A version of this blog was previously published by BioCatch here.
“I was too embarrassed to tell anybody.”
As a career fraud fighter, I hear confessions like this all the time. In one instance, I was waiting at the airport when I met Beth, a friendly, 84-year-old woman flying to visit her two sons. When she found out I worked in fraud prevention, she opened up.
A few years ago, during a particularly lonely holiday season after her husband had passed, Beth received a text message from an unknown number. It felt like someone cared. But by the time she realized she had been scammed by a phantom online suitor, she had lost $64,000 of her hard-earned savings – sent through her online banking platform without fully realizing the danger.
Unfortunately, Beth’s story is not unique. Romance scams like these are common, devastating, and growing in complexity.
Let us now explore what’s going on in the broader world of digital fraud and financial crime today. The garden variety cases of identity theft have grown more sophisticated. With rampant data breaches over the course of the last several years, fraudsters don’t need to stitch together parts of stolen identities with their own personal information to commit new account fraud. They now have access to “fresh fullz” or never used stolen identities that often pass identity verification (IDV) checks and identity fraud models.
Scripted attacks, especially at account origination, have grown increasingly common in recent years, thanks in part to readily available generative artificial intelligence (AI) tools. Fraudsters now have access to bots to help them do their dirty jobs at scale. Combatting this kind of scale requires the most sophisticated defenses. Technology that provides behavioral intelligence, allows financial institutions to see that even though an identity may be checked out with regular origination controls, the behavior of the applicant can still appear very fishy.
Suppose, as a financial institution, you book some bad accounts. You may not realize they are bad immediately, especially if they are deposit accounts. However, there will be tell-tale signs of the account being used for nefarious purposes. Let’s examine some scenarios that can be indicative of the accounts being used as mules to move ill-gotten money.
We often see accounts being opened and then within minutes being accessed by different devices that use U.S. proxies to look like they are from the U.S. But when we look at the SIM, we see it registered with carriers outside the U.S. Most of the time, these handlers from outside the U.S. would use the “forgot password” flow to reset passwords. They then can deposit forged or counterfeit checks through remote deposit capture (RDC) and use faster payment rails to move the money out. If the check returns, the financial institution is nearly always left holding the bag on the resulting loss, as – by then – the perpetrator is nowhere to be found.
Another scenario of “witting” mules are younger people who wouldn’t mind moving money on somebody else’s behalf, especially if they have an account that has been lying unused for a long time. Behavioral intelligence technology can see these sleeper accounts wake up and start to transact little by little before moving large sums of money.
Lastly, bad actors can take over an account and use it as a mule account unbeknownst to the legitimate account holder. Too often, we hear about victims of (account takeover) ATO attacks giving up their institution-provided one-time passwords (OTPs) to fraudsters impersonating employees. With that OTP, the fraudster then gains near unrestricted access to the victim’s account. They can change notification settings, use the account as a mule, or even transfer away the entirety of the victim’s account balance. Behavioral intelligence can detect such behaviors from a fraudster as anomalous to the genuine user’s behavioral profile and alert financial institutions in real time before much damage can be done.
Is all this unstoppable? No.
Yes, criminals are highly organized. Their operations function like businesses, with different people handling different parts — from stealing data to laundering money. It’s a network of networks.
But that also means we can fight back — with a network of defenders.
Financial institutions don’t have to face this alone. By working together, and leveraging partners with advanced fraud detection technology, banks and credit unions can disrupt these criminal ecosystems.
BioCatch is one such partner — and we’re proud to say they’re working alongside Alkami to do just that. Together, they’re using behavioral biometrics to detect fraud in real time, protect account holders, and stop criminal activity before it takes root.
Heading to Alkami Co:lab? There are plenty of ways to learn how BioCatch is helping financial institutions stay one step ahead of fraud—through both technology and thought leadership.
Breakout Session – “AI in Digital Banking: A Powerful Ally or a New Fraud Threat?”
March 31, 2025 | 2:00 PM–2:45 PM CT
AI is reshaping fraud prevention—but is it always working in our favor? This session brings together industry experts to explore how AI can both combat and potentially contribute to fraud in consumer and business accounts.
Join Justin Hochmuth, Threat Analyst at BioCatch, alongside Velena Cruz (USF Federal Credit Union), Char Sears (Unitus Community Credit Union), and Brad Cranford (Alkami), as they discuss AI-driven fraud risks, tools for early detection, and how to strike the right balance between innovation and security.
Partner Theater – “Threat Hunting for Bad Actors”
April 1, 2025 | 12:40 PM CT
Don’t miss Seth Ruden as he walks through how behavioral intelligence can uncover mule accounts and help financial institutions protect both consumer and business accounts from fast-moving fraud threats.
Want to see behavioral intelligence in action? Stop by the BioCatch booth in the Innovation Lab to see how our technology analyzes user behavior to detect fraud in real time. Our team will be on hand to answer questions and show how behavioral data is powering the next generation of fraud prevention.
Whether you’re looking to dive deep in a breakout session, hear practical insights from the Partner Theater, or get hands-on in the Innovation Lab, there’s no shortage of ways to explore how your digital banking solutions can be leveraged to not only detect fraud, but to break the chain of criminal networks harming account holders and communities.
