Lynx, a leading provider of AI software for detecting and preventing fraud and financial crimes, has been recognized as Best of Breed in the Name and Transaction Screening Solution in the 2024 Chartis RiskTech Quadrant® for Name and Transaction Screening Solutions.
Money Mules – Where Fraud, AML and Cybersecurity Converge
The phenomenon of money mules is not solely a fraud issue or an AML issue. It transcends individual threat vectors, encompassing cyber, KYC, fraud and AML considerations.
SCROLL DOWN TO READ MORE
Alyssa Iyer
Introduction
In an age defined by rapid technological advancement, we are concurrently experiencing a notable surge in attacks targeting customers in the financial services sector. The complexity, diversity, and sophistication of these attacks are also on the rise. These attacks can result in mass identity theft and synthetic identity account openings, hard-to-identify social engineering schemes, such as business email compromise and authorized push payment (APP) scams, among many others. The proliferation and the magnitude of the issue has been exacerbated by several recent developments:
- Criminals leverage AI advancements to orchestrate more sophisticated attacks with minimal resources, utilizing bots and social media to amplify their reach.
- Real-time payments have allowed these criminals to move illicit proceeds at an unprecedented pace without detection.
- Digital onboarding aims to provide a seamless entry process for identification and verification (ID&V); however, it has facilitated the proliferation of mule account creation.
- Embedded finance presents a valuable opportunity for diversifying products and enhancing user experience by integrating financial services within social media platforms. This convergence fosters a more seamless user experience but diminishes the inherent defense mechanisms that users rely on solely within the context of traditional banking interactions.
- Exploiting the risk-averse nature of the financial services industry, criminals capitalize on limited information sharing between banks and compartmentalized approaches by cyber, fraud, AML, and KYC teams, allowing them to perpetuate these schemes on a massive scale.
At the core of this vicious cycle of financial crime are money mules – individuals recruited to transfer illegally obtained funds on behalf of criminals. Money mules help criminals maintain their anonymity by adding layers of distance between crime victims and the criminals, making it difficult for law enforcement to “follow the money”. [1]
In this article, we will explore why the phenomenon of money mules intersects with every facet of threat and risk management, encompassing cyber, fraud, AML, and KYC disciplines. We’ll underscore the imperative of sharing intelligence to identify dormant money mules within financial institutions (FIs) worldwide, crucially, to proactively thwart their entry into the system in the first place, and to identify / stop mule accounts by blocking them in real time.
The intersection of cyber, fraud, AML and KYC…
In our view, the phenomenon of money mules is not solely a fraud issue or an AML issue. It transcends individual threat vectors, encompassing cyber, KYC, fraud and AML considerations:
Cyber:
- Weak cybersecurity controls create opportunities for cybercriminals to access sensitive personal information, leading to identity theft incidents.
- Crime as a Service (CaaS) lowers technical barriers of entry for would-be attackers and illicit nefarious services such as fake identity creation, bot generation, automated phishing and vishing, fake identity document creation, and so on.
KYC:
- Criminals and money mules exploit compromised credentials to open accounts across financial institutions, often using AI-altered documentation to get through traditional KYC identification & verification customer onboarding processes. These altered and compromised credentials are incredibly difficult to spot with the human eye, proven by the estimate that 95% of synthetic identities are not detected during the onboarding process. [2]
Fraud:
- Social engineering scams manipulate individuals into willingly divulging their personal data and convince victims to send money to criminal enterprises. With the advancements in AI, social engineering is becoming increasingly more common and effective. 98% of cybercrime was found to involve some sort of social engineering.[3]
- Once mules successfully onboard, they either act immediately to start transferring fraudulent funds OR lay dormant for days, months, or years before engaging in fraudulent activities.
- Typically, fraud tools look at outgoing transactions and digital interactions, so they do not necessarily detect dormant accounts. Legacy solutions also don’t use digital signals at onboarding and cannot necessarily see how criminals are propagating their attacks.
- Mass account takeover allows criminals to gain access to a network of money mule accounts, which can be challenging to detect until after an attack has occurred, as the account behavior appeared normal until a certain point.
AML:
- The mule receives and sends transactions of varying amounts from and to other mule accounts at different financial institutions to further obscure the money trail.
- Without machine learning algorithms, it is difficult to detect in real-time that these transactions are fraudulent proceeds derived from criminal acts.
- As shown in Figure 1 [4], the nature of these transactions can be low-dollar or low-frequency, meaning AML transaction monitoring (“TM”) rules may not trigger. Without additional parameters to signal potential concerns with these accounts, solely relying on transaction amount or frequency makes it difficult to discern whether these activities signify money mule involvement.
- If AML investigators knew this was mule activity, they could immediately block and report these transactions as suspicious and identify the surrounding mule network to stop the criminal network from hurting other victims.
Figure 1: Example of how fraudulent funds are distributed using mule networks
… may bring these teams together
How do we solve this multifaceted problem? By bringing together intelligence from the different disciplines and threat vectors.
Cybersecurity and fraud teams have started to converge at some forward-thinking financial institutions (FIs) because these institutions have seen the benefits that can come from intelligence sharing across these threat vectors, resulting in the emergence of a united team known as cyberfusion.
The same convergence goes for AML and KYC. While money muling equates to money laundering, traditional AML strategies alone will not effectively deter these criminals. To effectively prevent money mules from infiltrating the FI, the focus should begin with the interception at the first interaction with the bank – at customer onboarding and protecting against account takeover. FIs should leverage advanced technologies for verifying customer-provided documentation and data and pinpointing counterfeit docs; confirming genuine human identity through biometric verification and liveness checks; and cross-referencing customer information with trusted data sources using automation. In addition to applying advanced technologies to confirm the prospective customer´s identity, banks, fintechs, and neobanks alike need to be asking the right questions when onboarding customers to spot unusual activity in the future – e.g. salary, source of funds, expected activity, physical address.
From Unwitting Participants to Enablers| How a bank account ends up in the hands of mule herders
In the shadowy world of financial crime, money mule refers to someone who, either knowingly or unknowingly, allows their bank account to be used to move illegal funds. Here’s how an account might find its way to a mule herder:
- Knowingly Participating: Some individuals are aware they’re part of a criminal network, performing high-risk, low-reward tasks. This can involve opening multiple bank accounts, now more easily done online using real or fake information.
- Unwittingly Compromised: Others might be unknowingly roped in, such as students offered quick cash to lend their account for a weekend. By Monday, their account is back in their hands, no questions asked.
- Digital Dangers: The advent of digital banking has made it easier for criminals to use stolen data or synthetic identities to conduct their illicit activities leveraging ATO.
This evolving landscape of money muling underscores a stark reality – the fight against financial crime is not solely about technology but understanding the human vulnerabilities that technology seeks to exploit. Understanding the risks and staying informed can help protect against becoming an unwitting participant in these schemes.
This evolving landscape of money muling underscores a stark reality – the fight against financial crime is not solely about technology but understanding the human vulnerabilities that technology seeks to exploit. Understanding the risks and staying informed can help protect against becoming an unwitting participant in these schemes.
Conclusion
In conclusion, to proactively combat the expansion of criminal networks facilitated by money mules, firms in financial services must first and foremost effectively use threat intelligence across cybersecurity, KYC, fraud prevention, and AML. Criminals do not operate in siloes and neither can FI’s.
That is easier said than done. As former practitioners, we understand that. That is why we build technologies that bring together intelligence across disciplines, without requiring that these teams be fully integrated. With that said,
“…it is extremely important that financial services firms start to change the mindset in their organizations to emphasize the benefit that shared intelligence can bring. Cyber, fraud, KYC, and AML are all inextricably linked…”
[1] https://www.fbi.gov/how-we-can-help-you/scams-and-safety/common-scams-and-crimes/money-mules
[2] https://legal.thomsonreuters.com/blog/how-to-detect-synthetic-identity-fraud-before-it-becomes-a-problem/
[3] https://digitalcommons.sacredheart.edu/cgi/viewcontent.cgi?article=1576&context=acadfest
[4] https://www.mastercard.us/content/dam/public/mastercardcom/na/us/en/governments/others/vocalink-anti-money-laundering-case-study.pdf
[5] https://www.fca.org.uk/publications/multi-firm-reviews/proceeds-fraud-detecting-preventing-money-mules
Read More Articles
Get in Touch
Let us assist you in the fight against fraud and financial crime.