eBay 2013 Annual Report Download - page 31

Download and view the complete annual report

Please find page 31 of the 2013 eBay annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 167

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167

break-ins and similar disruptions, and we have experienced “denial-of-service” type attacks on our system that have, in certain instances, made
all or portions of our websites unavailable for periods of time. For example, in December 2010, PayPal was subject to a series of distributed
“denial of service” attacks following PayPal's decision to indefinitely restrict the account used by WikiLeaks due to an alleged violation of
PayPal's Acceptable Use Policy. A party that is able to circumvent our security measures could misappropriate our or our users' proprietary
information, cause interruption in our operations, damage our computers or those of our users, or otherwise damage our reputation. In addition,
our users, as well as those of other prominent Internet companies, have been and will continue to be targeted by parties using fraudulent “spoof”
and “phishing” emails to misappropriate user names, passwords, payment card numbers, or other personal information or to introduce viruses or
other malware through “trojan horse” programs to our users' computers. These emails appear to be legitimate emails sent by eBay, PayPal,
StubHub, one of our other businesses, a user of one of our businesses, or an Enterprise client, but direct recipients to fake websites operated by
the sender of the email or request that the recipient send a password or other confidential information through email or download malware.
Despite our efforts to mitigate “spoof” and “phishing” emails through product improvements and user education, “spoof” and “phishing”
activities remain a serious problem.
If an actual or perceived breach of our security occurs, public perception of the effectiveness of our security measures could be harmed
resulting in damage to our reputation and we could lose users. Also any compromise of our security could result in a violation of applicable
privacy and other laws, and expose us to significant legal and financial exposure . Enterprise clients also face similar risks of security breaches,
and to the extent that such clients are harmed as a result of a security breach, our Enterprise business would also be adversely affected. In
addition, under payment card rules and our contracts with our card processors, if there is a breach of payment card information that we store, or
that is stored by PayPal's direct payment card processing customers, we could be liable to the payment card issuing banks for their cost of issuing
new cards and related expenses If we were unable to accept payment cards, our businesses would be seriously damaged. Further, we may need to
expend significant resources to protect against security breaches or to address problems caused by breaches. These issues are likely to become
more difficult and costly as we expand the number of places where we operate. Financial services regulators in various jurisdictions, including
the U.S. and the EU, have implemented or are considering proposals to impose new authentication requirements on banks and payment
processors intended to reduce online fraud (e.g., two-factor authentication to verify a user's identity), which could impose significant costs on
PayPal, require PayPal to change its business practices, make it more difficult for new customers to join its network and reduce the ease of use of
its products, which could harm PayPal's business. Our insurance policies carry low coverage limits, which may not be adequate to reimburse us
for losses caused by security breaches.
Changes in regulations, regulatory scrutiny, or user concerns regarding privacy and protection of user data could adversely affect our
business.
We are subject to laws relating to the collection, use, retention, security and transfer of personally identifiable information about our users
around the world. Much of the personal information that we collect, especially financial information, is regulated by multiple laws. The
interpretation and application of user data protection laws are in a state of flux, and may be interpreted and applied inconsistently from country
to country. In many cases, these laws apply not only to third-party transactions, but also to transfers of information between or among ourselves,
our subsidiaries and other parties with which we have commercial relations. In particular, the collection and use of personal information by
companies has come under increased regulatory scrutiny. Further, these laws continue to develop in ways we cannot predict and which may
adversely impact our business.
Regulatory scrutiny of privacy and user data protection is increasing on a global basis. We are subject to a number of local privacy laws
and regulations in the countries in which we operate, including the following, and any many of those jurisdictions are proactively evaluating
changes to those laws and regulations:
29
as an entity licensed and subject to regulation as a bank in Luxembourg, PayPal (Europe) S.à r.l et Cie, SCA is subject to banking
secrecy laws;
the European Union has proposed a General Data Protection Regulation that would supersede the European Data Protection
Directive. Changes could increase penalties and fines for failing to comply with the new regulation and it is unclear how it
consistently the new regulation may be enforced. There is significant international pressure against the U.S. and the National Security
Agency (NSA) regarding the collection of data by the NSA from U.S. companies. Further restrictions or regulation in the European
Union could result as a direct reaction to these events;
new laws or regulations, in particular, financial or privacy laws or regulations, enacted in jurisdictions in which we do business that
require data (including customer information, transaction data or other information) to be stored locally on servers in that jurisdiction
and/or prohibit such data from being transmitted outside of that jurisdiction,