How can we overcome the threat of mule fraud during COVID-19? (Part 2)
As new challenges continue to emerge as a result of COVID-19, we have witnessed a shift in criminal behavior and a rise in mule fraud. The first of this two-part series discussed the increasing dependency on mule accounts and how they are being exploited to exfiltrate illicit funds. In part two, we focus on how financial institutions can detect mule accounts, immobilize criminals, and protect their customers from fraud.
How can financial institutions effectively detect mule accounts?
Detecting mule accounts requires you to identify the connections and transactions between customers which strongly indicate they are being used to disguise fraudulent activity and subsequent payment flows.
It is the network of these accounts and the interconnected features of each customer which allows us to identify those who are likely being used as money mules with a great degree of confidence.
For example, it is possible to isolate a network of accounts who are connected via:
- account information, such as common names or home addresses;
- online access patterns, such as common devices used for online banking; or
- transactions between the accounts.
We can then analyze account features on these networks to indicate whether they fit a common profile of mule accounts. These features include:
- Customer information
- Age profiles
- Stated occupations
- Geographic locations
- Account activity
- Signs of financial distress such as frequent overdraft delinquency
- Perpetual low balances with occasional spikes
Finally, we can look at the payment flows across the network to identify patterns which fit known mule fraud network activity, including:
- Starburst payment flows which expand from one account to multiple accounts, and then again from those accounts into multiple others
- Inverted pyramid flows where there are multiple originating accounts paying a single or few beneficiaries
- Rapid transaction cycling in multiple directions between the accounts
Any of these indicators viewed in isolation can generate large numbers of misleading signals. But by looking at these accounts as a network and calibrating the analysis, it is possible to deploy an effective fraud detection capability. By analyzing the network and not just the transaction, you gain a greater understanding of context, including the full flow of funds. This is proven to be a far more effective approach to proactively identifying organized crime.
Expand analysis and look at inbound payments
It’s not enough to simply look for signals that are indicative of illicit activity. Any balanced assessment also needs to consider information that suggests a customer account is genuine. For example, an absence of routine transactions on an account, such as monthly rent or bill payments, can be a hallmark of a mule account. However, this could also simply signify that the bills are paid by another member of the household with an account registered to the same address.
By performing analysis at a network-level, it is possible to discount atypical but explainable transactions and account behaviors. This reduces false positives and empowers analysts to focus on genuinely high-risk cases.
There is also a lot of value in actively monitoring inbound payments received into customer accounts. It is common for counter-fraud functions to focus on analyzing outbound payments, as this is where a lot of fraud losses occur through scams such as Card-Not-Present or Authorised Push Payment fraud.
An increasing number of banks are opting to incorporate inbound payments monitoring within their strategy to tackle money mules. Identifying signals on inbound payments provide financial institutions more time to investigate and seize illicit funds before they leave the bank where appropriate.
Overcoming challenges with advanced network analytics
Criminals will frequently use accounts across multiple financial institutions, which can make it difficult to trace the funds in and out of those customer accounts. However, using network analytics, we can look within a short period after the funds go to an external account for a linked inbound flow to a different customer account, making it possible to continue tracing the funds. Additionally, the intelligence gained about that external account and its involvement in the network can then be applied elsewhere to improve the overall analysis.
When new monitoring or counter-fraud measures are proposed, a number of sensible questions will arise about whether it will impact customer experience or drive more complaints. However, network analytics simply provides greater context to enhance fraud detection and prevention processes. This context makes it easier to zero in on criminals and reduce the likelihood of inadvertently interrupting the payment flows of legitimate customers.
Next steps to enhanced fraud detection
Mule accounts have a destructive societal impact. They are already becoming an increasingly prominent issue for the banking and financial services industry. And this will only be amplified by the current rise in scams and the economic conditions which facilitate money mule recruitment. Banks are progressively augmenting their counter-fraud capabilities and should continue doing so with a focus on inbound payments, as well as outbound.
More flexible analytics aiding rapid root cause analysis is becoming increasingly important for fraud functions. Rule-based systems have limitations (even sophisticated ones), and this is especially true during COVID-19, where “normal” activity has quickly shifted, and the baseline is no longer relevant. Agile technologies will allow financial institutions to slice and dice data on demand to explore and mitigate new threats.