DOCSLIB.ORG

EMA Response on Cyber Security Issues

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
EMA Response on Cyber Security Issues Electronic Money Association Crescent House Erik Nooteboom 5 The Crescent Head of Unit Financial Stability, Financial Services and Capital Markets Union Surbiton Retail Financial Services and Payments Surrey European Commission KT6 4BN B-1049 Brussels United Kingdom Belgium Telephone: +44 (0) 20 8399 2066 Facsimile: +44 (0) 870 762 5063 www.e-ma.org 29 May, 2015 Dear Erik, The EMA welcomes the opportunity to respond to the European Commission request for input on the short inventory of cybersecurity concerns and initiatives. Q1: How would you rate cyber-security among the various risks in the payments industry? Members of the Electronic Money Association (EMA) see cybercrime as a significant but manageable threat to the payment services they provide. They rate cybercrime high on their risk lists. As technology develops, the nature of the threat posed by fraudsters and attackers continues to evolve, and is becoming both more sophisticated and more targeted. In direct response to these trends, EMA members report they have developed new controls for identifying users and devices, as well as data-driven risk based fraud models as part of efforts to maintain fraud at a low level. The technologies that have aided criminals have also given members new tools to protect their customers and combat fraud. Q2: What are you particularly concerned about? The technical threats that members are concerned about include: distributed denial of service attacks, hacking, and more recently the growth of ransomeware against consumers. In particular, scalable attacks against businesses and vulnerabilities targeting customers (malware, phishing, social engineering attacks) are a concern. Page 1 of 4 However, EMA members expressed more concern about the regulatory framework within which they operate to reduce the impact of cybercrime. There are two aspects of the current/emerging EEA regulatory landscape that cause the most difficulties: that it is often overly prescriptive, and that the supervisory framework that enforces it is fragmented and inconsistent. 1. Regulations often assume that imposing a particular methodology or set of controls provides the ideal solution. Regulations should rather focus on outcomes, not prescribe solutions. Businesses understand the risks they face and should be allowed the flexibility to develop their own treatment to achieve outcomes described in regulations. Where regulations are too prescriptive in proposing a one-size-fits-all solution, the results could be counterintuitive (e.g. greater customer friction by forcing password refreshes and complexity, resulting in a negative impact on service security due to users choosing “easy” passwords and an onrush of ‘forgotten password’ requests). Moreover, the resulting short term gains in security could be offset by stifling longer term service innovation. 2. The fragmentation of efforts to improve cybersecurity across different EU (and international) bodies risks making it too complicated for service providers to develop effective cybersecurity strategies. Having to address inconsistencies in the regulatory framework, where competent authorities at a national level impose unique reporting or other requirements, results in a significant overhead for little gain. For example, Data Protection regulation is applied differently across the EU, making it difficult to implement a consistent strategy for the sharing of data with law enforcement and other businesses to prevent fraud. In particular, members were concerned where requirements were imposed on companies by states they were not established in. EMA members see user education as vital in helping users conduct their payment activity safely; poorly educated or careless user behaviour creates large opportunities for cybercrime. EMA members are also sometimes restricted from effectively managing cyber security risk because of the outdated legacy systems operated by their retailer, merchant or payment system partners. A key issue therefore is the willingness of these parties to take ownership of cybersecurity risk instead of dismissing it as solely a technological issue. Q3: What initiatives are in place to address risks and concerns? What works? Authentication: • affordable, effective and convenient ways to authenticate customers are constantly under development; these will often make the greatest use of available medium and data, whether on mobile, web or at the point-of-sale • complete customer authentication with a higher degree of certainty is used only where it is needed; • firms offer customers greater security if they want it; Page 2 of 4 Knowledge sharing within the industry (the e-money sector in the case of the EMA): The EMA maintains typologies of known frauds and attacks, which enables members to share experiences of what works and to quickly identify emerging threats and potential controls. Ongoing monitoring of the threats from cybercriminals and proactive efforts to identify and react to them, as required for PCI-compliant firms. Q4: What would you expect from the Commission and the authorities? We need a clear and robust approach to combatting cybercrime, consistent across all EU countries. Members face difficulties at all stages of countering crime, in: • engaging with law enforcement where the fraudster and victim are in different jurisdictions. • restricting the flow of fraudulent funds that are in flight between different PSPs • securing prosecutions where cyber-criminals and fraudsters are in different jurisdictions from the victims because of the lack of an effective European legal framework Regulators should set security requirements in the form of quantifiable outcomes instead of imposing particular methodologies or sets of controls. For example, PSPs should not be forced to deploy strong authentication unless the PSP assesses that it is an appropriate treatment for the risk faced. The EBA/ECB definition of “strong” authentication sets the bar too high for most risk scenarios. PSPs should be afforded in practice the flexibility implied by the ‘comply or explain’ principle, where they may demonstrate how alternative controls can achieve the required or superior security outcomes. Regulators should also reduce the ability for national regulators to impose their own diverging requirements (including reporting requirements) with regards to cyber security. Thank you for the opportunity to respond to your request. Yours sincerely, Dr Thaer Sabri Chief Executive Electronic Money Association The Electronic Money Association (EMA) is the trade body representing electronic money issuers and payment service providers. A list of EMA members is given overleaf. Page 3 of 4 List of EMA members as of May 2015 • Advanced Payment Solutions Ltd • Payleven Ltd • Airbnb Inc • Payoneer • American Express • PayPal Europe Ltd • Azimo Limited • PayPoint Plc • Blackhawk Network Ltd • PayU • Boku Inc • Paywizard • Citadel Commerce UK Ltd • PPRO Financial Ltd • ClickandBuy International Ltd • Prepaid Services Company Ltd • Corner Banca SA • PrePay Technologies Ltd • Ekuantia EDE, S.L. • PSI-Pay Ltd • Euronet Worldwide Inc • R. Raphael & Sons plc • Facebook Payments International Ltd • Securiclick Limited • First Rate Exchange Services • Skrill Limited • Google Payment Ltd • Stripe • iCheque Network Limited • Syspay Ltd • IDT Financial Services Limited • Transact Payments Limited • Ixaris Systems Ltd • Ukash • Kalixa Pay Ltd • Valitor • National Australia Group • Wave Crest Holdings Ltd • One Money Mail Ltd • Wirecard AG • Optimal Payments • Worldpay UK Limited • Orwell Union Partners LLP • Yandex.Money • Park Card Services Limited Page 4 of 4 .
Load more

Recommended publications
  • Financial Technology Sector Overview of Market Activity in the Financial Technology Sector William Blair & Company
    Quarterly Update Q1 2015 Financial Technology Sector Overview of Market Activity in the Financial Technology Sector William Blair & Company Financial Technology Sector – First Quarter 2015 Update M&A and capital markets activity remained strong during the first quarter of 2015, particularly in the United States. In fact, U.S. stock indices marked all-time highs during the quarter and deal-making activity continued its upward trajectory, propelled by improving confidence among consumers and corporate executives, low-cost credit, and record levels of cash. While market participants largely ignored the prospect of rising interest rates, a collapsing energy sector, global currency concerns, and continued economic uncertainty abroad, this could be an area of concern moving into the second quarter of 2015. One of the most prominent storylines within the financial technology sector in the first quarter was the escalating bets made on payments solutions by the likes of tech giants Apple, Google, and Samsung. The release of Apple Pay unilaterally raised the stakes across the industry and was a catalyst for a wave of high-profile announcements, including Samsung’s acquisition of LoopPay, Google’s acquisition of Softcard, and PayPal’s acquisition of Paydiant. Traditional payments providers are thus being further pressured to accelerate innovation and expand international reach, which has in turn refocused corporate strategies away from building domestic scale and vertical plays toward acquiring differentiated, earlier-stage, technology platforms with global capabilities. Global’s acquisition of Realex, Worldpay’s acquisition of SecureNet, and MasterCard’s acquisition of TNS’s gateway are recent examples of this trend, which we believe will be a significant driver of sector M&A activity going forward.
    [Show full text]
  • Periodic Table of Remittances
    Periodic Table of Remittances Periodic Table of Remittances – Faisal Khan © 2015 - http://faisalkhan.com/2015/06/10/periodic-table-of-remittances-money-transfer/ Comparison Sites Emerging Players 28. TransferGo 29. TransferMate 1. AliPay 30. TransferWise 1. Compare Remit 2. Azimo 31. Ukash 2. FX Compared 3. Boom 32. Venmo 3. Money.co.uk 4. CurrencyFair 33. WorldRemit 4. Money Supermarket 5. Exchange4Free 34. XendPay 5. Remit Right 6. Facebook Messenger 35. Xoom 6. Save On Send 7. Fastacash 7. TawiPay 8. Homesend Incumbent Players 8. World Bank Remittance Prices 9. IDT Payment Services Influential Regulators 10. LycaRemit 1. Banks 11. Moneero 2. DolEx 3. Golden Crown 1. Australia: AUSTRAC 12. MoneyPolo 4. IME 2. Canada: FINTRAC 13. MoneyTrans 5. Intermex 3. China: People’s Bank of China 14. Moni 6. MasterCard 4. Hong Kong: HKMA 15. Mukuru 7. MoneyGram 5. India: Reserve Bank of India 16. OrbitRemit 8. Post Office 6. UK: Financial Conduct Authority 17. Pangea 9. Ria Financial 7. US: FinCEN 18. PayPal 19. PayTop 10. Sigue Platforms 20. RemitGuru 11. Small World 21. Remitly 12. Transfast 1. Monetise 22. Romit 13. UAE Exchange 2. Mobino 23. ShareMoney 14. Uniteller Banorte 3. Pingit 24. SnapCash 15. Viamericas 4. Popmoney 25. Tencent 16. VISA 5. Tagattitude 26. Thamel Remit 17. Western Union 6. WireCash 27. Times of Money 18. Xpress Money Periodic Table of Remittances – Faisal Khan © 2015 - http://faisalkhan.com/2015/06/10/periodic-table-of-remittances-money-transfer/ Payment Networks Data Sources Software 1. BBVA Bancomer 1. CGAP 1. ControlBox 2. CambridgeFX 2. Global Remittances Observatory – TawiPay 2.
    [Show full text]
  • Badvertising When Ads Go Rogue Badvertising: When Ads Go Rogue
    BADVERTISING When Ads Go RoGue BADVERTISING: WHEN ADS GO ROGUE ADS 1 CONTENTS Executive Summary 3 Introduction 4 Factors Driving Piracy 6 Torrent and Other P2P Portals 8 Direct Download (DDL) or file sharing sites 10 Linking Sites 12 ADS Video Streaming Sites 14 Mobile Applications 16 Social impact of piracy 17 Operating infrastructure of pirate networks 19 Server Location 20 Top level domain analysis 21 Top registrars and privacy protection services 22 How pirate networks navigate court blocking orders in India 23 Recommendations 25 Methodology 26 Glossary 27 APPENDIX 28 BADVERTISING: WHEN ADS GO ROGUE Click! Click! $ Click! $ $ 3 EXECUTIVE SUMMARY Click! This study tracked 1,143 popular Some of our key findings were as follows: Click! pirate sites in India and found that ~ The use of Ad Network: 73% of the sample 73% of the sites were ad supported study were supported by Ad Networks $ ~ and had the potential of generating Legitimate business advertisers at risk: The low levels of industry awareness have millions of dollars for pirates. It is resulted in advertisements of legitimate Click! estimated that large pirate networks businesses appearing on pirate sites. This study found 425 legitimate advertisers can generate between $2-4 million advertising on pirate sites. while medium and smaller sites can ~ Social impact of advertising: Pirate generate up to $2 million annually. networks also attract advertising from several $ High-Risk Advertisers such as, adult dating, $ The content theft industry has low barriers to pornography, malware, gambling and other entry and video streaming sites and linking unregulated products. This study found 361 sites are the new normal.
    [Show full text]
  • European Technology Report Tech Increased Interest in Continental
    November 2016 Investment Banking European Tech M&A Activity Continues Post-Brexit Referendum In This Report SoftBank–ARM, Micro Focus–HP deals highlight ongoing activity in British European Technology Report tech Increased interest in Continental EuropeanTalend becomes fin tech the latest European tech company to have a successful U.S. IPO M&A, capital-raising, and public comps stats across European tech CONTENTS Executive Summary 1 Market Update and Analysis 3 William Blair Global Technology Banking Franchise 5 Sector and Transaction Data 7 EXECUTIVE SUMMARY European Tech M&A Activity Continues Post-Brexit Referendum Innovative technology industry. Two major transactions in Trustmarque Solutions, an end-to-end companies across the the third quarter, SoftBank’s IT solutions and services provider to acquisition of ARM and Micro Focus’s the public and private sector in the Continent are drawing acquisition of Hewlett Packard United Kingdom, on its sale to Capita, significant interest from Enterprise’s software business, one of the United Kingdom’s leading potential buyers. illustrate the continued outbound and providers of technology-enabled inbound activity involving U.K.-based business process management and The United Kingdom’s intended technology companies. outsourcing solutions. In August, we withdrawal from the European Union advised Liberata, a provider of On July 18, Japan-based SoftBank will be a complicated, drawn-out business process outsourcing, announced that it was acquiring process, and Brexit’s full impact on services, and automation to the U.K. Cambridge-based microprocessor M&A and capital-raising activity will public sector, on its sale to Tokyo- manufacturer ARM for $32 billion.
    [Show full text]
  • Securing a Place for EMV in The
    News February 14, 2011 • Issue 11:02:01 Industry Update .......................................14 PCI seeks ISO nominations for advisory board ...............................44 Securing a place A new wave of mobility ............................44 Defying the dragons .................................45 for EMV in the USA Cyber security concerns ...........................47 Features By Patti Murphy The Takoma Group GS Advisory Board: Game changers for 2011 – Part 1 .........28 mericans take great pride in being leaders. But there is at least one SellingPrepaid: area in which Americans shouldn't be eager to claim leadership: vulnerability to payment card fraud. So, why is the United States so Prepaid in brief .......................................32 slow to implement chip and PIN technologies to protect against card A phone card opportunity calls A fraud? It depends on who's asking and who's answering the question. By Jeffrey Shavitz Charge Card Systems Inc. .....................33 Bankers tend to blame merchants, whom they see as unwilling to pony up the Will gift cards no longer be cost of terminals that are compliant with Europay/MasterCard/Visa (EMV) – the international standard for chip and PIN technologies. Merchants complain sold in New Jersey? ............................34 about the dearth of card issuers committed to EMV. "Retailers aren't going Book Review: to spend money on new equipment unless and until issuers start issuing the Selling to the C-Suite and cards," said OB Rawls IV, Senior Vice President of Sales at TASQ Technology Inc. Selling to VITO The power of selling at the top ...............42 Today only one of an estimated 17,000 card-issuing financial institutions in the Research rundown ...................................74 United States is issuing EMV-compliant payment cards: the United Nations Federal Credit Union.
    [Show full text]
  • Prepaid Prepaid Players Expand Business Is Booming in the Prepaid Card Sphere
    3 AdvisoryBoard NotableQuote » Tony Abruzzio–Global Payments Inc. » John Arato–MagTek Inc. PayPal and Amazon.com already » Adam Atlas–Attorney at Law have 100 million accounts on file that include shipping information » Clinton Baller–PayNet Merchant Ser vices Inc. and payment preferences. Now, » Audrey Blackmon–TASQ Technology PayPal wants to open up its plat- » Sam Chanin–Tribul Merchant Services forms to online software vendors. » Steve Christianson–AAmonte Bankcard Soon, there will be an entire class » Steve Eazell–Secure Payment Systems Inc. of payment providers who will » W. Ross Federgreen–CSRSI bypass the card brands. » Jim Fink–EVO Merchant Ser vices See story on page 29 » Kim Fitzsimmons–First Data Merchant Ser vices » Ed Freedman–Total Merchant Services » Marc Gardner–North American Bancard » Russ Goebel–Quantus Health Solutions LLC Inside this issue: » Matt Golis–YapStone Inc. CONTINUED » Alex Goretsky–USA ePay » Curt Hensley–CSH Consulting Company Profi les » Jared Isaacman–United Bank Card Inc. » Kevin Jones–First American Payment Systems Merchant e-Solutions Inc. » Jerry Julien–Equity Commerce LP A different vision, a better solution .....................................................41 » Lazaros Kalemis–Alpha Card Ser vices Inc. » Dee Karawadra–Impact PaySystem New Products » Rod R. Katzfey–Comdata Processing Systems Inc. » Allen Kopelman–Nationwide Payment Systems Inc. Consolidated purchasing for truckers ....................................................80 » Mitch Lau–Money Tree Merchant Services A gateway into e-commerce .................................................................82 » Mitch Levy–Merchant Cash and Capital » Dan Lewis–AmeriBanc National Ltd. Inspiration » Douglas Mack–Payex » Paul Martaus–Martaus & Assoc. Twenty tips for lifelong learning ............................................................85 » Biff Matthews–CardWare International Departments » Tim McWeeney–WAY Systems Inc. » Patti Murphy–The Takoma Group » Michael Nardy–Electronic Payments Inc.
    [Show full text]
  • The Payments Ecosystem: Security Challenges in the 21St Century
    The Payments Ecosystem: Security Challenges in the 21st Century Phil Smith III Senior Architect & Product Manager, Mainframe & Enterprise Distinguished Technologist Micro Focus International Agenda A Short History of Payments The Payments Landscape Today Anatomy of a Card Swipe Card Fraud: How It Happens Protecting Yourself and Your Company Evolution (and Intelligent Design?) A Short History of Payments In the Beginning… Early Currencies Large Purchases Small Purchases Purchases on Yap (island of stone money) Evolution • “Lighter than goats!” • Chek invented: Persia, 550–330 BC • Achaemenid Empire (remember them?) • India, Rome, Knights Templar used cheques More Modern Uses • Cheques revived in 17th century England • Soon after: preprinted, numbered, etc. • Magnetic Ink Character Recognition added in 1960s MICR Modern Payments Systems Many Alternatives to Checks • Not the only game in town any more… • Online payment services (PayPal, WorldPay…) • Electronic bill payments (Internet banking et sim.) • Wire transfer (local or international) • Direct credit, initiated by payer: ACH in U.S. giro in Europe • Direct debit, initiated by payee • Debit cards • Credit cards We’ll focus on these • …and of course good ol’ cash! Charge Cards vs Credit Cards • Terms often interchanged, but quite different • Charge cards must be paid off that month • Credit cards offer “revolving credit” • Credit card actually “invented” back in 1888: “… a credit card issued him with which he procures at the public storehouses, found in every community, whatever he desires
    [Show full text]
  • Full Text Decision
    Anticipated acquisition by CVC Capital Partners SICAV-FIS S.A. of Sky Bet ME/6508-14 The CMA’s decision on reference under section 33(1) of the Enterprise Act 2002 given on 5 March 2015. Full text of the decision published on 31 March 2015. Please note that [] indicates figures or text which have been deleted or replaced in ranges at the request of the parties for reasons of commercial confidentiality. SUMMARY 1. CVC Capital Partners SICAV-FIS S.A. (CVC) has agreed to acquire a majority stake in the Sky Bet division of Sky plc (Sky Bet) through its wholly owned subsidiary (a special purpose vehicle) Cyan Bidco Limited (the Merger).i CVC and Sky Bet are together referred to as the Parties. 2. The Competition and Markets Authority (CMA) considers that the Parties will cease to be distinct as a result of the Merger, that the turnover test is met and that accordingly arrangements are in progress or in contemplation which, if carried into effect, will result in the creation of a relevant merger situation. 3. Sky Bet is active in the provision of online gaming and betting services in the United Kingdom (UK). 4. CVC is a private equity firm which holds a controlling interest in a number of companies in various industries, including Skrill Limited (Skrill), an online payment solutions provider that currently provides online payment services to Sky Bet and other businesses. On 26 November 2014, Skrill entered into an agreement to acquire Smart Voucher Limited (trading as Ukash) which also provides online payment solutions to online betting and gaming service providers.
    [Show full text]
  • Vindicia – Globalcollect Integration
    Vindicia – GlobalCollect Integration Offering digital goods and services is already proving to be a major opportunity for many businesses. But growing revenue sustainably and globally can be challenging; minimizing customer churn, extending customer lifetime value, acquiring new customers are key to any digital business’ growth strategy as well as expanding in new global markets. Digital products don’t have borders! Vindicia The Vindicia® CashBox® platform takes subscription billing to new levels. CashBox combines cutting edge customer acquisition methods with advanced customer retention technologies, while maintaining unmatched scalability and 99.99% up-time. Vindicia has processed over $6 billion globally and generate over $90 million in annual incremental revenue for our clients. Our clients include TransUnion Interactive, Intuit, Activision Blizzard, IAC, Bloomberg, Vimeo and Next Issue Media. GlobalCollect GlobalCollect is the most knowledgeable global Payment Service Provider in the world, processing more than US$14 billion in international e-commerce payments per year for more than 500 of the world’s most recognized e-commerce brands in the digital goods and services, travel, retail and video gaming industries, among many others. With nearly two decades of payments experience, we enable our clients to efficiently and securely accept payments from more than 170 countries in more than 170 currencies, using in excess of 150 local payment methods including all major credit and debit cards, direct debits, bank transfers, real-time bank transfers, eWallets, cash at outlets, prepaid methods, checks, and invoices. www.globalcollect.com Creating value together - Global perspective – complete information about local regulations, regional customs and cultural preferences. - Customized solutions and guidance – through ever-changing regulations and transaction pitfalls.
    [Show full text]
  • Savantor's View
    Savantor MarketEye: 17 – 30 November 2014 2011 Savantor Limited 68 Lombard St London EC3V 9LJ This is a high-level industry news and business intelligence update Tel: 0870 734 6250 Fax: 0870 734 6251 bulletin. For further information on any of the items contained within the email: [email protected] bulletin or to discuss the potential impact of these items on your www.savantor.com business, please contact Savantor on [email protected] . Items in this issue: Savantor’s View ....................................................... 1 Monitise gets £49.2 million boost from Santander, Bank fines for IT failings .................................................. 1 Telefonica and IBM ......................................................... 3 Discover fires lawsuit alleging anti-competitive practices Products & Initiatives .............................................. 2 at Visa ............................................................................. 4 Twitter lets users add coupons to cards for in-store Danish telcos sell m-payments venture to bank-owned redemption ...................................................................... 2 rival ................................................................................. 4 Crédit Agricole joins French bank-run e-payments Bank of England appoints Deloitte to probe Chaps service ............................................................................ 2 breakdown ...................................................................... 4 HSBC rolls out Paym for business customers ................
    [Show full text]
  • Online Payments 2012 Moving Beyond the Web
    Online payments 2012 Moving beyond the web 1 This report provides an overview of e-commerce payment methods and habits across the globe. It shows that we’re operating in a fascinating world that is diverse and full of developments but also one that has plenty of room for innovation to enable web retailers to sustain growth and offer their services increasingly across borders. Ulric Jerome – Pixmania.com, member of the Board Ecommerce Europe 2 Online payments 2012 Moving beyond the web Editors: Chiel Liezenberg, Douwe Lycklama Authors: Jip de Lange, Alessandro Longoni, Adriana Screpnic [email protected] www.innopay.com Edition 2012 Version 1.2 – Ecommerce Europe edition May 2012 ISBN: 978-94-90587-08-6 Copyright © Innopay BV All rights reserved 3 Preface Ecommerce Europe Ecommerce Europe is proud to present, in cooperation with Innopay, this special edition of the Online payments 2012 report. Until now, there has been no structured collaboration directly involving e-commerce businesses. The European market is open and offers plenty of opportunities for online retailers. For that, Ecommerce Europe was launched in April 2012. Ecommerce Europe will focus primarily on reinforcing the success of web merchants and the right investment climate for web merchants. It will do this by robustly promoting their interests and by lobbying European institutions. For that, this report will be most helpful. We must shift towards European standards. Europe needs a broader variety of payment solutions, because a broad palette of payment solutions with mass adoption leads to more business for web retailers. This report provides an overview of e-commerce payment methods and habits across the globe.
    [Show full text]
  • E-Commerce, Cyber, and Electronic Payment System Risks: Lessons from Paypal
    LESSONS FROM PAYPAL (DO NOT DELETE) 9/22/2016 4:08 PM E-COMMERCE, CYBER, AND ELECTRONIC PAYMENT SYSTEM RISKS: LESSONS FROM PAYPAL LAWRENCE J. TRAUTMAN ABSTRACT By now, almost without exception, every business has an internet presence, and is likely engaged in e-commerce. What are the major risks perceived by those engaged in e-commerce and electronic payment systems? What potential risks, if they become reality, may cause substantial increases in operating costs or threaten the very survival of the enterprise? This article utilizes the relevant annual report disclosures from eBay (parent of PayPal), along with other eBay and PayPal documents, as a potentially powerful teaching device. Most of the descriptive language to follow is excerpted directly from eBay’s regulatory filings. My additions include weaving these materials into a logical presentation and providing supplemental sources for those who desire a deeper look (usually in my footnotes) at any particular aspect. I’ve sought to present a roadmap with these materials that shows eBay’s struggle to optimize its business performance while navigating through a complicated maze of regulatory compliance concerns and issues involving governmental jurisdictions throughout the world. First, a brief look is provided at the SEC’s disclosure requirements. Second, a description of the eBay and PayPal history and business models is presented. Next, is a discussion of risk factors: credit cards; U.S. state money transmission laws; online and mobile growth; and reliance on internet access. International issues follow, with an examination of anti-money laundering, counter-terrorist, and other potential illegal activity laws. The author estimates that PayPal’s cost of accounting and legal fees and management time devoted to the discovery, examination and documentation of the perceived enterprise risk associated with e-commerce, cyber, information technology and electronic payment system risks may aggregate in the range of tens-of-millions of dollars a year.
    [Show full text]