How to Use Behavioral Biometrics to Detect Mule Accounts

Jun. 18, 2020 | by Heidi Bleau

Mule accounts are the most critical link in the fraud supply chain infrastructure. After all, cybercriminals can’t steal money if they have nowhere to send it.  According to Europol, more than 90% of all money mule transactions are directly linked to cybercrime.

The financial services industry clearly recognizes that mule accounts are a significant problem. However, one in three financial institutions are not even tracking mule accounts because they lack the resources to support continuous monitoring, according to a recent study by Aite Group.  Combine that with a lack of industry standards or best practices for detection and monitoring and the increase in P2P platforms and faster payments, and suddenly an ideal environment is born for mule accounts to flourish.

There are two main ways cybercriminals go about establishing mule accounts.

  1. New account opening: Cybercriminals use stolen or synthetic identities to establish new accounts that cannot be traced back to them. Once established, cybercriminals will often let the account remain dormant for some time to avoid raising red flags with the bank. Before long, the new accounts are being used to cash out and launder stolen funds from other compromised accounts.  It is not unusual to see cybercriminals take advantage of marketing programs or other promotions designed to increase customer acquisition to open new accounts. In the case of one digital bank that launched a marketing campaign to attract new customers, they found that for every 100 good applicants, there were 900 fraudulent ones.
  2. Mule recruitment: Cybercriminals will also dupe real victims into scams in an attempt to get them to use their established bank account to transfer stolen funds. Two of the most common types of mule recruitment tactics are work-at-home opportunities and romance scams. One in every five mule schemes have been attributed to romance scams, and according to the FBI’s Internet Crime Complaint Center (IC3), it is the second costliest to victims.

Behavioral biometrics plays an important role in how mule accounts are detected.  There are some common factors that can be used to detect mules such as transaction velocity and amount of transfers.  But how can you prevent a fraudulent account from being opened in the first place?  This is where the power of behavioral biometrics comes in.  Here are a couple of examples of how digital behavioral data can be used to identify new account fraud:

  • Application fluency: How familiar is the user with the account application process? A cybercriminal repeatedly using compromised or synthetic identities will demonstrate a high level of familiarity with the new account opening process compared to a legitimate user. 
  • Low data familiarity: How familiar is the user with personal data? A cybercriminal is not familiar with the personal data and may display excessive deleting or rely on cut and paste techniques or automated tools to enter information that would be intuitive to the legitimate user.

In one case, a large bank leveraging behavioral biometrics to identify fraud detected approximately 1,000 mule accounts in the first few months of deployment. This demonstrates the prevalence and potential impact in financial losses that mule accounts pose to financial institutions.

As for victims who are duped unwittingly into becoming a mule and accepting payments into a personal account that is already established, behavioral biometrics can still play a key role in detecting fraudulent transfers.  Similar to social engineering attacks, such as authorized push payments, behavioral biometrics looks at hundreds of risk indicators that signal latency, hesitation, distraction and other user behaviors that indicate a person may be acting under the direction of a criminal.

Learn more about how behavioral biometrics can help detect new account opening fraud in the case study, “Behavioral Biometrics Prevents Massive New Account Opening Fraud Attack.”

Topics: Fraud, New Account Fraud, Featured