Mule fraud rises as banks struggle with post-onboarding identity checks

Mule account fraud is growing fast across banks and fintechs in the U.S. and Europe, with most institutions detecting it only after suspicious transactions occur, according to new research from Incognia.

Incognia’s The State of Mule Account Handovers in 2026 report surveyed more than 500 fraud, risk and AML professionals. It reports that 81 percent said mule‑related activity increased over the past year, showing the change in identity‑based attacks from account opening to a quieter strategy.

Mule account fraud occurs when a legitimate, verified account is taken over or handed off to an unauthorized party to move or conceal illicit funds. Incognia’s findings suggest that initial identity checks are no longer the primary weak point. Instead, fraudsters exploit the lack of ongoing verification once an account is active.

More than eight in ten respondents said mule activity is detected reactively rather than prevented, and more than half – 53 percent – said detecting mule account handovers is harder than many other fraud types.

“The accounts being used for mule fraud today are often ones that passed every check at opening,” says André Ferraz, Incognia’s CEO and cofounder. “The threat has moved to what happens after, and most institutions aren’t equipped to see it. Verifying who opens an account is table stakes — what matters now is knowing who’s operating it six months later.”

The report highlights how, once an account is verified, it can change hands without triggering new compliance requirements, which creates opportunities for organized fraud networks. Institutions must balance fraud prevention, regulatory expectations and customer experience as threats evolve.

78 percent of surveyed organizations said improving mule detection is a high or top priority for the next year, with many increasing investment in AI‑driven analytics and continuous identity verification tools. Ferraz said institutions need “continuous signals” that confirm who is behind an account as behaviour, devices and risk patterns shift.

Incognia’s platform monitors location behaviour and device intelligence throughout an account’s lifecycle, flagging anomalies that suggest a different operator before fraudulent transfers occur. The UK’s Financial Conduct Authority (FCA) has praised firms that use biometric-based safeguards, including behavioral biometrics, to stop money mules.

Article Topics

AML  |  behavioral analysis  |  device fingerprinting  |  financial services  |  fraud prevention  |  Incognia  |  location data