eBay 2011 Annual Report Download - page 29

Download and view the complete annual report

Please find page 29 of the 2011 eBay annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 159

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155
  • 156
  • 157
  • 158
  • 159

information, cause interruption in our operations, damage our computers or those of our users, or otherwise damage our reputation and business.
Any compromise of our security could result in a violation of applicable privacy and other laws, significant legal and financial exposure, damage
to our reputation and a loss of confidence in our security measures, which could harm our business. Data security breaches may also result from
non-technical means, for example, actions by a suborned employee. GSI's clients also face similar risks of security breaches, and to the extent that
such clients are harmed as a result of a security breach, GSI's business would also be adversely affected.
A significant number of our users authorize us to bill their payment card accounts directly for all transaction fees charged by us. For
example, PayPal's users routinely provide credit card and other financial information, and GSI customers routinely provide credit card information
and other personally identifiable information which we maintain to facilitate the ease of future transactions. We rely on encryption and
authentication technology licensed from third parties to provide the security and authentication to effectively secure transmission of confidential
information, including customer payment card numbers. Advances in computer capabilities, new discoveries in the field of cryptography or other
developments may result in the technology used by us to protect transaction data being breached or compromised.
Under payment card rules and our contracts with our card processors, if there is a breach of payment card information that we store, or that
is stored by PayPal's direct payment card processing customers, we could be liable to the payment card issuing banks for their cost of issuing new
cards and related expenses. In addition, if we fail to follow payment card industry security standards, even if customer information has not been
compromised, we could incur significant fines or lose our ability to give customers the option of using payment cards to fund their payments or
pay their fees. If we were unable to accept payment cards, our businesses would be seriously damaged.
Our servers are also vulnerable to computer viruses, physical or electronic break-ins and similar disruptions, and we have experienced
“denial-of-service” type attacks on our system that have, in certain instances, made all or portions of our websites unavailable for periods of time.
For example, in December 2010, PayPal was subject to a series of distributed “denial of service” attacks following PayPal's decision to
permanently restrict the account used by WikiLeaks due to an alleged violation of PayPal's Acceptable Use Policy. We may need to expend
significant resources to protect against security breaches or to address problems caused by breaches. These issues are likely to become more
difficult as we expand the number of places where we operate. Security breaches, including any breaches of our security measures or those of
parties with which we have commercial relationships (e.g., our clients and third-party service providers) that result in the unauthorized release of
users' personal information, could damage our reputation and expose us to a risk of loss or litigation and possible liability. Our insurance policies
carry low coverage limits, which may not be adequate to reimburse us for losses caused by security breaches.
Our users, as well as those of other prominent Internet companies, have been and will continue to be targeted by parties using fraudulent
“spoof” and “phishing” emails to misappropriate passwords, credit card numbers, or other personal information or to introduce viruses or other
malware through “trojan horse” programs to our users' computers. These emails appear to be legitimate emails sent by eBay, PayPal, a GSI client,
or one of our other businesses (e.g., StubHub), or by a user of one of our businesses, but direct recipients to fake websites operated by the sender
of the email or request that the recipient send a password or other confidential information via email or download a program. Despite our efforts to
mitigate “spoof” and “phishing” emails through product improvements and user education, “spoof” and “phishing” activities remain a serious
problem that may damage our brands, discourage use of our websites and increase our costs.
Changes in regulations or user concerns regarding privacy and protection of user data could adversely affect our business.
We are subject to laws relating to the collection, use, retention, security and transfer of personally identifiable information about our users,
especially for financial information and for users located outside of the U.S. As an entity licensed and subject to regulation as a bank in
Luxembourg, PayPal (Europe) S.A.R.L. et Cie, SCA is subject to banking secrecy laws. In many cases, these laws apply not only to third-party
transactions, but also to transfers of information between ourselves and our subsidiaries, and between ourselves, our subsidiaries and other parties
with which we have commercial relations. The interpretation and application of user data protection laws are in a state of flux, and may be
interpreted and applied inconsistently from country to country. The European Union recently proposed new data laws that give customers
additional rights and provide additional restrictions on data use by companies and harsher penalties if data is misused. Our current data protection
policies and practices may not be consistent with new laws and regulations or evolving interpretations and applications. Complying with these
varying international requirements could cause us to incur substantial costs or require us to change our business practices in a manner adverse to
our business.
In addition, we have and post on our websites our own privacy policies and practices concerning the collection, use and disclosure of user
data. Any failure, or perceived failure, by us to comply with our posted privacy policies or with any regulatory requirements or orders or other
federal, state or international privacy or consumer protection-related laws and
24