and regulations by federal, state and local agencies. We expect that the number and significance of these disputes and inquiries will continue to increase as our products, services, and business expand in complexity, scale, scope, and geographic reach, including through acquisitions of businesses and technology. For example, there continues to be enforcement activity in connection with federal and state consumer protection laws, including suits which seek civil penalties. Investigations, changes in, or expanded enforcement of federal, state or local laws and regulations, and legal and regulatory proceedings are inherently uncertain, expensive and disruptive to our operations, and could result in substantial judgments, fines, penalties or settlements, substantial diversion of management’s time and effort, negative publicity, reputational harm, criminal sanctions, or orders that prevent or limit us from offering certain products or services; require us to change our business practices or customer agreement terms in ways that may increase costs or reduce revenues, develop non-infringing or otherwise altered products or technologies, or pay substantial royalty or licensing fees; or delay or preclude planned transactions or product launches or improvements. Investigations and legal proceedings are inherently uncertain, expensive and disruptive to our operations, and could result in substantial judgments, fines, penalties or settlements, substantial diversion of management’s time and effort, negative publicity, reputational harm, criminal sanctions, or orders that prevent or limit us from offering certain products or services; require us to change our business practices or customer agreement terms in ways that may increase costs or reduce revenues, develop non-infringing or otherwise altered products or technologies, or pay substantial royalty or licensing fees; or delay or preclude planned transactions or product launches or improvements. Determining legal reserves or possible losses from such matters involves significant estimates and judgments and may not reflect the full range of uncertainties and unpredictable outcomes. We may be exposed to losses in excess of the amount recorded, and such amounts could be material. If our estimates and assumptions change or prove to have been incorrect, this could have a material adverse effect on our business, financial position, results of operations, or cash flows.
Third parties may allege that we are infringing their patents and other intellectual property rights.
We are frequently subject to litigation based on allegations of infringement or other violations of intellectual property rights. Intellectual property infringement claims against us may result from, among other things, our expansion into new business areas, including through acquisitions of businesses and technology, or new or expanded products and services and their convergence with technologies not previously associated with areas related to our business, products and services. The ultimate outcome of any allegation or claim is often uncertain and any such claim, with or without merit, may be time-consuming to defend, result in costly litigation, divert management’s time and attention from our business, result in reputational harm, and require us to, among other things, redesign or stop providing our products or services, pay substantial amounts to settle claims or lawsuits, satisfy judgments, or pay substantial royalty or licensing fees.
We may be unable to protect or enforce our intellectual property.
The protection of our proprietary rights, including our trademarks, copyrights, domain names, trade dress, patents and trade secrets, is important to the success of our business. Effective protection of our proprietary rights may not be available in every jurisdiction in which we offer our products and services. There can be no assurance that we will be successful in protecting or
| FY 2025 FORM 10-K | 20 | ||||||||||||
enforcing our proprietary rights in every jurisdiction, that our contractual arrangements will prevent or deter third parties from infringing or misappropriating our intellectual property, or that third parties will not independently develop equivalent or superior intellectual property rights. We may be required to expend significant time and resources to prevent infringement and enforce our rights, and we may be unable to discover or determine the extent of any unauthorized use of our proprietary rights. If we are unable to prevent third parties from infringing or otherwise violating our proprietary rights, the uniqueness and value of our products and services could be adversely affected, the value of our brands could be diminished, and our business could be adversely affected. We expect to continue to license certain of our proprietary rights, such as trademarks or copyrighted material, to others. We expect to continue to license in the future certain of our proprietary rights, such as trademarks or copyrighted material, to others. These licensees may take actions that diminish the value of our proprietary rights or harm our reputation. Any failure to adequately protect or enforce our proprietary rights, or significant costs incurred in doing so, could diminish the value of our intangible assets and materially harm our business.
BUSINESS AND OPERATIONS RISKS
We face substantial and increasingly intense competition worldwide in the global payments industry.
The global payments industry is highly competitive, dynamic, and innovative, and subject to regulatory scrutiny and oversight. Many of the areas in which we compete evolve rapidly with innovative and disruptive technologies, shifting preferences, needs, and price sensitivity of consumers and merchants, and frequent introductions of new products and services. Many of the areas in which we compete evolve rapidly with innovative and disruptive technologies, shifting user preferences and needs, price sensitivity of consumers and merchants, and frequent introductions of new products and services. Competition also may intensify as new competitors emerge, businesses combine or enter into new partnerships, and established companies in other segments expand to become competitive with various aspects of our business.
We compete with a wide range of businesses in every aspect of our business. Some of our current and potential competitors are or may be larger than we are, have larger customer bases, greater brand recognition, longer operating histories, a dominant or more secure position, broader geographic scope, volume, scale, resources, and market share than we do, or offer products and services that we do not offer. Other competitors are or may be smaller or younger companies that may be more agile in responding to regulatory and technological changes and customer preferences. Our competitors may devote greater resources to the development, promotion, and sale of products and services, and/or offer lower prices or more effectively offer their own innovative programs, products, and services. We regularly partner with other businesses, and the ability to continue developing these partnerships is important to our business. We often partner with other businesses, and the ability to continue developing these partnerships is important to our business. Competition for relationships with these partners is intense, and there can be no assurance that we will be able to continue to establish, grow, or maintain partner relationships. If we are unable to differentiate our products and services from those of our competitors, drive value for our customers and adoption of our products and services, or effectively and efficiently align our resources with our goals and objectives, we may not be able to compete effectively, which could negatively impact our results of operations and financial condition.
Changes to payment card networks or bank fees, rules, or practices could harm our business.
To process certain transactions, we must comply with applicable payment card, bank, or other network (collectively, “network”) rules. The rules govern all aspects of a transaction on the networks, including fees and other practices. From time to time, the networks have increased the fees and assessments that they charge for transactions that access their networks. Certain networks have also imposed special fees or assessments for transactions that are executed through digital wallets such as those PayPal offers. Our payment processors may have the right to pass any increases in fees and assessments on to us and to increase their own fees for processing. Any increase in interchange fees, special fees, or assessments for transactions that we pay to networks or payment processors could make our pricing less competitive, increase our operating costs, and reduce our operating income, which could materially harm our business, financial condition, and results of operations. Any increase in interchange fees, special fees, or assessments for transactions that we pay to the networks or our payment processors could make our pricing less competitive, increase our operating costs, and reduce our operating income, which could materially harm our business, financial condition, and results of operations.
In some jurisdictions, government regulations have required payment card networks to reduce or cap interchange fees. Any changes in interchange fee rates or limitations, or their applicability to PayPal’s products and services, could adversely affect our competitive position against payment card service providers and the revenue we earn from our branded card programs, require us to change our business practices, and harm our business.
We may also be subject to fines and other penalties assessed by networks resulting from any rule violations by us or our merchants. The networks set and interpret their rules, and from time to time have alleged that various aspects of our business model violate these rules, or our agreements with the networks. Such allegations may result in significant fines, penalties, damages, or other liabilities, adversely impact benefits to us under the agreements, or require changes to our business practices that may be costly and adversely affect our business, results of operations, and financial condition. The network rules may also increase the cost of, impose restrictions on, or otherwise impact the development of, our products which may negatively affect product innovation, deployment, and adoption. The networks could adopt new operating rules or interpret or re-interpret existing rules that we or our payment processors might find difficult or impractical to follow, or costly to implement, which could require us to make significant changes to our products, increase our operational costs, and negatively impact our business. The networks could adopt new operating rules or interpret or re-interpret existing rules that 21Table of Contentswe or our payment processors might find difficult or impractical to follow, or costly to implement, which could require us to make significant changes to our products, increase our operational costs, and negatively impact our business.
| FY 2025 FORM 10-K | 21 | ||||||||||||
If we become unable or limited in our ability to accept certain payment types such as debit or credit cards, our business would be materially and adversely affected.
Changes in how consumers fund their PayPal transactions could harm our business.
We pay transaction fees when consumers fund payment transactions using credit cards, lower fees when consumers fund payments with debit cards, and nominal fees when consumers fund payment transactions by electronic transfer of funds from bank accounts, from an existing PayPal or Venmo account balance, or through our PayPal branded consumer credit products. Our financial performance is sensitive to changes in the rate at which our consumers fund payments using payment cards, which can significantly increase our costs. Although we provide consumers in certain markets with the opportunity to use their existing PayPal or Venmo account balance to fund payment transactions, some consumers may prefer to use payment cards, which may offer features and benefits not provided as part of their PayPal or Venmo accounts. Although we provide consumers in certain markets with the opportunity to use their existing PayPal account balance or Venmo account balance to fund payment transactions, some of our consumers may prefer to use payment cards, which may offer features and benefits not provided as part of their PayPal accounts. Any increase in the portion of our payment volume funded using payment cards or in fees associated with our funding mix, or other events or developments that make it more difficult or costly for us to fund transactions with lower-cost funding options, could materially and adversely affect our financial performance and significantly harm our business.
Our credit products expose us to additional risks.
We offer credit products to a wide range of consumers and merchants in the U.S. and various international markets. The financial success of these products depends largely on the effective management of related risk. The credit decision-making process for our consumer credit products uses proprietary methodologies, credit algorithms and other analytical techniques designed to analyze the credit risk of specific consumers based on, among other factors, their past purchase and transaction history with PayPal or Venmo and their credit scores. The credit decision-making process for our consumer credit products uses proprietary methodologies and credit algorithms and other analytical techniques designed to analyze the credit risk of specific consumers based on, among other factors, their past purchase and transaction history with PayPal or Venmo and their credit scores. Similarly, proprietary risk models and other indicators are applied to assess merchants who desire to use our merchant financing offerings to help predict their ability to repay. These risk models may not accurately predict the creditworthiness of a consumer or merchant due to inaccurate assumptions, including those related to the particular consumer or merchant, market conditions or economic environment, or limited transaction history or other data. The accuracy of these risk models and our ability to manage credit risk related to our credit products may also be affected by legal or regulatory requirements or consumer behavior, changes in the economic environment, issuing bank policies, and other factors. The accuracy of these risk models and the ability to manage credit risk related to our credit products may also be affected by legal or regulatory requirements, changes in consumer behavior, changes in the economic environment, issuing bank policies, and other factors.
We are subject to the risk that account holders who use our credit products may default on their payment obligations. The non-payment rate among account holders may increase due to, among other factors, changes to underwriting standards, risk models not accurately predicting the creditworthiness of a user, worsening economic conditions, such as recessions, economic downturns or government austerity programs, increases in prevailing interest rates, and high unemployment rates. Account holders who miss payments often fail to repay their loans, and account holders who file for protection under the bankruptcy laws generally do not repay their loans. Further, laws or regulations may limit the assessment of late fees or penalties on certain credit products, which could negatively impact our revenue share arrangement with an independent chartered financial institution with respect to our U.S. consumer credit products. Any deterioration in the performance of loans facilitated through our platform or unexpected losses on such loans may increase the risk of potential charge-offs, increase our allowance for loans and interest receivable, negatively impact our revenue share arrangement with the independent chartered financial institution, and materially and adversely affect our financial condition and results of operations. Any deterioration in the performance of loans facilitated through our platform or unexpected losses on such loans may increase the risk of potential charge-offs, increase our allowance for loans and interest receivable, negatively impact our revenue share arrangement (as discussed in “Item 7. Management’s Discussion and Analysis of Financial Condition and Results of Operations — Key Metrics and Financial Results”), and materially and adversely affect our financial condition and results of operations.
We generally rely on the activities and charters of unaffiliated financial institutions to provide PayPal and Venmo branded consumer credit and merchant financing offerings to our U.S. customers. As a service provider to these unaffiliated financial institutions, which are federally supervised U.S. financial institutions, we are subject from time to time to examination by their federal banking regulators. In the event of any termination or interruption in a partner bank’s ability or willingness to lend, our ability to offer consumer credit and merchant financing products could be interrupted or limited, which could materially and adversely affect our business. We may be unable to reach a similar arrangement with another unaffiliated financial institution on favorable terms or at all. Obtaining and maintaining the lending licenses required for us to originate such loans ourselves would be a costly, time-consuming and uncertain process, and would subject us to additional laws and regulatory requirements, which could significantly increase our costs and compliance obligations and require us to change our business practices.
Merchant loans under our U.S. PayPal Working Capital (“PPWC”) and PayPal Business Loan (“PPBL”) products and certain U.S. installment loan products are provided by a state-chartered industrial bank under a program agreement with us, and we acquire the receivables generated by those loans from the state-chartered bank after origination. In June 2020, the Federal Deposit Insurance Corporation (“FDIC”) approved a final rule clarifying that loans validly originated by state-chartered banks or insured branches of foreign banks remain valid throughout the lifetime of the loan, reflecting a similar rule finalized by the Office of the Comptroller of Currency (“OCC”) in May 2020 for nationally chartered banks. In June 2020, the Federal 22Table of ContentsDeposit Insurance Corporation (“FDIC”) approved a final rule clarifying that loans validly originated by state-chartered banks or insured branches of foreign banks remain valid throughout the lifetime of the loan, reflecting a similar rule finalized by the Office of the Comptroller of Currency (“OCC”) in May 2020 for nationally chartered banks. The final rule reaffirms and codifies the so-called “valid-when-made doctrine,” which provides that the permissibility of an interest rate for a loan is
| FY 2025 FORM 10-K | 22 | ||||||||||||
determined when the loan is made and will not be affected by subsequent events such as sale, assignment, or other transfer. While a number of state attorneys general have unsuccessfully challenged these FDIC and OCC rules, there remains some uncertainty whether non-bank entities purchasing loan receivables originated by FDIC-insured, state-chartered banks may rely on federal preemption of state usury laws and other state laws. An adverse outcome of these or similar challenges, or changes to applicable laws and regulations or regulatory policy, could materially impact our U.S. PPWC and PPBL products, certain installment loan products, and our business.
We currently purchase receivables related to our U.S. PayPal-branded merchant financing offerings and certain U.S. consumer installment loan products and extend credit for our consumer and merchant products outside the U.S. through our international subsidiaries. We have entered into agreements with third parties to sell various buy now, pay later loan receivables originated by PayPal entities. The sale of future eligible receivables is subject to certain conditions. If these conditions are not satisfied or waived or if the parties are unable to fulfill their obligations under these arrangements, the sale of these receivables could be delayed and we may not realize the expected benefits of these arrangements.
We rely on third parties in many aspects of our business, which creates additional risk.
We rely on third parties in many aspects of our business, including, but not limited to, networks, banks, payment processors, and payment gateways that link us to the payment card and bank clearing networks to process transactions; unaffiliated third-party lenders to originate U.S. credit products to consumers, U.S. merchant financing, and branded credit card products; branded debit card and savings products issued by unaffiliated banks; cryptocurrency custodial service providers; and external business partners and contractors who provide key functions (including, but not limited to, data center facilities and cloud computing, IT, and outsourced customer support, accounting, human resources, and product development functions). We are subject to additional risks inherent in engaging and relying upon third-party providers, including operational, legal, regulatory, information security, reputational, commercial, and resiliency risks. If we are unable to effectively manage our third-party relationships, these third parties are unable to meet their obligations to us, we are overly reliant on certain relationships, we are unable to negotiate favorable contractual terms, or we experience substantial disruptions in these relationships (including interruptions to the availability of our products and services), our operations, liquidity, results of operations, and financial results could be adversely impacted. If we are unable to effectively manage our third-party relationships, these third parties are unable to meet their obligations to us, we are overly reliant on certain relationships, or we experience substantial disruptions in these relationships (including interruptions to the availability of our products and services), our operations, results of operations, and financial results could be adversely impacted. Additionally, our relationships with third parties inherently involve a lesser degree of control over business operations, governance, and compliance (including anti-money laundering and sanctions compliance), which potentially increases our financial, legal, reputational, and operational risk. Additionally, our relationships with third parties inherently involve a lesser degree of control over business operations, governance, and compliance, which potentially increases our financial, legal, reputational, and operational risk.
Any factors that reduce cross-border trade or make such trade more difficult could harm our business.
Cross-border trade (i.e., transactions where the merchant and consumer are in different countries) is an important source of our revenues and profits. Cross-border transactions generally provide higher revenues and operating income than similar transactions that take place within a single country or market. In certain markets, cross-border trade may represent our primary or sole offering. In certain markets, cross-border trade represents our primary (and in some instances our only) offerings. Cross-border trade has been and may be negatively impacted by various factors including foreign exchange rate fluctuations; changes in or new tariffs, trade disputes, barriers or restrictions threats of such actions, and the related uncertainty thereof; sanctions; import or export controls; and the interpretation and application of laws of multiple jurisdictions in the context of cross-border trade and foreign exchange. Any factors that increase the costs or uncertainty of cross-border trade for us or our customers or that restrict, delay, or make cross-border trade more expensive, difficult or impractical could reduce our cross-border transactions and volume, negatively impact our revenues and profits, and harm our business. Any factors that increase the costs of cross-border trade for us or our customers or that restrict, delay, or make cross-border trade more difficult or impractical could reduce our cross-border transactions and volume, negatively impact our revenues and profits, and harm our business.
Failure to deal effectively with fraud, abusive behaviors, bad transactions, and negative customer experiences may increase our loss rate and could severely diminish merchant and consumer confidence in and use of our services and negatively impact our business.
We expect that third parties will continue to attempt to abuse access to and misuse our payments services to commit fraud by, among other things, creating fictitious accounts using stolen or synthetic identities or personal information, taking over customer accounts or creating fraudulent accounts, making transactions with stolen financial instruments, abusing or misusing our services for financial gain, or fraudulently inducing users of our products and services into engaging in fraudulent transactions.We expect that third parties will continue to attempt to abuse access to and misuse our payments services to commit fraud by, among other things, creating fictitious PayPal accounts using stolen or synthetic identities or personal information, taking over customer accounts or creating fraudulent accounts, making transactions with stolen financial instruments, abusing or misusing our services for financial gain, or fraudulently inducing users of our products and services into engaging in fraudulent transactions. Due to the nature of our digital payments services, third parties may seek to engage in abusive schemes or fraud attacks that are often difficult to detect and may be deployed at a scale that would otherwise not be possible in physical transactions. Due to the nature of PayPal’s digital payments services, third parties may seek to engage in abusive schemes or fraud attacks that are often difficult to detect and may be deployed at a scale that would otherwise not be possible in physical 23Table of Contentstransactions. Measures to detect and reduce the risk of fraud and abusive behavior are complex, require continuous improvement, and may not be effective in detecting and preventing fraud, particularly new and continually evolving forms of fraud or in connection with new or expanded product offerings. If these measures are not effective, our business could be negatively impacted. We also incur substantial losses from erroneous transactions and situations where linked accounts designated by customers to fund PayPal transactions have insufficient funds or are otherwise unavailable to fund the payments, or the payment is initiated to an unintended recipient in error. Numerous and evolving fraud schemes and misuse of our
| FY 2025 FORM 10-K | 23 | ||||||||||||
payments services could subject us to significant costs and liabilities, require us to change our business practices, cause us to incur significant remediation costs, lead to loss of customer confidence in, or decreased use of, our products and services, damage our reputation and brands, divert the attention of management from the operation of our business, and result in significant compensation or contractual penalties from us to our customers and their business partners as a result of losses or claims. While we actively seek to recover transaction losses where possible, such recoveries may be insufficient to compensate us for such losses.
Our purchase and seller protection programs (“protection programs”) are intended to reduce the likelihood of losses for consumers and merchants from unauthorized and fraudulent transactions. Our purchase protection program also protects eligible transactions where consumers do not receive the item ordered or receive an item that is significantly different from its description. Our purchase protection program also protects consumers who do not receive the item ordered or who receive an item that is significantly different from its description. We incur substantial losses from our protection programs as a result of disputes filed by our customers. While we may seek to recover losses from our protection programs from the merchant, we ultimately may not be able to fully recover such losses. While we may seek to recover losses from our protection programs from the merchant, we ultimately may not be able to fully recover such losses (for example, if the merchant is unwilling or unable to pay, the transaction involves a fraudulent merchant, or the merchant provides sufficient evidence that the item was delivered).
In addition, consumers who pay through PayPal or Venmo may have reimbursement rights from their payment card issuer, which in turn will seek recovery from us. If losses incurred by us related to payment card transactions become excessive, we could lose the ability to accept payment cards for payment, which would negatively impact our business. Regulators and card networks may also adapt error resolution and chargeback requirements to account for evolving forms of fraud, which could increase PayPal’s exposure to fraud losses and impact the scope of coverage of our protection programs. Increases in our loss rate, including as a result of changes to the scope of transactions covered by our protection programs, could negatively impact our business and results of operations.
Failure to effectively monitor and evaluate the financial condition of our merchants may expose PayPal to losses. In the event of the bankruptcy, insolvency, business failure, or other business interruption of a merchant that sells goods or services in advance of the date of their delivery or use (e.g., airline, cruise, or concert tickets, custom-made goods, and subscriptions), we could be liable to the buyers of such goods or services, including through our purchase protection program or through chargebacks on payment cards used by customers to fund their purchase. Allowances for transaction losses that we have established may be insufficient to cover incurred losses.
Use of our payments services for illegal activities or improper purposes could harm our business.
We expect that users will continue to attempt to use our platform for illegal activities or improper uses, including money laundering, terrorist financing, sanctions evasion, illegal gambling or gaming, fraudulent sales of goods or services, illegal telemarketing activities, illegal sales of prescription medications or controlled substances, piracy of software, movies, music, and other copyrighted, trademarked or digital goods, bank fraud, child pornography, human trafficking, prohibited sales of alcoholic beverages or tobacco products, securities fraud, pyramid or Ponzi schemes, or the facilitation of other illegal or improper activity.We expect that users will continue to attempt to use our payments platform for illegal activities or improper uses, including money laundering, terrorist financing, sanctions evasion, illegal online gambling, fraudulent sales of goods or services, illegal telemarketing activities, illegal sales of prescription medications or controlled substances, piracy of software, movies, music, and other copyrighted, trademarked or digital goods, bank fraud, child pornography, human trafficking, prohibited sales of alcoholic beverages or tobacco products, securities fraud, pyramid or Ponzi schemes, or the facilitation of other illegal or improper activity. Moreover, certain activity that may be legal in one jurisdiction may be illegal in another jurisdiction, and a customer may be found responsible for intentionally or inadvertently importing or exporting illegal goods, resulting in liability for us. Moreover, certain activity that may be legal in one jurisdiction may be illegal in another jurisdiction, and a merchant may be found responsible for intentionally or inadvertently importing or exporting illegal goods, resulting in liability for us. Owners of intellectual property rights or government authorities may seek to bring legal action against providers of payments solutions, including PayPal, that are peripherally involved in the sale of infringing or allegedly infringing items by a user. While we invest in measures intended to prevent and detect illegal activities that may occur on our platform, these measures require continuous improvement and may not be effective in detecting and preventing illegal activity or improper uses, and we may be subject to claims, individual and class action lawsuits, and government and regulatory requests, inquiries, or investigations that could result in liability, restrict our operations, impose additional restrictions or limitations on our business or require us to change our business practices, harm our reputation, increase our costs, and negatively impact our business. While we invest in measures intended to prevent and detect illegal activities that may occur on our payments platform, these measures may not be effective in detecting and preventing illegal activity or improper uses, and we may be subject to claims, individual and class action lawsuits, and government and regulatory requests, inquiries, or investigations that could result in liability, restrict our operations, impose additional restrictions or limitations on our business or require us to change our business practices, harm our reputation, increase our costs, and negatively impact our business.
Acquisitions, dispositions, strategic investments, and other strategic transactions could result in operating difficulties and could harm our business.
We expect to continue to consider and evaluate a wide array of potential strategic transactions as part of our overall business strategy, including business combinations, acquisitions, and dispositions of certain businesses, technologies, services, products, and other assets; strategic investments; and commercial and strategic partnerships (collectively, “strategic transactions”). At any given time, we may be engaged in discussions or negotiations with respect to one or more strategic transactions, any of which could, individually or in the aggregate, be material to our financial condition and results of operations. There can be no assurance that we will be successful in identifying, negotiating, consummating, or integrating suitable transaction opportunities. Strategic transactions may involve additional significant challenges, uncertainties, and risks, including challenges of obtaining regulatory or other approvals, integrating new employees, products, systems, technologies, operations, and business cultures; challenges associated with operating acquired businesses in markets or business areas in which we may have limited or no
| FY 2025 FORM 10-K | 24 | ||||||||||||
experience; disruption of our ongoing operations and diversion of our management’s attention; inadequate data security, cybersecurity, or operational and IT resilience; failure to identify or accurately assess commitments, liabilities, deficiencies and other risks associated with acquired businesses or assets; potential exposure to new or incremental risks associated with acquired businesses and entities, strategic investments or other strategic transactions, including potential new or increased regulatory oversight and uncertain or evolving legal, regulatory, and compliance requirements, particularly with respect to companies in new or developing businesses or industries; challenges associated with dispositions of business or operations, including disruption to other parts of our business, potential loss of employees or customers, the transfer of technology and/or certain intellectual property rights to third-party purchasers, or exposure to unanticipated liabilities or ongoing obligations to us following any such dispositions; failure of the transaction to advance our business strategy or for its anticipated benefits to materialize; potential impairment of goodwill or other acquisition-related intangible assets; and the potential for our acquisitions to result in dilutive issuances of our equity securities or the incurrence of significant additional debt. Strategic transactions are inherently risky, may not be successful, and may harm our business, results of operations, and financial condition.
Strategic investments in which we have a minority ownership stake inherently involve a lesser degree of influence and visibility over business operations and we may be dependent on controlling shareholders, management, or other persons or entities that may have business interests, strategies, or goals that are inconsistent with ours. Business decisions or other actions or omissions of the controlling shareholders, management, or other persons or entities who control companies in which we invest may adversely affect the value of our investment, result in litigation or regulatory action against us, and damage our reputation.
Our international operations subject us to increased risks, which could harm our business.
Our international operations generate a significant portion of our net revenues and subject us to significant challenges, uncertainties, and risks, including, but not limited to, local regulatory, licensing, reporting, and legal obligations; costs and challenges associated with operating in markets in which we may have limited or no experience, including adapting our products and services to local requirements and customer preferences; difficulties in developing, staffing, and simultaneously managing a large number of varying foreign operations as a result of distance, language, and cultural differences and varying laws, regulations, and customs; differing employment practices and the existence of works councils; difficulties in hiring, retaining and integrating qualified employees and maintaining our company culture; fluctuations in foreign exchange rates; exchange control regulations; profit repatriation restrictions; changes in or new tariffs, sanctions, fines, or other trade barriers or restrictions and the related uncertainty thereof; import or export regulations; compliance with U.S. and foreign anti-bribery, anti-corruption, sanctions, anti-money laundering and counter-terrorist financing laws and regulations; the interpretation and application of laws of multiple jurisdictions; and national or regional political, economic, or social instability. In addition, some countries have enacted or are considering data localization or residency laws, which require that certain data be maintained, stored and/or processed within their country of origin. Maintaining local data centers in individual countries could significantly increase our operating costs.
Our international operations also may heighten many of the other risks described in this “Risk Factors” section. Any violations of the complex foreign and U.S. laws, rules and regulations that may apply to our international operations may result in lawsuits, enforcement actions, criminal actions, or sanctions against us and, our directors, officers, and employees; prohibit or require us to change our products, services and business practices; and damage our reputation. There can be no assurance that our employees, contractors, or agents will not violate applicable laws or our policies, procedures and controls designed to help ensure compliance with these laws. These risks are inherent in our international operations, may increase our costs of doing business internationally, and could materially and adversely affect our business.
Global and regional economic conditions could harm our business.
Adverse global and regional economic conditions such as political unrest and turmoil affecting the banking system or financial markets, including, but not limited to, tightening in the credit markets, extreme volatility or distress in the financial markets (including the fixed income, credit, currency, equity, and commodity markets), unemployment, consumer debt levels, recessionary or inflationary pressures, supply chain issues, reduced consumer confidence or economic activity, government fiscal, monetary and tax policies, U.S. and international trade relationships, agreements, treaties, changes in or new tariffs and restrictive actions or threats of such actions, including an escalation of trade tensions between the U.S. and its trading partners, the inability of a government to enact a budget in a fiscal year, government shutdowns, government austerity programs, geopolitical conditions or events, and other negative financial news or macroeconomic developments could have a material adverse impact on the demand for our products and services, including a reduction in the volume and size of transactions on our platform. In particular, recent tariffs and reciprocal trade measures enacted or threatened to be enacted by the U.S. and other countries have led to increased volatility and uncertainty in certain parts of the global economy. We cannot predict the timing, strength or duration of any economic volatility, slowdown, instability or recovery, whether in the U.S. or globally, or within any particular industry. These conditions could have a material adverse impact on the demand for our products and services which
| FY 2025 FORM 10-K | 25 | ||||||||||||
could adversely affect our results of operations. Additionally, any inability to access the capital markets when needed due to volatility or illiquidity in the markets, liquidity needs due to unanticipated reductions in customer balances, or increased regulatory liquidity and capital requirements may strain our liquidity position. Such conditions may also expose us to fluctuations in foreign exchange rates or interest rates that could materially and adversely affect our financial results.
If our reputation or our brands are damaged, our business and operating results may be harmed.
Our reputation and brands are globally recognized, important to our business, and affect our ability to attract and retain our customers. There are numerous ways our reputation or brands could be damaged. We may experience scrutiny or criticism from customers, partners, employees, government entities, media, advocacy groups, and other influencers or stakeholders that disagree with, among other things, our product offering decisions, internal policies, or public policy positions. Damage to our reputation or our brands may result from, among other things, change to or new features, products, services, operational efforts, or terms of service, or our decisions regarding user privacy, data practices, or information security. Damage to our reputation or our brands may result from, among other things, new features, products, services, operational efforts, or terms of service (or changes to the same), or our decisions regarding user privacy, data practices, or information security. The pervasiveness of social media may increase and compound the likelihood, speed, magnitude, and unpredictability of negative brand events. The proliferation of social media may increase and compound the likelihood, speed, magnitude, and unpredictability of negative brand events. If our brands or reputation are damaged, our business and operating results may be adversely impacted.
Real or perceived inaccuracies in our key metrics may harm our reputation and negatively affect our business.
Our key metrics are calculated using internal company data based on the activity we measure on our platform and compiled from multiple systems, including systems that are internally developed or acquired through business combinations.Our key metrics are calculated using internal company data based on the activity we measure on our payments platform and compiled from multiple systems, including systems that are internally developed or acquired through business combinations. There are inherent challenges and limitations in measuring our key metrics globally at scale. The methodologies used to calculate our key metrics require significant judgment. We regularly review our processes for calculating these key metrics, and from time to time we may make adjustments to improve the accuracy or relevance of our metrics. Although such adjustments may impact key metrics reported in prior periods, we generally do not update previously reported key metrics to reflect these subsequent adjustments unless the retrospective impact of process improvements or enhancements is determined by management to be material. Further, as our business evolves, we may revise or cease reporting metrics if we determine that such metrics are no longer appropriate measures of our performance. Further, as our business develops, we may revise or cease reporting metrics if we determine that such metrics are no longer appropriate measures of our performance. If investors, analysts, or customers do not consider our reported measures to be sufficient or to accurately reflect our business, we may receive negative publicity, our reputation may be harmed, and our business may be adversely impacted.
Evolving laws, regulations and stakeholder expectations with respect to environmental, social and governance matters could harm our reputation and adversely affect our business.
Various jurisdictions both in the U.S. and internationally have adopted or are developing laws, regulations and policies relating to environmental, social and governance matters (e.g., environmental sustainability and climate change) which include disclosure, reporting and diligence requirements. Compliance with these requirements may involve significant costs, and any actual or perceived failure to comply with applicable (and potentially conflicting) federal, state, local or international laws or regulations concerning environmental, social, and governance matters could subject us to fines, penalties, regulatory or other enforcement actions, and adversely affect our business or financial condition. In addition, various stakeholders, including investors, customers, employees, governmental authorities and regulators, may have differing expectations regarding environmental, social and governance matters related to us (including those supporting and opposing various environmental, social and governance matters), whose expectations and requirements are evolving and varied. Any initiatives, targets, data, or commitments we disclose with respect to these matters involve risks and uncertainties and could be difficult to achieve and costly to implement. Any actual or perceived failure or inaccuracy with respect to such initiatives, targets, data or commitments or to otherwise successfully manage investor or other stakeholder expectations on these matters could result in adverse reaction by consumers or other stakeholders (including, but not limited to, customers choosing not to use our products and services and the commencement of legal and regulatory proceedings against us), harm our reputation, and adversely affect our business, results of operation and financial condition. In addition, we differentiate ourselves to merchants through our ability to innovate and develop products and services that offer new payment experiences or functionality for our merchants, demonstrate that they may achieve incremental sales by using and offering our services to consumers, and support transactions on our payments platform across varied technologies and payment methods; through the simplicity and transparency of our fee structure; and through our seller protection programs, analytics, and risk management, as well as other merchant services.
If one or more of our counterparty financial institutions default on their financial or performance obligations to us or fail, we may incur significant losses.26Table of ContentsIf one or more of our counterparty financial institutions default on their financial or performance obligations to us or fail,we may incur significant losses.
We have significant amounts of cash, cash equivalents, receivables outstanding, and other investments on deposit or in accounts with banks or other financial institutions in the U.S. and internationally. As part of our foreign exchange hedging activities, we regularly enter into transactions involving derivative financial instruments with various financial institutions. Certain banks and other financial institutions are also lenders under our credit facilities. While we seek to diversify counterparty risk, regularly monitor and actively manage our concentration of, and exposure to, counterparty risk, we may be exposed to the risk of default on obligations by, or deteriorating operating results or financial condition or failure of, these counterparty financial institutions. If one of our counterparty financial institutions were to become insolvent, placed into receivership, or file for bankruptcy, our
| FY 2025 FORM 10-K | 26 | ||||||||||||
ability to recover losses incurred as a result of default or to access or recover our assets that are deposited, held in accounts with, or otherwise due from, such counterparty may be limited due to the insufficiency of the failed institutions’ estate to satisfy all claims in full or the applicable laws or regulations governing the insolvency, bankruptcy, or resolution proceedings. In the event of default on obligations by, or the failure of, one or more of these counterparties, we could incur significant losses, which could negatively impact our results of operations and financial condition.
If we are unable, or perceived as unable, to effectively manage customer funds, our business could be harmed.
We hold a substantial amount of funds belonging to our customers, including balances in customer accounts and funds being remitted to sellers of goods and services or recipients of person-to-person transactions. In certain jurisdictions where we operate, we are required to comply with applicable regulatory requirements with respect to customer balances. Our success is reliant on public confidence in our ability to effectively manage our customers’ balances and handle substantial transaction volumes and amounts of customer funds. Any failure to manage customer funds in compliance with applicable regulatory requirements, or any public loss of confidence in us or our ability to effectively manage customer balances, could lead customers to discontinue or reduce their use of our products or reduce customer balances held with us, which could significantly harm our business.
There are risks associated with our indebtedness.
We have incurred indebtedness, and we may incur additional indebtedness in the future. Our ability to pay interest and repay the principal for our indebtedness is dependent upon our ability to manage our business operations and generate sufficient cash flows to service such debt. Our outstanding indebtedness and any additional indebtedness we incur may have significant consequences, including the need to use a significant portion of our cash flow from operations and other available cash to service our indebtedness, thereby reducing the funds available for other purposes, including working capital, capital expenditures, acquisitions, strategic investments, share repurchases, dividend payments, or other general corporate purposes; limits on our ability to obtain additional financing for such purposes; and the reduction of our flexibility in planning for or reacting to changes in our business, competitive pressures and market conditions. Our outstanding indebtedness and any additional indebtedness we incur may have significant consequences, including the need to use a significant portion of our cash flow from operations and other available cash to service our indebtedness, thereby reducing the funds available for other purposes, including capital expenditures, acquisitions, strategic investments, and share repurchases; the reduction of our flexibility in planning for or reacting to changes in our business, competitive pressures and market conditions; and limits on our ability to obtain additional financing for working capital, capital expenditures, acquisitions, strategic investments, share repurchases, or other general corporate purposes.
Our revolving credit facilities and the indentures for our senior unsecured notes pursuant to which certain of our outstanding debt securities were issued contain financial and other covenants that restrict or could restrict, among other things, our business and operations. If we fail to pay amounts due under a debt instrument or breach any of its covenants, the lenders or noteholders would typically have the right to demand immediate repayment of all borrowings thereunder (subject in certain cases to a grace or cure period). Any such acceleration and required repayment of, or default in respect of, our indebtedness could, in turn, constitute an event of default under other debt instruments, thereby resulting in the acceleration and required repayment of our indebtedness. Moreover, any such acceleration and required repayment of, or default in respect of, our indebtedness could, in turn, constitute an event of default under other debt instruments, thereby resulting in the acceleration and required repayment of our indebtedness. Any of these events could materially adversely affect our liquidity and financial condition.
Any downgrade in our credit rating or negative change in our rating outlook could increase our future borrowing costs and adversely affect our ability to obtain additional financing in the future on favorable terms or at all.
Changes in tax laws, exposure to unanticipated additional tax liabilities, or implementation of reporting or record-keeping obligations could have a material adverse effect on our business.
An increasing number of U.S. states, the U.S. federal government, and governments of foreign jurisdictions, such as the EU Commission, as well as international organizations, such as the Organization for Economic Co-operation and Development (“OECD”), are focused on tax reform and other legislative or regulatory action to increase tax revenue. These actions may materially and adversely affect our effective tax rate, net income, and cash flows. These actions may 27Table of Contentsmaterially and adversely affect our effective tax rate, net income, and cash flows.
Specifically, the OECD has published model rules and is coordinating negotiations among participating countries with the goal of achieving consensus on significant changes to international tax rules, including the implementation of a global minimum tax rate of 15%, commonly referred to as Pillar Two. Each individual jurisdiction will need to enact minimum tax legislation which may result in various interpretations of the OECD model rules and applicable timelines. Certain countries in which we do business have enacted implementing legislation effective January 1, 2025. As additional jurisdictions enact similar legislation, transition rules expire, and other provisions of the minimum tax legislation become effective, our effective tax rate and cash tax payments could increase in future years. The impact will depend on several factors including U.S and foreign tax legislation as well as our overall tax profile. A number of details around the provisions are still uncertain as the OECD and individual jurisdictions continue to issue guidance.
The determination of our worldwide provision for income taxes and other tax liabilities requires estimation and significant judgment, and there are many transactions and calculations for which the ultimate tax determination is uncertain. Our future
| FY 2025 FORM 10-K | 27 | ||||||||||||
income taxes could be adversely affected by changes in our geographical mix of income and impacts of statutory tax rates; by changes in the valuation of our deferred tax assets and liabilities, including as a result of gains on our foreign exchange risk management program; by changes in tax laws, regulations, or accounting principles; or by certain discrete items. In addition, we are currently undergoing a number of investigations, audits, and reviews by tax authorities in multiple U.S. and foreign tax jurisdictions. Any adverse outcome of any such audit or review could result in unforeseen tax-related liabilities that differ from the amounts recorded in our financial statements, which may, individually or in the aggregate, materially affect our financial results in the periods for which such determination is made. While we have established reserves based on assumptions and estimates that we believe are reasonable to cover such eventualities, these reserves may prove to be insufficient.
To improve tax compliance, a number of U.S. states, the U.S. federal government, and foreign jurisdictions have implemented and may impose reporting or record-keeping obligations on companies that engage in or facilitate ecommerce as well as companies offering digital asset services. A number of jurisdictions are also reviewing whether payment service providers and other intermediaries could be deemed to be the legal agent of merchants for certain tax purposes. We have modified our systems to meet applicable requirements and expect that further modifications will be required to comply with future requirements, which may negatively impact our customer experience and increase operational costs. Any failure by us to comply with these and similar reporting and record-keeping obligations could result in substantial monetary penalties and other sanctions, adversely impact our ability to do business in certain jurisdictions, and harm our business.
We may be unable to attract, retain, and develop the highly skilled employees we need to support our business.
Competition for key and other highly skilled personnel is intense, particularly for executive talent, software engineers, and other technology talent. We may be limited in our ability to recruit or hire internationally, including due to restrictive laws or policies on immigration, travel, or availability of visas for skilled workers. The loss of the services of any of our key personnel, or our inability to attract, hire, develop, motivate and retain key and other highly qualified and diverse talent, could harm our overall business and results of operations. The loss of the services of any of our key personnel, or our inability to attract, hire, develop, motivate and retain key and other highly qualified and diverse talent, whether in a remote or in-office environment, or protect the safety, health and productivity of our workforce could harm our overall business and results of operations.
We are subject to risks associated with information disseminated through our products and services.
We may be subject to claims relating to information disseminated through our online services by our customers and other third parties, including, but not limited to, claims alleging defamation, libel, harassment, hate speech, breach of contract, invasion of privacy, negligence, copyright or trademark infringement, or other theories based on the nature and content of the materials disseminated through the services. While we invest in measures intended to detect and block activities that may occur on our platform in violation of our policies and applicable laws, they may not be sufficiently effective in detecting and preventing the exchange of information in violation of our policies and applicable laws, which could negatively impact our business. If the laws or regulations that provide protections for online dissemination of information are invalidated, modified, or supplemented to reduce protections available to us or to increase requirements on us, we could be directly harmed and may be forced to implement new measures to reduce our exposure to this liability, including expending substantial resources and discontinuing certain product or service offerings, which could harm our business. If the laws or regulations that provide protections for online dissemination of information are invalidated, modified, or supplemented to reduce protections available to us, or to increase requirements on us to remove certain information or implement other processes, we could be harmed and may be forced to implement new measures to reduce our potential liability for information provided by our customers and carried on our products and services.
There can be no assurance that we will continue to repurchase stock or declare cash dividends, and stock repurchases or dividends could increase the volatility of our stock price and could diminish our cash reserves.
We engage in share repurchases of our common stock from time to time, and our stock repurchase programs do not have expiration dates and do not obligate us to repurchase any specific dollar amount or to acquire any specific number of shares. In October 2025, we announced the initiation of a cash dividend program. Future cash dividends are subject to declaration by our Board of Directors at its sole discretion and are therefore subject to numerous factors including, among others, prevailing market conditions, our results of operations, financial condition and liquidity, applicable laws and agreements. Our stock repurchases and our dividends could affect our share trading prices, increase its volatility, reduce our cash reserves and may be suspended or terminated at any time, which may result in a decrease in our share trading price.
ITEM 1B. ITEM 1C. UNRESOLVED STAFF COMMENTS
None.
ITEM 1C. CYBERSECURITY
CYBERSECURITY RISK MANAGEMENT AND STRATEGY
| FY 2025 FORM 10-K | 28 | ||||||||||||
Our Information Security Program (“Program”) is designed to support the Company in identifying, protecting, detecting, responding to, and recovering from cybersecurity threats and incidents (collectively, “cybersecurity risks”) with the intention to protect the confidentiality, integrity, and availability of our critical systems and information.
We design and regularly assess our Program guided by National Institute of Standards and Technology Cybersecurity Framework (NIST CSF) and ISO standards (including ISO 27001), proprietary controls and industry best practices.
The three lines of defense model is designed to provide a structure for risk management in the first line of defense (“FLOD”), monitoring and guidance by the second line of defense (“SLOD”), and independent audit by the third line of defense (“TLOD”). Our Office of the Chief Information Security Officer oversees the Company’s information, cyber, and technology security. The Enterprise Risk Management Organization provides second line monitoring and guidance. The Technology and Information Security team serves as SLOD and provides independent oversight of our technology and cybersecurity risk mitigation practices and capabilities. As TLOD, Internal Audit independently assesses the effectiveness of our cybersecurity risk management and independently reports the results of audits to our R&C Committee to assist it in its oversight duties.
Our Program includes:
•Risk assessments designed to help identify material cybersecurity risks to our critical systems, information, products, services, and our broader enterprise Information Technology (“IT”) environment;
•Regular testing of our systems to identify and address potential vulnerabilities;
•Integrated planning and preparedness activities supporting business continuity and operational resiliency;
•Security teams principally responsible for managing our (1) annual cybersecurity risk assessment processes, (2) security controls, and (3) response to cybersecurity incidents;
•A cybersecurity incident response plan that includes procedures for responding to cybersecurity incidents;
•24/7 monitoring and measurement of cybersecurity threats through our PayPal Cyber Defense Center (“CDC”);
•The use of external service providers, where appropriate, to assess, test or otherwise assist with aspects of our security controls;
•An information training and awareness program for our employees, contractors, incident response personnel, and senior management; and
•A third-party risk management framework designed to monitor and address risks from cybersecurity incidents of service providers, suppliers, and vendors that includes due diligence over the information security and technology control environment of third parties at onboarding and periodically throughout the lifecycle of the relationship. In addition, our standard contractual terms require notification and communication from third parties in the event of a cybersecurity incident. We maintain procedures to respond to, manage and mitigate third-party cybersecurity events and vulnerabilities when identified.
CYBERSECURITY GOVERNANCE
| FY 2025 FORM 10-K | 29 | ||||||||||||
Our CISO is responsible for implementing the information security strategy, security engineering, enabling business partners, and securing customer data, digital assets, and payments. His organization also monitors cyber regulation requirements and reviews impacts of new products and initiatives. Our CISO has over two decades of experience as a cybersecurity professional, including as a CISO at PayPal and four other organizations that include leading global financial services institutions and large-scale U.S. government agencies (including within the Department of Defense). He has an extensive record of success shepherding digital transformation aligned with business goals, launching cybersecurity frameworks, building security engineering teams, and ensuring protection of assets, data, privacy, and company reputation.
The R&C Committee reports to the Board regarding its activities, including those related to cybersecurity risk oversight. The Board also receives briefings at least annually from management on our Program. The Board also receives briefings at least annually from management on our Information Security Program. Board members receive presentations on cybersecurity topics from our CISO and external experts from time to time as part of our continuing education to the Board on topics relevant to their service on our Board.
Our cybersecurity teams supervise efforts to prevent, detect, mitigate, and remediate cybersecurity threats and incidents through the operation of our incident response plan and various other means, which may include briefings from internal security personnel, threat intelligence and other information obtained from governmental, public or private sources, including external consultants engaged by us, as well as alerts and reports produced by security tools deployed in the IT environment. They also oversee, identify, and address security threats aimed at PayPal customers, employees, and partners.
Recently Filed
Click on a ticker to see risk factors
| Ticker * | File Date |
|---|---|
| PYPL | 2 hours ago |
| KREF | 2 hours ago |
| ISRG | 2 hours ago |
| DOC | 2 hours ago |
| MMM | 3 hours ago |
| CMCSA | 3 hours ago |
| TEVA | 10 hours ago |
| DOW | 11 hours ago |
| PEP | 1 day, 1 hour ago |
| LBRT | 1 day, 2 hours ago |
| IVDN | 4 days, 4 hours ago |
| NOBH | 4 days, 4 hours ago |
| BA | 4 days, 4 hours ago |
| GD | 4 days, 6 hours ago |
| NIMU | 4 days, 11 hours ago |
| GRI | 4 days, 11 hours ago |
| CHTR | 4 days, 12 hours ago |
| MTWO | 6 days, 3 hours ago |
| CRSF | 6 days, 5 hours ago |
| SKKY | 1 week ago |
| GM | 1 week ago |
| SNX | 1 week ago |
| NOC | 1 week ago |
| CCL | 1 week ago |
| ARE | 1 week, 1 day ago |
| KBH | 1 week, 4 days ago |
| NFLX | 1 week, 4 days ago |
| SLB | 1 week, 4 days ago |
| INTC | 1 week, 5 days ago |
| MKC | 1 week, 5 days ago |
| FUL | 1 week, 5 days ago |
| NG | 1 week, 5 days ago |
| PRGS | 2 weeks ago |
| TPET | 2 weeks ago |
| IVHI | 2 weeks ago |
| RR | 2 weeks ago |
| UGRO | 2 weeks, 4 days ago |
| FUNI | 2 weeks, 5 days ago |
| ADBE | 2 weeks, 5 days ago |
| CVGW | 2 weeks, 6 days ago |
| RFIL | 2 weeks, 6 days ago |
| BBCP | 3 weeks ago |
| DWAY | 3 weeks ago |
| EXDW | 3 weeks ago |
| FWFW | 3 weeks ago |
| GIPL | 3 weeks ago |
| WLSS | 3 weeks ago |
| MOBX | 3 weeks ago |
| ANIX | 3 weeks, 1 day ago |
| MCLE | 3 weeks, 1 day ago |
