Book a demo

Learn how your business can benefit from Quantexa technology by booking a bespoke demonstration with our solutions experts.
  • Let us know the reason for your enquiry
  • By submitting this form, you consent to us using the details you provide to respond to your enquiry. A backup of these details will be held, but can only be accessed by authorised individuals. If you would like your data to be removed from our backups, please email

How can we overcome the threat of mule fraud during COVID-19? (Part 2)

Ivan Heard

As new challenges continue to emerge as a result of COVID-19, we have witnessed a shift in criminal behavior and a rise in mule fraud. The first of this two-part series discussed the increasing dependency on mule accounts and how they are being exploited to exfiltrate illicit funds. In part two, we focus on how financial institutions can detect mule accounts, immobilize criminals, and protect their customers from fraud.

How can financial institutions effectively detect mule accounts?

Detecting mule accounts requires you to identify the connections and transactions between customers which strongly indicate they are being used to disguise fraudulent activity and subsequent payment flows.

It is the network of these accounts and the interconnected features of each customer which allows us to identify those who are likely being used as money mules with a great degree of confidence.

For example, it is possible to isolate a network of accounts who are connected via:

  • account information, such as common names or home addresses;
  • online access patterns, such as common devices used for online banking; or
  • transactions between the accounts.

We can then analyze account features on these networks to indicate whether they fit a common profile of mule accounts. These features include:

  • Customer information
    • Age profiles
    • Stated occupations
    • Geographic locations
  • Account activity
    • Signs of financial distress such as frequent overdraft delinquency
    • Perpetual low balances with occasional spikes

Finally, we can look at the payment flows across the network to identify patterns which fit known mule fraud network activity, including:

  • Starburst payment flows which expand from one account to multiple accounts, and then again from those accounts into multiple others
  • Inverted pyramid flows where there are multiple originating accounts paying a single or few beneficiaries
  • Rapid transaction cycling in multiple directions between the accounts

Any of these indicators viewed in isolation can generate large numbers of misleading signals. But by looking at these accounts as a network and calibrating the analysis, it is possible to deploy an effective fraud detection capability. By analyzing the network and not just the transaction, you gain a greater understanding of context, including the full flow of funds. This is proven to be a far more effective approach to proactively identifying organized crime.

Expand analysis and look at inbound payments

It’s not enough to simply look for signals that are indicative of illicit activity. Any balanced assessment also needs to consider information that suggests a customer account is genuine. For example, an absence of routine transactions on an account, such as monthly rent or bill payments, can be a hallmark of a mule account. However, this could also simply signify that the bills are paid by another member of the household with an account registered to the same address.

By performing analysis at a network-level, it is possible to discount atypical but explainable transactions and account behaviors. This reduces false positives and empowers analysts to focus on genuinely high-risk cases.

There is also a lot of value in actively monitoring inbound payments received into customer accounts. It is common for counter-fraud functions to focus on analyzing outbound payments, as this is where a lot of fraud losses occur through scams such as Card-Not-Present or Authorised Push Payment fraud.

An increasing number of banks are opting to incorporate inbound payments monitoring within their strategy to tackle money mules. Identifying signals on inbound payments provide financial institutions more time to investigate and seize illicit funds before they leave the bank where appropriate.

Overcoming challenges with advanced network analytics

Criminals will frequently use accounts across multiple financial institutions, which can make it difficult to trace the funds in and out of those customer accounts. However, using network analytics, we can look within a short period after the funds go to an external account for a linked inbound flow to a different customer account, making it possible to continue tracing the funds. Additionally, the intelligence gained about that external account and its involvement in the network can then be applied elsewhere to improve the overall analysis.

When new monitoring or counter-fraud measures are proposed, a number of sensible questions will arise about whether it will impact customer experience or drive more complaints. However, network analytics simply provides greater context to enhance fraud detection and prevention processes. This context makes it easier to zero in on criminals and reduce the likelihood of inadvertently interrupting the payment flows of legitimate customers.

Next steps to enhanced fraud detection

Mule accounts have a destructive societal impact. They are already becoming an increasingly prominent issue for the banking and financial services industry. And this will only be amplified by the current rise in scams and the economic conditions which facilitate money mule recruitment. Banks are progressively augmenting their counter-fraud capabilities and should continue doing so with a focus on inbound payments, as well as outbound.

More flexible analytics aiding rapid root cause analysis is becoming increasingly important for fraud functions. Rule-based systems have limitations (even sophisticated ones), and this is especially true during COVID-19, where “normal” activity has quickly shifted, and the baseline is no longer relevant. Agile technologies will allow financial institutions to slice and dice data on demand to explore and mitigate new threats.


To find out more about how financial institutions can leverage data and technology to overcome current challenges like mule fraud and other long-term threats resulting from COVID-19, download our latest white paper on situational awareness here.

Ready to see Quantexa in action?

Get in touch to arrange a personal demo from one of our experts.

Book a demo