March 27, 2019
£3.3 Million Mule Money Frozen, Using Link Analysis and Machine Learning to Model High-Risk Behavior
Mule Networks Contaminate the Global Banking Ecosystem
Global mule networks form the primary way to siphon proceeds of crime money through the banking ecosystem in an attempt to avoid detection and capture.
These networks are becoming ever-more sophisticated and hyper-connected, using vast swathes of individual money mules who are persuaded, either knowingly or unwittingly, to set up bank accounts to exit stolen funds. Proceeds of crime can filter through multiple mule accounts and across country borders, in near real-time, facilitated by faster payments initiatives both in the UK and worldwide.
Without money mules, (with the exception of CNP and First Party Fraud), there would be very little online banking fraud; they are the lifeblood of the criminal underworld and can often be virtually impossible to detect. In isolation, the accounts themselves may appear legitimate, with cybercriminals employing a raft of tactics to avoid detection. When analyzed as part of a wider network however, links and associations between accounts can reveal vast and globally connected patterns of fraudulent behavior.
The challenge for financial institutions is how to detect this mule activity in real time, before a transfer is made through a mule account.
Curtailing the Network Effect
Lloyds Banking Group is one of the UK’s leading provider of current accounts, savings, personal loans, credit cards and mortgages, with over 30 million customers.
The bank’s vision is to provide simpler, streamlined customer interactions online and via the mobile app. This relies on allowing customers to access their account and carry out real-time transactions whenever and wherever they choose, without unnecessary interventions. However, fraudsters are capitalizing on this strategy and using faster payments to quickly exit proceeds of crime without detection.
Lloyds responded by setting up a dedicated team of ‘mule hunters’ to pioneer a new, proactive approach to curb the growth of mule networks. The approach identified high-risk behavior indicative of a mule account, extrapolating this out to identify the wider network.
It Takes a Network to Fight a Network
Using ThreatMetrix technology, digital identity intelligence related to devices, locations, behaviors and threats can help banks connect the dots between the myriad pieces of information a user creates as they transact online, looking at relationships between entities at a global level and across channels/touchpoints.
Lloyds was able to use this intelligence to identify links between accounts associated with mule behavior. High-risk mule behavior was used to inform machine learning models that could more reliably identify further mule accounts, transforming the banks detection from reactive to proactive.