The Reserve Bank of India (RBI) has implemented a slew of measures to check muling, laundering and swindling. Banks have adopted many such measures like iris scanning, location mapping, video KYC, third party verification, OTP based delivery of welcome kit, identifying mule account at the opening stage through MuleHunterAI etc. These are sophisticated measures and bypassing these hurdles would be a quite difficult for scamsters. Let us discuss these in detail.
As per Digital fraud detection company BioCatch, nine out of ten mule accounts go undetected. Banks are not able to identify such accounts because these are opened through legitimate KYC. The number of cyber fraud cases have increased 10 times during last five years, as per data provided by the government in the Parliament. Cyber fraud industry has grown from Rs 129 Crore in FY20 to Rs 1455 Crore in FY24. Ninety percent of the cyber-crimes were routed through mule accounts. Therefore, we would dwell upon Mule accounts first.
The menace called Mule account: Mule accounts are genuine bank accounts with genuine KYC details. The owner is equipped with cheque book, debit card, internet banking, mobile banking etc. He has all the facilities a bank account holder can avail. The account owner gives the account on rent and hands over all his banking facilities including log in id and password to the bank account tenant. As per prevalent practice, the account owner is paid 1.0 per cent of the transaction amount. Suppose the mule account has been used for a transaction of Rs 10 lakh, the account owner gets Rs 10000 as rent. In some cases, there is fixed rent for the account. You google for ‘bank account on rent’ and will find numerous bank account landlords and tenants. After all, what’s the use of mule account?
Mule accounts are used to receive and transmit money generated through hacking, gaming, drug trafficking, sale of illegal weapons etc. Sometimes, the mule is asked for cash and sometimes just transfer of money to some other account. The terrorists had used the channel of mule account for financing Parliament Attack of 2001. Many people are involved in the business of roping in unsuspected daily wagers for acquiring mule account and renting the same at higher fees. Mules are mules. Sometimes they act smart. Either they vanish with the entire money or report the transaction to police and share the booty.
As per cyber fraud textbook, mules are of five kinds: Victim mule, Misled mule, Deceiver mule, Peddler Mule and the Accomplice Mule. A victim mule is a victim of data theft and is unaware of transactions in his account. The fraudsters open account in his name without his knowledge and consent and operate the same as per their wish. Misled mule is a mule who sends and receives money through his account believing that the money is clean. Some companies employ people as money transfer agent and utilize their account for mule purposes as per employment terms and conditions. These are Misled type of mules. Deceiver mule is an account where stolen or synthetic identities are used to send and receive ill gotten money. Peddler mule sells his account to the fraudster for one time lumpsum payment or monthly rent/commission. Accomplice mule either opens new account or uses existing account to send and receive dirty money. These are only broad classifications. Dead persons’ accounts are rented by their family members to earn ‘extra’. Mule account dealers may be seen at crematoriums in search of prospective clients.
RBI takes proactive measures: The RBI innovated MuleHunterAI has started catching mule accounts at the account opening stage itself. If a new firm/company has minimum registration formalities, new PAN, registration address located at co-working space, recently activated mobile number, dubious financial background of entity owner etc, the MuleHunterAI red flags the account. Such red flagged cases are referred for third party verification. The branch manager is unaware of the details of such third party vendors. Third party verifier visits the premises, takes photographs/films video, talks to neighbours, maps location and photographs Boss of the office in boss chair. If he submits a negative report, it becomes a bit tricky to open account. In such cases, there is only one way out. The branch manager has to take written permission from his regional and zonal head to open that particular account. No branch manager would take that much risk for a particular account.
Eye (Iris) scanning of the account holder: AU Small Finance Bank has introduced iris scanning in account opening process. The bank executive will capture your eye (iris) movement at the time of account opening. It should match with your Aadhar data. In some cases, if it doesn’t match, biometrics are done. If biometrics also fail, then cheque from previous account is the only remedy. These measures are in addition to Aadhar, PAN and Photo. You can’t activate mobile banking of AU bank without verifying your iris.
Video KYC of the client: Most of the banks use video link to open bank account. This video link captures photo, video, iris movement, IP address and location details of the account holder. If all goes well, the bank sends a payment link to the account holder. The payment should be made from an account/Paytm held by the account holder previously. In case, it is the first account of the client, permission to make payment through identified friend and family members can be permitted.
Robust account activation process: The account opening process has three parts: fulfilment of KYC and related requirements, execution of payment (cheque/Paytm) and successful delivery of welcome kit. Even if you fail to take delivery of Welcome Kit, your bank account will not get activated. If back office of the bank objects and requests re-KYC, it has to be done and a selfie with the banking executive/branch manager would be compulsory to open the account. It is worth mentioning that the Welcome Kit delivery executive has been mandated to take KYC details and verify mobile through OTP before handing over the kit.
Onus Lies with the account holder: You must be wondering as to why these tough measures are being adopted. These are being done to fix accountability at account holder in case of muling. The mule account holders won’t be able to play victim card if their accounts are found involved in scamming, swindling and aiding/perpetrating a cybercrime. It would become next to impossible to open a bank account with doctored and stolen Aadhar and PAN. One can’t copy someone’s biometric identity or iris movement. Video details can’t be denied in a court of law.
If you are being cajoled by someone for lending your bank account, be aware. The onus of swindled money routed through your account lies with you.
Great.