24 July 2014

JPMorgan to exit pre-paid card business

10 January 2014  |  7028 views  |  8 JPMorgan

JPMorgan Chase says it plans to pull out of the pre-paid card business just a month after the bank confirmed that hackers had broken into its servers and put the personal information of around 465,000 cardholders at risk.

In a brief statement issued late Thursday, JPMorgan said it will "explore a full range of options for its pre-paid card business, including a sale".

The business includes all corporate, US public sector and electronic benefit transfer (EBT) programmes, as well as Health Savings Accounts (HSA).

Additionally, the firm said it will no longer solicit or accept any new prepaid card business.

In September, the bank discovered that Web servers used by its UCard Web site had been compromised. The affected cards were used by companies to pay employees and by government agencies to distribute benefits.

In the wake of the breach, the US state of Connecticut decided to suspend its debit card programme for paying out tax refunds, resorting to paper cheques. Explaining the move, tax commissioner Kevin Sullivan blasted the bank, declaring: "I am wildly unhappy with the level of customer service".

The decision to exit the business is understood to be directly linked to the breach, as well as growing regulatory scrutiny of the fees charged by banks for using pre-paid products.

Chase customers, including cardholders of Chase debit, credit, Chase Liquid and commercial cards, are not affected by the decision.

Comments: (8)

Alexander Peschkoff - TEDIPAY - London | 10 January, 2014, 10:12

Why just pre-paid and not banking altogether?.. I guess that hacking event has nothing to do with the decision re pre-paid.

Pre-paid is hard to turn into a profitable exercise with the "legacy" mentality (O2 are shutting down their wallet for a similar reason).

Matt Scott - Wincor Nixdorf International GmbH - Wokingham | 10 January, 2014, 10:46 Different reasons entirely. O2 is more than likely shutting down O2 Money due to multiple reason: (i.) the solution doesn't extend to Mobile NFC issuing; (ii.) it is provided by a 3rd party (FIS - previous incarnation it was provided by Natwest); (iii.) WEVE (JV with other telco partners) is striving to offer a competitor e-payment/loyalty function. JPMC was probably more than likely looking to exit the business prior to this event - possible due to the signs there is an economic pick-up and volumes traditionally shift from Debit/Prepaid to Credit Cards in times of economic prosperity - therefore suggesting possible potential revenue issues for the prepaid business unit.
Alexander Peschkoff - TEDIPAY - London | 10 January, 2014, 10:52

I was referring to the payment part of O2 "wallet" (which it never was...) - it was based on a prepaid card.

As for the push of credit products by Chase (or any major US bank for that matter), it's more to do with Durbin than consumer's "prosperity" - i.e. it's the bank's preference, not the consumer's.

Matt Scott - Wincor Nixdorf International GmbH - Wokingham | 10 January, 2014, 11:31

Depends on your definition of a "wallet".  You could install multiple payment cards for e-commerce use or the loading facility for the prepaid card/account.  It wasn't the best implementation but it certainly wasn't the worst I have seen.  It was basically a partner app for the physical plastic.  Where it failed was the lack of a Mobile NFC functionality - which is where I believe WEVE will come in (cross telco/multiple device support - starting with, I assume, Samsung Galaxy S3/S4 etc).

Durbin may have played a part in the JPMC decision (pressure on Interchange Income) but all the more reason to push/incenitivise consumers to Credit Card portfolios.

Alexander Peschkoff - TEDIPAY - London | 10 January, 2014, 12:49

Weve is no more...

And none of the existing players (apart from your humble) can yet link SE-based products to e-comm transactions for "card present" flow...

Bo Harald - ZEF and Real Time Economy Program - Esbo | 10 January, 2014, 21:23

Never been a big believer in prepaid. How soon history alltogether?

 

Mark Sitkowski - Design Simulation Systems Ltd - Melbourne | 13 January, 2014, 04:53

There are two aspects to this story, which make it a very much avoidable mishap.

Firstly, whoever designed the security of the server should choose an alternative career. It is perfectly possible to make a Unix server bulletproof to external attack (I say 'Unix' because anyone who runs important content on a Wintel box needs professional help). I would guess that JPM's server ran software written in something like WordPress, cPanel, Joomla, Java or some other highly exploitable interpreted language, which permitted the hackers to bypass the authentication layer.

Secondly, a lot of the blame for any bad consequences must rest with whoever designed the authentication system for the cards themselves. Had they used a modern systerm, the loss of the card data would have been a trivial occurrence, since the data would be worthless to a thief.

Alexander Mifsud - Ixaris Systems Ltd - London | 16 January, 2014, 12:50

There is a reason why prepaid can be more vulnerable: many prepaid programmes are part of relatively complex (compared to, say, a debit or credit card programme) solutions are put together involving more than just card processing and typically involve a number of external providers for, say, card loading, and external parties in operational roles, such as employers loading the cards for payroll payments.  

The breadth of application is what makes prepaid compelling but also challenging.  See my blog post for more on this http://www.finextra.com/blogs/fullblog.aspx?blogid=8789

Comment on this story (membership required)
Log in to receive notifications when someone posts a comment

Related stories

17 December, 2013
05 December, 2013
02 December, 2013
30 October, 2012
06 September, 2012
30 March, 2012

Related company news

 

Related company information

JPMorgan Chase

Featured job

to £90k base, £180k OTE + full benefits
London, UK

Find your next job