Overstock.com 2013 Annual Report Download - page 15

Download and view the complete annual report

Please find page 15 of the 2013 Overstock.com annual report below. You can navigate through the pages in the report by either clicking on the pages listed below, or by using the keyword search tool below to find specific information within the annual report.

Page out of 108

  • 1
  • 2
  • 3
  • 4
  • 5
  • 6
  • 7
  • 8
  • 9
  • 10
  • 11
  • 12
  • 13
  • 14
  • 15
  • 16
  • 17
  • 18
  • 19
  • 20
  • 21
  • 22
  • 23
  • 24
  • 25
  • 26
  • 27
  • 28
  • 29
  • 30
  • 31
  • 32
  • 33
  • 34
  • 35
  • 36
  • 37
  • 38
  • 39
  • 40
  • 41
  • 42
  • 43
  • 44
  • 45
  • 46
  • 47
  • 48
  • 49
  • 50
  • 51
  • 52
  • 53
  • 54
  • 55
  • 56
  • 57
  • 58
  • 59
  • 60
  • 61
  • 62
  • 63
  • 64
  • 65
  • 66
  • 67
  • 68
  • 69
  • 70
  • 71
  • 72
  • 73
  • 74
  • 75
  • 76
  • 77
  • 78
  • 79
  • 80
  • 81
  • 82
  • 83
  • 84
  • 85
  • 86
  • 87
  • 88
  • 89
  • 90
  • 91
  • 92
  • 93
  • 94
  • 95
  • 96
  • 97
  • 98
  • 99
  • 100
  • 101
  • 102
  • 103
  • 104
  • 105
  • 106
  • 107
  • 108

Table of Contents
rapidly evolving types of cyber-attacks. Cyber-attacks may target us, our customers, our suppliers, banks, credit card processors, delivery services, e-
commerce in general or the communication infrastructure on which we depend. If an actual or perceived attack or breach of our security occurs, customer
and/or supplier perception of the effectiveness of our security measures could be harmed and we could lose customers, suppliers or both. Actual or anticipated
attacks and risks may cause us to incur increasing costs, including costs to deploy additional personnel and protection technologies, train employees, and
engage third party experts and consultants.
A person who is able to circumvent our security measures might be able to misappropriate our or our users’ proprietary information, cause
interruption in our operations, damage our computers or those of our users, or otherwise damage our reputation and business. Any compromise of our security
could result in a violation of applicable privacy and other laws, significant legal and financial exposure, damage to our reputation, and a loss of confidence in
our security measures, which could harm our business.
Most of our customers use credit cards to pay for their purchases. We rely on encryption and authentication technology licensed from third parties to
provide the security and authentication to effectively secure transmission of confidential information, including customer payment card numbers. We cannot
provide assurance that our technology can prevent breaches of the systems that we use to protect customer data. Data breaches can also occur as a result of
non-technical issues.
Under payment card rules and our contracts with our card processors, if there is a breach of payment card information that we store, we could be
liable to the payment card issuing banks for their cost of issuing new cards and related expenses. In addition, if we fail to follow payment card industry
security standards, even if there is no compromise of customer information, we could incur significant fines or lose our ability to give customers the option of
using payment cards to fund their payments or pay their fees. If we were unable to accept payment cards, our business would be seriously damaged.
Our servers and the servers of our suppliers may also be vulnerable to computer viruses, physical or electronic break-ins, and similar disruptions,
including denial-of-service attacks. We may need to expend significant resources to protect against attacks or security breaches or to address problems caused
by attacks or breaches. Any attack or breach incident involving us or persons with whom we have commercial relationships, that results in the unauthorized
release of our users’ personal information, could damage our reputation and expose us to a risk of loss or litigation and possible liability.
Third parties have demonstrated that they can breach the security of customer transaction data of large sophisticated Internet retailers, government
organizations and others. Any breach, whether it affects us directly or not, could cause our customers to lose confidence in the security of our site or the use of
the Internet and e-commerce in general. If third parties are able to penetrate our network security or otherwise misappropriate our customers’ personal
information or credit card information, or if we give third parties improper access to our customers’ personal information or credit card information, we could
be subject to liability. This liability could include claims for unauthorized purchases with credit card information, impersonation or other similar fraud claims
or damages for alleged violations of state or federal laws governing security protocols for the safekeeping of customers’ personal or credit card information.
This liability could also include claims for other misuses of personal information, including unauthorized marketing purposes. These claims could result in
litigation. Liability for misappropriation of this information could adversely affect our business.
Cyber-attacks affecting our suppliers, delivery services or other service providers could adversely affect us.
We depend on our fulfillment partners to provide a large portion of the product selection we offer and on vendors for the products we purchase and
offer in our direct business. We also depend on delivery services to deliver products, and on other service providers, including suppliers of services which
support Website operations, including payment systems, customer service support, and communications. Cyber-attacks affecting our delivery services or any
of our most significant suppliers or affecting a significant number of our suppliers of products or services could have a material adverse effect on our
business. The adverse effects could include our inability to source product or fulfill orders, our customers’ or suppliers’ inability to contact us or access our
Website or call centers or chat lines, or the compromise of our customers’ confidential data.
Credit card fraud and our response to it could adversely affect our business.
We routinely receive orders placed with fraudulent credit card data. We do not carry insurance against the risk of credit card fraud, so our failure to
adequately control fraudulent credit card transactions could reduce our net revenues and our gross profit. We may suffer losses as a result of orders placed
with fraudulent credit card data even if the associated financial institution approved payment of the orders. Under current credit card practices, we may be
liable for fraudulent credit card transactions because we do not obtain a cardholder’s signature. If we are unable to detect or control credit card fraud, our
liability for these transactions could harm our business, prospects, financial condition and results of operation. Further, to the
14