PRSS 2017 Annual Report

18 Failure to protect confidential or personally identifiable information of our customers and our network against security breaches or failure to comply with privacy and security laws and regulations could damage our reputation and brand and substantially harm our business and results of operations. A significant challenge to e-commerce and communications is the secure transmission of confidential information over public networks. Our failure to prevent security breaches could damage our reputation and brand and substantially harm our business and results of operations. A majority of our sales are billed to our customers’ credit card accounts directly, orders are shipped to a customer’s address, and customers log on using their email address. In addition, some online payments for our products are settled through third-party online payment services. In such transactions, maintaining complete security for the transmission of confidential information on our websites, such as customers’ credit card numbers and expiration dates, personal information and billing addresses, is essential to maintain consumer confidence. We have limited influence over the security measures of third- party online payment service providers. In addition, we hold certain private information about our customers, such as their names, addresses, phone numbers and browsing and purchasing records. We rely on encryption and authentication technology licensed from third parties to effect the secure transmission of certain confidential information, including credit card numbers and personally identifiable customer information. Advances in computer capabilities, new discoveries in the field of cryptography or other developments may result in a compromise or breach of the technology used by us to protect customer transaction data. In addition, any party who is able to illicitly obtain a user’s password could potentially access the user’s transaction data or personal information. We may not be able to prevent third parties, such as hackers or criminal organizations, from stealing information provided by our customers to us through our websites. In addition, our third-party merchants and delivery service providers may violate their confidentiality obligations and disclose information about our customers. Any compromise of our security could damage our reputation and brand and expose us to a risk of loss or litigation and possible liability, which would substantially harm our business and results of operations. In addition, anyone who is able to circumvent our security measures could misappropriate proprietary information or cause interruptions in our operations. Significant capital and other resources may be required to protect against security breaches or to alleviate problems caused by such breaches. While we maintain insurance coverage at levels we deem reasonable to manage liabilities relating to potential cyber-security risks, such coverage may be inadequate to cover all losses with respect to an actual breach. The methods used by hackers and others engaged in online criminal activity are increasingly sophisticated and constantly evolving. Even if we are successful in adapting to and preventing new security breaches, any perception by the public that e-commerce and other online transactions, or the privacy of user information, are becoming increasingly unsafe or vulnerable to attack could inhibit the growth of e-commerce and other online services generally, which in turn may reduce the number of orders we receive. Any failure, or perception of failure, to protect the confidential information of our customers or our network could damage our reputation and harm our business. We maintain industry standard privacy policies and practices with respect to the personally identifiable information of our users that we maintain. Any failure or perceived failure by us to comply with our privacy policies or privacy-related obligations to customers, sellers or other third parties may result in Federal or state governmental enforcement actions, litigation, or negative public statements against us by consumer advocacy groups or others and could cause our customers to lose trust in us, which could have an adverse effect on our reputation and business. We accept payment by a variety of methods and a substantial majority of our net revenue is derived from credit card sales. These methods, in turn, exposes us to increased risks of dependence on third-party payment processing service providers, as well as risks associated with higher transaction fees, compliance matters and fraud. We accept payments for our products and services on our websites by a variety of methods, including credit card, debit card and other payment services. As we offer new payment options to our customers, we may be subject to additional fees, additional regulations, compliance requirements and fraud. To date, the substantial majority of our net revenue has been derived from credit card sales. As a result, we believe our business is vulnerable to any disruption in our customer payment processing capabilities and third-party processor disruptions. In most geographic regions, we rely on three or four third-party companies to provide payment processing services, including the processing of credit cards, debit cards and other payment services. If any of these companies became unwilling or unable to provide these services to us, then we would need to find and engage replacement providers. We may not be able to do so on terms that are acceptable to us or at all, or to process the payments ourselves, which could be costly and time consuming. Additionally, as we typically experience increased activity fromNovember through December each year due to increased retail activity during the holiday season, any disruption in our ability to process customer payments in the fourth quarter could have a significant and disproportionate negative impact on our business.