European Fintech Sector Faces Security Risks from Instant Payment Systems

Post Views: 4

Europe’s FinTech Industry Faces Growing Threats from Sophisticated Mule Account Networks

In recent months, a sophisticated network of mule accounts has been exploiting verified FinTech accounts on popular platforms, including Revolut, Wise, and N26, to launder illicit funds across borders.

According to the report, “the operation relies on creating or hijacking verified business accounts, converting them into mule accounts for rapid fund laundering, and selling them on underground markets for substantial profits.”

The attackers use stolen identities, phishing campaigns, and Know Your Customer (KYC) loopholes to create and manage their mule account networks. They target platforms offering fast remote onboarding, simplified KYC verification, and instant cross-border payments via SEPA transfers.

Attack Chain: A Three-Phase Operation

Phase 1: Phishing campaigns are conducted to collect personally identifiable information (PII), disguising themselves as legitimate financial services. Victims submit sensitive data, which is then used to verify and activate mule accounts.
Phase 2: The stolen identity data is used to verify mule accounts on FinTech platforms, taking advantage of simplified KYC processes. This enables the creation of seemingly legitimate accounts for transferring illicit funds.
Phase 3: Operational control is transferred to fraud handlers, who access the newly verified accounts on mobile devices and rapidly move funds across borders, blending into normal user behavior patterns to avoid detection.

Verified mule accounts are sold on dark web marketplaces for prices ranging between $200 and $1,000 per account, depending on the platform and the account’s status. These accounts are valuable due to their pre-verification status, allowing for instant transactions and reduced risk of immediate platform suspension.

Scale of the Problem

Estimated credit transfer fraud losses across the European Economic Area reached approximately $2.5 billion in 2023, a sharp increase from the previous year. Mule accounts are a primary mechanism for these losses, as funds are transferred within minutes using instant payment infrastructure, leaving minimal recovery time.

Detection and Prevention

Detecting fraud at the individual account level is challenging due to the complexity of the attack chain. However, network-level monitoring can help identify coordinated abuse patterns, including rapid account creation, inconsistent device fingerprints, SIM-based IP anomalies, and sudden behavioral shifts after verification.

Cybersecurity experts urge FinTech companies to strengthen fraud detection systems by integrating behavioral analytics, device intelligence, and cross-platform risk-sharing. Stricter monitoring of virtual mobile network operators (MVNOs), abnormal login patterns, and rapid post-KYC device changes are also recommended.