Criminals are continually looking for ways to circumvent fraud detection systems, and money mules have become a popular vehicle to move illicit funds between accounts. Mules are favored because they are effective—often, they are everyday people, many of whom are already customers of a financial institution who have passed verification checks.

Glenn Fratangelo, Head of Fraud Product Marketing at NICE Actimize, and Jennifer Pitt, Senior Fraud and Security Analyst at Javelin Strategy & Research, sat down for a PaymentsJournal podcast to discuss the evolving ways money mules are deployed, their impacts on banks, and the ways financial institutions can protect themselves from this emerging threat.

One of the most disheartening aspects of the money mule phenomenon is that it often isn’t difficult for criminals to recruit help. In many cases, mules are ordinary people that are willingly moving funds for criminals in exchange for a portion of the proceeds.

These individuals can be students, retirees, or lower-income individuals who are looking for financial relief. Criminals deliberately target those who seem unexceptional to avoid raising suspicion. In many cases, mules are recruited through social media, where there is often a receptive audience.

“On TikTok, Facebook, and YouTube, there is almost a gamification or a scam-fluence, where individuals are diminishing the level of criminality associated with becoming a mule,” Fratangelo said. “When it’s being presented on social media platforms with fast-paced music and an engaging speaker, magically it becomes not illegal to become a money mule. It’s being driven by the idea of easy money.”

Though some mules are willing participants, there are also many instances where the mule is being coerced, blackmailed, or tricked into moving the funds. In these cases, the mule is just as much a fraud victim as the institution.

“There is a victim/perpetrator paradox here, where these mules are active participants, but many are scam victims themselves,” Fratangelo said. “It makes it even more morally and legally complex, because how do you classify these individuals? Oftentimes, financial institutions find themselves stuck between wanting to stop the criminal activity, but also not wanting to further victimize the mule if they are in the cycle of scam and victim.”

Regardless of how the mule was recruited, many of them are already in the institution and have already passed control checks. Once they become a mule, they have effectively become a trojan horse within the financial institution that is used for short-term, high-value transactions.

The technology available to criminals since the advent of generative AI only adds to the sophistication of money mule operations. Cybercriminals can combine AI agents and automation to create accounts and facilitate mule recruitment on a massive scale.

“The ability of generative AI tools to create synthetic identities that look indistinguishable from real people makes it hard to identify fraud,” Fratangelo said. “They operate in a 24/7 environment where thousands of accounts can be created simultaneously, and they’re incredibly believable.”

In addition to AI, the digital payments revolution has created vulnerabilities that criminals can exploit. Payments are faster, more frictionless, and increasingly global, which allows criminals to move money quickly and in substantial amounts.

The emerging technologies, coupled with the availability of mules, has created a devastating ripple effect that goes beyond fraud. Money mules enable money laundering, terrorist financing, and a multitude of other nefarious activities.

Addressing money mules requires an approach that considers the whole customer lifecycle. From the start, there should be robust identity verification checks, but Know Your Customer (KYC) checks shouldn’t stop there.

“I would suggest that financial organizations invest in what we call perpetual KYC,” Pitt said. “Current KYC processes during onboarding look at identity verification, customer due diligence, account monitoring, and income verification one time. Instead, perpetual KYC would perform these checks on a constant basis with technology in the background.”

Inbound monitoring might be a standard part of the onboarding process, but most institutions’ systems won’t detect the initial mule activity. From a fraud detection perspective, there’s no fraud loss associated with an inbound transfer so there is no need to scrutinize it. It is not until after bad actors move money out that the transaction is flagged, which is often too late.

Because many mules are recruited after they have already completed the onboarding stage, more sophisticated detection methods, such as behavioral analytics, are necessary.

“It’s not only looking at historical data based on the typical customer, but looking at the behaviors of that specific customer,” Pitt said. “What are they doing with their keyboard? What is their keystroke pattern, their mouse pattern? How long does it take them to enter in data? Does it look like they’re copying and pasting things like date of birth, that are generally typed in?”

Though identifying individual mules is important, financial institutions shouldn’t take their eyes off the bigger picture.

“Mules do not operate in isolation,” Fratangelo said. “There’s no such thing as a lone wolf in the mule world. They operate in herds, and they will even use the term ‘mule-herder.’ Criminal syndicates will connect multiple accounts into networks for moving money undetected, so institutions need to uncover these hidden relationships.”

Because these relationships are often indirect, financial institutions will have to deploy their own machine learning models to analyze connections between accounts. This includes shared phone numbers, e-mail addresses, or device transaction patterns. Graph database technology can visually map these networks and identify clusters of accounts that may belong to a mule ring.

AI-powered network analysis can also pick up on unusual relationships between new and existing accounts and flag collusion. The goal is to connect mules to the overarching scam network, where usually mules are only one aspect of the operation.

The final piece of the money mule prevention plan is sharing collective intelligence through industry consortiums. Mule activity might take place—and be documented—at the financial institution where it occurred, but other banks could be affected, and they would never know it. A consortium could be an essential component to facilitate data sharing.

To get ahead of money mule schemes, organizations must take a layered, proactive approach that incorporates cutting-edge technology. Traditional scam prevention is often reactive—and ineffective—in identifying and neutralizing mules.

“To combat mules, banks need to strengthen their technology and data infrastructure, develop scalable AI and machine learning solutions, and create more seamless data integration to break down silos,” Fratangelo said. “This means understanding onboarding, fraud, aftercare, claims, and recovery. The institution needs a 360-degree view of the customer’s activities.”

As fraud evolves, every aspect of a financial institution, including data, analytics, strategy, and operations will need to be infused with intelligence that can proactively work to identify threats.

“Every mule transaction leaves a trail of damage. This is why it’s not just banks, but society as a whole that needs to address mules,” Fratangelo said. “At the end of each mule operation is a scam victim, whether it’s a romance scam or an investment scam. It’s the movement of ill-gotten gains from things like drug trafficking or terrorist financing. Ultimately, it can leave significant reputational and regulatory damages for financial institutions.”