The UK Payments System Regulator's (PSR) revised position on reimbursing APP scam victims underlines the urgency for UK banks to promptly identify mule accounts and will likely heighten their focus on mule strategies. The challenge they face however, is how to monitor real-time transactions for potential fraud whilst maintaining seamless transaction experiences.
Whereas previously, banks’ focus was on preventing transfers to new, suspicious beneficiaries, forthcoming PSR rules will mandate that liability for refunds be split between the sending and receiving bank. This puts a strong onus on all institutions to monitor thousands of daily incoming payments for suspicious activity, without any impact on the split-second processing times expected by trusted customers. It also presents a raft of fresh challenges for banks and their anti-fraud technology. And the stakes are high.
Without the right controls, banks could witness their fraud reimbursement claims double and see challenges to their existing loss prevention frameworks. Even with effective APP fraud controls, an absence of effective mule controls can still lead to substantial losses, particularly where industry wide measures are not equally robust.
Differentiating between legitimate and suspicious activities from a vast number of daily transactions can be complex. While it's easier to spot patterns within a bank's own customer transactions, difficulty arises when tracking patterns that involve external entities, especially when funds transfer outside the bank's direct oversight. Existing transaction monitoring tools do an excellent job overseeing internal transactions, but they falter when dealing with mule transactions that span multiple banks.
This limits the scope of the risk assessment that banks can practically carry out, to transaction and device intelligence. All are useful data points for building a risk score, but they don’t reveal anything about the account holder’s typical behaviour.
The gold standard for mule detection is for banks to have a clear and transparent view of both the sender and receiver customer accounts plus a full contextual understanding of the transactions entering and leaving those accounts. A 360-degree rounded understanding of a payment journey – what looks normal and not – is required to give banks the flexibility to decide when to intervene, helping them not only to prevent customers becoming a victim of fraud, but monitor payments throughout the network to pinpoint mule accounts at the optimal juncture.
For this, banks must have a comprehensive understanding of the payment process, including recognising recurring patterns at point of payment, the speed with which mules transfer out received funds, and repetitive use of device data, IP addresses, personal details and locations across the industry.
A group of leading UK and global banking institutions are already making strides forward in this regard, through membership of the LexisNexis® Digital Identity Network® consortium. Boasting all 50 of the top U.S. banks as members, the Digital Identity Network® is a crowdsourced contributory database of almost 80 billion global annual transactions. Members contribute not just by plugging in their own customers’ – fully tokenised – transactions, but by flagging confirmed fraud for the benefit of the whole network. Supplemented by device, location and a raft of other risk-based intelligence, the Digital Identity Network allows its members to make highly-informed risk assessments, not just on transactions, but on the behaviours of the entities making transactions and on hidden associations between the devices and phone numbers they use. This vast fraud intelligence resource is arguably the banks’ best weapon against both APP fraud and the mule networks that enable it.
Its sheer size and coverage means the Digital Identity Network can act as a barometer for the banking sector. Since 2021, it has observed a significant shift in the industry's attitude towards mule detection, with a remarkable 681% surge in tagged instances, underscoring the heightened emphasis banks are now placing on addressing mule concerns.
With this heightened demand for full 360-degree transparency of the transaction chain, the EMEA Professional Services team at LexisNexis Risk Solutions has seen a surge in requests for proof of concept tests. We’re currently working with three leading UK banks, bringing rich data sources together to create a mule model that can detect potential risk and generate risk scores in real time. The aim is to achieve an informed single customer view risk decision at various points through the customer journey – whether that’s at application, login, or payment stage.
Early results are promising. In one example, a Tier One UK bank reported a 100% increase in their mule detection rates over just one month successfully detecting fraud worth £370k - a rate of 1 fraud for every 7 customer transactions. This was achieved using Digital Identity Network device and transaction intelligence at point of payment to spot suspicious behaviours and highlight links between customers’ device, email address and phone numbers that might indicate fraudulent behaviour.
Similarly, a Tier Two Bank implemented a mule model using transactional and payment beneficiary information within the Digital Identity Network at payment stage and were able to detect over £1m in mule payments over a 3-month period.
Halting the activities of money mules is arguably one of the most important issues facing banks today.
Dismantling the networks that facilitate fraud provides essential protection for individuals from financial exploitation and curbs the wider problem of money laundering which in turn erodes the stability and integrity of the global financial system.
And let’s not forget the emotional impact on the millions of people that find themselves becoming a victim of fraud. Preventing people having to live through those traumatic experiences is enough of a reason to take these networks down.