Money mules have become a main way fraudsters move stolen money. They often recruit students, gig workers, and financially stressed individuals to open or misuse their bank accounts.
Manish K Agrawal, Senior Executive Vice President – Credit Intelligence & Control, HDFC Bank.
As citizens from all age groups and socio economic classes continue to get trapped into cyber frauds, efforts are required at all levels to curb the menace. While on the industry front with support from major banks, there is an artificial intelligence platform being developed to red flag suspicious accounts, citizens also need to take the necessary steps not to get entrapped.
Manish K Agrawal, Senior Executive Vice President, Credit Intelligence & Control, HDFC Bank, discusses the issue of money mules, industry efforts to curb the menace; payment frauds and various preventive and detective controls to be enforced.
Edited Excerpts
Money mule accounts have emerged as a fundamental problem working strongly on the side of the fraudsters. How can AI play a part in resolving this issue? Any industry-led efforts that you can talk about ?
Authorities and the digital-payments ecosystem are working together to fight the rise of money-mule fraud. A central platform powered by Artificial Intelligence is being built to spot suspicious accounts early, and an organisation has been set up to scale these efforts with support from major banks.
Money mules have become a main way fraudsters move stolen money. They often recruit students, gig workers, and financially stressed individuals to open or misuse their bank accounts. Since traditional checks are no longer enough, the industry is now using smarter AI tools. These tools study behaviour, transaction patterns, device activity, and unusual links between accounts.
Advanced AI models are being used across the ecosystem, and phone-number risk detection is improving because almost every mule case starts with a call or message.
UPI and instant payments leave almost no reversal window. How is the bank using real-time analytics or behavioral biometrics to identify anomalous transactions before the customer actually completes the payment?
Banks now use real-time analytics and behavioural biometrics to detect unusual activities even before payments go through. They also analyse device and SIM behaviour and apply cooling-off periods to prevent misuse. High-risk phone numbers are also filtered out for UPI, since many UPI scams start with calls, SIM swaps, or fake SMS messages.
To protect customers, banks follow a multi-layer security model:
Preventive controls
Daily transaction limits
SMS/email alerts
Cooling-off period for new payees
Limits on collect requests and merchant payments
Device-binding checks
Real-time monitoring of transactions
Customer-profile-based rules to flag or block risky activity
These systems analyse patterns such as transaction speed, device details, merchant type, IP range, and other risk signals. AI/ML scoring further strengthens detection.
Banks also act on known / suspicious mule accounts, fraudulent beneficiaries, and risky IP addresses to avoid repeated fraud.
The RBI framework places significant weight on how quickly customers report fraud. From your data, is customer awareness and reporting speed today a bigger determinant of loss than the sophistication of the fraud itself ?
The issue is not how quickly people report fraud—it’s how long it takes for the victims to realise they’ve been duped. In scams like investment fraud, digital arrest, and romance scams, victims often keep engaging with fraudsters for weeks or even months. By the time they understand what has happened, the money has usually moved deep into mule networks.
That’s why early reporting is crucial. Citizens now have simpler ways to act quickly, including a national cybercrime helpline (1930) for instant reporting and online portals to flag suspicious calls, messages, or links.
We also emphasise fast action through a simple three-step reminder: LBW
L – Law Enforcement: Report at cybercrime.gov.in or call 1930 immediately.
B – Bank: Inform the bank right away so fraud-control measures start.
W – Wipe: Reset your device and update passwords to stay safe.
Early awareness and quick action make the biggest difference.
The fight against digital fraud cannot be won without all the stakeholders – citizens, banks, regulators, government, enterprises, vendors – coming together. Please brief on how each of them can play their part?
Government, regulators, banks, and law-enforcement are working together with a focus of preventing cybercrime. It is now a top priority in board meetings, regulatory discussions, and high-level review meetings. Most of the digital-payments ecosystem is already connected to a central real-time cyber-fraud response system, allowing quick action the moment a victim reports a case.
This coordinated effort has helped hold back funds, reduce fraud attempts, and enable on-ground action. To prevent such frauds, we need a unified effort from all stakeholders, including customers. Awareness is the strongest weapon, and every citizen should remember:
There is no such thing as a ‘digital arrest.’
No scheme will give high monthly returns through pre-IPO or similar investments.
Search-engine results can be misleading—always verify contact details on the official website.
One can enjoy a secure online journey by adopting the simple LBW approach as mentioned above.
Empower your business. Get practical tips, market insights, and growth strategies delivered to your inbox
By continuing you agree to our Privacy Policy & Terms & Conditions
