It’s time to peel back the curtain on Mule accounts, drawing off Indian monies to offshore fraudsters. But why are they a big deal? ‘Mule’ better known as ‘Money Mule’ are regular bank accounts, used for collecting payment or to hide the money trail by fraudsters. The BFSI ecosystem is stepping up the security measures, running awareness campaigns but accurately identifying these accounts remains a challenge for banks. Fake gateways offering ‘Mule as service’ have heated up the situation.
Prevent the leakage before it breaks down the floodgates drowning the reputation. Let’s explore the threat they pose and how Mule Account monitoring can help.
Combatting the Threat of Mule Accounts
Mule accounts are bank accounts used to transfer illegal funds, often linked to money laundering schemes, illegal betting gambling sites, Forex trading sites etc. converted to crypto and taken offshore. They pose a significant risk, slipping through the cracks of traditional monitoring systems and enabling cybercriminals to exploit financial operations.
Use of Mule accounts is violation of Indian tax laws and GST fraud. For instance, betting sites use mule accounts to take bets associated with Indian payment instruments, bank accounts, UPIs, and mobile wallets. This leads to massive tax evasion as this money gets transferred to offshore accounts from these mule accounts of individuals or companies.
As per regulations of the National Payments Corporation of India (NPCI) and Reserve Bank of India (RBI), the Indian payment systems should not be used for blacklisted or banned website categories like gambling, pornographic sites, Forex trading sites, Chinese laundering/loan apps or on other restricted sites.
‘Mule’ as service offered by Fake Payment Gateways
Another pressing issue with mule account generating high concerns is Fake Payment Gateways offering mule as service or offshore websites. Yes, Shocking right? These gateways provide such mule, manage them and rotate them frequently to avoid any spike in transaction to come in notice of banks.
“Mule as a Service” (MaaS) involves using fake payment gateways in various scams, such as e-commerce, task scams, loan scams, gaming apps, pig butchering scams, and betting sites. For instance, Fake e-commerce sites trick buyers into paying for non-existent products, while task scams lure individuals with promises of high returns for simple jobs. Loan scams often require upfront fees paid through these fake gateways. In gaming and betting scams, in-app purchases and bets are redirected through fraudulent channels. These gateways create and manage a network of mule accounts using link sellers for resetting free invite, sell invites to agents, mule groups that source money mule and rotate them, making the money trail hard to trace.
Ways to Identify Mule Accounts
Money Mules are a major brand reputation threat to financial institutions as they often use reputed bank accounts, either P2P accounts with a lower threshold or Merchant accounts for high-amount transactions. But there’s a way to turn the tide and protect from these hidden threats.
Transaction Monitoring using Bank Data: This method is used by banks to monitor transaction data patterns that highlight any suspected transaction. As fraudsters use hundreds of accounts and keep rotating then it gets to detect patterns in transactions. A prediction score is given to probable mule accounts. This solution requires complex data modelling, transaction analysis and training, which may not always be possible. It also requires a long setup and investment over time. Also with Mule-as-a-Service, since transactions are rotated across hundreds of accounts, this can easily be bypassed. Simply for fraudsters to make small tweaks to their rotation can make them evade detection easily.
Detection from Mule Source: This method identifies websites that use mule accounts and detects the mule accounts by DIRECTLY going to those websites and tracking all mules being present there. This method helps identify guaranteed mule accounts without using any bank data and is quick to scale. Since this method goes DIRECTLY to websites where mules are present, it doesnt need complex integrations, doesnt need model training and evading detection is not possible.
While both options have their pros and cons, “Detection from Mule Source” is the game-changer in this fight. Detecting mule accounts from source websites such as gambling and betting sites identifies accurate finding with guaranteed mule. At scale. Detection at source also provides proof point to validate findings, help in taking swift action. This data also can be used to train AI-ML based transaction monitoring system to identify mule accounts more accurately at a later stage. A public sector bank consolidated and strengthened its rule engine system to more accurately identify the mule accounts by taking data from “Detection from Mule Source” and feeding to its model training.
mFilterIt mule account monitoring tool leveraging advanced algorithms and tech for swift identification of guaranteed mule accounts. No data is required from banks, we detected mules used by the source itself. Identification of suspicious websites using mule accounts with proof points that guarantee mule accounts. This proactive approach ensures banks stay one step ahead of fraudsters, safeguarding financial integrity, but can also take swift action with proof point and strengthening their data model at scale. Currently mFilterIt is monitoring almost 25,000 websites EVERY HOUR at scale by automated browsing and access. This ensures that even payment gateways offering Mule-as-a-Service are getting caught in large volumes, and their ENTIRE load of mule accounts get blocked IMMEDIATELY!
Proactive Action on Mule Accounts
We detect 18 to 20 thousand mule cases every single day for Banks. These mule accounts are usually owned by regular people, who are either tricked into opening these accounts or knowingly use these accounts at the behest of some monetary incentives.
We are also working in collaboration with national banks regulatory bodies, payment apps, and other major platforms in India to spot and safeguard from Mule Accounts frauds. Our role is to track these platforms leveraging OSINT (Open-source Intelligence) and our transaction laundering detection solution as we crawl across a pool of more than 25000 sites for fraudulent activities for various stakeholders. Eg Casino and gambling sites, betting sites, pornographic sites, FOREX trading sites, etc.
Conclusion
Such illicit websites blatantly exploit the financial system to collect payments via proxies. Almost every payment mode available on these sites uses mule accounts network to evade the money trail. They also bypass tax norms for such transactions. These websites used illicit channels such as Hawala and cryptocurrency to transfer money offshore. It also undermines the integrity of the Indian financial ecosystem.
The Financial sector needs proactive vigilance to detect mule account, finding risk patterns is not enough, mule account with data point proof can help authorities take action to curb the menace of mule account that leads to personal or financial data leakage, fraudulent activities, and tax evasion. Fake Payment gateways using ‘Mule as Service’ pose even more threat to digital ecosystem.
