E-commerce, Cyber, And Electronic Payment System Risks: Lessons From Paypal
Lawrence J. Trautman
Posted Tuesday, April 11, 2017

By now, almost without exception, every business has an internet presence, and is likely engaged in e-commerce. What are the major risks perceived by those engaged in e-commerce and electronic payment systems? What potential risks, if they become reality, may cause substantial increases in operating costs or threaten the very survival of the enterprise?

This article utilizes the relevant annual report disclosures from eBay (parent of PayPal), along with other eBay and PayPal documents, as a potentially powerful teaching device. Most of the descriptive language to follow is excerpted directly from eBay’s regulatory filings. My additions include weaving these materials into a logical presentation and providing supplemental sources for those who desire a deeper look (usually in my footnotes) at any particular aspect. I’ve sought to present a roadmap with these materials that shows eBay’s struggle to optimize its business performance while navigating through a complicated maze of regulatory compliance concerns and issues involving governmental jurisdictions throughout the world. First, a brief look is provided at the SEC’s disclosure requirements. Second, a description of the eBay and PayPal history and business models is presented. Next, is a discussion of risk factors: credit cards; U.S. state money transmission laws; online and mobile growth; and reliance on internet access. International issues follow, with an examination of anti-money laundering, counter-terrorist, and other potential illegal activity laws. The author estimates that PayPal’s cost of accounting and legal fees and management time devoted to the discovery, examination and documentation of the perceived enterprise risk associated with e-commerce, cyber, information technology and electronic payment system risks may aggregate in the range of tens-of-millions of dollars a year. The value proposition offered here is disarmingly simple: at no out-of-pocket cost, the reader has an opportunity to invest probably less than an hour to read and reflect upon eBay and PayPal’s multiple-million-dollar research, investment and documentation of perceived e-commerce, cyber, IT, and electronic payment system risk. Hopefully, this will prove of value to those either interested in the rapidly changing dynamics of (1) electronic payment systems, or (2) those engaged in Internet site operations.