APP Fraud and Money Mule Detection: Why Banks Must Act at Both Ends

Insight · May 2026

Authorised push payment fraud losses are rising globally. Effective response requires action at both the scam origination point and the mule account receiving end.

Authorised push payment (APP) fraud has become the dominant fraud typology in markets with real-time payment infrastructure. Unlike card fraud — where the liability framework and dispute mechanisms are relatively mature — APP fraud sits at the intersection of fraud detection, AML compliance, and customer protection, creating an accountability gap that financial institutions, regulators, and industry bodies are actively working to close.

£460m+

APP fraud losses in the UK in 2024 (UK Finance)

£85,000

per-claim reimbursement cap under the UK PSR mandatory framework

50/50

liability split between sending and receiving banks under UK PSR rules

How APP Fraud Uses the Banking System

APP fraud succeeds because it exploits the trustworthiness of legitimate payment infrastructure. The victim is socially engineered into authorising a transfer — through investment scams, romance fraud, government impersonation, or business email compromise. The payment is made through a legitimate channel, making it instantaneous and, once confirmed, difficult to reverse.

The Fraud-to-Laundering Chain

Social Engineering

Victim is deceived — investment scam, romance fraud, impersonation, or business email compromise

Authorised Payment

Victim authorises transfer via real-time payment infrastructure — instantaneous and irrevocable

Mule Account Receipt

Funds land in an account controlled by the fraudster or an unwitting mule — the AML component begins

Rapid Layering

Within minutes, funds are forwarded through multiple accounts — often internationally — beginning the laundering phase

Beyond Recovery

By the time the victim reports and a recall request is raised, funds have moved through multiple accounts and are typically unrecoverable

The Mule Account Detection Challenge

Mule accounts present a specific detection challenge because individual account behaviour may appear entirely normal at onboarding and during initial operation. The account passes KYC checks. The first few transactions are unremarkable. The suspicious pattern only emerges when the account begins receiving and rapidly forwarding fraud proceeds.

Effective mule detection requires transaction monitoring calibrated for the specific behavioural signatures of mule activity:

Minimal Dwell Time

Rapid receipt and forwarding of funds with near-zero balance maintained between transactions

Credit/Debit Ratios

High credit-to-debit ratios with consistently low end balances — inconsistent with stated purpose of account

Network Concentration

Multiple incoming sources forwarding to a single concentrated destination — a hallmark of the layering phase

Device & Behavioural Signals

Device and session signals consistent with account compromise or recruited mule behaviour

Regulatory Obligations: AML Meets Consumer Protection

United Kingdom

PSR mandatory reimbursement framework effective October 2024
Joint liability for sending and receiving banks up to £85,000 per claim
Receiving bank (mule account holder) contributes 50% of reimbursement costs
Creates direct financial incentive for mule account detection investment
CIFAS National Fraud Database for cross-institution sharing

Australia

AUSTRAC AML/CTF Act obligations apply to mule account-holding institutions
Suspicious matter report obligation when mule activity detected
Australian Banking Association Scam-Safe Accord (2023)
Enhanced mule detection and cross-institution sharing commitments
AFCX framework for cross-institution fraud intelligence sharing

APP fraud and mule account schemes operate across institutions — funds move from the victim’s bank to the mule’s bank, and often through further accounts at different institutions. Single-institution detection can only see part of the picture.

💡 Network participation delivers measurable uplift

Institutions that participate actively in cross-institution sharing networks — both contributing signals and consuming intelligence — consistently achieve higher detection rates for mule account and APP fraud than those that rely solely on internal data. Regulators in both the UK and Australia have encouraged broader participation as a systemic response.

Frequently Asked Questions

What is APP fraud?

Authorised push payment fraud occurs when a victim is deceived into authorising a payment to an account controlled by a fraudster. Common methods include investment scams, romance fraud, impersonation of government agencies, and business email compromise. Unlike card fraud, the victim authorises the transaction directly, making it harder to dispute and often difficult to recover.

What is a money mule?

A money mule is a person whose bank account is used to receive and forward the proceeds of fraud or other crimes. Mules may be willing participants or unwitting victims recruited through job scams or social engineering. In either case, the account performs an AML function within the fraud scheme — layering funds to obscure their origin.

What are the AML obligations of a bank that holds a mule account?

Banks maintaining mule accounts have AML obligations including submitting suspicious matter reports when mule activity is detected, taking appropriate action to restrict or close the account, and maintaining records of the suspicious activity for AUSTRAC (Australia) or the equivalent regulatory body. Failure to detect and report through adequate transaction monitoring may constitute a breach of AML/CTF obligations.

How does the UK’s APP fraud reimbursement framework affect banks?

The UK Payment Systems Regulator’s mandatory reimbursement scheme (effective October 2024) requires sending and receiving banks to share liability for APP fraud losses up to £85,000 per claim. The receiving bank — which held the mule account — must contribute 50% of reimbursement costs, creating a direct financial incentive to invest in mule account detection and prevention.

Can banks share information about suspected mule accounts?

Yes, within defined legal frameworks. In Australia, the Australian Financial Crimes Exchange (AFCX) provides a structure for cross-institution fraud intelligence sharing under safe harbour provisions. In the UK, CIFAS operates a similar national fraud database. Institutions that participate in these networks achieve materially better detection rates than those relying solely on internal data.

Strengthening your APP fraud and mule detection?

Nexiant helps financial institutions build integrated fraud and AML detection capabilities to tackle APP fraud at both ends of the transaction chain.

Get in touch with our team

This article was accurate at the time of publication in May 2026 and is intended for general informational purposes only. It does not constitute legal or compliance advice. Organisations should seek qualified professional counsel in relation to their specific obligations.