New Delhi, Feb 21 (IANS) Banks in India need to bolster their fraud defences as the number of mule accounts surge and third-party account takeover fraud (55 per cent of all frauds in the country) represents a bigger threat than social engineering scams, a report showed on Wednesday.
Mule accounts are owned by people who are duped by fraudsters into laundering stolen/illegal money via their bank accounts. When such incidents are reported, the "money mule" becomes the target of investigations due to their involvement.
According to the '2024 Digital Banking Fraud Trends in India' report by BioCatch, a global leader in digital fraud detection, every device found to participate in mule activity in India logged into an average of 35 accounts each.
"Fraudsters are likely accessing Indian mule accounts from outside the country. While 86 per cent of the first session of documented mule account activity came from within India, after a month, that number fell to just 20 per cent and 16 per cent of those sessions used a virtual private network (VPN)," the findings showed.
BioCatch customers saw more mule activity (14 per cent of the total) in Bhubaneswar than anywhere else in the country.
Lucknow and Navi Mumbai accounted for 3.4 per cent of recorded mule activity, two cities in West Bengal - Bhagabatipur and Gobindapur - 1.7 per cent and 2.6 per cent, respectively, Mumbai 2.2 per cent, Bengaluru 1.8 per cent, and Cuttack 1.6 per cent, said the report.
At one partner bank in the country, BioCatch found nine out of every 10 mule accounts went undetected.
"The prevalence of mule accounts potentially represents the most under-the-radar trend in the entire fraud space," said Tom Peacock, BioCatch’s director of global fraud intelligence.
The findings came on the heels of a recommendation by the Reserve Bank of India (RBI) that financial institutions in that country abandon text-based, one-time passcodes as a method of secure authentication.
According to counter-fraud expert Charanjeet S. Bhatia, "the existing OTP-based authentication doesn't protect customers against new-age frauds, including customer-initiated fraudulent transactions."
"With the right technology and implementations, banks can do a lot more than what they are currently doing to protect customers," said Charanjeet S. Bhatia in response to the RBI recommendation.