eBay Announces Merchant Integration Platform Updates Ahead Of Data Security Program Deadline
eBay has informed sellers who use their Merchant Integration Platform (MIP) of changes to user data available in Order Reports coming soon in run up to federal Data Security Program deadline.
If you're not familiar with MIP, it's a feed-based system which allows merchants to upload and download files to manage listing data, advertising, orders and more - most often used by small businesses who may not have the technological capabilities or need to use eBay's API tools.
What is MIP?
The Merchant Integration Platform (MIP) is an easy-to-use, feed-based selling platform for small businesses and enterprise merchants. It lets you easily and efficiently upload your inventory to eBay in bulk and then quickly and efficiently manage your orders. And, it's FAST. MIP can upload over 50,000 SKUs in just 30 minutes!
Who is MIP for?
MIP is for small business and enterprise sellers who want to sell on eBay. If you are familiar with feed files used with other marketplaces, such as Amazon or Google Shopping, you can start selling on eBay right away with MIP's standard CSV and XML feed formats. Even if you are new to feeds, the standard feeds provide a fast and simple solution for integrating with eBay. Custom feed formats can also be used for sellers who need more advanced capability.
MIP sellers were informed via email this week that changes to how user and financial data for US persons is made available in Order Reports will go into effect September 30, 2025 - but importantly these changes apply specifically to those who have authorized third-party applications developed by individuals or companies located in regions such as China (and its territories), Venezuela, North Korea, Russia, Cuba, or Iran.
Dear MIP Seller,
Thank you for being part of the eBay community. We're reaching out to inform you about changes that may affect your MIP Order Reports. These changes will affect how user and financial data for U.S. persons are made available and processed in MIP Order Reports.Who Is Affected?
These changes impact all MIP sellers who have authorized third-party applications developed by individuals or companies located in regions such as China (and its territories), Venezuela, North Korea, Russia, Cuba, or Iran. In addition, this includes MIP sellers who are accessing MIP Order reports through SFTP.What Is Changing?
Username Replacement for U.S. Persons:
- We will no longer return publicly displayed usernames such as buyerID and sellerID in Order Reports accessed through Merchant Integration Platform (MIP) SFTP to you or your third-party applications. Instead, you will receive a unique, immutable user ID.
Financial Data Handling for U.S. Persons:
- Details related to the buyer payment instruments and payment method, such as bank or credit card information used in orders, will no longer be returned as before when Order Report is accessed through Merchant Integration Platform (MIP) SFTP. For example, the type of payment instrument and the last four digits of bank or credit card details of US buyers will no longer be available to third-party applications owned or developed in the regions listed above.
Given the countries specified, it's fair to assume these changes are being made to bring MIP into compliance with Executive Orders designating a Data Security Program (DSP) to be implemented by the National Security Division "to prevent China, Russia, Iran, and other foreign adversaries from using commercial activities to access and exploit U.S. government-related data and Americans’ sensitive personal data to commit espionage and economic espionage, conduct surveillance and counterintelligence activities, develop AI and military capabilities, and otherwise undermine our national security."
The Data Security Program went into effect on April 8, 2025 with entities and individuals required to comply with prohibitions and restrictions on engaging in covered data transactions.
However, the effective date for certain affirmative due-diligence obligations was delayed until October 6, 2025 to provide additional time for entities and individuals to come into compliance - which is likely why eBay is implementing these MIP changes by the end of the month.
If MIP or any other aspect of eBay's business operations are found not to be in compliance, the costs could add up quickly as civil penalties can reach up to $377,700 per violation or twice the value of each violating transaction, whichever is greater, and those found to be willfully violating the DSP could face criminal fines and even jail time as well.
How much are the penalties for violating the DSP?
Violations of the DSP may result in civil and, in some cases, criminal penalties, which can be substantial.The legal basis for the DSP is the International Emergency Economic Powers Act
(IEEPA), which provides for a maximum civil penalty not to exceed the greater of $368,136 or an amount that is twice the amount of the transaction that is the basis of the violation with respect to which the penalty is imposed.NSD will make annual adjustments to the maximum civil penalty amount consistent with the Federal Civil Penalties Inflation Adjustment Act. A person who willfully commits, willfully attempts to commit, willfully conspires to commit, or aids or abets in the commission of a violation of any license, order, regulation, or prohibition issued under IEEPA may, upon conviction, be fined not more than $1,000,000, or if a natural person, be imprisoned for not more than 20 years, or both.
More info can be found in the DOJ''s DATA SECURITY PROGRAM:
FREQUENTLY ASKED QUESTIONS.
