|GREENSKY, INC. filed this Form 10-Q on 11/09/2018|
use of our services and products. In addition, significant increases in fraudulent activity could lead to regulatory intervention, which could increase our costs and also negatively impact our business.
Cyber-attacks and other security breaches could have an adverse effect on our business.
In the normal course of our business, we collect, process and retain sensitive and confidential information regarding our Bank Partners, our merchants and consumers. We also have arrangements in place with certain of our third-party service providers that require us to share consumer information. Although we devote significant resources and management focus to ensuring the integrity of our systems through information security and business continuity programs, our facilities and systems, and those of our Bank Partners, merchants and third-party service providers, are vulnerable to external or internal security breaches, acts of vandalism, computer viruses, misplaced or lost data, programming or human errors, and other similar events. We, our Bank Partners, our merchants and our third-party service providers have experienced all of these events in the past and expect to continue to experience them in the future. We also face security threats from malicious third parties that could obtain unauthorized access to our systems and networks, which threats we anticipate will continue to grow in scope and complexity over time. These events could interrupt our business or operations, result in significant legal and financial exposure, supervisory liability, damage to our reputation and a loss of confidence in the security of our systems, products and services. Although the impact to date from these events has not had a material adverse effect on us, no assurance is given that this will be the case in the future.
Information security risks in the financial services industry have increased recently, in part because of new technologies, the use of the internet and telecommunications technologies (including mobile devices) to conduct financial and other business transactions and the increased sophistication and activities of organized criminals, perpetrators of fraud, hackers, terrorists and others. In addition to cyber-attacks and other security breaches involving the theft of sensitive and confidential information, hackers recently have engaged in attacks that are designed to disrupt key business services, such as consumer-facing websites. We may not be able to anticipate or implement effective preventive measures against all security breaches of these types, especially because the techniques used change frequently and because attacks can originate from a wide variety of sources. We employ detection and response mechanisms designed to contain and mitigate security incidents. Nonetheless, early detection efforts may be thwarted by sophisticated attacks and malware designed to avoid detection. We also may fail to detect the existence of a security breach related to the information of our Bank Partners, merchants and consumers that we retain as part of our business and may be unable to prevent unauthorized access to that information.
We also face risks related to cyber-attacks and other security breaches that typically involve the transmission of sensitive information regarding borrowers through various third parties, including our Bank Partners, our merchants and data processors. Some of these parties have in the past been the target of security breaches and cyber-attacks. Because we do not control these third parties or oversee the security of their systems, future security breaches or cyber-attacks affecting any of these third parties could impact us through no fault of our own, and in some cases we may have exposure and suffer losses for breaches or attacks relating to them. While we regularly conduct security assessments of significant third-party service providers, no assurance is given that our third-party information security protocols are sufficient to withstand a cyber-attack or other security breach.
The access by unauthorized persons to, or the improper disclosure by us of, confidential information regarding GreenSky program customers or our own proprietary information, software, methodologies and business secrets could interrupt our business or operations, result in significant legal and financial exposure, supervisory liability, damage to our reputation or a loss of confidence in the security of our systems, products and services, all of which could have a material adverse impact on our business. In addition, there recently have been a number of well-publicized attacks or breaches affecting companies in the financial services industry that have heightened concern by consumers, which could also intensify regulatory focus, cause users to lose trust in the security of the industry in general and result in reduced use of our services and increased costs, all of which could also have a material adverse effect on our business.