AI’s upgraded the fraudster. Let’s upgrade our defence

Wait 5 sec.

The mule account has quietly become the load-bearing wall of digital fraud in India. As laundering channels multiply at machine speed, banks do not need louder alarms — they need a transaction-monitoring intelligence layer that cuts the noise and catches what matters. To understand why it has grown so dangerous, it helps to remember how much the ground beneath us has moved.AdvertisementTen years ago, banking largely meant a branch, a queue, and a passbook. Today it lives entirely on the phone, with the Unified Payments Interface (UPI) alone processing nearly Rs 30 trillion in a single month across more than 800 million digital users.Here lies the uncomfortable corollary: Every new rail we build for legitimate money is also a new lane for illicit money.Artificial intelligence (AI) has mechanised the entire craft. No longer is a forged signature the extent of fraud. A few seconds of audio is now enough to manufacture voice instructions from a “CFO”. Stolen data is being used to walk synthetic identities through onboarding checks. Deepfake scams are being run at a scale that has touched nearly half of all Indian adults.AdvertisementThe damage shows up on three fronts. Identity fraud, where the customer never truly existed. Monetary fraud, where the victim is socially engineered into pressing “send” themselves, defeating every authentication factor we built. And beneath both — the core — the mule account.The mule is the getaway vehicle of digital crime. In a single year, agencies froze close to 4,50,000 mule accounts through which more than Rs 17,000 crore had already been routed.The regulator has clearly heard it. The Reserve Bank of India’s (RBI) MuleHunter.ai, the digital payments intelligence platform being built with the National Payments Corporation of India (NPCI), and the recent discussion paper proposing deliberate “frictions” on suspicious transfers all point the same way. But here is the sobering part: A rule we write on Monday is played upon by Friday.Almost every bank and NBFC already runs a transaction monitoring system. The problem is not that these systems flag too little. It is that they flag far, far too much. Such a system does not strengthen a bank’s defences but slowly erodes its own analysts’ trust in the alert itself, until the one signal that genuinely matters is lost in the static.This is not hypothetical. One global lender recently absorbed a penalty in the region of $3 billion, in part because alert fatigue meant genuine signals sat unread in a queue nobody could clear. The cost of noise is not merely wasted hours. It is missed crime and consequent monetary and reputational losses.The answer is not a louder alarm, or a larger team. It is an intelligence layer that sits on top of the monitoring system — one that stops handing the money laundering reporting officer a flat list of 48,000 alerts and starts answering the questions that matter. Which five rules are generating 80 per cent of your noise and never converting into a Suspicious Transaction Report? Which clusters look like a mule ring assembling in real time, while funds can still be frozen?This is the shift the next few years demand.For those running banks and non-banking financial companies (NBFCs), the instruction is not the tired “adopt AI”. It is sharper.Deploy intelligence at the two points where it changes the odds. First, cut the noise so your best analysts spend their scarce hours on the 5 per cent that is real rather than the 95 that is not. Second, surface the mule networks early, while money is still recoverable.AI is now on both sides of the table. The fraudster has also picked it up.The only open question is whether our defences have. In banking, trust has always been the real moat. Protecting it is how we build a digitally inclusive and secure Bharat.The writer is co-founder and CEO of Optimoney Technologies, a RegTech firm working on AML and compliance intelligence for banks and financial institutions. Views are personal