For a more recent article on money mules, read “How Cybercriminals Use Money Mule Accounts to Profit From Online Fraud.”

A money mule is someone who receives and transfers illegally acquired money on behalf of others. Money mules may or may not receive a commission in return for their involvement. They have played an important role in fraud and money laundering for decades. Some mules are aware that they are part of an illicit scheme, while others are unaware or merely suspect it. As new technologies and trends emerge, money mules and criminal organizations exploit systems to defraud people.

Visa Waiver Program

Recent trends are showing that money mule herders, people who specialize in recruiting and organizing mule activity, are starting to utilize the U.S. government’s Visa Waiver Program (VWP) for their illicit activities.

The VWP is an international agreement between 38 countries. The U.S. State Department states that it currently allows citizens of participating countries to travel to the United States without a visa for stays of 90 days or less if they meet certain requirements. Travelers must be eligible to use the VWP and have a valid Electronic System for Travel Authorization approval prior to travel. The VWP permits travel within the United States for purposes of tourism and certain business activities.

VWP mule activity has been observed in the past 12 to 18 months. The activity, to date, involves young adults from VWP countries being recruited to travel to the United States and open deposit accounts. Upon their arrival, the mules will open multiple bank accounts at various financial institutions in their true name and then provide the bank account information to their handlers.

The scheme usually involves an electric funds transfer deposit to the mule account, but it has also been used to deposit tax refund checks obtained through tax refund fraud schemes. The mules know that they are involved in an illicit scheme, but they don’t likely view what they are doing as illegal. Furthermore, they believe — or have been told — that they are beyond the reach of U.S. law enforcement once they are back in their home country.

Mobile Money Mules

Another potential emerging trend has to do with money mules and mobile devices. There is little if any data on this trend, though it is certainly on the rise.

The concept of the mobile money mule will make its way onto the landscape of fraud and money-laundering vectors over the next few years, for which financial institutions will need to account.

It is evident that consumers desire the ability to perform banking transactions on their mobile devices. A review of data about mobile banking adoption from the Federal Reserve Board found the following:

  • Thirty-three percent of all mobile owners and 51 percent of all smartphone owners have used mobile banking in the past year.
  • Twelve percent of mobile phone owners who are not using mobile banking now think that they will in the next year.
  • Ninety-three percent use mobile banking to check balances.
  • Fifty-seven percent use mobile banking to transfer money between accounts.
  • Thirty-eight percent have deposited a check in the past year, up from 21 percent in 2013.
  • Seventeen percent have used their phone to make a payment in the past year.
  • Sixty-six percent of the mobile payments were bill payments through an online banking system.

Recent history has shown that cybercriminals proficiently adapt and exploit new technologies and trends. As consumers increasingly adopt mobile banking technology, there will naturally be a demand to do more types of transactions from their mobile device. Financial institutions will strive to provide customers with the option to do everything via mobile that they can do now at a physical branch. The customer experience and lower cost of transactions will drive that expansion.

This technology will not likely change the money mule process; however, it may make it easier for criminal syndicates. They will have the ability to establish new accounts through the mobile channel rather than having the money mules physically go into a branch. This removes the potential detection of suspicious account openings through human interaction.

The ability to open accounts and direct all other transactions through the mobile channel will increase the velocity with which criminal groups may operate. This gives them more flexibility in the way they communicate and interact with their mules.

One may speculate that increased mobile transaction offerings may eliminate the need for criminal groups and mule herders to recruit money mules. If new accounts could be opened and all other transactions could be executed via mobile, why would a money mule be needed? Accounts could be opened in fake names with fake credentials as they are today, but from the mobile platform. Electronic fund transfers could be initiated out of the financial institution to a third party from a mobile device. The less human interaction that is needed, the more flexibility is provided to the criminal.

It is challenging to anticipate the ways in which mobile banking will enable criminal groups’ ability to commit fraud and launder money through the use of money mules. What is known, based on past evidence, is that they will adapt and exploit new technologies and services.

More from Banking & Finance

How to Spot a Nefarious Cryptocurrency Platform

Do you ever wonder if your cryptocurrency platform cashes in ransomware payments? Maybe not, but it might be worth investigating. Bitcoin-associated ransomware continues to plague companies, government agencies and individuals with no signs of letting up. And if your platform gets sanctioned, you may instantly lose access to all your funds. What exchanges or platforms do criminals use to cash out or launder ransomware payments? And what implications does this have for people who use exchanges legitimately? Blacklisted Exchanges and Mixers…

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

Why Cybersecurity Risk Assessment Matters in the Banking Industry

When customers put money in a bank, they need to trust it will stay there. Because of the high stakes involved for the customer, such as financial loss, and how long it takes to resolve fraud and potential identity theft, customers are sensitive to the security of the bank as well as fraud prevention measures. Banks that experience high volumes of fraud are likely to lose customers and revenue. The key is to protect customers and their accounts before problems…

Cost of a Data Breach: Banking and Finance

The importance of cybersecurity has touched almost every industry. Beyond that, robust cybersecurity is table stakes for several sectors, particularly health care and the banking and finance industry. Not only is financial data at risk, but so is customer trust. In banking and finance, trust means everything. Yet, consumers are hesitant to share their confidential data. A recent McKinsey survey revealed that no industry achieved a trust rating of 50% for data protection. Here’s the most sobering stat: 87% of…