PNC Bank 2013 Annual Report Download - page 38
Download and view the complete annual report
Please find page 38 of the 2013 PNC Bank annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.-
1 -
2
-
3
-
4
-
5
-
6
-
7
-
8
-
9
-
10
-
11
-
12
-
13
-
14
-
15
-
16
-
17
-
18
-
19
-
20
-
21
-
22
-
23
-
24
-
25
-
26
-
27
-
28 -
29 -
30 -
31 -
32 -
33 -
34 -
35 -
36 -
37 -
38 -
39 -
40 -
41 -
42 -
43 -
44 -
45 -
46 -
47 -
48 -
49
-
50
-
51
-
52
-
53
-
54
-
55
-
56
-
57
-
58
-
59
-
60
-
61
-
62
-
63
-
64
-
65
-
66
-
67
-
68
-
69
-
70
-
71
-
72
-
73
-
74
-
75
-
76
-
77
-
78
-
79
-
80
-
81
-
82
-
83
-
84
-
85
-
86
-
87
-
88
-
89
-
90
-
91
-
92
-
93
-
94
-
95
-
96
-
97
-
98
-
99
-
100
-
101
-
102
-
103
-
104
-
105
-
106
-
107
-
108
-
109
-
110
-
111
-
112
-
113
-
114
-
115
-
116
-
117
-
118
-
119
-
120
-
121
-
122
-
123
-
124
-
125
-
126
-
127
-
128
-
129
-
130
-
131
-
132
-
133
-
134
-
135
-
136
-
137
-
138
-
139
-
140
-
141
-
142
-
143
-
144
-
145
-
146
-
147
-
148
-
149
-
150
-
151
-
152
-
153
-
154
-
155
-
156
-
157
-
158
-
159
-
160
-
161
-
162
-
163
-
164
-
165
-
166
-
167
-
168
-
169
-
170
-
171
-
172
-
173
-
174
-
175
-
176
-
177
-
178
-
179
-
180
-
181
-
182
-
183
-
184
-
185
-
186
-
187
-
188
-
189
-
190
-
191
-
192
-
193
-
194
-
195
-
196
-
197
-
198
-
199
-
200
-
201
-
202
-
203
-
204
-
205
-
206
-
207
-
208
-
209
-
210
-
211
-
212
-
213
-
214
-
215
-
216
-
217
-
218
-
219
-
220
-
221
-
222
-
223
-
224
-
225
-
226
-
227
-
228
-
229
-
230
-
231
-
232
-
233
-
234
-
235
-
236
-
237
-
238
-
239
-
240
-
241
-
242
-
243
-
244
-
245
-
246
-
247
-
248
-
249
-
250
-
251
-
252
-
253
-
254
-
255
-
256
-
257
-
258
-
259
-
260
-
261
-
262
-
263
-
264
-
265
-
266
 |
 |
us in this manner depends on secure transmission of
confidential information, which increases the risk of data
security breaches.
Starting in late 2012, there have been several well-publicized
series of apparently related denial of service attacks on large
financial services companies, including PNC. In a denial of
service attack, individuals or organizations flood commercial
websites with extraordinarily high volumes of traffic, with the
goal of disrupting the ability of commercial enterprises to
process transactions and possibly making their websites
unavailable to customers for extended periods of time. The
attacks against PNC have resulted in temporary disruptions in
customers’ ability to access the corporate website and to
perform on-line banking transactions. To date, no customer
data has been lost or compromised and these efforts have not
had a material impact on PNC. We cannot, however, provide
assurance that future attacks of this type might not have a
greater effect on PNC.
As our customers regularly use PNC-issued credit and debit
cards to pay for transactions with retailers and other
businesses, there is the risk of data security breaches at those
other businesses covering PNC account information. When
our customers use PNC-issued cards to make purchases from
those businesses, card account information is provided to the
business. If the business’s systems that process or store card
account information are subject to a data security breach,
holders of our cards who have made purchases from that
business may experience fraud on their card accounts. PNC
may suffer losses associated with reimbursing our customers
for such fraudulent transactions on customers’ card accounts,
as well as for other costs related to data security compromise
events, such as replacing cards associated with compromised
card accounts. In addition, PNC provides card transaction
processing services to some merchant customers under
agreements we have with payment networks such as Visa and
MasterCard. Under these agreements, we may be responsible
for certain losses and penalties if one of our merchant
customers suffers a data security breach.
In late 2013, several large retailers, including most
prominently Target, disclosed that they have suffered
substantial data security breaches compromising millions of
card accounts. To date, PNC’s losses and costs related to these
breaches have not been material, but other similar events in
the future could be more significant to PNC.
Methods used by others to attack information systems change
frequently (with generally increasing sophistication), often are
not recognized until launched against a target, may be
supported by foreign governments or other well-financed
entities, and may originate from less regulated and remote
areas around the world. As a result, we may be unable to
address these methods in advance of attacks, including by
implementing adequate preventive measures.
We have policies, procedures and systems (including business
continuity programs) designed to prevent or limit the effect of
possible failures, interruptions or breaches in security of
information systems. We design our business continuity and
other information and technology risk management programs
to manage our capabilities to provide services in the case of an
event resulting in material disruptions of business activities
affecting our employees, facilities, technology or suppliers.
We regularly seek to test the effectiveness of and enhance
these policies, procedures and systems.
Our ability to mitigate the adverse consequences of such
occurrences is in part dependent on the quality of our business
continuity planning and our ability to anticipate the timing and
nature of any such event that occurs. The adverse impact of
natural and other disasters, terrorist activities, international
hostilities and the like could be increased to the extent that there
is a lack of preparedness on the part of national or regional
governments, including emergency responders, or on the part of
other organizations and businesses with which we deal,
particularly those on which we depend but have no control over.
In recent years, we have incurred significant expense towards
improving the reliability of our systems and their security from
attack. Nonetheless, there remains the risk that an adverse event
might occur. If one does occur, we might not be able to fix it
timely or adequately. To the extent that the risk relates to
products or services provided by others, we seek to engage in
due diligence and monitoring to limit the risk, but here too we
cannot eliminate it. Should an adverse event affecting another
company’s systems occur, we may not have indemnification or
other protection from the other company sufficient to
compensate us or otherwise protect us from the consequences.
The occurrence of any failure, interruption or security breach
of any of our information or communications systems, or the
systems of other companies on which we rely, could result in
a wide variety of adverse consequences to PNC. This risk is
greater if the issue is widespread or results in financial losses
to our customers. Possible adverse consequences include
damage to our reputation or a loss of customer business. We
also could face litigation or additional regulatory scrutiny.
Litigation or regulatory actions in turn could lead to liability
or other sanctions, including fines and penalties or
reimbursement of customers adversely affected by a systems
problem or security breach. Even if we do not suffer any
material adverse consequences as a result of events affecting
us directly, successful attacks or systems failures at other large
financial institutions could lead to a general loss of customer
confidence in financial institutions including PNC. Also,
systems problems, including those resulting from third party
attacks, whether at PNC or at our competitors, would likely
increase regulatory and customer concerns regarding the
functioning, safety and security of such systems generally. In
that case, we would expect to incur even higher levels of costs
with respect to prevention and mitigation of these risks.
20 The PNC Financial Services Group, Inc. – Form 10-K