MasterCard 2014 Annual Report Download - page 26

Download and view the complete annual report

Please find page 26 of the 2014 MasterCard annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 102

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102

24
We maintain an information security program that is reviewed by our Board of Directors, a business continuity program and
insurance coverage, and our processing systems incorporate multiple levels of protection, in order to address or otherwise mitigate
these risks. We also test our systems to discover and address any potential vulnerabilities. Despite these mitigation efforts, there
can be no assurance that we will be immune to these risks and not suffer losses in the future. Our risk and exposure to these
matters remain heightened because of, among other things, the evolving nature of these threats, the prominent size and scale of
MasterCard and our role in the global payments and technology industries, our plans to continue to implement our digital and
mobile channel strategies and develop additional remote connectivity solutions to serve our customers and cardholders when and
how they want to be served, our global presence, our extensive use of third-party vendors and future joint venture and merger and
acquisition opportunities. As a result, information security and the continued development and enhancement of our controls,
processes and practices designed to protect our systems, computers, software, data and networks from attack, damage or
unauthorized access remain a priority for us. As cyber-threats continue to evolve, we may be required to expend significant
additional resources to continue to modify or enhance our protective measures or to investigate and remediate any information
security vulnerabilities. Any of the risks described above could materially adversely affect our overall business and results of
operations.
If our transaction processing systems and other services are disrupted or we are unable to process transactions or service
our customers efficiently or at all, our results of operations would be materially reduced.
Our transaction processing systems and other key service offerings may experience interruptions as a result of a disaster including,
but not limited to, technology malfunctions, fire, weather events, power outages, telecommunications disruptions, terrorism,
workplace violence, accidents or other catastrophic events. Our visibility in the global payments industry may also put us at
greater risk of attack by terrorists, activists, or hackers who intend to disrupt our facilities and/or systems. A disaster that occurs
at, or in the vicinity of, our primary and/or back-up facilities in any global location could interrupt our services. Although we
maintain a business continuity program to analyze risk, assess potential impacts, and develop effective response strategies, we
cannot ensure that our business would be immune to these risks.
Additionally, we rely on third-party service providers for the timely transmission of information across our global data network.
Inadequate infrastructure in lesser-developed markets could also result in service disruptions, which could impact our ability to
do business in those markets. If one of our service providers fails to provide the communications capacity or services we require,
as a result of natural disaster, operational disruptions, terrorism, hacking or any other reason, the failure could interrupt our services.
Because of the intrinsic importance of our processing systems to our business, any interruption or degradation could adversely
affect the perception of the reliability of products carrying our brands and materially reduce our results of operations.
Account data breaches involving card data stored, processed or transmitted by us or third parties could adversely affect
our reputation and results of operations.
We, our issuers and acquirers, merchants and other third parties process, transmit or store cardholder account and other information
in connection with payment cards and devices. In addition, our customers may sponsor (or we may certify as PCI-compliant)
third-party processors to process transactions generated by cards carrying our brands and merchants may use third parties to provide
services related to card use. A breach of the systems on which sensitive cardholder data and account information are processed,
transmitted or stored could lead to fraudulent activity involving cards carrying our brands, damage our reputation and lead to
claims against us, as well as subject us to regulatory actions. We routinely encounter account data compromise events, some of
which have been high profile, involving merchants and third-party payment processors that process, store or transmit payment
card data, which affect millions of MasterCard, Visa, Discover, American Express and other types of cardholders. These events
typically involve external agents hacking the merchants’ or third-party processors’ systems and installing malware to compromise
the confidentiality and integrity of those systems. Further data security breaches may subject us to reputational damage and/or
lawsuits involving payment cards carrying our brands. While most of these lawsuits do not involve direct claims against us, we
could face damage claims in various circumstances, which, if upheld, could materially and adversely affect our results of operations.
Damage to our reputation or that of our brands resulting from an account data breach of either our systems or the systems of our
customers, merchants and other third parties could decrease the use and acceptance of our cards and other payment devices, as
well as the trend toward electronic payments, which in turn could have a material adverse impact on our transaction volumes,
results of operations and prospects for future growth, or increase our costs by leading to additional regulatory burdens being
imposed upon us.
An increase in fraudulent activity using our cards could lead to reputational damage to our brands and/or regulatory
intervention, which could reduce the use and acceptance of our cards and other payment devices.
Criminals are using increasingly sophisticated methods to capture cardholder account information to engage in illegal activities
such as counterfeiting or other fraud. Cards that use magnetic-stripe technology, the predominant payment technology in the
United States, continue to raise heightened vulnerabilities to fraud relative to other technologies due to the static nature of the