Stay tuned with CashEssentials news ! - beyond payments
By subscribing, you accept our Privacy Policy.

U.S.: Phone Thieves and Payment Apps

Categories : Cash does not require a technology infrastructure, Cash generates security, Cash protects privacy and anonymity, Costs of cash versus costs of electronic payment instruments
March 29, 2023
Tags : Digital payments, Mobile Payments, Security, US
Thieves steal funds via payment apps using their victims’ iPhone passcodes or the smartphones’ facial recognition technology.
Manuel A. Bautista-González

Ph.D. in U.S. History, Columbia University in the City of New York

Post-Doctoral Researcher in Global Correspondent Banking, 1870-2000 – Mexico and South America, University of Oxford

This post is also available in: Spanish

It is often argued that cash’s anonymous and untraceable nature fuels the criminal economy. Kenneth Rogoff argued in his 2016 book The Curse of Cash that “paper currency, especially large notes such as the U.S. $100 bill, facilitates crime.” Björn Ulvaeus, a former member of the Swedish pop group ABBA, is also adamantly against cash and claims it is a tool of preference for criminals.

However, criminals have adapted very well to the digital economy. Bands of thieves are stealing funds via digital payment apps using their victims’ iPhone passcodes or drugging them to use their phone’s facial recognition technology. Such crimes have been reported in cities such as Boston, London, New York, and Mexico City.

Targeting iPhones’ Passcodes

“It’s just as simple as watching this person repeatedly punch their passcode into the phone. There’s a lot of tricks to get the person to enter the code.” – Sgt. Robert Illetschko of the Minneapolis Police Department.

Thieves are exploiting an iPhone vulnerability: the passcode, a string of numbers that grant access to a device (see Illustration 1). Criminals befriend victims at bars, ask them to take a photo or open up Snapchat or other social media apps, and observe while the owners unlock their iPhones with the passcode.

Illustration 1. iPhone Passcode Robberies.

After thieves learn a user’s passcode and steal the device, they can change their victim’s Apple ID, lock the user out of their account, unlock the phone’s stored passwords, and commit thefts through Apple Pay charges, banking and mobile payment apps.

Keys to the Vault: Passcode Breaches

Criminals Target Gay Men’s Phones in New York City Bars

The New York Police Department (NYPD) is investigating the deaths of two gay men, first regarded as drug overdoses but now considered robberies. The victims’ relatives found the men’s bank accounts were drained using banking apps, PayPal and Venmo accounts, and their credit cards were maxed.

Thieves target New York bar-goers, launder money via apps, and then resell the phones. The perpetrators unlock users’ phones with facial recognition technology by holding the devices in front of their faces while the victims are unconscious.

An NYPD grand larceny task force is investigating at least a dozen similar non-fatal cases. New York Times reporters spoke to five men drugged in gay bars and awoke to find their bank accounts had been emptied, and their credit cards were maxed out.

What Should Users Do?

 “The most important thing is awareness. People forget that what they’re holding in their hand is their entire life. If someone has access to it, they can do a lot of damage.” – Sgt. Robert Illetschko of the Minneapolis Police Department.

Wall Street Journal reporters put together a list of recommendations to protect data from thieves.

This post is also available in: Spanish