Capital One 2013 Annual Report Download - page 48

Download and view the complete annual report

Please find page 48 of the 2013 Capital One annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 302

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159
  • 160
  • 161
  • 162
  • 163
  • 164
  • 165
  • 166
  • 167
  • 168
  • 169
  • 170
  • 171
  • 172
  • 173
  • 174
  • 175
  • 176
  • 177
  • 178
  • 179
  • 180
  • 181
  • 182
  • 183
  • 184
  • 185
  • 186
  • 187
  • 188
  • 189
  • 190
  • 191
  • 192
  • 193
  • 194
  • 195
  • 196
  • 197
  • 198
  • 199
  • 200
  • 201
  • 202
  • 203
  • 204
  • 205
  • 206
  • 207
  • 208
  • 209
  • 210
  • 211
  • 212
  • 213
  • 214
  • 215
  • 216
  • 217
  • 218
  • 219
  • 220
  • 221
  • 222
  • 223
  • 224
  • 225
  • 226
  • 227
  • 228
  • 229
  • 230
  • 231
  • 232
  • 233
  • 234
  • 235
  • 236
  • 237
  • 238
  • 239
  • 240
  • 241
  • 242
  • 243
  • 244
  • 245
  • 246
  • 247
  • 248
  • 249
  • 250
  • 251
  • 252
  • 253
  • 254
  • 255
  • 256
  • 257
  • 258
  • 259
  • 260
  • 261
  • 262
  • 263
  • 264
  • 265
  • 266
  • 267
  • 268
  • 269
  • 270
  • 271
  • 272
  • 273
  • 274
  • 275
  • 276
  • 277
  • 278
  • 279
  • 280
  • 281
  • 282
  • 283
  • 284
  • 285
  • 286
  • 287
  • 288
  • 289
  • 290
  • 291
  • 292
  • 293
  • 294
  • 295
  • 296
  • 297
  • 298
  • 299
  • 300
  • 301
  • 302

breach, depending on the nature of the disruption or breach, it could lead to unauthorized transactions on Capital
One accounts or unauthorized access to personal or confidential information maintained by those entities. A
disruption or breach such as these could result in significant legal and financial exposure, regulatory intervention,
remediation costs, card reissuance, supervisory liability, damage to our reputation or loss of confidence in the
security of our systems, products and services that could adversely affect our business.
Information security risks for large financial institutions like us have generally increased in recent years in part
because of the proliferation of new technologies, the use of the Internet and telecommunications technologies to
conduct financial transactions and the increased sophistication and activities of organized crime, perpetrators of
fraud, hackers, terrorists, activists, formal and informal instrumentalities of foreign governments and other
external parties. As noted above, our operations rely on the secure processing, transmission and storage of
confidential information in our computer systems and networks. Our businesses rely on our digital technologies,
computer and email systems, software and networks to conduct their operations. In addition, to access our
products and services, our customers may use computers, smartphones, tablet PCs and other mobile devices that
are beyond our security control systems. Although we believe we have a robust suite of authentication and
layered information security controls, our technologies, systems, networks and our customers’ devices may
become the target of cyber-attacks or other attacks that could result in the unauthorized release, gathering,
monitoring, misuse, loss or destruction of our or our customers’ confidential, proprietary or other information,
including access to accounts with online functionality, which could result in disruptions and damage to the
business operations or finances of Capital One, our customers or other third parties. For example, we and other
U.S. financial services providers were targeted recently on several occasions with distributed denial-of-service
(“DDOS”) attacks from sophisticated third parties. DDOS attacks are designed to saturate the targeted online
network with excessive amounts of network traffic, resulting in slow response times or even causing the site to
be temporarily unavailable. On at least one occasion, a DDOS attack successfully disrupted our consumer online
banking services for a period of time, which had a non-material impact on our business. Although we have not
experienced any material losses relating to cyber incidents, there can be no assurance that we will not suffer such
losses in the future. If future attacks like these are successful or if customers are unable to access their accounts
online for other reasons, it could adversely impact our ability to service customer accounts or loans, complete
financial transactions for our customers or otherwise operate any of our businesses or services. In addition, a
breach or attack affecting one of our third-party service providers or partners could harm our business even if we
do not control the service that is attacked.
Because the methods and techniques employed by perpetrators of fraud and others to attack, disable, degrade or
sabotage platforms, systems and applications change frequently, are increasingly sophisticated and often are not
fully recognized or understood until after they have been launched, we and our third-party service providers and
partners may be unable to anticipate certain attack methods in order to implement effective preventative
measures. In addition, the increasing prevalence of cyber-attacks and other efforts to breach or disrupt our
systems or those of our partners, retailers or other market participants has led, and will likely continue to lead, to
increased costs to us with respect to preventing, mitigating and remediating these risks, as well as any related
attempted fraud. Further, successful cyber-attacks at other large financial institutions or other market
participants, whether or not we are impacted, could lead to a general loss of customer confidence in financial
institutions that could negatively affect us, including harming the market perception of the effectiveness of our
security measures or the financial system in general which could result in reduced use of our financial products.
Though we have insurance against some cyber-risks and attacks, it may not be sufficient to offset the impact of a
material loss event.
The Growth Of Our Direct Banking Business Presents Certain Risks.
We operate the largest online direct banking institution in the U.S., with approximately $104 billion in deposits
as of December 31, 2013. While direct banking represents a significant opportunity to attract new customers that
value greater and more flexible access to banking services at reduced costs, it also presents significant risks. In
addition to the software, infrastructure and cyber-attack risks discussed above, we face risks related to direct
28