Money mules have gotten just the stimulus they needed in the last two years, in the form of pandemic relief packages like the CARES Act, to up their activity. Financial institutions are taking note. According to a recent report by Aite-Novarica, 64% of financial services fraud executives indicated that their institution has taken a greater interest in tracking, detecting, or preventing mule activity between the first half of 2020 and the first half of 2021. Despite this, 80% of those surveyed in the report believe their financial institution can and should do more. While the pandemic has made the mule problem worse, innovations in technology combined with effective policies for stopping mule activity can help improve detection, despite the complexities at play.
How a Global Pandemic Became a Mule Recruiter’s Heyday
Mule detection has long been a problem for financial institutions. In fact, the problem is as old as cybercrime itself, gaining mainstream coverage more than a decade ago when criminals used elaborate career recruitment schemes during the global economic crisis in 2008 to attract unwitting job seekers desperate for easy money. The recent pandemic has simply shed new light on an old problem.
In a recent webinar, Trace Fooshee, Strategic Advisor in the Fraud & AML practice at Aite-Novarica, discussed the growing concern. During the pandemic, “Mule recruiters were having a heyday,” Fooshee said. “This was largely the result of the huge numbers of displaced workers and unemployed service workers in particular.”
Fooshee also noted the expansion of cybercrime gangs focusing on financial fraud during the COVID-19 era. “The second thing that we found was Fraud, Inc., or the collective group of all of the fraudsters, swelled pretty significantly. It was largely to take advantage of the poorly protected state and local stimulus programs.”
Between unemployment, small business loans, and other economic relief programs, mule activity has risen since the beginning of the pandemic. According to law firm Arnold and Porter, financial fraud actors have attempted up to $470 million in CARES Act fraud between May 2020 and September 2021 — and that is a conservative estimate, based on what law enforcement has had the resources to pursue.
Says Fooshee, “Given the amount of stimulus funds that were made available, most of the fraud executives I spoke with think it’s well north of a billion.” And these numbers only cover stimulus fraud: not the traditional fraud that was happening before the pandemic and that has continued throughout it.
As mule activity continues to rise, the stakes are high for financial institutions. They face financial losses such as the actual stolen money, as well as operational overhead for responding to the fraud. Reputational losses, like brand damage and lowered share prices, are also a concern. Furthermore, financial institutions who fall victim to fraud face regulatory liability, such as for running afoul of anti-money-laundering laws.
Taking the Reins on Mule Account Detection
Though mule networks have existed for years, detecting their activity has historically been difficult. Hand-in-hand with the digital transformation of how financial institutions provide services, mules are also going digital — and mule detection is following suit. New technologies are making it more feasible to identify money mule red flags. Financial institutions now have access to more sophisticated detection and risk modeling capabilities, allowing them to make more confident decisions about what behavior may be caused by mules and which accounts should be investigated or terminated.
According to the Aite-Novarica Group report, “Among the more notable advancements in understanding and, by extension, modeling the behavioral patterns of mules comes from the behavioral biometrics company BioCatch.” BioCatch’s behavioral biometrics help financial institutions catch mules by detecting behaviors that are far more common in mules than in users who are opening legitimate accounts or accessing their own accounts for legitimate reasons. The platform allows financial institutions to identify those common types of mule behaviors and make decisions more quickly and more accurately.
Mule Account Detection Examples
Mule behavior can be detected at all stages of a customer’s banking journey. For example, during the account opening process, mules are often unfamiliar with the information they are using to open accounts. BioCatch can flag money mule account activity by pointing out indicators of this lack of familiarity, such as pasting personal information. According to BioCatch research, 64% of confirmed cases of account opening fraud showed this one behavior.
Other attributes, as accounts are used, can be linked to mule activity as well. Examining the applications installed on a device can reveal a wealth of information about the user. In particular, a disproportionately large number of banking applications across geographically disperse locations can often be correlated with suspicious mule activity. For example, a recent BioCatch alert at one customer fired on a device with 92 banking applications from other financial institutions. This was subsequently confirmed to be a device associated with mule activity.
BioCatch Mule Account Detection approaches the problem by looking at five mule personas, each which exhibit different patterns of behavior and are meant to align with the kinds of mules typically observed to operate within financial institutions. These personas include:
- Deceiver: Person who opens an account specifically for the purpose of money laundering.
- Peddler: Person who sells their legitimately opened bank account to a cybercriminal.
- Accomplice: Person who is aware of the criminal nature of the transaction but chooses to go along, often because of the lure of easy money.
- Chump: Person who has been convinced to complete a transaction for a criminal, believing the money is legitimate.
- Victim: Credential theft victim who is unaware that criminals have broken into their account and used it to launder money.
According to Aite-Novarica, “FIs that are serious about demonstrating they have robust mule mitigation and management controls should consider experimenting with adding multiple layers of controls that enable them to detect as full a range of coverage across the five mule personas as possible.”
Are You Doing Enough to Detect and Prevent Mule Activity?
To learn more about current trends in mule activity and how some financial institutions are responding, download the Aite-Novarica research report, The Emerging Case for Proactive Mule Detection.