The Problem with Prepaid: $45 Million ATM Heist Edition

The masterminds behind the recent crime spree that netted $45 million in fraudulent ATM withdrawals focused their attention on prepaid cards, highlighting yet another risk banks face when offering such products.

Many banks and financial technology companies are heavily invested in prepaid cards as part of their growth strategy. American Express Co.'s (AXP) Bluebird card, which it offers with Wal-Mart Stores Inc. (WMT), launched last October and attracted 575,000 account holders by January. Eighty-five percent of these customers were new to Amex, and 45% are under the age of 35, the company said.

Banks such as JPMorgan Chase (JPM) and Fifth Third Bank (FITB) offer prepaid cards, and discount or waive their monthly fees if users link those to certain checking accounts.

Total System Services Inc. (TSS), which considers itself the largest prepaid card processor in the world, is spending $1.4 billion to purchase the prepaid card provider NetSpend (NTSP). TSYS also recently extended a contract with Green Dot Corp. (GDOT), NetSpend's rival.

Despite all of this growth and attention, the recent arrests in New York emphasize that prepaid cards still have many issues to be worked out.

Dubbed "Unlimited Operations," this type of crime "begins when the cybercrime organization hacks into the computer systems of a credit card processor, compromises prepaid debit card accounts, and essentially eliminates the withdrawal limits and account balances of those accounts," according to the description provided by the U.S. Attorney's Office for the Eastern District of New York.

This runs completely counter to the one assurance prepaid cards seem to provide to issuing banks: that their balances have, true to the product's name, been paid in advance. With a typical prepaid card, there is no line of credit and no overdraft protection. Withdrawals stop when the money's gone.

This fraud scheme adds to the many reasons banks approach prepaid products with caution.

Another major fraud risk for prepaid comes from its end users, particularly as the marketers of these cards offer more bank-like services, such as remote check capture.

Prepaid card providers say their customers consider check capture an alternative to visiting a check-cashing store, so they expect funds to be available right away. Many companies have taken creative approaches to tackling the added risk of offering immediate funds to a customer they may not know all that well.

Imaging technology provider Mitek offers software that lets prepaid card issuers also request a scan of the user's driver's license when scanning a check. This process is designed to mimic the experience of visiting a check-cashing store, which would also request an ID, the vendor says.

Plastyc has a fee structure in place that might deter some users from demanding funds right away from a scanned check — it charges a fee of 1% or 4%, depending on the check's source, for real-time access to funds, but it charges no fee to users who agree to wait five days.

Prepaid card users might also try to double-dip by scanning a check from the parking lot of a check-cashing store, then going inside the store to cash the check again. To fight this scam, Plastyc takes note of the location of the user's phone and allows deposits only from certain locations, such as the customer's home.

"In the prepaid industry we're exposed to people who, unfortunately, are more tempted [than the general population] to do this," Plastyc CEO Patrice Peyret told PaymentsSource in February. The restrictions "are more preventive; we're trying to protect the reputation of the industry," he said.

Bank technology vendor Fiserv's (FISV) Prepaid Source Capture relies on Valid Systems, which provides a check verification service, to score each deposit and determine whether users can have immediate access to funds.

The other major risk faced by issuers of prepaid cards is reputational.

Though many prepaid card marketers, including UniRush and Green Dot,  have worked to lower monthly fees and ATM fees, the product still hasn't overcome the sting it felt when the Kardashian Kard dared to charge a year's worth of fees up front, making clear just how much these products cost the consumer.

Celebrities seem to attract the wrong kind of attention to prepaid, regardless of how clean their image is. Finance guru Suze Orman was criticized last year for the terms of her prepaid card, and the SpendSmart card attracted new, sometimes negative scrutiny after its signed Justin Bieber to promote it.

Daniel Wolfe is editor in chief at PaymentsSource and a contributing editor at American Banker. The views expressed are his own.