Overstock.com 2012 Annual Report Download - page 22

Download and view the complete annual report

Please find page 22 of the 2012 Overstock.com annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 151

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108
  • 109
  • 110
  • 111
  • 112
  • 113
  • 114
  • 115
  • 116
  • 117
  • 118
  • 119
  • 120
  • 121
  • 122
  • 123
  • 124
  • 125
  • 126
  • 127
  • 128
  • 129
  • 130
  • 131
  • 132
  • 133
  • 134
  • 135
  • 136
  • 137
  • 138
  • 139
  • 140
  • 141
  • 142
  • 143
  • 144
  • 145
  • 146
  • 147
  • 148
  • 149
  • 150
  • 151

Table of Contents
those of our users, or otherwise damage our reputation and business. Any compromise of our security could result in a violation of applicable privacy
and other laws, significant legal and financial exposure, damage to our reputation, and a loss of confidence in our security measures, which could harm
our business.
Most of our customers use credit cards to pay for their purchases. We rely on encryption and authentication technology licensed from third parties
to provide the security and authentication to effectively secure transmission of confidential information, including customer payment card numbers. We
cannot provide assurance that our technology can prevent breaches of the systems that we use to protect customer data. Data breaches can also occur as
a result of non-technical issues.
Under payment card rules and our contracts with our card processors, if there is a breach of payment card information that we store, we could be
liable to the payment card issuing banks for their cost of issuing new cards and related expenses. In addition, if we fail to follow payment card industry
security standards, even if there is no compromise of customer information, we could incur significant fines or lose our ability to give customers the
option of using payment cards to fund their payments or pay their fees. If we were unable to accept payment cards, our business would be seriously
damaged.
Our servers and the servers of our suppliers may also be vulnerable to computer viruses, physical or electronic break-ins, and similar disruptions,
including denial-of-service attacks. We may need to expend significant resources to protect against attacks or security breaches or to address problems
caused by attacks or breaches. Any attack or breach incident involving us or persons with whom we have commercial relationships, that results in the
unauthorized release of our users' personal information, could damage our reputation and expose us to a risk of loss or litigation and possible liability.
Third parties have demonstrated that they can breach the security of customer transaction data of large sophisticated Internet retailers, government
organizations and others. Any breach, whether it affects us directly or not, could cause our customers to lose confidence in the security of our site or the
use of the Internet and e-commerce in general. If third parties are able to penetrate our network security or otherwise misappropriate our customers'
personal information or credit card information, or if we give third parties improper access to our customers' personal information or credit card
information, we could be subject to liability. This liability could include claims for unauthorized purchases with credit card information, impersonation
or other similar fraud claims or damages for alleged violations of state or federal laws governing security protocols for the safekeeping of customers'
personal or credit card information. This liability could also include claims for other misuses of personal information, including unauthorized marketing
purposes. These claims could result in litigation. Liability for misappropriation of this information could adversely affect our business.
Credit card fraud and our response to it could adversely affect our business.
We routinely receive orders placed with fraudulent credit card data. We do not carry insurance against the risk of credit card fraud, so our failure to
adequately control fraudulent credit card transactions could reduce our net revenues and our gross profit. We have implemented technology to help us
detect and reject the fraudulent use of credit card information. However, we may in the future suffer losses as a result of orders placed with fraudulent
credit card data even if the associated financial institution approved payment of the orders. Under current credit card practices, we may be liable for
fraudulent credit card transactions because we do not obtain a cardholder's signature. If we are unable to detect or control credit card fraud, our liability
for these transactions could harm our business, prospects, financial condition and results of operation. Further, to the extent that our efforts to prevent
fraudulent orders result in our inadvertent refusal to fill legitimate orders, we would lose the benefit of legitimate potential sales and risk the alienation of
legitimate customers.
13