The value of precision in disrupting mule networks

Every scam has two sides. One is the victim, manipulated into sending money. The other is the mule account waiting to receive it. Without that destination, the criminal has nothing. Precision on one side of the coin demands equal precision on the other.

There is no single moment of compromise. No fraudulent transaction that triggers an immediate alert. No obvious victim calling the bank in distress. Mule accounts operate quietly, often for months, moving stolen funds through what appears to be perfectly normal customer activity. By the time the damage is visible, it is rarely confined to a single team’s spreadsheet.

Precision in identifying and blocking these mule accounts is absolutely critical. Precisely identifying mule risk early and at scale both enables effective intervention and disrupts financial crime infrastructure before significant losses occur.

The hidden cost of doing nothing

Most institutions understand the direct costs of fraud. Reimbursements, write-offs, and fraud losses are line items that appear on reports and drive conversations in risk committees. Mule accounts don’t work that way.

The cost of a mule account is spread across the entire institution that harbors it. Mules appear as operational drag, with AML teams overwhelmed by Suspicious Activity Reports, each taking more than 21 hours to complete. They result in inflated fraud case volumes, distorted digital onboarding metrics, and frustrated customers flagged and frozen. These costs accumulate across up to 17 teams, from onboarding to regulatory reporting, with no single owner of the problem.

The financial weight of this diffusion is significant. Forrester Research finds that financial crime compliance costs can consume as much as 19% of a financial institution’s annual revenue. Mules account for the bulk of that burden: They don’t generate losses in the traditional sense, but they generate cost at every stage of the lifecycle they inhabit.

And that lifecycle is long. Research from the BioCatch network shows that 79% of confirmed mule accounts were highly active for 90 days before an incoming fraudulent payment. For most of that period, they looked entirely clean.

Why mule detection has historically been reactive

Traditional approaches to financial crime detection (transaction monitoring, KYC checks, device analysis, etc.) were built to identify suspicious activity after it occurs. A payment crosses a threshold. A transaction pattern deviates from history. A device appears on a watchlist.

This works reasonably well for fraud that leaves an immediate evidentiary trail. It works poorly for mule accounts, where the defining characteristic is that nothing looks obviously wrong. The identity may be genuine. The device may be clean. The account may have a solid history. The transaction, viewed in isolation, may be entirely unremarkable.The challenge isn’t what happened. It’s what’s about to happen, and why.

This is the same structural problem that behavioral intelligence has already proven it can solve in account takeover and social engineering scam detection. The question in each case is not whether an action occurred, but what the behavior surrounding that action reveals about intent. Mule accounts are no different.

What precision looks like in practice

Consider what separates a fraudster opening a mule account from a genuine customer opening a new account. From a KYC or document-verification perspective, they may be indistinguishable. But behaviorally, the difference is legible. A criminal using a stolen identity navigates with unusual expertise. They have done this before, possibly many times. Their application fluency and confidence in the data they’re entering are too high for someone encountering their own details for the first time. Age signals in the interaction pattern can suggest an experienced operator behind an account nominally belonging to someone younger.

BioCatch identifies five distinct mule personas, each with a different level of complicity and a different behavioral signature.

The deceiver opens the account with the explicit intent to commit fraud.
The peddler is the account holder who has sold their credentials to a criminal network.
The accomplice willingly participates for financial gain.
The misled mule executes transactions believing the funds are clean.
The victim's account has been taken over without their knowledge.

For existing accounts, the signals shift according to which persona is present. The peddler leaves behavioral traces because the person accessing the account now is not the one who opened it — navigation preferences change, typing patterns diverge from historical norms, and mouse behavior reflects someone unfamiliar with the account they have just inherited. The accomplice, a genuine account holder facilitating transfers willingly, may interact normally in most respects, but their transaction velocity and incoming payment amounts diverge sharply from any reasonable personal baseline. Each persona is behaviorally distinct, and that distinctness is precisely what makes detection tractable.

Takeaway: Real-time behavioral signals enable organizations to detect and disrupt mule activity before losses materialize.

The results that precise detection delivers

One leading European bank moved from reactive to proactive by deploying BioCatch’s behavioral intelligence to detect mule accounts at onboarding and during early account use. Within months of rollout, the results were substantive: €12.4 million in mule-related transfers were prevented, representing a 33% reduction in the second half of 2025 compared to the first half of 2024. Detection rates increased by 54%. Mule-related false positives fell by 30%, reducing the operational drag that had been absorbing investigative capacity and diverting analyst attention from genuine risks.

This last number deserves emphasis. False positives in mule detection incur the same compounding costs as in fraud prevention: wasted investigations, frustrated legitimate customers, strained contact center operations, and complaints that escalate to regulators. A 30% decrease in false positives frees overworked bank employees to focus on critical threats.

In Australia, a large bank used BioCatch to identify more than 2,000 mule accounts in the first year of deployment, with a 1:1 ratio of fraud accounts to genuine accounts in the identified population. Flagged accounts were essentially as likely to be fraudulent as legitimate. Losses from identity theft involving account takeover fell by 70%.

A recent NAB case study extends this story further. After elevating mule risk to its executive financial crime risk committee, motivated in part by watching the UK’s Payment Systems Regulator introduce receiving-bank liability for scam losses, NAB ran a layered identification exercise using BioCatch’s Mule Account Detection model alongside internal behavioral scoring across 70 customer attributes. Of approximately 10,000 profiles offboarded, only 70 were subsequently confirmed as genuine customers, resulting in a mule-detection accuracy rate exceeding 99%. Those genuine customers had services restored within 24 hours.

From compliance problem to enterprise risk

The NAB experience illustrates something important beyond the detection numbers. Leadership’s deliberate choice to reframe mule profiles not as customers but as financial crime risks changed how the business evaluated the case for action. Maintaining a single mule profile costs NAB approximately AUD $1,200 in baseline servicing costs alone, before accounting for SAR obligations, investigation and case management, potential reimbursement exposure, and reputational risk. Multiply that across tens of thousands of profiles, and the economics become self-evidently strategic.

This is the conversation that too few institutions are having. Mule accounts are treated as a fraud or AML problem, owned by operational teams, and measured against operational metrics. But the true cost is enterprise-wide, touching every KPI from fraud detection accuracy to customer lifetime value, from SAR filing timeliness to brand reputation. The institutions getting ahead of this risk are the ones that have recognized it as a board-level issue, not because regulators are demanding it, but because the economics make it unavoidable.

Regulators are, of course, catching up. Markets, including the UK, Australia, Singapore, India, and Thailand, are all under increasing scrutiny on mule exposure as a systemic weakness. As receiving-bank liability frameworks extend beyond the UK model, the financial case for inaction deteriorates rapidly.

Precision as the mechanism for scale

What makes behavioral intelligence particularly valuable in the mule context is that it doesn’t require a triggering event. Unlike rules-based systems that wait for a threshold to be crossed, behavioral models run continuously across every digital session: at account opening, at login, at transaction initiation, throughout the account lifecycle. The BioCatch network effect amplifies this further, sharing anonymized device, network, and account signals across institutions to identify coordinated mule campaigns that no single bank could detect in isolation.

This always-on approach enables a true shift: Organizations can proactively detect mule accounts before critical moments — before payments, suspicious transfers, or SAR filing. Precision here delivers the highest returns by dismantling criminal infrastructure before it matures and damages the institution.

As real-time payments compress the window for risk decisions to milliseconds, the institutions that have invested in behavioral intelligence are the ones operating ahead of the threat. The ones still relying on historical transaction monitoring are looking into their rearview mirrors.

—

Key takeaways:

Mule accounts carry no obvious balance-sheet loss, but their costs are diffuse and significant, impacting fraud, AML, operations, customer experience, and finance teams simultaneously.
Forrester Research finds financial crime compliance costs can consume up to 19% of annual revenue, with mule accounts at the core of that burden.
Behavioral intelligence detects mule risk earlier, avoiding detection after the fact, distinguishing the five mule personas through signals that traditional controls cannot see.
A leading EMEA bank using BioCatch prevented €12.4 million in mule-related transfers in H2 2025, increased detection rates by 54%, and cut false positives by 30%.
A large Australian bank identified more than 2,000 mule accounts in year one with a 1:1 precision ratio, reducing identity theft losses involving account takeover by 70%.
NAB offboarded 10,000 mule profiles with 99%+ accuracy, demonstrating that large scale remediation can be done responsibly, at speed, without substantial regulatory escalation.
Treating mule accounts as an enterprise-wide strategic risk, not a back-office compliance issue, is the framework that enables institutions to act at the scale the problem demands.