30 September 2016
Alexander Mifsud

Alex Mifsud

Alexander Mifsud - Ixaris Systems Ltd

8Posts 29,941Views 4Comments
A post relating to this item from Finextra:

JPMorgan to exit pre-paid card business

10 January 2014  |  9695 views  |  8
IRBanner.jpg
JPMorgan Chase says it plans to pull out of the pre-paid card business just a month after the bank confirmed that hackers had broken into its servers and put the personal information of around 465,000...

Banks, don't be scared of prepaid, but do it right

16 January 2014  |  2545 views  |  1

JPMorgan Chase may well be missing a trick here. There is a LOT of money to be made in prepaid. MasterCard is putting the global growth of the prepaid market as a whole at 27% CAGR – it’s already a big market and is set to grow further over coming years. Think all the money from prepaid is to be made in consumer prepaid? Wrong. The cards which JPMorgan will be withdrawing are primarily used for corporate payrolls and government tax refunds and benefits. MasterCard estimates corporate prepaid to account for $385bn of spend by 2017.

For retail banks, transaction banking is a pretty sure and reputable bet – never more so than now. With interest rates still rock bottom, some institutions do not see lending as a secure investment while others are saddled with non-performing debts which mean they are unable to lend. Prepaid on the other hand, both consumer and corporate, can be an extremely profitable business line.

Of course security is critical.  JP Morgan is not alone in suffering a breach; other prepaid systems have come under attack recently such as $45m heist in May 2013 which used a card cloning and unauthorised access to the prepaid card processing systems. However, attacks can be prevented, in some cases with quite basic security measures.

There is no silver bullet to safeguarding a prepaid card system from attack, but there are several best practice measures that do work and should certainly be applied to minimise risk. Stringent adherence to payment standards such as PCI DSS are a good start – and would have prevented several publicized attacks. 

I would, nevertheless, recommend additional measures over and above PCI DSS that would make prepaid card systems more secure without sacrificing ease of use.

EMV chip & PIN cards are an industry standard security measure and an effective defence against card cloning; and besides the obvious physical and IT security, a sound cyber defence strategy should include enhanced security measures for access to systems by operations staff: two-factor authentication to prevent password capture, maker-checker (whereby an individual employee / computer submits an action while another must approve it) for sensitive data entry such as changes in account ownership or large transactions, and  external monitoring for unusual behaviour such as large transactions or high volumes of transactions in a given period that cannot be tampered with even if the machine or process being monitored is compromised. None of these measures degrade the end-user experience and are entirely within the control of the bank to implement.

In short, this is a market worth playing in, but if you’re going to play, make sure you have the right kit.

TagsCardsSecurity

Comments: (1)

Alexander Peschkoff
Alexander Peschkoff - TEDIPAY - London | 16 January, 2014, 13:06

Good point, Alexander.

The problems are: (a) lack of EMV infrastructure in the US, and (b) risk of an inside job (Target was PSI DSS compliant).

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Latest posts from Alexander

The battle of three for banking supremacy

02 February 2016  |  7023 views  |  0 comments | recomends Recommends 0 TagsCardsPayments

Payment predictions for 2016

22 January 2016  |  2489 views  |  1 comments | recomends Recommends 0 TagsPaymentsInnovation

Banks, don't be scared of prepaid, but do it right

16 January 2014  |  2545 views  |  1 comments | recomends Recommends 1 TagsCardsSecurity

Finovate: Searching for the elusive 'proven innovation'...

08 February 2011  |  2307 views  |  1 comments | recomends Recommends 0 TagsCards

Can banks compete with PayPal?

09 December 2010  |  4100 views  |  2 comments | recomends Recommends 0 TagsPayments

Alexander's profile

job title CEO
location London
member since 2010
Summary profile See full profile »
Alex Mifsud is Co-founder and Chief Executive Officer of Ixaris Systems, Ltd. Under its EntroPay brand, Ixaris offers one of the most cost-effective, convenient and rapid means for businesses and cons...

Alexander's expertise

What Alexander reads
Alexander writes about

Who's commenting on Alexander's posts

Ketharaman Swaminathan