£3.3 Million Mule Money Frozen, Using Link Analysis and Machine Learning to Model High-Risk Behavior

Mule Networks Contaminate the Global Banking Ecosystem

Global mule networks form the primary way to siphon proceeds of crime money through the banking ecosystem in an attempt to avoid detection and capture.

These networks are becoming ever-more sophisticated and hyper-connected, using vast swathes of individual money mules who are persuaded, either knowingly or unwittingly, to set up bank accounts to exit stolen funds. Proceeds of crime can filter through multiple mule accounts and across country borders, in near real-time, facilitated by faster payments initiatives both in the UK and worldwide.

Without money mules, (with the exception of CNP and First Party Fraud), there would be very little online banking fraud; they are the lifeblood of the criminal underworld and can often be virtually impossible to detect. In isolation, the accounts themselves may appear legitimate, with cybercriminals employing a raft of tactics to avoid detection. When analyzed as part of a wider network however, links and associations between accounts can reveal vast and globally connected patterns of fraudulent behavior.

The challenge for financial institutions is how to detect this mule activity in real time, before a transfer is made through a mule account.

ThreatMetrix intelligence formed the building blocks for our machine learning model to detect mule accounts. The ability to incorporate network link analysis meant that we had a unique vantage point to identify, and then model, mule behavior.

Andy Renshaw, Lloyds Banking Group

Curtailing the Network Effect

Lloyds Banking Group is one of the UK’s leading provider of current accounts, savings, personal loans, credit cards and mortgages, with over 30 million customers.

The bank’s vision is to provide simpler, streamlined customer interactions online and via the mobile app. This relies on allowing customers to access their account and carry out real-time transactions whenever and wherever they choose, without unnecessary interventions. However, fraudsters are capitalizing on this strategy and using faster payments to quickly exit proceeds of crime without detection.

Lloyds responded by setting up a dedicated team of ‘mule hunters’ to pioneer a new, proactive approach to curb the growth of mule networks. The approach identified high-risk behavior indicative of a mule account, extrapolating this out to identify the wider network.

Detecting and blocking mule accounts is the apex of the fraud triangle; if you catch the mules, you reduce virtually all online banking fraud. Our partnership with ThreatMetrix has been a true collaboration to genuinely understand the anatomy of mule behavior; to mitigate it both now and in the future.

Andy Renshaw, Lloyds Banking Group

It Takes a Network to Fight a Network

Using ThreatMetrix technology, digital identity intelligence related to devices, locations, behaviors and threats can help banks connect the dots between the myriad pieces of information a user creates as they transact online, looking at relationships between entities at a global level and across channels/touchpoints.

Lloyds was able to use this intelligence to identify links between accounts associated with mule behavior. High-risk mule behavior was used to inform machine learning models that could more reliably identify further mule accounts, transforming the banks detection from reactive to proactive.

The drive to reduce consumer friction in the online banking experience can’t come at the expense of increased fraud. Our ability to detect high-risk behavior in near real-time has to be based on robust threat intelligence that we use to inform future fraud detection strategies.

Andy Renshaw, Lloyds Banking Group

Schedule a Consultation

Start Today
close btn