eBay 2010 Annual Report Download - page 33

Download and view the complete annual report

Please find page 33 of the 2010 eBay annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 140

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140

Currently, a significant number of our users authorize us to bill their credit card accounts directly for all
transaction fees charged by us. PayPal’s users routinely provide credit card and other financial information. We
rely on encryption and authentication technology licensed from third parties to provide the security and
authentication to effectively secure transmission of confidential information, including customer credit card
numbers. Advances in computer capabilities, new discoveries in the field of cryptography or other developments
may result in the technology used by us to protect transaction data being breached or compromised.
Non-technical means, for example, actions by a suborned employee, can also result in a data breach.
Under payment card rules and our contracts with our card processors, if there is a breach of payment card
information that we store, or that is stored by PayPal’s direct payment card processing customers, we could be
liable to the payment card issuing banks for their cost of issuing new cards and related expenses. In addition, if
we fail to follow payment card industry security standards, even if there is no compromise of customer
information, we could incur significant fines or lose our ability to give customers the option of using payment
cards to fund their payments or pay their fees. If we were unable to accept payment cards, our business would be
seriously damaged.
Our servers are also vulnerable to computer viruses, physical or electronic break-ins, and similar disruptions,
and we have experienced “denial-of-service” type attacks on our system that have, in certain instances, made all or
portions of our websites unavailable for periods of time. In December 2010, PayPal was subject to a series of
distributed “denial of service” attacks following PayPal’s decision to permanently restrict the account used by
WikiLeaks due to a violation of PayPal’s Acceptable Use Policy. We may need to expend significant resources to
protect against security breaches or to address problems caused by breaches. These issues are likely to become more
difficult as we expand the number of places where we operate. Security breaches, including any breach by us or by
parties with which we have commercial relationships that result in the unauthorized release of our users’ personal
information, could damage our reputation and expose us to a risk of loss or litigation and possible liability. Our
insurance policies carry low coverage limits, which may not be adequate to reimburse us for losses caused by
security breaches.
Our users, as well as those of other prominent Internet companies, have been and will continue to be targeted
by parties using fraudulent “spoof” and “phishing” emails to misappropriate passwords, credit card numbers, or
other personal information or to introduce viruses or other malware through “trojan horse” programs to our users’
computers. These emails appear to be legitimate emails sent by eBay, PayPal, or a user of one of those businesses,
but direct recipients to fake websites operated by the sender of the email or request that the recipient send a
password or other confidential information via email or download a program. Despite our efforts to mitigate “spoof”
and “phishing” emails through product improvements and user education, “spoof” and “phishing” remain a serious
problem that may damage our brands, discourage use of our websites, and increase our costs.
Changes in regulations or user concerns regarding privacy and protection of user data could adversely affect
our business.
We are subject to laws relating to the collection, use, retention, security and transfer of personally
identifiable information about our users, especially for financial information and for users located outside of the
U.S. In addition, as an entity licensed and subject to regulation as a bank in Luxembourg, PayPal (Europe)
S.A.R.L. et Cie, SCA is subject to banking secrecy laws. In many cases, these laws apply not only to third-party
transactions but also to transfers of information between ourselves and our subsidiaries, and between ourselves,
our subsidiaries and other parties with which we have commercial relations. New laws in this area have been
passed by several jurisdictions, and other jurisdictions are considering imposing additional restrictions. The
interpretation and application of user data protection laws are in a state of flux. These laws may be interpreted
and applied inconsistently from country to country and our current data protection policies and practices may not
be consistent with those interpretations and applications. Complying with these varying international
28