BioCatch is once again calling attention to the rising threat of mule accounts. The company noted that COVID-19 has accelerated digital transformation, which has in turn created an opportunity for fraudsters who can take advantage of the increased traffic to remain undetected.
However, BioCatch suggested that financial institutions share some of the blame, insofar as they are not taking proactive steps to prevent the creation of mule accounts. Instead, they only try to identify mule accounts when facing scrutiny from financial regulators or law enforcement officers, becoming reactive to the point that only six percent of financial institutions are actively investing in mule detection technology.
Meanwhile, making a mule account has become easier than ever, due to the ready availability of personal information and the simplicity of the account creation process. A mule account is an account that is set up purely for the purposes of moving (and laundering) stolen money. In the past, cybercriminals would pay money mules to move money through legitimate accounts. Now, cybercriminals can simply set up an account with a false name and move the money on their own, often using stolen personal information.
That’s also why BioCatch believes that financial institutions will change their approach to mule accounts in 2021, as they try to clamp down on the rampant fraud they experienced in 2020. Cybercriminals collected an estimated $36 billion in fraudulent COVID relief payments in the US alone. Lawmakers are likely to respond with new anti-money laundering legislation that will force banks to reexamine their security practices, and financial institutions will have their own incentives as they try to protect their reputations and curb fraud losses.
With that in mind, BioCatch predicts that financial organizations will work together to create security best practices and implement new technologies that can thwart mule accounts. For example, they can use behavioral biometrics to watch for suspicious patterns in the account opening process, or use device reputation to assess the trustworthiness of the device itself.
February 16, 2021 – by Eric Weiss