Catch mule accounts before the money leaves.
Score every account against the full set of mule typologies, and let the graph surface the ring before the first outbound payment ever clears.
Score all five mule personas in one model.
Catch the mule from opening through ongoing activity.
Expose full rings with multi-hop graph resolution.
Flag mules before the first outbound payment clears.
Catch the mule from account opening through every outbound payment.
Score the account before it is approved.
Check device, phone, email, and address reuse against known mule clusters at application, and stack synthetic-identity indicators, velocity, and identity-signal anomalies on top before approval lands.
Watch the dormant-to-active window.
Monitor funding patterns, first-party mule signals, and device sharing across the 30 to 90 day window from open to first activity, so the score moves as behaviour accumulates and the flag fires before the first pass-through.
Score every outbound on the live account.
Watch outbound velocity, counterparty graph structure, layering patterns, and balance-to-outflow ratio on every active account, even after the early stages cleared.
Catch the mule whether they are complicit, coached, or coerced.
Read every account across behaviour from inside the account, the graph that connects it to others, and the device behind every session, so the persona behind the mule surfaces before the money moves.
Deceiver
Catch a Deceiver application by spotting device, phone, or email reuse against known mule clusters, with velocity and identity-signal anomalies stacking on top of the match.
Peddler
Catch a Peddler when the login rhythm shifts, the device switches, and a dormant balance activates with atypical funding and pass-through flows.
Accomplice
Catch an Accomplice from the outbound shape: structured pass-throughs, consistent beneficiary clusters, and payment velocity that does not match the stated income.
Chump
Catch a Chump from the inbound shape: payments referenced to romance or investment scams, with repeat inflows from senders the customer has no history with.
Victim
Catch a Victim from session and device anomalies, credential-stuffing signatures, and a sudden break from the customer's own baseline driven by an external operator.
REGULATORY COVERAGE
Produce regulator-ready output on every mule case.
Hand the same case packet to compliance and to the regulator with the persona tag and the report already filled in.
Regulatory frameworks
- Aligned to global money mule typology guidance.
- Reporting-ready output for every market the program covers.
- Audit-ready SAR and STR packets generated from the case.
- Pre-mapped to the financial-crime expectations each market sets.
Reporting outputs
- SAR or STR narrative drafts per case
- Typology-coded alerts aligned to exam guidance
- Exam-ready evidence preserved per mule case
- Immutable audit trail across every action
What OneLattice delivers
- Narrative pre-populated with typology code
- Regulator-ready case packets per confirmed mule
- Audit trail of every case action preserved
- Regional data residency with encryption in transit and at rest
INVESTIGATION
Work the mule case from flag to filing.
Open one flagged account and let the platform expand the ring, assemble the evidence, and notify the counterparties.
Expand the network from one flagged account.
Pull every shared device, phone, address, and counterparty into the same case, so the team works the ring instead of reopening it per member.
Explain every alert with SHAP-grounded signal weights.
Show the signals behind every alert and the weight each contributed, so the investigator sees why the score moved before opening the file.
Pre-fill the narrative from the case.
Draft the narrative from the case with the persona, the timeline, and the behaviour cited, so the investigator edits instead of starting fresh.
Trigger account restriction from inside the case.
Fire hold, freeze, and review actions from the case, with the audit trail and restriction state carried across every related account.
Queue cross-institution information sharing.
Draft the information-sharing request the moment a counterparty gets implicated, and track the response in the outreach queue.
Notify the downstream payment counterparties.
Fire notifications to counterparty institutions the moment the mule confirms, so each one rejects the next attempt at the payment edge.
PLATFORM
Explore the rest of the fraud stack.
One platform from intake through investigation.
Payment Fraud Prevention
Score the mule payout and the underlying transaction on the same call from the payment layer.
Learn more →Account Takeover Prevention
Catch session takeovers and credential abuse before the mule starts moving funds.
Learn more →Identity Fraud Prevention
Catch the synthetic and recycled identities that open mule accounts.
Learn more →Transaction Monitoring
Run AML monitoring on the same data and produce SAR output from the same case evidence.
Learn more →Customer Risk Assessment
Tier every customer at intake and re-score the moment a mule signal hits the file.
Learn more →Case Management
Work every mule case in one queue with the evidence pack already assembled.
Learn more →Investigation & Reporting
Draft SARs and chargeback packages with the audit trail attached.
Learn more →Agents on this workflow.
OneLattice's purpose-built agents that handle this work end-to-end.
Triage Agent
Works the mule queue end to end and learns from every analyst disposition.
Investigator Agent
Builds the mule case before the investigator opens it and recommends the next action.
Network Analyst
Maps mule rings on the cross-customer graph and surfaces the next one fast.
Pattern Analyst
Catches novel mule patterns hiding in your data before any rule library does.