Fraudsters increasingly are targeting the larger account balances of commercial banking customers and hiding behind the more frequent account activity present in business-to-business transactions. The large, frequent fund movements common between organizations are making fraud harder to detect by financial institutions until the money is gone. As with consumer banking fraud schemes, the crooks rely on money mules to break the final bottleneck – getting the money out. However, because of the complexity of corporate transactions, fraudsters are employing human actors earlier in the process… and closer than ever to the victimized company.

Lately our fraud researchers have noticed a disturbing trend toward “inside jobs” – schemes that rely on money mules recruited from within the legit business’ own employee ranks.  Enlisting them is difficult, so mule handlers offer higher commissions to their traitorous partners. The more common commercial account fraud method is the use of professional mules who set up fictitious companies specifically to receive stolen payouts.

Corporate account credentials command a higher price on the criminal black market. Why? Business-to-business accounts typically transfer higher dollar amounts, more frequently, than retail accounts.  International transfers are easier. Repetitive transactions in a short period of time are easier. These realities all provide more incentive for business mules to complete fraudulent transfers… again and again. Repeat use of business mules is becoming disturbingly common.

These witting mules are hard to detect. The fraudster is relying on a business mule’s seemingly legitimate actions to bypass any security controls. Anti-fraud technology often focuses on business-to-consumer fraud, so B2B transactions receive less scrutiny. The best method of detecting and preventing a mule from emptying your corporate account is to detect account takeover attempts early, before the money is gone. Early fraud setup activity – such as creating a new (fraudulent) payee – can be detected using anomaly detection technology that monitors account activity from login to logout.