Stay tuned with CashEssentials news ! - beyond payments
By subscribing, you accept our Privacy Policy.

Stolen iPhones and Digital Payments (I)

Categories : Cash does not require a technology infrastructure, Cash generates security, Cash is easy to use, Costs of cash versus costs of electronic payment instruments
February 20, 2024
Tags : Crime, Digital payments, Mobile Payments, Security, UK
Digital payments become a nightmare after losing your mobile phone, as I learned from two robberies in London last year. 
Manuel A. Bautista-González

Ph.D. in U.S. History, Columbia University in the City of New York

Post-Doctoral Researcher in Global Correspondent Banking, 1870-2000 – Mexico and South America, University of Oxford

This post is also available in: Spanish

As I was walking back to Soho from a concert in London last October, at around 1:10 am, a young man approached me and said, “How’s it going, mate? All good?” While he spoke, I felt his hand getting close to the chest pocket of my rain jacket. I got scared, thinking he had a knife or gun, and walked away. Seconds later, I noticed my iPhone was gone. Then, in December, two days before I traveled back to Mexico, I was waiting for an Uber outside of a cocktail bar in Soho at 1 am. A young man grabbed me by the arm, hit me repeatedly in the arms and legs, and took my phone and my wallet.

Digital payments, ubiquitous as they are, are praised for being seamless and frictionless. Mobile wallets and banking apps are supposed to make our lives easier, making cash nearly redundant. Some – including Björn Ulvaeus, former ABBA singer and co-author of Money, Money, Money, or Harvard Professor Kenneth Rogoff, author of The Curse of Cash –  argue that abolishing cash would eliminate or reduce criminal activity. Consumers in developed nations have all but stopped carrying banknotes, thinking they are safer using their phones to pay for every transaction. However convenient they might be, digital payments increase the risk of losing more funds than a person’s cash.

After the shock and adrenaline dissipated, both incidents showed me how vulnerable customers are when they lose their mobile phones. In what follows and in a second article, I will describe some downsides and risks of mobile phone thefts everyone faces by relying on mobile, digital, and contactless payments.

Tracking the Stolen iPhones and Securing Access to My iCloud Account

In October, I thought I could have dropped my phone on the street, hoping for the best. I geolocated it using another device. The iPhone’s last location was where the thief intercepted me. Ten minutes later, the location changed to a backyard in the block in front of my hotel. That was when I realized the man was a pickpocketer. The hotel employees called the police from the lobby. They told me another guest had his phone stolen mere days before.

While I called the police, some passers talked to the hotel employees. Two had their phones stolen while I was talking on the phone. The employees showed me the video feed from the front door camera. We witnessed how the thieves exploit the camera’s blind spots: their faces never appear in the recording.

The police operator recommended I erase the device remotely as soon as possible since the thieves could make transactions and transfers if they knew my Apple passcode. That was not the case then. In December, I returned to my hotel and erased the device remotely. After erasing a device, apple sends an email notifying the user that the iPhone’s mobile wallet has been disabled and that no payments can go through. However, I still had to call my banks and credit card issuers to cancel payment cards and report fraudulent transactions. The problem got compounded as I had banking apps and digital cards from the United States, the United Kingdom, and Mexico.

In October, the Apple Store employee said many customers had told her they bought new phones after being pickpocketed. I insured the new phone but AIG took nearly three weeks to process the claim after the December robbery to ship the phone to my friend Alejandro Rubio’s house in Oxford. In October, Lebara shipped a new SIM with expedited delivery, but it arrived late due to Royal Mail’s staff shortages in the Oxford area. In December, I could not get a new phone or a SIM in time to travel back to Mexico: there was no time before the flight and I had lost my HSBC debit card.

Banking Apps


I called HSBC U.K. first as my primary account. In October, the HSBC executive deactivated the digital card in my Apple wallet and confirmed the thieves made no transactions. He froze my physical debit card, too, which entailed a one-hour-long call to reactivate it to pay for a new phone at the Apple Store. In December, the bank executive repeated the procedure, told me there had been three transactions, each for less than the 100-pound limit to contactless payments, and refunded them.

I could not make the HSBC app work on a new phone, though, as activating it required double verification through an SMS message sent to my old phone. That took the best of a week. Had I changed to a new phone number, HSBC would have restricted my mobile and online banking for five working days, a standard procedure to protect customers from fraud.

For the robbery in December, I had to wait until I returned to the United Kingdom in late February to recover my SIM card. HSBC offered to help me make payments through their phone banking channel. However, this entailed getting the new debit card number, which was only possible with the providential help of my friend Alejandro, who went to my house and took pictures of my new debit card number. Had it not been for him, I would have been unable to pay my Oxford rent or transfer funds to my Mexico bank accounts.

Monzo U.K.

I employ Wise and Revolut multicurrency accounts to make international transfers. They were both safe. I reestablished access easily, as the mobile phone associated with them is a Google number, which I can access through the Google Voice website and app. My Monzo account was secure, and recovering it was relatively straightforward. Monzo validated my identity after I recorded a video message.

In January, I called HSBC to pay the rent and transfer funds to my Monzo account. From Monzo, I transferred funds to Mexico via Wise. The process took longer than expected, as Monzo’s systems flagged the transaction as suspicious. This digital bank refused to make the transfer at first; it asked me to validate my identity, and after a while, it processed the transaction after a second try.

BBVA Mexico

Most annoyingly, I was unable to use my BBVA app, my main bank account, during my stay in Mexico. Telcel deactivated my cell phone number shortly after I moved to the United Kingdom. While in Mexico, I withdrew funds from my BBVA debit account and paid most of my expenses with cash. To make interbank transfers, I relied on Hey and Spin, digital debit cards issued by Banregio and Oxxo, respectively.

While I could still use the BBVA physical debit and credit cards, I could not make transfers or online transactions, as the bank expected users to access the app and provide data from a digital card to prevent fraud. The app crashed whenever I tried reactivating my BBVA app with a new phone number.

After multiple visits to the bank branch, phone calls to BBVA’s customer service line, and direct messages on Twitter, a patient employee at the branch went with me through every step of the onboarding process. It turned out that I had to e-sign a PDF document hidden within the registration form to complete the onboarding.

This post is also available in: Spanish