For criminals who specialize in taking advantage of the financial sector, the last few years have been a boon. Due to the coronavirus pandemic, we’ve seen a sharp uptick in cybercrime, specifically, attacks designed to take advantage of the programs set up to help the country weather the pandemic.

According to law firm Arnold and Porter, financial fraud criminals have attempted up to $470 million in CARES Act fraud between May 2020 and September 2021 — and that is a conservative estimate, based on what resources law enforcement had available for investigation. There is one member of the cybercrime circle that is crucial to keeping criminal operations running, the person who moves the money, a money mule. Money mules are people who move stolen money from Point A (victim banks, businesses, and individuals) to Point B (criminal organizations engaged in various fraudulent schemes).

While criminals have always relied on money mules, the process is now increasingly online due to the digital economy, resulting in these large-scale schemes to defraud customers, banks, and other financial institutions (FIs). While it would be easy to blame money mule-related activity solely on the pandemic, the severity of these fraudulent schemes has only grown in recent months. During the first half of 2022, BioCatch data reveals that money mule accounts represented up to 0.

3 percent of accounts held by financial institutions, and account for an estimated $3 billion in fraudulent financial transfers in the US alone. Why are money mules so prevalent? According to a recent report by Aite-Novarica, 64% of financial services fraud executives indicated their institution has taken a greater interest in tracking, detecting, or preventing mule activity between the first half of 2020 and the first half of 2021. Despite this, 80% of those surveyed in the report believe their financial institution can and should do more.

As a whole the industry has been slow to respond to and match the malicious operations deployed by the masterminds behind money mules. In addition to the lack of allocated resources dedicated to stopping mules, we’re now seeing criminals utilize advanced technology to increase the effectiveness of their operations, such as the introduction of hybrid bots used to open new accounts at scale. To avoid a banks’ bot detection systems, criminals are using these hybrid bots to fill in parts of the application manually by a human, while other parts are completed in an automated fashion.

For example, criminals can use a script to automatically fill in such data as a Social Security number or phone number, while using humans to paste in other fields, such as their address and other personal information. This hybrid approach is fast, efficient and has caused significant issues for FIs with already limited resources and the ability to halt these transactions. To match these tactics, we’re seeing FIs turn towards automated systems of their own, specifically those that deploy behavioral biometrics to quickly identify fraudulent behavior and alert key stakeholders so that action might be taken in real-time.

Detecting the red flags With the advent of behavioral biometrics, FIs now have access to more sophisticated detection and risk modeling capabilities, allowing them to make more confident decisions about what behavior indicates mule activity and which accounts should be investigated or terminated. This process entails both real-time monitoring of user behavior and continuous monitoring of the account, ultimately determining whether the online banking account is being utilized as a mule to illegally receive and transfer money. Simply put, by analyzing user’s digital behavioral data, we can detect money mule “red flags” and then take the appropriate steps to mitigate these actions and contact authorities.

Here are three examples of how digital behavioral data can be used to identify new account fraud: Application fluency: How familiar is the user with the account application process? A criminal repeatedly using compromised or synthetic identities will demonstrate a high level of familiarity with the new account opening process compared to a legitimate user. Low data familiarity: How familiar is the user with personal data? A criminal is not familiar with the personal data and may display excessive deleting or rely on cut and paste techniques or automated tools to enter information that would be intuitive to the legitimate user. Expert behavior: Does the user display advanced computer skills compared to the general population? A criminal, focused on efficiency, often demonstrates advanced computer skills that are rarely seen among the genuine user population.

Common examples include the use of advanced shortcuts, special keys, or application toggling. Other account attributes can be linked to mule activity as well. Examining the applications installed on a device can reveal a wealth of information about the user.

One consistent red flag that we’re seeing among money mules is an unusually high number of banking applications from different banks installed on the same device. For example, one mule account detected by my team had more than 90 banking apps installed on a singular mobile device. Unlike traditional security controls, analyzing and acting on these factors provides a level of awareness and automation that evolves in real-time, rather than long after the crime has been accomplished.

Moving forward As money mule activity continues to rise, the stakes remain high for FIs across the sector. Not only is there a significant business incentive to eliminate money laundering within their system, but also significant reputational and regulatory risks as well. Brand damage and lowered share prices are a concern, as well as running afoul of money laundering laws and facing extensive fines.

Further, every money mule case that has to be detected, investigated, and resolved is a drain on operational resources and detracts from budget that can be used for other business improvement efforts. By using behavioral biometrics, FIs can vastly improve and automate the detection and prevention of mule activity, in turn, taking the fight to these criminals and stymying their efforts to defraud FIs and their millions of customers worldwide.

By Erin Englund
Aug 11, 2022 00:00
Original link