BioCatch and Lumin Digital partnership prevents $46 million in fraud in 2025

In 2025, nearly 50 U.S.-based financial institutions on the Lumin Digital platform utilized BioCatch solutions to prevent an estimated $46 million in fraud losses.

At the same time, fraud attempts continued to increase. Nearly two in every five (18% of) fraud cases reported by Lumin Digital users involved card controls in 2025 — an 80% increase from the year before. The speed at which fraud transpires, shifts, and adapts continues to accelerate beyond anything we’ve seen before, making the fraud of today and tomorrow increasingly difficult to detect with traditional methods alone.

What makes the BioCatch-Lumin Digital partnership so successful is, yes, the technology, but also the ongoing collaboration. Fraud teams share pain points and challenges, while BioCatch brings behavioral data, analysis, and live decisioning to aid institutions in adapting to the evolving threat landscape facing the mid-market space.

A real-time response to account takeover

While authorized push payment scams, where the scammer manipulates the victim into legitimately logging in and transacting with genuine credentials, continue to drive most of the fraud growth around the world, in the U.S. midmarket fraudsters gaining unauthorized access to user accounts are still responsible for a substantial portion of fraud losses. Today’s account takeover attacks are especially difficult for institutions to detect because fraudsters increasingly manipulate their victims into granting them account access. One-time passcode phishing, impersonation scams, and social engineering tactics designed to create a sense of urgency mean FIs can no longer trust credentials alone.

BioCatch’s Account Takeover (ATO) solution puts the financial institution in control of their fraud strategy. Instead of relying solely on traditional signals like device, transaction, or location data, BioCatch analyzes how a person behaves during the session itself: keystroke and mouse activity, touchscreen behavior, how the user navigates from one page to the next, and much more. When a user’s behavior fails to match their historical patterns or mirrors known criminal patterns, that elevates the risk that the session is fraudulent. Easy-to-understand scores and risk factors enable the institution to build strategies, intercept attempted fraud at the point of attack, and prevent funds from ever leaving a would-be victim’s account.

“What stands out about the BioCatch ATO solution is how actionable it is for our fraud teams,” Lumin Digital Principal Product Manager David Ringler said. “With more than 40 different Lumin session activities evaluated by BioCatch, we have numerous assessment opportunities protecting everything from viewing personally identifiable information to wire approvals. With individual rules for each, our institutions are very capable of customizing their users’ banking experience and protecting them from fraud. They’re not just getting a score. They're getting context that helps them make confident decisions in the moment, without disrupting the experience for legitimate users.”

Lumin passes fraud feedback to BioCatch via an API built into the Lumin platform, reducing redundancy and the need for fraud team leaders to navigate across multiple screens. Enhanced and consistent feedback equips BioCatch with more data to finetune its models, driving both greater fraud detection and reduced friction on financial institution members.

Fraudsters increasingly seek remote access

Fraudsters often gain access to online bank accounts via remote-access tools (RATs), ranging from custom malware to abuses of legitimate software, such as TeamViewer and AnyDesk. When these tools appear during an online banking session, it can signal to the institution that the account has been compromised. BioCatch uses behavioral signals, latency, and device indicators to identify these threats across Lumin Digital’s clients. BioCatch’s 2025 Digital Banking Fraud Trends in the U.S. report found 15% of fraud reported by the company’s mid-market customers involved an active RAT, a 55% increase from the prior year.

Fraudsters frequently use social engineering tactics to convince members to install these tools, often creating a sense of urgency or posing as trusted contacts. In many cases, the member does not fully understand what access they have granted.

The upcoming deployment of the BioCatch Mobile SDK for Lumin Digital customers will give institutions expanded visibility into when RAT applications are present on a member’s device. This additional context helps teams intervene earlier and with more confidence.

A network perspective

Mule accounts play a critical role in the fraud ecosystem. For every case of digital banking fraud, the fraudster must have control over a recipient account to which to direct the proceeds of their crime.

Account takeovers, scams, and even more nefarious crimes don’t exist in isolation. They’re linked by sophisticated networks of mule accounts, through which criminals launder their illicit funds. Once funds leave a victim’s account, they disappear into this spiderweb of mule accounts and become nearly impossible to recover.

Financial institutions on the Lumin Digital platform and elsewhere have reported an increase in this type of activity. Last year, BioCatch reported a 130% increase in the number of mules reported by its mid-market customers. In the first quarter of 2025, Lumin Digital clients identified 225 unique mule accounts. That number rose to 1,550 reported mule accounts by the end of the year, thanks to both increased fraudulent activity and greater adoption of BioCatch’s Mule Account Detection (MAD) solution.

We’ve also seen a sharp increase in mule activity among younger account holders. Activity among individuals younger than 21 rose by 78%, and members under 30 continue to represent a growing risk segment. BioCatch found that more than 40% of reported mid-market mule accounts were owned by those younger than 30. These individuals are often recruited through social media and messaging apps, sometimes under false pretenses. Many are conned into activity they don’t understand is illegal, but others are complicit money launderers.

The BioCatch MAD solution identifies early indicators such as unusual account balances, device changes, and shifts in transaction behavior. BioCatch Link extends that visibility further by connecting devices, IP addresses, and payees across accounts. Gaining visibility into these mule networks allows institutions to disrupt fraud at scale rather than merely reacting on a case-by-case basis.

Scams on the rise

The Global Anti-Scam Alliance estimates global scam losses exceeded $1 trillion in 2025, with a reported 68% increase in scam victims from the previous year. Only 4% of victims recovered their money, and one in two consumers reported a scam attempt on at least a weekly basis.

Detecting authorized push payment (APP) scams is especially complex because victims often authorize the transactions themselves.

Today, the majority of the LuminDigital clients use BioCatch products to stop bad actors from gaining unauthorized access to a genuine member’s account and use only an account takeover solution. With the upcoming deployment of BioCatch’s Mobile SDK for Lumin Digital customers, Lumin Digital institutions will gain access to BioCatch’s Scams360 solution, allowing them to more reliably detect elusive social engineering scams.

The Scams360 solution analyzes behavioral patterns that can indicate coaching, hesitation, stress, or manipulation, even when login credentials are valid. Romance scams, investment scams, impersonation schemes, and marketplace fraud all leave behavioral signals. When institutions can see those signals clearly, they gain intelligence that allows them to intervene before significant losses occur.

Big-picture impact

Fraud, anti-money laundering (AML), and financial crime concerns are increasingly connected. Account takeover, mule accounts, scam proceeds, and money movement all exist within the same ecosystem. These interconnected systems are incomprehensible to legacy solutions that examine individual transactions in isolation.

Through ongoing working sessions and checkpoints, Lumin Digital clients review data alongside BioCatch threat analysts, compare risk trends with internal investigations, and adjust strategies based on what’s driving losses.

This delivers a measurable impact. Real-time intervention has prevented tens of millions of dollars in losses. Mule networks are being identified earlier. Fraud teams have clearer insights into emerging threats, often recognizing signs of fraud before the member does.

Crucially, institutions also gain confidence in their strategy. Fraud teams no longer just react to incidents after they transpire. They gain the ability to act in real time, before or during the fraud event, with rich data to support their decisions.

That is the value this partnership has delivered: practical tools, shared insights, and strategies that continue to adapt as fraud evolves.

—

Key takeaways:

In 2025, nearly 50 U.S.-based financial institutions on the Lumin Digital platform utilized BioCatch solutions to prevent an estimated $46 million in fraud losses.
Nearly two in every five (18% of) fraud cases reported by Lumin Digital users involved card controls in 2025 — an 80% increase from the year before. AI lowers the skill barrier for fraud by helping automate tasks that once required specialists, such as exploit development, system analysis, and attack execution.
In the U.S. midmarket, fraudsters gaining unauthorized access to user accounts are still responsible for a substantial portion of fraud losses
More than 40% of reported mid-market mule accounts were owned by individuals younger than 30.