The challenge isn't awareness or investment. It's that the current system wasn't built to catch them.
Unlike traditional fraud, these accounts are opened by real people using their own data, which makes them look entirely legitimate. Some account holders are coerced or manipulated, others are willing participants. Either way, by the time control shifts, the account has already cleared standard detection.
We surveyed more than 500 fraud, risk, and AML professionals across the US and Europe to understand exactly where detection is breaking down. Most institutions are still catching handovers reactively. 78% say improving detection is a high priority for the year ahead.
This research reinforced my conviction that solving this problem requires a different approach to verification altogether: one that's continuous and grounded in physical reality, not point-in-time checks at onboarding. Despite the size of this problem today, there is a clear path forward. We're excited to continue partnering with financial institutions to help them put it into practice.
of institutions catch mule account handovers before any suspicious transactions occur
CEO and Co-founder of Incognia
"Mule account detection is critical, not just to protect the customer, but to avoid becoming criminals' favorite financial institution. In one case, we helped a bank detect 28 devices in the same location that were associated with 2,900 accounts. But that institution had only identified 11 as being mule accounts previously."
CEO and Co-founder of Incognia
Multiple flagged devices appear concentrated in one area. When zoomed in, these devices are confirmed to share a single physical location.
Device identity is the most frequent cause of false positive alerts for mule account handovers, cited by 28% of all respondents. These numbers reflect an implementation problem, not a signal problem.
Device identity and location are the right signals for detecting handovers, most institutions just aren't using precise enough versions of them.
A location check built on city-level or IP-derived data will flag legitimate travel as suspicious. One built on behavioral patterns at apartment-level precision can tell the difference between a user who moved and an account that changed hands.
“Imprecise signals lead to inaccurate flags. When you have more accurate signals for both device identity and location, you can cut down your false positives significantly.”
Director of Fraud
Solutions, Incognia
The financial services industry knows it has a mule account handover problem—and most institutions are preparing to do something about it.
Mule account handovers are an identity issue, not only at account onboarding but throughout a customer's lifecycle.
The most effective fraud and risk teams will adapt by:
Moving detection earlier, flagging mule account handovers before suspicious transactions occur
Leveraging cross-device intelligence and cross-institution collaboration to detect and prevent mule activity
Investing in more precise signals to mitigate false positives and eliminate friction from the customer experience
From fraud farms to AI-powered social engineering, mule account threats are becoming more sophisticated and diverse. As the rise of mule account handovers underscores, financial institutions need to invest in continuous verification rather than point-in-time checks to make threat detection a truly proactive process.
The most resilient and future-proof method for establishing trust throughout the customer journey is using signals grounded in physical reality, going beyond digital identity alone.
“Today's most advanced fraud prevention systems don't rely on any single signal. Instead, they weave together multiple data points into a persistent thread of identity. The financial institutions that master mule account handover prevention won't be those who build higher walls, but those who design systems smart enough to recognize customers without asking.”
CEO and Co-founder, Incognia