By now, I’m sure you’ve seen the headlines and read the details about the multi-million dollar global cyberheist. Yet again, cybercriminals have landed a huge payday. In a little more than half a day’s time collectively, thieves stole approximately $45 million via prepaid credit cards. As many ask, “How has this happened again?”, I’ll take a moment to break it down.

In this case, cybercriminals hacked the databases of one, possibly two payment processors (details are still unfolding). Since the credit limits on prepaid cards are far lower than the rates on traditional cards, the fraudsters inflated the available balances and removed the daily withdrawal limits. They then sent the card data and corresponding personal identification numbers (PINs) to their “cashers” around the world to encode on the plastic cards. The cashers, located in 24 countries, rushed to their nearest ATMs and withdrew cash – lots of it. All the while, the cybercriminals stay connected to the third-party processors networks and watched the withdrawals taking place in real time (they have checks and balances in place to ensure that the cashers don’t get too greedy). The final step involved laundering the cash via the purchase of large ticket items, including two Rolex watches, a Mercedes SUV, and a Porsche.

For a certain sector of the population who cannot get a bank to give them a bank account (for credit reasons or lack of credit history, for example), prepaid cards are a “Godsend”. They function just like a traditional debit or credit card. To begin using a prepaid card, all the cardholder needs to do is fund the card with money. For banks, the disadvantage from a fraud detection perspective is that ...