Mule train!! (Hyah, hyah)
Clippety cloppin’ over hill and plain
Seems as how they never stop, clippety clop, clippety clop
Clippety, clippety, clippety, clippety, clippety cloppin’ along
– Mule Train, Boxcar Willy
More and more, Fraudsters are targeting the swollen account balances of commercial banking customers and hiding behind the more frequent account activity present in business-to-business transactions. The larger amounts and frequency of fund movements common between organizations are making fraud harder to detect by financial institutions and their customers until the money is gone. As with consumer banking fraud schemes, the crooks rely on money mules to break the final bottleneck – getting the money out. However, because of the complexity of corporate transactions, fraudsters are employing human actors earlier in the process… and closer than ever to the victimized company.
Lately our fraud research and prevention partners have noticed a disturbing trend toward “inside jobs” – schemes that rely on money mules recruited from within the legit business’ own employee ranks. Recruiting them is difficult, so mule handlers offer higher commissions to their traitorous partners. The most common commercial account fraud method is the use of professional mules who set up fictitious companies specifically to receive stolen payouts.
It’s no surprise that corporate account credentials command a higher price on the criminal black market. Why? Business-to-business accounts typically transfer higher dollar amounts, more frequently, than retail accounts. International transfers are much easier. Repetitive transactions in a short period of time are easier as well. These realities all provide more incentive for business mules to complete fraudulent transfers… again and again. Repeat use of business mules is becoming disturbingly common.
These witting mules are hard to detect. The fraudster is relying on a business mule’s seemingly legitimate actions to bypass any security controls. Anti-fraud technology often focuses on business-to-consumer fraud, so B2B transactions receive less scrutiny. The best method of detecting and preventing a mule from emptying your corporate account is to detect account takeover attempts early, before the money is gone. Early fraud setup activity – such as creating a new (fraudulent) payee – can be detected using anomaly detection technology that monitors account activity from login to logout.
There are no easy answers other than to be ever vigilant. Make sure that no one person inside your business controls the external transfer of corporate funds, whether it be by electronic means, wire transfer or remote deposit capture. Finally, enlist your financial institution’s help and make sure they are employing some type of anomaly detection to filter the noise and assist in identifying fraudulent activity early in the cycle.