And METABANK is right in there still selling those PREPAID CARDS!!!
Recent ebanking heists — such as a $121,000 online robbery at a New York fuel supplier last month — suggest that cyber thieves increasingly are cashing out by sending victim funds to prepaid debit card accounts. The shift appears to be an effort to route around a major bottleneck for these crimes: Their dependency on unreliable money mules.
Mules traditionally have played a key role in helping thieves cash out hacked accounts and launder money.
They are recruited through email-based work-at-home job scams, and are told they will be helping companies process payments.
In a typical scheme, the mule provides her banking details to the recruiter, who eventually sends a fraudulent transfer and tells the mule to withdraw the funds in cash, keep a small percentage, and wire the remainder to co-conspirators abroad.
METABANK only accepts cash money from their customers, the real customers
However, apparently thieves have figured out how to work the METABANK system to their advantage while real customers can’t get the cards to work. It is clear to me that the PREPAID CARDS are a scam in themselves.
If all honest consumers stopped using METABANK’s prepaid card, then it would just be the criminals using them and they may be easier catch…
Some of the mule gangs I’ve identified.
But mules are hardly the most expedient method of extracting funds. To avoid arousing suspicion (and triggering anti-money laundering reporting requirements by the banks), cyber crooks usually send less than $10,000 to each mule.
In other words, for every $100,000 that the thieves want to steal, they need to have at least 10 money mules at the ready.
In reality, though, that number is quite often closer to 15 mules per $100,000. That’s because the thieves may send much lower amounts to mules that bank at institutions which have low transfer limit triggers. For instance, they almost always limit transfers to less than $5,000 when dealing with Bank of America mules, because they know transfers for more than that amount to consumer accounts will raise fraud flags at BofA.
WHO IS HIRING THE MONEY MULES? Cybercrooks and their names are???
Thus, the average mule is worth up to $10,000 to a cybercrook. Unsurprisingly, there is much competition and demand for available money mules in the cybercriminal underground. I’ve identified close to two dozen distinct money mule recruitment networks, most of which demand between 40-50 percent of the fraudulent transfer amounts for their trouble. Not only are mule expensive to acquire, they often take weeks to groom before they’re trusted with transfers.
But these mules also come with their own, well, baggage. I’ve interviewed now more than 200 money mules, and it’s hard to escape the conclusion that many mules simply are not the sharpest crayons in the box. They often have trouble following simple instructions, and frequently screw up important details when it comes time to cash out (there are probably good reasons that a lot of these folks are unemployed). Common goofs include transposing digits in account and routing numbers, or failing to get to the bank to withdraw the cash shortly after the fraudulent transfer, giving the victim’s bank precious time to reverse the transaction. In isolated cases, the mules simply disappear with the money and stiff the cyber thieves.
In several recent ebanking heists, however, thieves appear to have sent at least half of the transfers to prepaid cards, potentially sidestepping the expense and hassle of hiring and using money mules. For example, last month cyber crooks struck Alta East, a wholesale gasoline dealer in Middletown, N.Y. According to the firm’s comptroller Debbie Weeden, the thieves initiated 30 separate fraudulent transfers totaling more than $121,000. Half of those transfers went to prepaid cards issued by Metabank, a large prepaid card provider.
Prepaid cards are ideal because they can be purchased anonymously for small amounts ($25-$100 values) from supermarkets and other stores.
A majority of these low-value cards are not reloadable, unless the cardholder goes online and provides identity information that the prepaid card issuer can tie to a legitimate credit holder.
After that card is activated, it can be reloaded remotely by transferring or depositing funds into the account, and it can be used like a debit, ATM or credit card.
“The information we gather in opening it is the same information you’d be asked if you were opening a credit card account online,” said Brad Hanson, president of Metabank’s payment systems division. “We do checks against different public resources like Experian and LexisNexis to verify that all the information matches and is accurate, and that we have a reasonable belief that you are the person applying for the card.”
The trouble is, the thieves pulling these ebanking heists have access to massive amounts of stolen data that can be used to fraudulently open up prepaid cards in the names of people whose identities and computers have already been hijacked. However, METABANK can’t figure out and identify their own real customers so their product is useless… That is the true story.
Once those cards are approved, the crooks can simply transfer funds to them from cyberheist victims, and extract the cash at ATMs. Alternatively, wire transfer locations like Western Union even allow senders to use their debit cards to execute a “debit spend,” thereby sending money overseas directly from the card.
Recent ebanking heists — such as a $121,000 online robbery at a New York fuel supplier last month — suggest that cyber thieves increasingly are cashing out by sending victim funds to prepaid debit card accounts.
The shift appears to be an effort to route around a major bottleneck for these crimes: Their dependency on unreliable money mules.
Mules traditionally have played a key role in helping thieves cash out hacked accounts and launder money. They are recruited through email-based work-at-home job scams, and are told they will be helping companies process payments. In a typical scheme, the mule provides her banking details to the recruiter, who eventually sends a fraudulent transfer and tells the mule to withdraw the funds in cash, keep a small percentage, and wire the remainder to co-conspirators abroad.
Some of the mule gangs I’ve identified.
But mules are hardly the most expedient method of extracting funds. To avoid arousing suspicion (and triggering anti-money laundering reporting requirements by the banks), cyber crooks usually send less than $10,000 to each mule. In other words, for every $100,000 that the thieves want to steal, they need to have at least 10 money mules at the ready.
[ Consumers think that METABANK itself is a thief because of how we have been treated. METABANK cares nothing about abusing their customer base, the real customer base that is, and serves money laundering mules from the underworld.]
In reality, though, that number is quite often closer to 15 mules per $100,000. That’s because the thieves may send much lower amounts to mules that bank at institutions which have low transfer limit triggers. For instance, they almost always limit transfers to less than $5,000 when dealing with Bank of America mules, because they know transfers for more than that amount to consumer accounts will raise fraud flags at BofA.
Thus, the average mule is worth up to $10,000 to a cybercrook. Unsurprisingly, there is much competition and demand for available money mules in the cybercriminal underground. I’ve identified close to two dozen distinct money mule recruitment networks, most of which demand between 40-50 percent of the fraudulent transfer amounts for their trouble. Not only are mule expensive to acquire, they often take weeks to groom before they’re trusted with transfers.
But these mules also come with their own, well, baggage. I’ve interviewed now more than 200 money mules, and it’s hard to escape the conclusion that many mules simply are not the sharpest crayons in the box. They often have trouble following simple instructions, and frequently screw up important details when it comes time to cash out (there are probably good reasons that a lot of these folks are unemployed). Common goofs include transposing digits in account and routing numbers, or failing to get to the bank to withdraw the cash shortly after the fraudulent transfer, giving the victim’s bank precious time to reverse the transaction. In isolated cases, the mules simply disappear with the money and stiff the cyber thieves.[ Customers are complaining that METABANK has so screwed up their accounts that it is impossible for them to be able to access their own money… so it appears that these “not the sharpest crayons in the box mules” need work that they apply for the entry level positions at METABANK. They won’t even know if they are lying to customers or not…. METABANK is so screwed up.]
In several recent ebanking heists, however, thieves appear to have sent at least half of the transfers to prepaid cards, potentially sidestepping the expense and hassle of hiring and using money mules.
[Money mules??? Wow! Only criminals could think of such a thing. Ordinary and honest people still are being scammed by METABANK. It is like METABANK played a mean joke on themselves.]
For example, last month cyber crooks struck Alta East, a wholesale gasoline dealer in Middletown, N.Y. According to the firm’s comptroller Debbie Weeden, the thieves initiated 30 separate fraudulent transfers totaling more than $121,000. Half of those transfers went to prepaid cards issued by Metabank, a large prepaid card provider.
Prepaid cards are ideal because they can be purchased anonymously for small amounts ($25-$100 values) from supermarkets and other stores. A majority of these low-value cards are not reloadable, unless the cardholder goes online and provides identity information that the prepaid card issuer can tie to a legitimate credit holder. After that card is activated, it can be reloaded remotely by transferring or depositing funds into the account, and it can be used like a debit, ATM or credit card.
“The information we gather in opening it is the same information you’d be asked if you were opening a credit card account online,” said Brad Hanson, president of Metabank’s payment systems division.
“We do checks against different public resources like Experian andLexisNexis to verify that all the information matches and is accurate, and that we have a reasonable belief that you are the person applying for the card.”
[Yes, consumers you were right that METABANK does check your credit, so that NO CREDIT CHECK NECESSARY is just bogus for us honest folks!!! Actually, consumers want real protections. METABANK created this monster and this monster is now biting them back. Honest consumers though have still been left out in the cold with no solution nor any resolve for the crap that METABANK has dished out at us!!!]
The trouble is, the thieves pulling these ebanking heists have access to massive amounts of stolen data that can be used to fraudulently open up prepaid cards in the names of people whose identities and computers have already been hijacked.
[ >>>BUT METABANK HAS STILL FAILED TO FIND A WAY TO PROPERLY SERVE THEIR GENUINE CUSTOMER BASE.
>>> METABANK LIES TO CUSTOMERS AND KEEPS CUSTOMERS AND THEIR OWN CASH MONEY APART WHEN THEY NEED THE MONEY THE MOST
>>>> METABANK ADVERTISES THAT A CUSTOMER’s MONEY IS SAFER AND MORE SECURE WHEN PLACED ON ONE OF THE METABANK CARDS….. THIS IS A LIE FROM WHAT I AM READING HERE!!!]
Once those cards are approved, the crooks can simply transfer funds to them from cyberheist victims, and extract the cash at ATMs. Alternatively, wire transfer locations like Western Union even allow senders to use their debit cards to execute a “debit spend,” thereby sending money overseas directly from the card.
THE ATTACK
Sometime on March 13, four different employees of Alta East received emails that appeared to have been sent from a current client. The messages inquired about a recent transaction, and cited an invoice number. According to Weeden, all four Alta East employees opened the attached Adobe PDF file, which contained a hidden Javascript element that infected their Windows XP systems with a variant of the ZeuS Trojan.
[THINK OF ALL THE MONEY THESE CROOKS COULD MAKE IF THEY PUT THEIR MINDS TO SOMETHING NOBLE AND WORTHY…. NO EXCITEMENT THERE, EH? SO HAVE METABANK STOP THE AWFUL PREPAID CARDS ENTIRELY> METABANK IS A SCAM OPERATION IN AND OF ITSELF!!!]
Six days later, the thieves set up a batch of fraudulent payroll payments, sending instructions to Alta East’s bank to fund 15 Metabank prepaid cards; the remainder of the funds apparently were sent to traditional money mules at locations around the country.
“The emails came from a legitimate customer, and we thought he was questioning an invoice,” Weeden said. “There were four of us who hit that attachment. Afterwards, we asked the customer about the email, but he said he hadn’t sent it.”
[It is too soon for ordinary people to be forced into using prepaid cards… Only criminals and thieves have found any success in getting a METABANK PREPAID CARD TO actually work.]
Weeden said Alta East’s internal IT guys scanned her machine with six different antivirus tools, but the scans turned up no evidence of infection. It wasn’t until the company hired an outside forensics expert who removed the hard drive and examined it in an isolated environment that the expert found the ZeuS infection.
The thieves didn’t route their fraudulent logins to Alta East’s bank account through the company’s systems; rather they proxied the traffic through the networks of the Center for Discovery, a rehabilitation facility for disabled individuals that is located in nearby Harris, N.Y. The center did not return calls seeking comment.
Rick Jones, executive vice president business services at Alta East’s financial institution –Provident Bank — said the bank followed its agreement with Alta East, and sent the company an email about the fraudulent payroll batch the very day it was initiated. But Jones said that Alta East admitted to overlooking the notification until the following morning. By that time, most of the unauthorized transfers had already gone through.
Weeden said Provident was able to retrieve roughly $20,000 worth of illicit transfers from mule accounts, and that it expected to recover another $21,000 in the coming weeks. She added that her firm is in the process of setting up a system whereby online banking is done only from an isolated computer that will not be used for email or regular Internet browsing. Still, the company is facing an $80,000 loss from the incident.
It remains to be seen whether cyber thieves continue shifting more of their operations from traditional mules to prepaid debit accounts.
I’ve talked to a number of victims who lost more than $100,000 but noted that the thieves left several hundred thousand dollars untouched in the company’s accounts. “Why would they leave so much money on the table like that? Why not just take it all?” the victims usually ask. The answer? Just as real life bank robbers are limited in the amounts they can steal by the volume of cash they can physically haul from the scene of the crime, so are cyber thieves.
Usually, the thieves simply did not have access to enough mules to help them haul all of the available loot. That limitation is eased if they start depending more on prepaid cards, an entire stack of which can fit easily into a single miscreant’s wallet.
[ You would be surprised at what banks will hand over to the wrong person without paying close attention. As consumers, we believe that the design of the METABANK created prepaid gift card was primarily a gimmick that would abuse honest people who would be their customers. The fact remains that METABANK has repeatedly lied to us as their real customers; this is by design. The money mules may or may not be a real story. As customers of METABANK, we know that we have been taken advantage of by METABANK and we don’t know why METABANK is still allowed to continue this scam… This has not been completely nor adequately addressed.]
ANALYSIS
There are a few things worth calling out from the above story, and every business owner would do well to consider them closely:
-eBanking losses are likely to increase if thieves continue to find success with the prepaid card approach.
-Today’s cyber thieves are patient and willing to jump through multiple hoops to steal your money.
-Clicking on links and email attachments continues to be a risky activity, even when the links and attachments appear to come from someone you know or trust.
-Traditional antivirus tools have an atrocious record in detecting ZeuS and its ilk. If you suspect a machine is compromised, you cannot trust a report from a security program that is running on top of the potentially infected operating system.
-A majority of these ebanking heists start with a social engineering scam sent via email. Companies should be actively phishing their own employees and grading them on their performance, and perhaps even tying performance to year-end bonuses or other (dis)incentives.
-Unlike consumers, businesses have basically no legal protection from their bank due to losses from cyber fraud. Yes, organizations should push their banks to do more on security. But for better or worse, small to mid-sized businesses who are counting on their banks to prevent this type of fraud are setting themselves up for disappointment and major financial losses.
-Banking from a Live CD or from an isolated (preferably non-Windows) computer is the surest way to avoid ebanking heists. However, this approach only works if it is consistently observed.
Related Posts:
- eThieves Steal $217k from Arena Firm
- Cyber Thieves Rob Treasury Credit Union
- FBI Investigating Cyber Theft of $139,000 from Pittsford, NY
- FBI Promises Action Against Money Mules
- FBI: $20M in Fraudulent Wire Transfers to China
MONEY MULES: Here is more of a joke
Money mules – the accomplices who help move stolen funds – may be the real victims of online banking scams, not the bank customers who are the ostensible targets of fraudsters, according to new research from Microsoft.
In a paper that turns conventional thinking about online banking crime on its head, researchers at Microsoft argue that it is the mules – the witting or unwitting accomplices of the fraudsters – who are the real victims of account takeover scams, not the owner of the account that is raided.
“Money mules are not merely unwitting accomplices, they are the true victims in credential theft fraud,” wrote the researchers, Cormac Herley and Dinei Florencio of Microsoft Research.
Editor’s Pick
Fake Facebook Profile For NATO Senior Commander Used To Phish Senior Brass
Network Of 7K Typo Squatting Domains Drives Huge Traffic To Spam Web Sites
Celebrity Ashton Kutcher Firesheep’d at TED Conference
Threatpost Newsletter Sign-up
Their paper, “Is Everything We Know About Password-Stealing Wrong” appears in the latest issue of IEEE Security and Privacy Magazine.
In it, Herley and Florencio argue that U.S. laws that indemnify victims of banking and credit card fraud change the calculus and economics of online fraud. Victims whose accounts are raided, they note, are made whole again by the bank or credit card company.
Mules, on the other hand, are not victims of fraud. Instead, they participate in it: receiving stolen funds into a legitimate account they own, then quickly forwarding those funds to the criminals responsible for the crime in exchange for a small commission.
Unlike the victims, mules are not protected by anti fraud laws.
Unlike the criminals, they are not off shore and beyond the reach of the banks or law enforcement.
Further, as banks and other financial institutions have gotten better at tracing account takeover scams and reversing charges, it is the mules who pay the price: having funds extracted from their account to make the victim whole, assuming such funds are available.
“The thief is really stealing from the mule, not the compromised account, though that fact does not become clear until the dust settles,” the researchers write.
Herley has made a name for himself turning conventional wisdom about online crime on its head.
He has challenged estimates about the size of the underground online economy as ridiculously inflated.
Such estimates are based on merely the presence of sellers, not records of actual transactions. He has written critically about the utility of cyber crime surveys which he said “are so compromised and biased that no faith whatever can be placed in their findings.”
Passwords have also been a regular focus of his work. In a paper on the use of statistical guessing attacks to defeat passwords, Herley and two co-authors: Stuart Schechter of Microsoft Research and Michael Mizenmacher of Harvard University argued that many features to force the creation of strong passwords actually result in users picking passwords that are easy to guess or crack.
In his latest research, Herley and his coauthors tap much of that early work and suggest that concentrating security investments on passwords to secure online banking sessions probably doesn’t do much to reduce online banking scams, given the realities of the cut throat cyber crime marketplace.
Knowing the customer’s password, they argue, is just the first step in emptying their account and is of relatively small utility.
That, Herley and his colleagues say, explains why fraudsters get just pennies on the dollar for credentials in online bazaars. “Why would anyone sell the credentials that unlock an account with a $5,000 balance for $5,” they ask. “It makes a lot more sense if emptying accounts is hard and stealing passwords is merely the first step in a difficult and error-prone process which only occasionally succeeds,” the authors wrote.
It follows, then, that merely making passwords harder to steal won’t do much to stem online banking fraud.
“If a large lake of credentials is drained by a narrow pipe of mules, then reducing the inflow to the lake might have no effect on the net harm done,” they wrote.
Rather than focus on authentication, banks and financial services, as well as law enforcement, might do a better job staunching online banking theft by focusing, instead, on better back end fraud detection to make it harder to empty accounts, or on the mule recruitment process, to cut off access to the key middle men and women who are needed to move actual money into accounts under the attackers control.
Online criminal groups have gone to great lengths to recruit mules in recent years. Social networks like Facebook, MySpace and Twitter have all been used to recruit individuals willing to let their bank account be used to receive a transfer from an illegal account, then forward it along. In turn, the FBI has said that it was going to be stepping up efforts to crack down on money mules.
Commenting on this Article is closed.
Comments
Submitted by Brian Krebs (not verified) on Tue, 03/27/2012 – 3:23pm.
With all due respect, arguing that money mules are the victims, and that those robbed with the help of money mules are made whole by their banks, is a laugh. I haven’t yet read the article that forms the basis of this blog post (I will next), but the Microsoft researcher betrays his utter lack of understanding of who these mules and criminals are targeting. It’s not consumers for the most part: It’s small to mid-sized businesses. There are millions of these mom and pop shops in the United States and elsewhere, and many of them are learning the hard way every week that one virus infection can ruin their business. Why? Because in the U.S. at least, banks are not liable for losses on corporate accounts due to cyber fraud. That liability rests with the business. Anyone who wants to learn more about the real situation on the ground with these money mule attacks should spend a few moments reading the stories of more than 75 companies I have profiled over the past two years that have lost tens of millions of dollars at the hands of money mules. They’re available at my site, krebsonsecurity.com and click the Target: Small Business category on the right hand side.
Submitted by Cormac Herley (not verified) on Wed, 03/28/2012 – 10:18am.
Paul, thanks for the write-up.
Brian, I respect your work, but if you take the trouble to read the article I think you’ll find that you went off half-cocked here.
Submitted by Brian Krebs (not verified) on Wed, 03/28/2012 – 5:44pm.
Out of curiosity, why do you say I went off half-cocked? There are misleading and incorrect statements about the reality of these attacks throughout the story. I haven’t read the source article, because it requires subscribing and paying a fee to read the article, so I’m no wiser than I was yesterday about the subject of this piece. But I stand by my comments. I’m curious what exactly you take issue with in my earlier comment. Mules *are* the bottleneck, and there is a certain amount of intelligence to be gleaned from the money mule recruitment networks which — if properly monitored — can be invaluable sources of early warning data that give victim companies a chance to lose less than they would otherwise. But increasingly, the mules are being edged out of the game in favor of prepaid debit cards, which can be set up in advance with stolen identity data and funded with hijacked accounts. And, you can even “spend” these cards at Western Union.
Submitted by Anonymous (not verified) on Tue, 03/27/2012 – 3:25pm.
haven’t read it just yet. any information in the study or from the fbi on threats made to mules’ selves and families if they quit? anything about reasons that busted immigrant mules returning to “muling” a couple weeks later in the US? these incidents are documented, but don’t seem well investigated. that would shed some light on the situation too.
Submitted by Anonymous (not verified) on Tue, 03/27/2012 – 8:49pm.
Regardless of culpability and mitigation, it appears that the mules are key to the whole process. Stop/inhibit them, and you greatly minimize the harm that can be done to bank accounts of either individuals or small businesses. In addition, the banks could do a better job on their end via more “intelligent” back-office procedures/software.
Regards,
Submitted by David (not verified) on Wed, 03/28/2012 – 11:37am.
I believe there is a substantial difference between being reimbursed the money you may have lost through fraud and being “made whole”.
Ask anyone who has been through the process of closing accounts, opening new ones, changing automatic transactions and then dealing with the things they never thought of that come up. Then never quite feeling secure with the daily dealings in life. Nope, the money is only part of being “made whole”.
David
Submitted by Cormac Herley (not verified) on Wed, 03/28/2012 – 9:39pm.
The paper is the first link above, free and in the clear.
Well, you say that I betray a utter lack of understanding for what’s going on and yet you acknowledge not having read what I wrote. That’s pretty half-cocked. My paper explicitly limits its scope to password stealing attacks on the bank accounts of US consumers. Perhaps you don’t find that interesting, but that’s what the article is about. I’m well aware that Reg E protections do not extend to businesses, and stress it several times. However US consumers are covered, and a mule who receives a fraudulent transfer and initiates a good one is left holding the bag if reversal is successful. Not sure I would term that a laugh.
I don’t quite understand the suggestion that mules are being replaced by prepaid debit cards.
At least in the consumer space I don’t think getting a prepaid debit armed only with the account password is easy. At least I don’t see that as an option when I login to online banking.
Anyhow, if you still feel I betray and utter lack of understanding after reading the paper happy to continue the discussion.
Submitted by Anonymous (not verified) on Fri, 03/30/2012 – 12:14pm.
While the small to mid-size businesses pay the toll for the fraudster and their mules on business account fraud, it is the banks that pay the considerable toll for the fraudster taking advantage of personal accounts. [ This may explain part of METABANK’s paranoia, but METABANK still fails in regard to decent customer service.]
Regulation E protects the personal/household accounts, so when a fraudster runs amock with the targeted debit cards (and credit cards), the bank makes our customers whole and we sustain the loss. If we are able to find out who the fraudster is (not that often) we rarely see the funds returned to the bank – the fraudster is long gone and the money mule does not have 2 nickels to rub together, but they may have a huge big screen TV and plenty of bling that they received as part of their bounty, so we all lose. Due to these sizeable losses the banks sustain, we just get yelled at about the fees that people have to pay. while we should protect our customers from liability, the money mules working for the fraudsters do not have my sympathy. What they are doing is illegal.
Submitted by Anonymous (not verified) on Fri, 03/30/2012 – 6:31pm.
Sorry, I don’t agree. Those mules who know what they are doing and why they are doing it, are engaging in deliberate criminal acts. They should be prosecuted. Especially the ones who flout it on FaceBook. [They flount it on facebook????]
Submitted by Riddle (not verified) on Sat, 03/31/2012 – 6:46pm.
It happens all over and over ,from the dawn of civilization . little beasts get eaten by the bigger ones , we can call that the “crime-chain” . Although the fraudsters didn’t directly harm the mules ,but they used them, for a reason , a good one…
they aren’t really victims,however, they are just paying for the harm they caused .
The ulitmate victims are the people who lost the money they hardly worked to earn. [ Amen to that!!! And we as consumers have been overlooked. METABANK is basically just paranoid so they can’t or won’t serve consumers properly. We still advise consumers to stay far away from METABANK.]
Submitted by Victor Probo (not verified) on Fri, 05/18/2012 – 10:26am.
I think this very blog posting does exactly what the authors wanted. Generalization and splash headlines. The opening paragraphs announce a ‘startling conclusion’ (good headline) without mentioning the the strictly limited conditions where that conclusion applies. In the opening paragraph of the original paper (accessed through the link for free) it specificly qualifies this conclusion to “consumers”. At the end of page 5, Mr. Krebs’ work is discussed, and the applicability of the conclusion is weakend (if not severed) in the case of commercial customers.
But the authors got what they wanted… a big splashy headline, lots of press, based upon non-critical thinking by this blog. [ OK, but who has addressed consumer rights and the way that METABANK has abused their customers??? The ordinary person needs to be protected from METABANK and METABANK needs to be protected from money mules… GET RID OF METABANK’s PREPAID CARDS!!!}