eBay 2009 Annual Report Download - page 32

Download and view the complete annual report

Please find page 32 of the 2009 eBay annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 140

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140

numbers. Advances in computer capabilities, new discoveries in the field of cryptography or other developments
may result in the technology used by us to protect transaction data being breached or compromised. Other large
Internet companies have recently disclosed sophisticated and highly targeted attacks on portions of their sites. In
addition, any party who is able to illicitly obtain a user’s password could access the user’s transaction data. An
increasing number of websites have reported breaches of their security. Any compromise of our security could
harm our reputation and, therefore, our business, and could result in a violation of applicable privacy and other
laws. In addition, a party that is able to circumvent our security measures could misappropriate proprietary
information, cause interruption in our operations, damage our computers or those of our users, or otherwise
damage our reputation and business. Under credit card rules and our contracts with our card processors, if there is
a breach of credit card information that we store, or that is stored by PayPal’s direct credit card processing
customers, we could be liable to the credit card issuing banks for their cost of issuing new cards and related
expenses. In addition, if we fail to follow credit card industry security standards, even if there is no compromise
of customer information, we could incur significant fines or lose our ability to give customers the option of using
credit cards to fund their payments or pay their fees. If we were unable to accept credit cards, our business would
be seriously damaged.
Our servers are also vulnerable to computer viruses, physical or electronic break-ins, and similar
disruptions, and we have experienced “denial-of-service” type attacks on our system that have made all or
portions of our websites unavailable for periods of time (most recently involving our Korean IAC website in July
2009). We may need to expend significant resources to protect against security breaches or to address problems
caused by breaches. These issues are likely to become more difficult as we expand the number of places where
we operate. Security breaches, including any breach by us or by parties with which we have commercial
relationships that result in the unauthorized release of our users’ personal information, could damage our
reputation and expose us to a risk of loss or litigation and possible liability. Our insurance policies carry low
coverage limits, which may not be adequate to reimburse us for losses caused by security breaches.
Our users, as well as those of other prominent Internet companies, have been and will continue to be
targeted by parties using fraudulent “spoof” and “phishing” emails to misappropriate passwords, credit card
numbers, or other personal information or to introduce viruses through “trojan horse” programs to our users’
computers. These emails appear to be legitimate emails sent by eBay, PayPal, or a user of one of those
businesses, but direct recipients to fake websites operated by the sender of the email or request that the recipient
send a password or other confidential information via email or download a program. Despite our efforts to
mitigate “spoof” and “phishing” emails through product improvements and user education, “spoof” and
“phishing” remain a serious problem that may damage our brands, discourage use of our websites, and increase
our costs.
Changes in regulations or user concerns regarding privacy and protection of user data could adversely affect
our business.
We are subject to laws relating to the collection, use, retention, security and transfer of personally
identifiable information about our users, especially for financial information and for users located outside of the
U.S. In addition, as an entity licensed and subject to regulation as a bank in Luxembourg, PayPal (Europe)
S.A.R.L. et Cie, SCA is subject to banking secrecy laws. In many cases, these laws apply not only to third-party
transactions but also to transfers of information between ourselves and our subsidiaries, and between ourselves,
our subsidiaries, and other parties with which we have commercial relations. New laws in this area have been
passed by several jurisdictions, and other jurisdictions are considering imposing additional restrictions. The
interpretation and application of user data protection laws are in a state of flux. These laws may be interpreted
and applied inconsistently from country to country and our current data protection policies and practices may not
be consistent with those interpretations and applications. Complying with these varying international
requirements could cause us to incur substantial costs or require us to change our business practices in a manner
adverse to our business. In addition, we have and post on our websites our own privacy policies and practices
concerning the collection, use and disclosure of user data. Any failure, or perceived failure, by us to comply with
24