Overstock.com 2011 Annual Report Download - page 35

Download and view the complete annual report

Please find page 35 of the 2011 Overstock.com annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 155

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151
  • 152
  • 153
  • 154
  • 155

Table of Contents
We are subject to cyber security risks and may incur increasing costs in an effort to minimize those risks and to respond to cyber incidents.
Our business is entirely dependent on the secure operation of our website and systems as well as the operation of the internet generally. Our business
involves the storage and transmission of users' proprietary information, and security breaches could expose us to a risk of loss or misuse of this information,
litigation, and potential liability. A number of large internet companies have disclosed security breaches, some of which have involved intentional attacks. We
may not have the resources or technical sophistication to anticipate or prevent rapidly evolving types of cyber-attacks. Attacks may be targeted at us, our
customers, or both. If an actual or perceived breach of our security occurs, customer and/or supplier perception of the effectiveness of our security measures
could be harmed and we could lose customers, suppliers or both. Actual or anticipated attacks and risks may cause us to incur increasing costs, including costs
to deploy additional personnel and protection technologies, train employees, and engage third party experts and consultants.
A person who is able to circumvent our security measures could misappropriate our or our users' proprietary information, cause interruption in our
operations, damage our computers or those of our users, or otherwise damage our reputation and business. Any compromise of our security could result in a
violation of applicable privacy and other laws, significant legal and financial exposure, damage to our reputation, and a loss of confidence in our security
measures, which could harm our business.
Most of our customers use credit cards to pay for their purchases. We rely on encryption and authentication technology licensed from third parties to
provide the security and authentication to effectively secure transmission of confidential information, including customer payment card numbers. We cannot
provide assurance that our technology can prevent breaches of the systems that we use to protect customer data. Data breaches can also occur as a result of
non-technical issues.
Under payment card rules and our contracts with our card processors, if there is a breach of payment card information that we store, we could be liable to
the payment card issuing banks for their cost of issuing new cards and related expenses. In addition, if we fail to follow payment card industry security
standards, even if there is no compromise of customer information, we could incur significant fines or lose our ability to give customers the option of using
payment cards to fund their payments or pay their fees. If we were unable to accept payment cards, our business would be seriously damaged.
Our servers are also vulnerable to computer viruses, physical or electronic break-ins, and similar disruptions, including "denial-of-service" type attacks.
We may need to expend significant resources to protect against security breaches or to address problems caused by breaches. Security breaches, including any
breach by us or by persons with whom we have commercial relationships that result in the unauthorized release of our users' personal information, could
damage our reputation and expose us to a risk of loss or litigation and possible liability.
Credit card fraud could adversely affect our business.
We routinely receive orders placed with fraudulent credit card data. We do not carry insurance against the risk of credit card fraud, so the failure to
adequately control fraudulent credit card transactions could reduce our net revenues and our gross profit percentage. We have implemented technology to help
us detect and reject the fraudulent use of credit card information. However, we may in the future suffer losses as a result of orders placed with fraudulent
credit card data even though the associated financial institution approved payment of the orders. Under current credit card practices, we may be liable for
fraudulent credit card transactions because we do not obtain a cardholder's signature. If we are unable to detect or control credit card fraud, our liability for
these transactions could harm our business, prospects, financial condition and results of operation. Further, to the extent that our efforts to prevent fraudulent
orders result in our inadvertent refusal to fill legitimate orders, we would lose the benefit of legitimate potential sales and risk the alienation of legitimate
customers.
29