- Money mules constitute up to 0.3% of accounts at U.S. financial institutions, or an estimated $3 billion in fraudulent transfers
- This estimate is considered low as most mule accounts go undetected
- New research shows emerging attack methods using hybrid bots enable criminals to open mule accounts at scale
- One out of every 100 money mule accounts are created by a bot
NEW YORK, NEW YORK (June 21, 2022) – BioCatch, – BioCatch, the global leader in behavioral biometrics, released new research on the size and scale of the growing money mule problem for U.S. financial institutions. During the first half of 2022, BioCatch data reveals that money mule accounts represent up to 0.3 percent of accounts held by financial institutions, and an estimated $3 billion in fraudulent financial transfers.
According to the Federal Deposit Insurance Corporation (FDIC), there are 124 million U.S. households that had a member with at least one bank account, although consumers own an average of 5.3 bank accounts across all types of financial institutions. Applying BioCatch findings to the estimated 657 million bank accounts in the United States, this translates to approximately two million mule accounts and nearly $3 billion in fraudulent transfers in a year. Further, the research found that the average mule transaction value is $1,500 – a comparatively low number to avoid detection by traditional means.
BioCatch uncovered a likely reason behind the rise in new mule account creation: the use of hybrid bots that can open new accounts at scale. This is an emerging trend that BioCatch observed for over a year through monitoring of user behavior in the account opening process. To avoid the robust bot detection capabilities deployed by most banks, criminals developed hybrid bots that enable some parts of the application to be filled in manually by a human and other parts to be completed in an automated fashion. For example, criminals typically use a script to fill in such data as a Social Security number or phone number, while there is human intervention with the pasting of data in other PII fields such as address and keystroke entries.
“Our researchers determined that one percent of mule accounts are created by bots,” said Gadi Mazor, CEO at BioCatch. “Financial institutions should expect that the use of bots in the account opening process will continue to grow, as they are a critical link in the fraud supply chain enabling criminals to cash out at the end of the money laundering process. However, mule activity can be detected at all stages of a customer’s banking journey through behavioral biometrics.”
Mule accounts are a global problem, and not only isolated to the United States. For example, in the UK, 156 million consumer bank accounts translates to 468,000 mule accounts and $702 million (or £550 million) in fraudulent transfers. According to Europol, more than 90 percent of money mule transactions are linked directly to cybercrime. Cybercriminals open mule accounts using stolen or synthetic identities, or criminals work with accomplices who use their personal information either wittingly or unwittingly to open money mule accounts. The rise in mule activity is particularly alarming with account holders under the age of 30. Last year, UK fraud prevention non-profit Cifas reported a 76 percent increase in accounts of those aged 21 to 30 that demonstrated classic signs of mule activity.
Detecting mule activity has long been a challenge for financial institutions. Recent research by Aite-Novarica shows that more than 80% of fraud executives interviewed believe that more can and should be done to mitigate the risk of mule activities in the industry.
“If mule activity continues to be neglected as a risk that is actively mitigated by a well-defined and formally ordained program, then faster payments and the trends among fraudsters to target clients with scams such as BEC and Authorized Push Payments will fuel significant growth in fraud,” said Trace Fooshee, Senior Analyst Fraud and AML at Aite-Novarica. “This could also lead to a wider variety of more pernicious crimes ranging from terrorism to human trafficking.”
In February, BioCatch announced it received a U.S. patent for its innovative, first-in-class Mule Account Detection solution, which monitors user interactions to identify mule bank accounts used for money laundering or terrorism funding. Based on real-time monitoring of user behavior and continuous monitoring of the account, BioCatch’s solution can determine whether the online banking account is being utilized as a mule account to illegally receive and transfer money. In addition to the Mule Account Detection patent, BioCatch holds 70 registered patents for its behavioral biometric and cybersecurity solutions across the United States, UK and Europe. For more information on mule detection, download a joint BioCatch and Aite-Novarica case study here: The Emerging Case for Proactive Mule Detection: Going on the Offense to Defend Reputational Risk.
BioCatch is the leader in Behavioral Biometrics, a technology that leverages machine learning to analyze an online user’s physical and cognitive digital behavior to protect individuals online. BioCatch’s mission is to unlock the power of behavior and deliver actionable insights to create a digital world where identity, trust and ease seamlessly co-exist. Today, BioCatch counts over 25 of the top 100 global banks as customers who use BioCatch solutions to fight fraud, drive digital transformation and accelerate business growth. BioCatch’s Client Innovation Board, an industry-led initiative including American Express, Barclays, Citi Ventures, and National Australia Bank, helps enable BioCatch to identify creative and cutting-edge ways to leverage the unique attributes of behavior for fraud prevention. With over a decade of analyzing data, more than 80 registered patents, and unparalleled experience, BioCatch continues to innovate to solve tomorrow’s problems. For more information, please visit www.biocatch.com