23 May 2018
Alexander Mifsud

Alex Mifsud

Alexander Mifsud - Ixaris Systems Ltd

10Posts 45,981Views 6Comments
A post relating to this item from Finextra:

JPMorgan to exit pre-paid card business

10 January 2014  |  10476 views  |  8
JPMorgan Chase says it plans to pull out of the pre-paid card business just a month after the bank confirmed that hackers had broken into its servers and put the personal information of around 465,000...

Banks, don't be scared of prepaid, but do it right

16 January 2014  |  3152 views  |  1

JPMorgan Chase may well be missing a trick here. There is a LOT of money to be made in prepaid. MasterCard is putting the global growth of the prepaid market as a whole at 27% CAGR – it’s already a big market and is set to grow further over coming years. Think all the money from prepaid is to be made in consumer prepaid? Wrong. The cards which JPMorgan will be withdrawing are primarily used for corporate payrolls and government tax refunds and benefits. MasterCard estimates corporate prepaid to account for $385bn of spend by 2017.

For retail banks, transaction banking is a pretty sure and reputable bet – never more so than now. With interest rates still rock bottom, some institutions do not see lending as a secure investment while others are saddled with non-performing debts which mean they are unable to lend. Prepaid on the other hand, both consumer and corporate, can be an extremely profitable business line.

Of course security is critical.  JP Morgan is not alone in suffering a breach; other prepaid systems have come under attack recently such as $45m heist in May 2013 which used a card cloning and unauthorised access to the prepaid card processing systems. However, attacks can be prevented, in some cases with quite basic security measures.

There is no silver bullet to safeguarding a prepaid card system from attack, but there are several best practice measures that do work and should certainly be applied to minimise risk. Stringent adherence to payment standards such as PCI DSS are a good start – and would have prevented several publicized attacks. 

I would, nevertheless, recommend additional measures over and above PCI DSS that would make prepaid card systems more secure without sacrificing ease of use.

EMV chip & PIN cards are an industry standard security measure and an effective defence against card cloning; and besides the obvious physical and IT security, a sound cyber defence strategy should include enhanced security measures for access to systems by operations staff: two-factor authentication to prevent password capture, maker-checker (whereby an individual employee / computer submits an action while another must approve it) for sensitive data entry such as changes in account ownership or large transactions, and  external monitoring for unusual behaviour such as large transactions or high volumes of transactions in a given period that cannot be tampered with even if the machine or process being monitored is compromised. None of these measures degrade the end-user experience and are entirely within the control of the bank to implement.

In short, this is a market worth playing in, but if you’re going to play, make sure you have the right kit.


Comments: (1)

A Finextra member
A Finextra member | 16 January, 2014, 13:06

Good point, Alexander.

The problems are: (a) lack of EMV infrastructure in the US, and (b) risk of an inside job (Target was PSI DSS compliant).

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Latest posts from Alexander

Support non-acquired suppliers to shift the needle on card payments

09 December 2016  |  5284 views  |  0 comments | recomends Recommends 0 TagsCardsInnovation

Are interchange economics the largest barrier to commercial card usage?

18 November 2016  |  6819 views  |  0 comments | recomends Recommends 0 TagsCardsInnovation

The battle of three for banking supremacy

02 February 2016  |  7797 views  |  0 comments | recomends Recommends 0 TagsCardsPayments

Payment predictions for 2016

22 January 2016  |  3238 views  |  1 comments | recomends Recommends 0 TagsPaymentsInnovation

Banks, don't be scared of prepaid, but do it right

16 January 2014  |  3152 views  |  1 comments | recomends Recommends 1 TagsCardsSecurity

Alexander's profile

job title CEO
location London
member since 2010
Summary profile See full profile »
Alex Mifsud is Co-founder and Chief Executive Officer of Ixaris Systems, Ltd. Under its EntroPay brand, Ixaris offers one of the most cost-effective, convenient and rapid means for businesses and cons...

Alexander's expertise

Member since 2003
10 posts6 comments
What Alexander reads
Alexander writes about
Alexander's blog archive
2016 (4)2014 (1)2011 (1)2010 (4)

Who's commenting on Alexander's posts