Mule accounts are the most critical link in the fraud supply chain infrastructure and the money laundering process. After all, criminals can’t steal money if they have nowhere to send it. Money mules are the people who, whether they’re aware of it or not, move money around for criminals. According to Europol, more than 90% of all money mule transactions are directly linked to cybercrime.

The financial services industry clearly recognizes that mule accounts are a significant problem. According to an Aite-Novarica survey, mule account activity increased by more than 10% in the first half of 2021 as compared to the first half of 2020. Combine that with a lack of industry standards or best practices for detection and monitoring and the increase in P2P platforms and faster payments, and the result is an ideal environment for money mules to thrive.

How Are Mule Accounts Created?

There are two main ways criminals go about establishing mule accounts.

  1. New account opening: Criminals use stolen or synthetic identities to establish new accounts that cannot be traced back to them. Once established, criminals will often let the account remain dormant for some time to avoid raising red flags with the bank. Before long, the new accounts are being used to cash out and launder stolen funds from other compromised accounts. It is not unusual to see criminals take advantage of marketing programs or other promotions designed to increase customer acquisition to open new accounts. And no one is safe. More recently, criminals have exploited vulnerabilities in the account opening process using variations of bots to open new accounts at scale. BioCatch research has found that one out of every 100 mule accounts is opened by a bot.
  2. Mule recruitment: Money laundering is an old game, but criminals have adapted numerous modern methods to increase the number of money mules in the system. Generally, mules include witting money mules, willfully blind money mules, and unwitting money mules. The digital landscape has made it easier for criminals to build up entire networks for money mule schemes, which has made the problem much more prominent in recent years.

What Are the Different Types of Money Mules?

No two mules are alike, and depending on the scenario, a mule account may exhibit different behavior patterns. This is what makes them so difficult to detect and why it is important to understand behaviors across the spectrum. Money mules can be broken down into five categories based on their role. The five types are:

  1. The Deceiver
  2. The Peddler
  3. The Accomplice
  4. The Chump
  5. The Victim

To map them onto the three categories mentioned above, Deceivers and Peddlers are willful mules; the former opens accounts with the intent of committing fraud, and the latter sells a genuine account to a criminal. Accomplices fall into the willfully blind category; they participate for a quick profit without asking any questions. The last two fall into the unwitting group; Chumps think they’re doing legitimate business, and Victims have their credentials stolen by attackers who take over their legitimate account for laundering.

How Banks Are Approaching Mule Account Detection

Behavioral biometrics can play an important role in how mule accounts are detected. There are some common factors that can be used to detect mules, such as transaction velocity and amount of transfers. But how can you prevent a fraudulent account from being opened in the first place? This is where behavioral biometrics comes in.


Here are three examples of how digital behavioral data can be used to identify new account fraud:

  • Application fluency: How familiar is the user with the account application process? A criminal repeatedly using compromised or synthetic identities will demonstrate a high level of familiarity with the new account opening process compared to a legitimate user.
  • Low data familiarity: How familiar is the user with personal data? A criminal is not familiar with the personal data and may display excessive deleting or rely on cut and paste techniques or automated tools to enter information that would be intuitive to the legitimate user.
  • Expert behavior: Does the user display advanced computer skills compared to the general population? A criminal often demonstrates advanced computer skills that are rarely seen among the genuine user population. Common examples include the use of advanced shortcuts, special keys, or application toggling.

In one case, a large bank leveraging behavioral biometrics to identify fraud detected approximately 1,000 mule accounts in the first few months of deployment. This demonstrates the prevalence and potential impact in financial losses that mule accounts pose to financial institutions. As for victims who are duped unwittingly into becoming a mule and accepting payments into a personal account that is already established, behavioral biometrics can play a key role in detecting fraudulent transfers. During social engineering attacks like Authorized Peer-to-Peer (APP) payment scams, which have been on the rise recently, behavioral biometrics looks at hundreds of risk indicators that signal latency, hesitation, distraction, and other user behaviors that indicate a person may be acting under the direction of a criminal.

A New Twist on an Old Problem

Using behavioral biometrics, BioCatch has built a solution for mule account detection that is grounded in data science. As noted in a recent Aite-Novarica report, “BioCatch’s efforts to model mule activity risk orbit the important ability to differentiate mule behavioral patterns from those of legitimate customers by comparing the pattern to one of five behavioral risk profiles. Each of the five profiles is unique to specific mule personas that are meant to align with the kinds of mules typically observed to operate within FIs.”

Access the full research report, The Emerging Case for Proactive Mule Detection, to learn more about how global financial institutions are mobilizing to address the money mule problem.


Recent Posts