Money mule accounts are proliferating due to a lack of industry detection standards, and the increase in peer-to-peer payment platforms.

As more bank customers choose to move to the digital space, financial institutions are witnessing a drop in on-premise account applications. However, this shift opens up new avenues for cybercriminals.

Fueled by the easy availability of stolen and synthetic identities, the threat landscape can escalate, and financial institutions (FIs) are under pressure to remove these friction points to safeguard accounts.

For example, a money mule can either set up accounts with false paperwork using identities that are stolen or scammed from victims. Such accounts are the most critical link in the fraud supply chain infrastructure: cybercriminals need holding accounts after perpetrating digital theft.

While the financial services industry clearly recognizes that mule accounts are a significant problem, not all banks are tracking money mule accounts due to a lack of resources to support continuous monitoring. Exacerbated by a lack of industry standards for detection, and the increase in peer-to-peer payment platforms, money mule accounts are set to proliferate.

Money mules a regional issue

Across the Asia Pacific region (APAC), this issue is becoming much more significant. We are seeing targeted groups of people becoming increasingly at risk of opening a mule account, knowingly or not, with the majority being teenagers or young adults in their early 20s.

This group is focused on what they can gain, rather than the risks involved in doing so. In Malaysia, a recent survey showed that one out of four students shared their bank accounts, debit and credit card details and personal identification numbers because they “trust” their friends. Mule account cases are slowly spreading to schools, colleges and university students there.

Another at risk group is the unemployed who want to earn quick money. After a spike in December 2020 in criminal syndicates using job advertisements to recruit money mules, the Australian Federal Police has warned citizens to be vigilant.

Lastly, victims of romance scams are also widely recognized as a vulnerable group despite a decrease in number over recent years. In Singapore, specifically, more than 250 people have been investigated for alleged money mule crimes comprising mainly Internet love scams.

Deep diving into tactics

To educate the wider public, it is important to first understand how cybercriminals operate.

Cybercriminals establish mule accounts in two main ways:

  1. Recruiting mules. Cybercriminals will dupe real victims into scams in an attempt to get them to use their established bank account to transfer stolen funds. Two of the most common types of mule recruitment tactics are work-at-home opportunities and romance scams, which have both seen a dangerous uptick during pandemic lockdowns across the region.
  2. Opening a new account. Cybercriminals can also use stolen or synthetic identities to establish new accounts that cannot be traced back to them. Once opened, the accounts will remain dormant for some time to avoid raising red flags with the bank. Before long, the new accounts are being used to cash out and launder stolen funds. It is not unusual to see cybercriminals take advantage of marketing programs or other promotions designed to increase customer acquisition to open new accounts. FIs open themselves up to increased risk during these promotions as it is harder for them to spot fraudulent accounts during the period of increased enrolment.

The use of behavioural biometrics

There are some common factors that can be used to detect mules—such as transaction velocity and number of transfers—but how would an FI prevent a fraudulent account from being opened in the first place?

This is where the power of behavioral biometrics comes in. This is an AI-driven fraud detection and authentication technology that does not focus on data itself, but on how a user interacts during the entire account opening process. Behavioral biometrics works behind the scenes to analyze positive and negative actions that may be indicative of a fraudster.

Two metrics that are used in the technology are application fluency and low data familiarity.

  • Application fluency refers to how familiar the user is with the account application process. A cybercriminal repeatedly using compromised or synthetic identities will demonstrate a high level of familiarity with the new account opening process compared to an ordinary user.
  • Low data familiarity refers to how familiar the user is with his or her own personal data. A cybercriminal, who is not familiar with the personal data, may display excessive deleting or reliance on cut-and-paste techniques or automated tools to enter information that would be intuitive to a legitimate user.

Over the past year, the role that behavioral biometrics has played in customer trust and safety has increased significantly, constituting a crucial development in fraud development. Many traditional solutions are still reliant on knowledge-based authentication, device ID, and mobile network operator solutions such as SIM cards. However, this approach is simply not enough to detect cybercriminals in today’s day and age.

Similar to how social engineering attacks work, behavioural biometrics looks at thousands of risk indicators that signal latency, hesitation, distraction and other user behavior that indicate a person may be acting under the direction of a criminal.

An Australian-based bank that began using this technology last year has reported it has successfully shut down 90% of mule accounts before any fraud occurred.