The Rise of Mule Accounts as a Service (MAaaS): A Growing Underground Economy

mule accounts as a service maaas criminal networks cross-border typologies

This image is AI-generated.

An exclusive article written by Rosie Anna

Financial crime has never stood still with the legitimate economy – yet, what is being done in the underground today is more systemic and more commercialised than most compliance staff are ready to handle. Mule Accounts as a Service (MAaaS) is no longer a fringe phenomenon. It is an organized, subscribing criminal business that has silently emerged as one of the most influential facilitators of money laundering globally.

It is not merely a matter of people being fooled into transferring dirty cash. It is concerning the power of organised crime groups to operate at the sophistication of a startup – developing tiers of service delivery; optimizing their recruitment channels to the performance of a gig economy platform.

What is Mule Accounts as a Service?

MAaaS refers to the complete commercialisation of money mules. Instead of having to resort to ad-hoc recruitment, criminal organizations have become brokers now, providing ready-to-wear bank accounts, usually in large quantities, on behalf of fraudsters, scammers, and laundering networks as and when needed.

The model is a reflection of legitimate Software-as-a-Service structures. Customers get a list of mule accounts, can sort by bank, jurisdiction, age of account, and pay with cryptocurrency, and obtain credentials or access. Vendors keep a constantly growing supply of accounts by recruiting or producing new ones, sometimes at a rate that the lenders can hardly detect or close them down.

This commoditization has transformed the scene of money laundering. In less than an hour, a batch of verified UK bank accounts can now be purchased through a Telegram channel by a fraud ring based in Southeast Asia.

The Magnitude of the Problem

The figures are bleak. In the January 2025 BioCatch report, almost 2 million money mule accounts were reported in 257 financial institutions in 21 countries alone in 2024 alone and BioCatch analysts themselves had indicated this was probably only a fraction of the number of accounts in operation in the 44000+ financial institutions around the globe.

The report by NASDAQ 2024 Global Financial Crime Report estimates that in one year, illicit funds in the amount of 3.1 trillion were transferred through the global financial system. The National Crime Agency estimates that over 10 billion dollars are laundered in the UK alone through the activity of money mules each year, with more than 225,000 mules identified in 2024 – a 23% increase from the previous year.

The magnitude on an international scale is depicted in Operation EMMA by Europol. In 2023, EMMA 9 found 10,759 money mules and 474 recruiters, leading to 1,013 arrests in 26 countries. In 2021, EMMA 7 found over 18,000 miles in 2,500 investigations, and estimated prevented losses of €67.5 million. These are not single-time operations that get amateurs, but the tip of an ever-renewing criminal supply system.

The Organization of the Underground Economy

MAaaSs have levels of operation

Account manufacturers open or buy accounts at the base with real or synthetic, or stolen identities. This process has been industrialised by KYC bypass tools. In 2026, a two-month MIT Technology Review study found 22 publicly available Telegram channels that sold bypass kits, virtual camera software, and stolen biometric information – all aimed at overcoming liveness checks during digital onboarding. Criminal gangs in Australia are willing to pay mules as little as AUD 500 to get unlimited access to accounts. In Ireland, the Black Axe crime gang recruited people between the ages of 17 to 22 to launder 84 million Euros in Irish banks.

Brokers and marketplaces form the second level in which accounts are aggregated and sold in large blocks. They are mainly active on Telegram and dark web forums, and the accounts are sorted by country, bank, balance, and level of verification. In 2024, the Digital Footprint Intelligence team at Kaspersky reported a 53 percent increase in activity by cybercriminals on Telegram, and shadow channels are actively traded to buy and sell mule accounts. Premium accounts – business status, an older history attracts higher prices.

Final consumers, BEC operators, romance scam networks, and crypto fraud syndicates buy accounts in bulk, launder money in several steps to cover up the source, and redeem into assets or cryptocurrency. Europol attributes 90 percent of money mules to cybercrime, and mule networks have been used in schemes involving SIM-swapping and phishing as well as e-commerce fraud.

Recruitment: The Human Vulnerability

The infrastructure is digital, but recruitment takes advantage of the vulnerabilities of humanity. Organised crime networks are increasingly accurate in their attacks on economic despondency, digital illiteracy, and social isolation.

Almost two-thirds of the money mules in the UK are below 30. The 2535 age range is the most commonly recruited through social media and gig economy platforms through fake job advertisements in the US. In 2024, Lloyds Bank reported an increase in mule accounts of individuals older than 40 years by 73 percent, suggesting that even older age groups are being actively targeted now.

The idea is rather straightforward: deposit cash into your account, retain a certain percentage, and transfer the rest. When victims learn that they have been used to launder money, it is usually too late, as the money will have been transferred through several accounts, making it virtually untraceable.

The global nature of recruitment networks is reflected in the law enforcement responses. In 2025, Operation Hydra by Tamil Nadu led to the disruption of syndicates running in several states in India. In Delhi, the Enforcement Directorate has captured 322 mule account passbooks that have been opened in the names of labourers, which were related to a massive construction scam. More than 3,500 suspected mules and fraudsters were investigated in the first half of 2025 in Singapore, which is linked to scam proceeds of more than SGD $123 million.

The Detection Arms Race, AI, Deepfakes

The most threatening trend in MAaaS is the use of AI-powered technologies to overcome institutional defences. Fraudulent identity verification and KYC are now being done with deepfake technologies on a regular basis. Virtual camera apps – replacing live video streams with recorded or AI-generated video – are openly sold on Telegram to complete biometric liveness checks when creating an account.

In late 2024, FinCEN published a particular caution regarding KYC deepfakes, urging institutions to not just focus on verifying identities but also to observe more general transactional patterns. However, the RBI Innovation Hub in India reported that 8 out of 10 banks continue to use basic rule-based systems to identify mule accounts, which are completely ineffective in coping with the complexity of contemporary MAaaS operations.

The outcome is a vicious circle: institutions enhance onboarding security, criminals spend more money on better bypass tools, and the process repeats.

The Compliance Gap and Regulatory Response

In 2024, the Payment Systems Regulator in the UK proposed new rules on mandatory reimbursement, which assigns half of the cost of reimbursement in case of fraud to the payment service provider who received the proceeds. This made the banks that did not screen the incoming mule activity sufficiently financially liable.

But detection is not steady. In 2024, 96% of cases of UK APP fraud used Faster Payments, which allowed money to flow through mule accounts nearly instantly. According to the data of Lloyds Bank, Faster Payments represented 57% of the outbound payments of the rise of mule accounts identified. When a victim reports fraud, three or four accounts are usually cleared by the time the victim notifies the authorities.

The Money Mule and Financial Exploitation Action Plan (2024) of the UK is dedicated to cross-sector data sharing, awareness efforts, and new specialist posts. Currently, the EMMA activities of Europa police include more than 2,800 banks and financial institutions in the whole world. FinCEN still publishes typology-specific alerts that encourage institutions to submit mule intelligence pursuant to Section 314(A) of the USA PATRIOT Act.

Nonetheless, regulation is always at the back of criminal innovation. The mule account infrastructure has been commoditised such that, despite law enforcement destroying a network, there are accounts listed for sale as soon as they are destroyed.

Typologies AML Professionals Should Monitor in MAaaS Ecosystems

From an AML/CFT standpoint, Mule Accounts as a Service introduces a convergence of traditional mule activity with platform-driven, scalable financial crime. Compliance teams should focus on typologies that reflect both behavioural anomalies and network-level coordination. Key red flags include rapid onboarding followed by immediate high-velocity transactions, especially where accounts exhibit minimal prior activity. Structuring patterns across newly opened or dormant accounts—often involving small inbound transfers followed by quick layering through multiple beneficiaries—remain highly indicative. Another critical typology is the reuse of shared identifiers (devices, IP addresses, or biometric artefacts), suggesting synthetic identity farming or centralized account control. Additionally, discrepancies between customer profiles and transaction behaviour—such as low-income individuals suddenly processing high-value cross-border flows—should trigger enhanced due diligence. Finally, institutions should monitor for “account lifecycle compression,” where accounts are opened, utilized for laundering within days, and subsequently abandoned. These patterns, when viewed in isolation, may appear low-risk, but collectively they signal MAaaS-driven laundering infrastructure.

The Industrialisation of Financial Crime and the Urgency for AML Transformation

Mule Accounts as a Service is the industrialisation of money laundering. What used to be an expensive operational overhead (finding and managing mules) has turned into a commodity to be plugged and played, with large-scale access, and the support structures of professional assistance and the AI-aided tooling to avoid detection.

The 3.1 trillion that is transmitted annually through illicit channels flows through onboarded accounts that are operated by banks and through payment rails operated by institutions. Passive detection is no longer a good option for financial institutions. Combined with cross-institutional intelligence sharing, proactive, behavioural, and network-level monitoring is now a regulatory and reputational requirement.

The black economy has professionalised. It must be matched with the compliance response.

Key Points

Mule Accounts as a Service represents the industrialisation and commercialisation of money mule networks at scale
Criminal groups now operate structured supply chains, including account manufacturers, brokers, and end-user fraud networks
Over 3.1 trillion dollars in illicit funds flow annually through systems increasingly reliant on mule account infrastructure
Recruitment strategies exploit vulnerable populations, with growing diversification across age groups and geographies
AI-driven tools such as deepfakes and KYC bypass kits are significantly reducing the effectiveness of traditional controls

Some of FinCrime Central’s articles may have been enriched or edited with the help of AI tools. It may contain unintentional errors.

Want to promote your brand, or need some help selecting the right solution or the right advisory firm? Email us at info@fincrimecentral.com; we probably have the right contact for you.

The Rise of Mule Accounts as a Service (MAaaS): A Growing Underground Economy

Table of Contents