Ebay doesn't own PayPal as far as I know. The way it works is a great deal of on-line transactions are now handled by specialised third-party payment services such as
SagePay[
^], who take care of all the buyer's credit card details themselves, rather than the actual web site.
When a new customer registers on the web site (e.g. Ebay) for the first time, a unique 'token' or 'subscription' ID is created, which is used to identify the customer to the third party payment service. And when the customer enters their credit card details, these details are NOT stored on the web site's own servers - instead, they are simply passed onto the third party, where they are stored securely. Then whenever the customer wishes to make a payment or buy a product, a request is sent by the web site to the third party to debit their account for XXX amount, passing them the unique token to identify the customer. The third party performs the transaction and sends a confirmation message back to inform if the transaction was successful or not, which is then passed back as a message on screen to the customer.
PayPal is slightly different, as they work more like an
escrow[
^], or an
intermediary between two parties wishing to exchange money, but the concept is essentially the same - they hold the credit card details of the two parties and perform the transaction themselves when requested to do so by Ebay (or whoever).
This is not just a much more secure way of doing on-line transactions (given all the fraud going on these days), but in some countries like the UK, most banks INSIST that web sites use this form of service to do their transactions to greatly reduce their own risk of transferring money on-line.
I used to develop auction sites myself, and this is how all our transactions were done. Hope that helps