Capital One 2015 Annual Report Download - page 40
Download and view the complete annual report
Please find page 40 of the 2015 Capital One annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28
-
29
-
30 -
31 -
32 -
33 -
34 -
35 -
36 -
37 -
38 -
39 -
40 -
41 -
42 -
43 -
44 -
45 -
46 -
47 -
48 -
49 -
50 -
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
 |
 |
21 Capital One Financial Corporation (COF)
We Could Incur Increased Costs Or Reductions In Revenue Or Suffer Reputational Damage And Business Disruptions In The
Event Of The Theft, Loss Or Misuse Of Information, Including As A Result Of A Cyber-Attack.
Our products and services involve the gathering, management, processing, storage and transmission of sensitive and confidential
information regarding our customers and their accounts, our employees and other third parties with which we do business. Our
ability to provide such products and services, many of which are web-based, depends upon the management and safeguarding of
information, software, methodologies and business secrets. To provide these products and services, we use information systems
and infrastructure, including digital technologies, computer and email systems, software, networks, and other web-based
technologies, that we and third-party service providers operate. We also have arrangements in place with third parties through
which we share and receive information about their customers who are or may become our customers.
Like other financial services firms, technologies, systems, networks and devices of Capital One or our customers, employees or
other third parties with whom we interact continue to be the subject of attempted unauthorized access, mishandling or misuse of
information, computer viruses or malware, cyber-attacks designed to obtain confidential information, destroy data, disrupt or
degrade service, sabotage systems or cause other damage, denial of service attacks and other events. These threats may derive
from human error, fraud or malice on the part of our employees or third parties or may result from accidental technological failure.
Any of these parties may also attempt to fraudulently induce employees, customers, or other third-party users of our systems to
disclose sensitive information in order to gain access to our data or that of our customers or third parties with whom we interact.
Further, cyber and information security risks for large financial institutions like us have generally increased in recent years in part
because of the proliferation of new technologies, the use of the Internet and telecommunications technologies to conduct financial
transactions and the increased sophistication and activities of organized crime, perpetrators of fraud, hackers, terrorists, activists,
formal and informal instrumentalities of foreign governments and other external parties. In addition, to access our products and
services, our customers may use computers, smartphones, tablet PCs and other mobile devices that are beyond our security control
systems.
If our information systems or infrastructure or those of our customers, partners or other market participants experience a significant
disruption or breach, it could lead, depending on the nature of the disruption or breach, to the unauthorized access to and release,
gathering, monitoring, misuse, loss or destruction of our confidential information or personal or confidential information of our
customers, employees or other third parties in our possession. Further, such disruption or breach could also result in unauthorized
access to our proprietary information, software, methodologies and business secrets and in unauthorized transactions in Capital
One accounts or unauthorized access to personal or confidential information maintained by those entities.
As a financial institution, we are subject to and examined for compliance with an array of data protection laws, regulations and
guidance, as well as to our own internal privacy and information security policies and programs. However, because the methods
and techniques employed by perpetrators of fraud and others to attack, disable, degrade or sabotage platforms, systems and
applications change frequently, are increasingly sophisticated and often are not fully recognized or understood until after they have
occurred, we and our third-party service providers and partners may be unable to anticipate certain attack methods in order to
implement effective preventative measures or mitigate or remediate the damages caused in a timely manner. We may also be unable
to hire and develop talent capable of detecting, mitigating or remediating these risks. Although we believe we have a robust suite
of authentication and layered information security controls, including our cyber threat analytics, data encryption and tokenization
technologies, anti-malware defenses and vulnerability management program, any one or combination of these controls could fail
to detect, mitigate or remediate these risks in a timely manner.
A disruption or breach such as those discussed above could result in significant legal and financial exposure, regulatory intervention,
remediation costs, card reissuance, supervisory liability, damage to our reputation or loss of confidence in the security of our
systems, products and services that could adversely affect our business. We and other U.S. financial services providers continue
to be targeted with evolving and adaptive cybersecurity threats from sophisticated third parties. Although we have not experienced
any material losses relating to cyber incidents, there can be no assurance that unauthorized access or cyber incidents will not occur
or that we will not suffer such losses in the future. Unauthorized access or cyber incidents could occur more frequently and on a
more significant scale. If future attacks like these are successful or if customers are unable to access their accounts online for other
reasons, it could adversely impact our ability to service customer accounts or loans, complete financial transactions for our customers
or otherwise operate any of our businesses or services. In addition, a breach or attack affecting one of our third-party service
providers or partners could harm our business even if we do not control the service that is attacked.
In addition, the increasing prevalence and the evolution of cyber-attacks and other efforts to breach or disrupt our systems or those
of our partners, retailers or other market participants has led, and will likely continue to lead, to increased costs to us with respect