Bank fraud is a lucrative business. In the U.K. alone, over 100 million pounds were lost to transfer scams in the first six months of 2017. This stemmed from 19,370 cases, with an average loss of 3,027 pounds for consumers and 21,477 pounds for businesses, as reported by UK Finance. This type of authorized push payment (APP) scam means that a legitimate account owner approved the payment. In the U.K., there is no legal mechanism for banks to return money received following such a scam.

Fraudsters are innovating constantly to commit new types of cybercrime, but they also need to create mechanisms to move their ill-gotten gains into cash in hand. This is where mule accounts come in.

What Is a Money Mule Account?

According to Europol, 90 percent of money mule transactions are linked to cybercrime. Cybercriminals use mule accounts to deposit money and then transfer it to other accounts. Fraudsters may pose as genuine employers, offering payments to people to establish and use these accounts. This is essentially money laundering, which can carry a sentence of 14 years imprisonment in the U.K.

There is evidence that malicious actors are coercing young people in particular to act as mules. The Guardian, citing fraud prevention firm Cifas, reported that there were 8,652 cases in which bank accounts belonging to 18- to 24-year-olds were misused during the first nine months of 2017 — that’s double the number of such incidents reported in 2013.

A Mule in Sheep’s Clothing

Fraudsters need mule account owners to appear as normal users. This proposition can be attractive to some: A mule can work at home, open a few bank accounts, transfer funds and get paid for doing something that looks innocuous on the surface. Once a fraud is executed, the perpetrators need to move money fast, and mule accounts enable them to expedite this activity. Typically, several mule accounts are used to transfer funds from a single fraud incident.

Threat actors work remotely and need to recruit mules in-country to extract funds. This recruitment occurs over the web and has become quite sophisticated. In many cases, mules are unwitting accomplices and think they are acting for a legitimate business. IBM’s X-Force Exchange found evidence that fraudsters are also using malware to recruit money mules by targeting job recruitment and advertisement sites. These actors are becoming more sophisticated over time, even resorting to bitcoin ATM transfers to extract cash, according to KrebsOnSecurity.

Detecting Mule Accounts

Mule account detection is becoming more important and complex for banks as they open new account registration processes to other channels, such as mobile. With manual systems, banks could rely on staff to review application forms, ask appropriate questions, and determine data accuracy and authenticity with the benefit of time delays. Today’s systems need to be deployed with artificial intelligence (AI) capabilities that can recognize risk indicators and respond much faster without compromising the client experience.

Banks have traditionally focused on detecting fraud as a payment leaves an account. In this era of open banking and faster payments, financial institutions need to pay attention to payments going into accounts and determine whether any activity indicates a possible mule account. Detecting this type of activity requires a combination of several risk indicators, such as virtual machine detection, device spoofing evidence, device attributes, the use of automated techniques, known fraudster profiling, and user behavior in the registration and post-registration user journeys.

Action against mules requires interbank and international cooperation. On Nov. 28, 2017, Europol announced that law enforcement had arrested 159 people, interviewed 409 suspects, and identified 766 money mules and 59 mule organizers as a result of the European Money Mule Action (EMMA3) initiative, which promotes action against money muling, between Nov. 20 and 24.

Mule detection also benefits from a systemic approach along national and international lines. In 2017, Vocalink conducted a proof of concept on U.K. faster payments data across 12 financial institutions, demonstrating that sharing data across banks can be effective. However, industrializing such a system would require new regulations on sharing data between organizations. In the meantime, individual banks must ramp up their internal mule detection systems.

Hit Fraudsters Where It Hurts

Mule account detection is an intrinsic component of the IBM Trusteer New Account Fraud offering. This solution combines attributes such as those mentioned above with the latest machine learning techniques. It then integrates that data with global intelligence sources, generating insights on the devices used for registration and providing a risk assessment on newly created accounts.

Money mules play a crucial role in today’s cybercrime landscape and enable malicious actors to keep devising new ways to compromise personal and enterprise data for their own gain. By sniffing out this activity, law enforcement and security professionals can hit fraudsters where it hurts — their wallets — and build barriers to prevent future attacks from being successful.

Read the white paper: Transparently detecting new account fraud

More from Banking & Finance

Kronos Malware Reemerges with Increased Functionality

The Evolution of Kronos Malware The Kronos malware is believed to have originated from the leaked source code of the Zeus malware, which was sold on the Russian underground in 2011. Kronos continued to evolve and a new variant of Kronos emerged in 2014 and was reportedly sold on the darknet for approximately $7,000. Kronos is typically used to download other malware and has historically been used by threat actors to deliver different types of malware to victims. After remaining…

Why Cybersecurity Risk Assessment Matters in the Banking Industry

When customers put money in a bank, they need to trust it will stay there. Because of the high stakes involved for the customer, such as financial loss, and how long it takes to resolve fraud and potential identity theft, customers are sensitive to the security of the bank as well as fraud prevention measures. Banks that experience high volumes of fraud are likely to lose customers and revenue. The key is to protect customers and their accounts before problems…

Cost of a Data Breach: Banking and Finance

The importance of cybersecurity has touched almost every industry. Beyond that, robust cybersecurity is table stakes for several sectors, particularly health care and the banking and finance industry. Not only is financial data at risk, but so is customer trust. In banking and finance, trust means everything. Yet, consumers are hesitant to share their confidential data. A recent McKinsey survey revealed that no industry achieved a trust rating of 50% for data protection. Here’s the most sobering stat: 87% of…

What Do Financial Institutions Need to Know About the SEC’s Proposed Cybersecurity Rules?

On March 9, the U.S. Securities and Exchange Commission (SEC) announced a new set of proposed rules for cybersecurity risk management, strategy and incident disclosure for public companies. One intent of the rule changes is to provide “consistent, comparable and decision-useful” information to investors. Not yet adopted, these new rules – published in the Federal Register on March 23 – could change reporting requirements. Take a look at some of the big-ticket items and what your organization needs to know.…