Roundtable: Don’t Be Fooled by the Mule: Five Digital Mule Personas to Look For

The most effective defense against mule accounts, is to understand how they move money across banks’ digital borders. In this spotlight session, we will share data supporting the different use cases commonly used.

- Five common mule personas
- Unique user behaviors associated with money mule transactions
- Increased friction and reduction of trust in the customer experience

Transcription:

00:00:02:8 - 00:00:47:5
John Paul Blaho

All right. Well, good afternoon, everybody. My name is J.P. Blaho. I'm the head of marketing strategy at BioCatch. And thank you for attending today's session. I hope you're getting a lot out of the conference so far. And hopefully in today's roundtable, we can relax a little bit, maybe take a different approach to some of the conversations that you're having today and some of the other sessions, but what I want to focus on is around money, mules and the impact that it's having on financial institutions, how we have to address this problem and why in some instances it is becoming such a pervasive issue in the banking industry today. …

00:00:47:5 - 00:01:20:0
John Paul Blaho

Our customers are financial institutions. So [we’ll] talk a little bit around the challenges that these [this fraud] can create for financial institutions, how they analyze and how they ultimately protect consumers.

00:01:20:0 - 00:01:48:3
John Paul Blaho

I'm hoping that this becomes a little bit more interactive, so please feel free. I'll keep looking on to my screen here into the chat section for any questions that are submitted, whether it's in the chat area or whether it's in the Q&A box. But if you want to interject, I 100% welcome you to do that. I would only ask if you have the means to go off of the silent cam and show your face or at least make sure that you're unmuted when you're asking the question.

00:01:49:4 - 00:02:06:1
John Paul Blaho

That would be great. And always feel free to interrupt. I know that this is not a live session, so it's a little bit challenging to wait for me to pause for a moment or two to give you the opportunity to speak, because I tend to not shut up when there’s silence. So don't be afraid to interrupt or ask questions.

00:02:07:2 - 00:02:51:3
John Paul Blaho

… But first, I really want to discuss the challenge around money mules. I know that we as an organization at BioCatch, some of the other security industries, the analysts have really been talking about this problem prior to the pandemic, but … [COVID] most likely accelerated our conversations around this. …

00:02:51:3 - 00:03:15:0
John Paul Blaho

What I want to do is talk about why it's becoming such a problem. And I want to tell a story first, so to kind of get you warmed up. This kind of started in Australia way back when it seems like ages ago when lockdown started to happen in different geographies, Australia closed their borders entirely.

00:03:15:0 - 00:03:39:5
John Paul Blaho

And I know that they had one of the more strict policies about international visitors. And at one point in time when all their universities shut down. They had instructed all international students that unless they had the funds to stay in country, meaning they had the money to pay the rent, to pay for food and whatnot, that they had to leave and they were given a 30-day window to depart the country.

00:03:39:5 - 00:04:13:3
John Paul Blaho

And so many of the international students went back home to other geographies. Now the way that a lot of them had their funds established they had banking accounts in Australia that were attached to their student loans. And when they had left the country, there was an opportunity from some of the fraudsters, as we'll call them, to recruit these students to use their funds to manage their accounts, saying that, “Oh, you know, since you are no longer in school, let us manage those funds for you. …

00:04:13:3 - 00:04:41:4
John Paul Blaho

We'll make sure that your student loan payments are taken care of.” And because of that … a lot of students were kind of giving rights of their accounts to the fraudsters to then ultimately funnel money or to be a mule and send that money off. And the Australian government was scratching their heads. A lot of the financial institutions were unsure of what was going on because the students weren't in session, they weren't living in the country, but they were starting to notice an uptick in transactions in the accounts.

00:04:42:2 - 00:05:14:2
John Paul Blaho

… Money mules require genuine behavior and genuine users to be part of the transaction. In many of those scenarios … that level of interaction from a genuine user, not just giving the credentials of their account to someone else, but also sometimes participating in the transaction itself, makes it extremely challenging for the different types of technologies out there

00:05:14:2 - 00:05:42:7
John Paul Blaho

today to identify when a money-mule transaction is happening in real time. So the AML team, the money laundering teams, had to go .. back and identify, “Is this transaction classified as a money mule? Is it something that we need to reimburse the consumer on, or is this a fault of the consumer?” And because of that, there's been a significant increase in the payouts and the reimbursements that the financial institutions have had to make.

00:05:43:7 - 00:06:13:7
John Paul Blaho

So we at BioCatch have tried to look at the problem a little differently and say, “Look, there's got to be a way that we can solve this problem before I try to sell you on a product.” … That's not the purpose of the session. I'd be very interested to know if any of you have any anecdotal stories that your organization has seen that's kind of somewhat similar to what the example I gave in Australia is, or even something different that was established because of money mule accounts created, money mule transactions happening within the institutions.

00:06:13:9 - 00:06:36:5
John Paul Blaho

Please feel free to share that in the chat. Even if we're not going to engage from a conversational standpoint, I would love to have that information, because we have commissioned an analyst firm to to do surveys and look into these types of scenarios for us to further enhance what we call those money mule personas out through those different use cases that we are seeing.

00:06:37:4 - 00:07:03:9
John Paul Blaho

But that's just one example. What makes this problem so magnified is that we become far more comfortable, we being the collective we. You know, maybe I'm a little bit older, so I might say the millennial generation, but we've become far more comfortable in using our mobile devices to send money. And it's not just about … logging in to your bank account and … paying your bill online.

00:07:04:3 - 00:07:32:6
John Paul Blaho

It's using those peer-to-peer applications to just send $25 for your part of the bar tab or the restaurant tab from brunch the other day. It's just this level of comfort of being able to log in, send money and move on, has kind of created a pattern of our use of disbelief that individuals don't think twice about what they're doing, because in some instances the number or the amount of money is so low that it goes below the threshold of fear.

00:07:32:6 - 00:08:08:0
John Paul Blaho

But in other instances, it's because they're so comfortable in the different and multiple ways of moving money digitally from one account to another. And because of that, it's creating this level of comfort and trust in the process that they become far more vulnerable when it comes to being part of a money mule scenario. …

00:08:08:0 - 00:08:30:7
John Paul Blaho

It's curious to see how sophisticated these types of tactics are. During the pandemic, this is going to be the example for many of the scenarios, because it's been so numerous that we're able to identify it much more easily.

00:08:31:7 - 00:08:53:1
John Paul Blaho

There's been this increase in sophistication on convincing people that doing these types of transactions, participating or sharing their information, is common sense and logical. You can easily go into certain job boards and look for job opportunities that are literally saying they'll pay $25, $35 an hour or get paid in the first 48 hours in the first week.

00:08:53:3 - 00:09:12:7
John Paul Blaho

… And in many of those instances, those are fraudulent advertisements. … They're already asking for your credentials and hiring you and saying, “We need your account information upfront so that we can set up your payment system.

00:09:12:7 - 00:09:34:6
John Paul Blaho

You're going to be an independent contractor.” There are no benefits to this job, but all the money is going to be directly funded into you and in some instances, they'll send you some menial tasks to perform. You've given them your bank account information, and you'll see funds being put into your account right away. What you don't know is that those … other, nefarious transactions, are in the making.

00:09:34:6 - 00:10:02:3
John Paul Blaho

And people have in some ways, because of the pandemic, become desperate for those types of jobs, for quick money that they put faith in the job boards in those scenarios that it's a legitimate career. But that's just one of the many different kinds of sophisticated recruiting tactics that are being used around money mules, which in the long-winded aspect kind of brings me to what we've done at BioCatch in doing the analysis around money mules.

00:10:02:3 - 00:10:27:2
John Paul Blaho

And we create what we call the five personas of mules account detection. And essentially what we've done is look at as many different scenarios as we can from the Australian example to the job recruiting example to romance scams, all the different types of scenarios that ultimately result in a transaction of using your account to funnel money to illegal accounts or for illegal purposes.

00:10:27:6 - 00:10:50:1
John Paul Blaho

And I want to walk through those different five personas for you … from what I'll call the more complicit level of illegality to the less complicit, meaning that the fraudulent activity is much more pervasive, much more visible, much more prevalent. So the first one is really around the deceiver, and this is focused on that account-opening aspect of it.

00:10:50:1 - 00:11:21:8
John Paul Blaho

So it's when a fraudster purchases, steals or comes into personal and personal information from an individual and opens up an account in that person's name and then uses the account, it's able to be open to funnel money through to the transaction. And the deceivers we call them the most complicit or the more complicit because the purpose behind it is 100% for fraudulent activity that doesn't involve a genuine use or just a genuine user's credentials in order to have that account opened.

00:11:22:4 - 00:11:50:4
John Paul Blaho

And … it's oftentimes one of the easier ones to detect because when you combine a layer of behavioral aspects to the data elements set up that a financial institution is analyzing, you'll see very quickly that the actual human behind the account performing the transaction and the behaviors associated with that transaction don't necessarily match to that known person, known customer in any of the other accounts that they might have within that institution.

00:11:51:1 - 00:12:15:7
John Paul Blaho

The next persona is really around what we call the peddler, and the peddler is a little bit more on the genuine-user side where they sell their account to a criminal. … They might have to have it open in order to get that discount for their insurance or to be able to get a percentage point off of their mortgage rate.

00:12:15:7 - 00:12:33:5
John Paul Blaho

So they have this checking account or savings account established that they're no longer using, but in some scenarios, they might have a reason to get money. So they sell that account to someone. It's an actual known, legitimate account that they're going to sell the rights to for criminals to have access to it, to bring money in and then send the money out.

00:12:34:1 - 00:12:54:7
John Paul Blaho

We classify that as a significantly complicit effort because the behavior of the genuine user fully knows that they're selling this account. And for better or for worse, for a bad usage and therefore still allowing those transactions to happen. But there's a level of complexity to that because that account has most likely been established for a while.

00:12:55:1 - 00:13:25:1
John Paul Blaho

The genuine account owner is legitimate in the eyes of the financial institution, because whether they had deposited deposits in there in the past or they've added or deducted from that account over time, they've been used historically for genuine account usage purposes. But then all of a sudden this large transaction happens out of nowhere. How does the financial institution identify that potentially as a mule account?

00:13:25:8 - 00:13:47:4
John Paul Blaho

… That's the second persona, and the third one … is what we'll call the accomplice. And the accomplice means that they are actually using their account and conducting the transaction on behalf of the fraud. … And this kind of goes to some of the other examples that I can share if we have time.

00:13:47:7 - 00:14:13:5
John Paul Blaho

Whereas the one who logs in, they receive the money, they set up the pay, they transfer the money … upon the instructions that are being used. And whether they believe that it's a legitimate purpose or not, they are the one who has been responsible and implicit in that transaction happening. So as you can see, we're going from that more complicit where the fraudulent behavior is happening, but it's been done more from the fraudster’s side.

00:14:13:8 - 00:14:37:2
John Paul Blaho

Now the genuine user is getting more and more involved as we get into this kind of less complicit, sometimes less and less known failure. So in the accomplice, it's almost like a 50-50 responsibility here where the genuine user knows what they're doing or knows that they are doing something that is questionable and behavior and at the very least unethical but most likely illegal.

00:14:37:9 - 00:15:08:8
John Paul Blaho

The fourth personas we’ll call the chump, and I think I've been called that many times myself, but the chump is one who executes the transaction but believes that the money is clean. And this is one of the more severe and problematic ones. … A recent report, I think it was on a PBS station, talked about money mules being a significant problem in some of the emerging-market areas.

00:15:08:8 - 00:15:28:2
John Paul Blaho

And what has happened is it's become a familial aspect where members of your own family are convincing you to do this because it's a good way to make money and you're putting your trust in your family that what they are saying is legitimate, honest, sincere. It's OK. It's on the up-and- up. So therefore, I'm going to do it, too.

00:15:28:5 - 00:16:05:5
John Paul Blaho

And this chump category is where that particular individual falls. And that's when the genuine behavior executes, just like the accomplice does, but genuinely believes that the transactions that are being done are legitimate; it’s on the up-and-up. It's legal and so they are taking the instructions and doing what is necessary. Now, we're getting really into the difficult level of analysis here because it's a genuine user with a genuine account in many times performing activities that may look genuine because in some instances the amounts are significantly higher than some of the other types of transactions that they've done.

00:16:07:0 - 00:16:33:2
John Paul Blaho

Difficult to identify that as a mule problem. And then the fifth persona is what we call the victim. And the victim is I won't say that it's easy to identify, but it's easy to rule out that the genuine user was at fault. And this is when the victim, the individual, the genuine user of the account has no known, is unaware that their account has been broken into that the transactions have occurred.

00:16:33:6 - 00:17:01:4
John Paul Blaho

… For that 27 days or however many days it is between statements that I receive, I'm not looking at the transactions at best. I'm looking at my balance to make sure that I have enough money to cover whatever charge I'm about to do.

00:17:02:0 - 00:17:31:9
John Paul Blaho

But I'm not looking daily at those types of transactions. … So by the time someone like myself goes and looks at the statement, that's given to me on a monthly basis, the transactions are already done. And so then it's a reactive scenario for me. And so those are two different types of personas. Each one has its own layer of difficulty in understanding, but all five of those are all related to mule accounts, and that is one of the biggest challenges that we have.

00:17:32:2 - 00:18:00:0
John Paul Blaho

When you look at all the different types of fraud, the different types of money laundering tactics, and even the different types of scams that are out there when it comes to financial transactions, money mules are one of the most challenging because it runs a gamut of different use cases. And so out of curiosity and again, please share this information with me if you can think of any types of scenarios that are different than those different type personas that I've shared with you. Please feel free to ask a question about it.

00:18:00:0 - 00:18:24:9
John Paul Blaho

Ask me if your particular scenario falls upon one of the different personas that we've identified or that we're using in our our messaging, but also feel free to share any input where you think we might be missing something, or there might be a different type of tactic that you've seen in your organization that adds a layer of complexity that needs to be looked at, because again, these are just personas for the sake of of telling stories.

00:18:25:2 - 00:18:49:5
John Paul Blaho

There's a reason behind creating these, and that's because … how we analyze the transaction based on the behaviors associated with those different personas ultimately allows us to help financial institutions identify a money mule scenario in real time as opposed to being retroactive. Now you have to go back and do the forensics to determine how much was actually lost and whatnot.

00:18:49:5 - 00:19:16:9
John Paul Blaho

And so what we're trying to do is solve these problems before they actually become a cost or a burden, not just to the financial institution, but also to the consumer, ultimately your customers. So in those particular scenarios, it's important to realize that they can be addressed. But also like in every other type of security solution, it's a new layer of protection.

00:19:17:2 - 00:19:55:3
John Paul Blaho

I historically have come from the network security side of the business. So we always talked about layers of security at the perimeter, from your firewall to your … spam, etc. Those different layers created latency in the network. When it comes to fraud, as you all know, we interchangeably use the term friction to the consumer, and there's a certain amount of friction that a consumer is willing to go through before they make the ultimate decision to switch accounts or to open a different credit card or to devalue the use of the account that you might be managing.

00:19:55:3 - 00:20:17:9
John Paul Blaho

So there's this kind of balance of how much security can we provide, how much friction can we put upon the consumer to assure that we're providing the best layer of security. And then ultimately what that balance looks like determines how much of a risk the financial institution, of course, is willing to accept. …

00:20:17:9 - 00:20:57:1
John Paul Blaho

So when it comes to money, because that risk is so varied based on the different personas or the different use cases associated with it, it becomes a challenge to manage and mitigate. And so it kind of leads me to the last part of the conversation, which really has been the focus, and that's on behavioral biometrics. …

00:20:57:7 - 00:21:31:7
John Paul Blaho

… The technology has been around for almost a decade, but the uptake in the use of it is varied based on geography, on fraud type … so the reason why behavioral biometrics is becoming more and more of a needed use case is because of that dichotomy between what we'll call the the requirement for additional security and the elimination of friction altogether for the consumer.

00:21:31:7 - 00:21:51:4
John Paul Blaho

And both of those are in some ways diametrically opposed to one another. And leaves a lot of the security professionals like myself scratching our heads, like, “OK, we're responsible for protecting your life, guard your investment, your nest egg. But at the same time, you're not willing to answer a few more questions to assure that you're the genuine user.

00:21:52:3 - 00:22:09:8
John Paul Blaho

Counterpoint to that is I also get frustrated as well. So I don't know if you can see behind me, but I live in Florida, so the palm trees behind me are a constant reminder where I live. But interestingly enough, where I do live is one of the highest levels of fraud in the nation. I grew up in the Northeast.

00:22:10:3 - 00:22:38:1
John Paul Blaho

My last hometown was Boston, Massachusetts. My bank account still sits within a financial institution in Boston, because I have a loyalty to them. And interestingly enough, I have my checking account, my savings account and investment account, as well as a credit card with them. But every time I try to use my credit card to fill up gas up here or to go to the Best Buy or to another shop to make a purchase, it gets declined.

00:22:38:8 - 00:22:58:1
John Paul Blaho

And then I have to go through calling the 1- 800 number to prove that the transaction that I attempted to make was legitimate. And then they turn the card back on and I can go ahead and make the purchase. And then two weeks later, whenever I have to fill up the gas tank again, the same exact problem happens even though I'm at the same exact gas station that is literally walking distance from my house.

00:22:58:5 - 00:23:15:9
John Paul Blaho

And so there's a level of frustration that I get because it's like, come on, you know, I live in Florida, you know that I've gone to this place before and it was approved. Why now all of a sudden, is it a questionable activity? And in speaking with the institution like it's because of where you live. And so there's a level of frustration.

00:23:15:9 - 00:23:38:0
John Paul Blaho

So sadly, I still have that card. I still use those accounts whenever I need. But I've actually started moving the purchases over to another credit card that seems to have a reduced level of friction that doesn't get caught up in the cycle of validating those transactions as frequently as the other card does. And so that creates what I call that open opportunity for consumers.

00:23:38:0 - 00:24:00:9
John Paul Blaho

But is the challenge for financial institutions to determine what is that fair balance between friction versus protection? And in my case, the New England-area bank is more comfortable with a higher level of friction to protect their investments and to protect my identity and my credentials, whereas the account that I use doesn't.

00:24:00:9 - 00:24:29:3
John Paul Blaho

So am I being ignorant enough to put trust in the one card that allows me to swipe and forget it? Or am I just being smarter because I know I don't have to worry about ever getting declined in those scenarios? So that's the big problem that I think a lot of institutions have is that balance and or behavioral biometrics comes into play as it sees that it's not just about the location where the transaction is happening.

00:24:29:3 - 00:24:58:5
John Paul Blaho

It's not just about either the device that I'm using or the credit card that I'm using, or the access to the information I'm logging in is being done. All those different capabilities are being monitored and realizing, yep, the behavior is the same every time they're performing these activities. Therefore, with a higher level of confidence, we believe that it is, you know, J.P. or the genuine user and allowing those transactions to happen.

00:24:58:8 - 00:25:26:5
John Paul Blaho

It's when you go to a different location and you use a different service, the charge changes. It's when there are unique aspects to the behavior in the transaction … that are different than what is typical is when you can raise the level of protection, raise the level of friction, friction, say, “OK, before we approve it, we need a little bit more information,” and I think that that's the value that behavioral biometrics provides in those instances.

00:25:26:5 - 00:25:48:9
John Paul Blaho

It allows a certain level of protection because it allows you to put in real time the ability to have that security layer, but not at every time. And not just that. When we go back to the mules discussion, different personas’ behaviors are unique to the scenario that you put them in. So I'm going to talk about two of those personas.

00:25:49:4 - 00:26:15:8
John Paul Blaho

The accomplice, as I mentioned before, that's when the genuine user performs the transaction knowing exactly what they're doing. And that's difficult because in some respects there's a level of confidence that they have that they know whenever they're performing that transaction, they know what they're doing, they know how to do it. But where behavioral biometrics come into play is in many instances, they have to take instructions to set up the pay account.

00:26:16:3 - 00:26:50:2
John Paul Blaho

…. So when you're setting up a new pay, there's a certain protocol that each financial institution requires to set that up. … You look at the amount of time spent entering information. If it's on a mobile device, you can look at it. You can analyze the left vertical versus horizontal position of the phone if they're bringing the phone up to their ear to take voice instructions, hesitancy in their logging, or they're accessing information of questionable behaviors.

00:26:50:6 - 00:27:15:8
John Paul Blaho

When you add those types of what I call metrics to the overall calculation, it creates a risk score associated with that transaction. And that risk score could determine adding that additional layer of security or denying or approving the transaction altogether. So for the accomplice, we can look at things like hesitancy, we can look at delayed entry of information because they're taking instructions from a mobile device.

00:27:16:2 - 00:27:36:2
John Paul Blaho

We can look at doodling, roaming your finger around the touch screen or on the mouse pad, if you're on a computer as you're waiting for instructions, waiting for information or thinking about what you're about to do. So those types of behaviors are very much analyzed in this scenario so that we can identify that.

00:27:36:2 - 00:28:04:6
John Paul Blaho

And yes, that's the genuine person. But the behaviors are different in this scenario. And when you add in the different elements, such as device elements, network telemetry, things of that nature over top of or underneath the layer of behavioral insights, it can determine that the type of transaction is or is not fraudulent The other persona in that scenario that we can talk about very easily is focused on the challenge.

00:28:05:2 - 00:28:30:6
John Paul Blaho

And the “chump” is also interesting because when you're unsure, you stutter. When I present and I'm uncomfortable, there are longer pauses. I will say the same or over again I will look down on my notes. Those types of behaviors are very much understood and can be interpreted. You as viewers watching me on my screen can probably see when I'm looking for the next part of the conversation or when I get lost. …

00:28:31:3 - 00:29:04:3
John Paul Blaho

Those types of behaviors are analyzed from a financial perspective. When you are looking at the chump or when you're analyzing the chump's behavior, it's also similar. There's hesitancy, there's doubt, there's unsure oddness there. Again, the memory is questionable because there's confusion in that in the transaction or in the inputs that they're providing, which is uncommon because the last time they did a similar transaction … the keystrokes speed in which they entered the information was different.

00:29:04:8 - 00:29:27:3
John Paul Blaho

And it's not to say that every single case would be ruled as illegitimate or potentially risky, because there are also scenarios where you might be holding a child in your hand or you might be preoccupied with something, or you're using a new device that you're uncomfortable with. scenarios.

00:29:27:3 - 00:29:50:7
John Paul Blaho

… And then that's why we add those additional layers of protection: It's to protect consumers when necessary, when fraud is happening. …

00:29:51:3 - 00:30:07:9
John Paul Blaho

We'll be following up with you all with the results from that survey that we're working with the analyst firm on so that you can get some more insights into money mules and the problems they have within organizations like yourselves.

00:30:08:2 - 00:30:19:6
John Paul Blaho

Feel free to go to our website and feel free to reach out to me throughout the conference today. So thank you so much for your time. I hope you enjoyed my 30-minute session and enjoy the rest of the show.