Mule account handovers are one of the harder problems in financial services right now. They're difficult to detect, and most institutions are catching them too late.
We surveyed over 500 fraud and risk professionals at financial institutions across the US and Europe to understand where the industry actually stands on mule account handovers.
Some of the findings were surprising. Others, not so much.
Mule account handovers are increasing, they're crossing borders, and the people involved are often being coerced or manipulated.
81% of institutions reported an increase in mule account handovers in the last 12 months.
64% suspect or have confirmed cross-border cases.
And 72% say at least half of their cases involve some form of coercion or manipulation.
The fraud networks behind mule account handovers are coordinated and global. And a lot of the people caught in the middle are victims who don't know it yet.
I've seen what this scale looks like in practice.
We recently started working with a financial institution and found that over 4% of all accounts created on their platform were handed over within three months. That’s a pretty massive number.
To put that in perspective: if your institution is creating 1,000,000 new accounts per quarter, that's ~40,000 accounts being handed over to fraudsters.
Only 16% of institutions catch mule account handovers proactively.
The rest are detecting it after the fact: after suspicious behavior, after funds move, or after the money is already gone.
When you look at how most systems are set up, it makes sense.
The account passed KYC because the right person opened it.
But when someone else starts accessing it weeks later with the right credentials, the authentication system has no way to flag that the person has changed.
Onboarding verifies who you are once. Authentication verifies that credentials are correct. But neither checks whether it’s the same person behind the account.
From what I've seen, these are often completely separate processes. Different teams handle them. Different vendors. Different data signals get evaluated at each stage.
And there usually aren't many touchpoints between these areas. So even if signals exist, they’re not connected in a way that allows institutions to catch handovers early.
Mule account handovers are more likely to trigger false positives than other types of fraud (53%). The most common response is to restrict the account or payment capabilities (51%).
The instinct makes sense. If something looks wrong, freeze the account.
But when your false positive rate is already high, that response starts hitting legitimate customers too.
People who didn't do anything wrong get their accounts locked, their payments blocked, their experience disrupted.
The fraud problem becomes a customer experience problem, and now you’re trading fraud losses for customer friction.
And you can't solve one without solving the other.
Device identity and location intelligence are among the most effective signals for detecting mule account handovers… yet, they ranked as the top sources of false positives.
This was one of the most surprising findings for me personally.
My read is that the data behind those signals just isn't precise enough.
If device intelligence is used in isolation, it's going to drive false positives. Device changes are normal behavior. Over 100 million new devices are set up every year in the US alone.
And web device fingerprints aren't stable either, so legitimate users can look like new devices even when they're not.
On the location side, most institutions are relying on IP addresses and OS-level geolocation, which just aren't reliable enough. VPN usage alone is common and not necessarily tied to fraud, but it's enough to trigger a flag.
I'll go deeper into this specifically in the next edition.
78% say they're prioritizing improving mule account handover detection in the year ahead. That's good.
But more than half (51%) plan to invest in AI and ML to do that.
More AI on top of bad data won’t solve the problem. A model trained on imprecise signals learns to replicate imprecision at scale.
You can have the best model in the world. But if the data going into it is wrong, the results will be wrong.
The way I see it, there are two paths here:
The investment is coming, but it needs to be focused on the right things.
Three things need to shift:
Detection has to move earlier. The goal should be catching handovers before suspicious transactions occur, not investigating after funds have already moved.
Institutions need cross-device and cross-institution intelligence. You can't spot mule account handover patterns by looking at single events in isolation. They show up when you can see activity across accounts and devices.
Invest in signal precision, not signal volume. Better data means fewer false positives and faster, more confident decisions.
Institutions that want to make a significant dent in mule account handover-related fraud need to address all three.
If you want to dig into the full data, you can read the report here (for free, no form to fill).
Next time, I'll get into why the signals most institutions rely on for mule account handover detection are failing them, and what high-quality signals actually look like.
If any of this matches what you're seeing at your institution, reply and let me know. I'd love to hear how you're thinking about it.