30 August 2014

Alex Mifsud

Alexander Mifsud - Ixaris Systems Ltd

6 | posts 18,036 | views 2 | comments
A post relating to this item from Finextra:

JPMorgan to exit pre-paid card business

10 January 2014  |  7210 views  |  8
JPMorgan Chase says it plans to pull out of the pre-paid card business just a month after the bank confirmed that hackers had broken into its servers and put the personal information of around 465,000...

Banks, don't be scared of prepaid, but do it right

16 January 2014  |  1544 views  |  1

JPMorgan Chase may well be missing a trick here. There is a LOT of money to be made in prepaid. MasterCard is putting the global growth of the prepaid market as a whole at 27% CAGR – it’s already a big market and is set to grow further over coming years. Think all the money from prepaid is to be made in consumer prepaid? Wrong. The cards which JPMorgan will be withdrawing are primarily used for corporate payrolls and government tax refunds and benefits. MasterCard estimates corporate prepaid to account for $385bn of spend by 2017.

For retail banks, transaction banking is a pretty sure and reputable bet – never more so than now. With interest rates still rock bottom, some institutions do not see lending as a secure investment while others are saddled with non-performing debts which mean they are unable to lend. Prepaid on the other hand, both consumer and corporate, can be an extremely profitable business line.

Of course security is critical.  JP Morgan is not alone in suffering a breach; other prepaid systems have come under attack recently such as $45m heist in May 2013 which used a card cloning and unauthorised access to the prepaid card processing systems. However, attacks can be prevented, in some cases with quite basic security measures.

There is no silver bullet to safeguarding a prepaid card system from attack, but there are several best practice measures that do work and should certainly be applied to minimise risk. Stringent adherence to payment standards such as PCI DSS are a good start – and would have prevented several publicized attacks. 

I would, nevertheless, recommend additional measures over and above PCI DSS that would make prepaid card systems more secure without sacrificing ease of use.

EMV chip & PIN cards are an industry standard security measure and an effective defence against card cloning; and besides the obvious physical and IT security, a sound cyber defence strategy should include enhanced security measures for access to systems by operations staff: two-factor authentication to prevent password capture, maker-checker (whereby an individual employee / computer submits an action while another must approve it) for sensitive data entry such as changes in account ownership or large transactions, and  external monitoring for unusual behaviour such as large transactions or high volumes of transactions in a given period that cannot be tampered with even if the machine or process being monitored is compromised. None of these measures degrade the end-user experience and are entirely within the control of the bank to implement.

In short, this is a market worth playing in, but if you’re going to play, make sure you have the right kit.

TagsCardsSecurity

Comments: (1)

Alexander Peschkoff - TEDIPAY - London | 16 January, 2014, 13:06

Good point, Alexander.

The problems are: (a) lack of EMV infrastructure in the US, and (b) risk of an inside job (Target was PSI DSS compliant).

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Latest posts from Alexander

Banks, don't be scared of prepaid, but do it right

16 January 2014  |  1544 views  |  1  |  Recommends 1 TagsCardsSecurity

Finovate: Searching for the elusive 'proven innovation'...

08 February 2011  |  1949 views  |  1  |  Recommends 0 TagsCardsOnline banking

Can banks compete with PayPal?

09 December 2010  |  3796 views  |  2  |  Recommends 0 TagsPayments

Payments-in-the-cloud

01 November 2010  |  2771 views  |  1  |  Recommends 0 TagsPayments

A more open approach to innovation

30 September 2010  |  4237 views  |  0  |  Recommends 0 TagsPayments
name

Alexander Mifsud

job title

CEO

company name

Ixaris Systems Ltd

member since

2010

location

London

Summary profile See full profile »
Alex Mifsud is Co-founder and Chief Executive Officer of Ixaris Systems, Ltd. Under its EntroPay ...

Alexander's expertise

What Alexander reads
Alexander writes about
Alexander's blog archive
January 2014 (1)2011 (1)2010 (4)

Who is commenting on Alexander's posts

Alexander Peschkoff