Your NPR news source
Photo illustration of someone about to send $1000 to via the Venmo app, Tuesday, Dec. 5, 2023.

Bank apps like this one have been used by robbers to loot victims’ accounts. These crimes involving cell phones are a relatively new and growing phenomenon in the city’s growing scourge of robberies.

Tyler Pasciak LaRiviere

‘Bank jackings’ in Chicago see robbers drain victims’ accounts with their phone apps

You know about carjackings. Now, you also need to be wary of “bank jackings.”

Millions of Americans whip out their phones to pay for everything from dinners to vacation rentals using banking apps like Zelle, Venmo and Cash App. But that convenience is fueling a new kind of robbery.

In Chicago and other cities, gunmen have been forcing people to unlock their phones with their pass codes or technology that recognizes thumbprints and faces, according to police.

Once in, the robbers drain victims’ bank accounts. The payoff is often $1,000 or more — a lot more than criminals typically score by just stealing a wallet.

In Chicago, the robbers often wear the kinds of masks that have been common since the onset of the COVID-19 pandemic. So, even when the police can trace where a money transfer ended up from someone’s phone, the victim often can’t identify the assailant.

Holdups overall are up more than 25% in Chicago this year through Nov. 26 over last year. According to detectives, these “bank jackings” involving cellphones are a relatively new and growing phenomenon in that growing scourge of robberies, which last year included more than 1,600 carjackings. The number of bank jackings isn’t clear because the Chicago Police Department doesn’t list them as a separate category of robberies.

Zachary Skinner is among the victims. At around 1 a.m. on the Saturday after Thanksgiving, Skinner, 21, a college student from Valparaiso, Indiana, was barhopping with friends in Wrigleyville when a man in a ski mask walked up to him.

According to Skinner, the man asked for a donation “to help less fortunate kids afford sports gear.” Skinner says he tried to get the guy to go away by reaching into his pocket and handing him $7.

Skinner had a “sinking feeling” it wouldn’t be enough. It wasn’t.

Another masked man approached, pulled up his shirt to show the gun in his waistband and demanded Skinner’s phone and pass code.

The man used the Zelle app on the phone to send $1,000 to a bank account with a woman’s first name.

Skinner was lucky. He was able to reach his parents and get them to freeze his bank account before the person on the other end of the illegal transfer could accept the money.

Skinner’s friends, talking nearby with other people, were unaware of what was happening.

If the robbers had managed to drain his bank account, Skinner says he would have had to work a lot of extra hours to make up for that. Which would have been a major hardship because, being a two-sport college athlete, he doesn’t have a lot of free time.

Skinner says his attackers were masked, so he couldn’t identify them.

He says he should have stayed closer to his friends that night.

“It really puts things in perspective,” he says. “I mean, your life can be taken away in, like, two seconds.”

He knows that uninstalling the bank app from his phone would keep this from happening again.

“But would it be practical?” says Skinner, who uses the app all the time. “Probably not.”

The intersection of West Eddy Street and North Clark Street. Zachary Skinner was robbed nearby on Nov. 25.

The intersection of West Eddy Street and North Clark Street. Zachary Skinner was robbed nearby on Nov. 25.

Tyler Pasciak LaRiviere

A bank jacking in Streeterville

Anthony Morris is among those who have been charged in the past year with carrying out bank app robberies in Chicago. Morris, 28, a felon with convictions for burglary and theft, is accused of robbing a 40-year-old man at about 4 a.m. on Dec. 29, 2022 in Streeterville. According to his arrest report, he pointed a gun at the man in a parking garage in the 600 block of North McClurg Place and told him, “Give me your phone and money, or I will kill you.” The man gave him his wallet but said his phone was in his 41st-floor apartment nearby.

Morris then led the man to the apartment, pointing a gun at his back, police said. The man gave up his iPhone 14, and Morris took him back to the parking lot, according to the police, who say Morris stole $1,350 using the PayPal app on the man’s phone, $6,850 more with Cash App and $350 with Apple Cash.

The police report says Morris reminded the man that he now knew where he lived and said that, if he “tried to do anything stupid, he would shoot him in the head.” Morris also tried to steal the man’s BMW but didn’t know how to drive a stick shift, according to the police.

Morris was identified through a surveillance video, and the victim was able to pick him out of a photo array, police said. Morris is awaiting trial on armed robbery and kidnapping charges.

Zelle is a digital payments network run by a firm owned by banks that include JPMorgan Chase, Wells Fargo and U.S. Bank. Offered by more than 2,100 banks and credit unions, it covers more than 80% of personal and small business accounts in the United States.

Users enrolled in the Zelle app can send and request money by adding another person’s phone number or email address, a cash amount and a memo showing what the money is for.

Payments typically are then available in minutes, but financial institutions set different limits for how much cash can be transferred each day and month. In 2022, Zelle users sent 2.3 billion payments totaling more than $629 billion.

Other digital payment apps like Venmo and Cash App are operated by tech firms but similarly allow users to transfer money online quickly. Venmo is owned by PayPal. Cash App is owned by Block Inc., a San-Francisco company co-founded by former Twitter chief executive officer Jack Dorsey.

Venmo says it hasn’t seen a significant rise in bank jacking reports, which the payment platform calls a phone-security issue. The company recommends security measures that app users can enable to protect their accounts, like facial recognition, multifactor authentication and a PIN code. If an account is breached, Venmo says, customers should contact its customer service, change their account information, contact their financial institutions and call the police.

Cash App points to its “Security Lock” feature, which similarly offers layers of security to open the app and transfer cash. When users’ PIN or security settings change, they’re alerted by the company.

Zelle didn’t respond to requests for comment.


What can people do to get their money back if their bank app is hijacked?

According to the U.S. Consumer Financial Protection Bureau, “The consumer is not liable for the unauthorized transfer, and the financial institution must refund the consumer.”

Victims of fraud or robberies must contact the bank or “digital wallet provider” to start the “error-resolution process,” according to the federal agency.

Under federal regulations, a police report isn’t required.

But Ed Mierzwinski, senior director of the federal consumer program for the Public Interest Research Group, says federal regulators need to “come down harder” on companies that operate bank apps. He says the businesses blame consumers for crimes associated with the apps and “wash their hands” of their responsibility under the law.

“My advice until then: Don’t use the apps!” Mierzwinski says.

A rise of bank jackings nationally

Violent bank jacking incidents have been reported across the country in the past two years.

In New York, a political consultant from Washington disappeared on May 28, 2022, after visiting a nightclub. His body was found days later. Police discovered more than $25,000 was transferred from his bank accounts through apps on his phone, according to news reports.

Other killings have also been linked to bank-app robberies in New York.

In Chicago, an architect was walking to a downtown Metra station to catch a train at about 5 a.m. on July 28 when he says three armed men jumped out of a car in the first block of South Jefferson Street, grabbed his cellphone and tried unlocking it by holding the device to his face.

When the facial-recognition technology didn’t work, he says the robbers demanded his pass codes and then stole $2,000 through the Zelle banking app that was linked to his Chase account. They also took his wallet and, using the ATM password he gave them at gunpoint, drained another $1,000 in cash from his bank account.

“It was probably as traumatic for my wife and children as it was for me,” he says, “because who knows what could’ve happened to me.”

The architect says his bank almost immediately reimbursed the money taken from the ATM and recently forgave the thousands of dollars the robbers charged to his credit cards.

But the man, who asked that his name not be used, says he’s still fighting to be reimbursed for the money looted from his bank with his Zelle app: “I started bugging them and asking, ‘Why haven’t you responded to the claim for over four months?’ ”

He says Chicago police officers, responding within minutes after the holdup, chased the getaway car with the help of a police helicopter, but the high-speed pursuit was called off because of police department safety rules. The robbery remains unsolved.

“They have lots of commercials about how you can go pay for your friend’s meal, it makes it really easy, but they don’t say it’s like carrying a couple thousand dollars worth of cash in your pocket all the time,” says the architect, who offers this advice: “Don’t have any banking apps on your phone.”

A Chicago police detective who’s handled three banking-app robberies offers a less drastic safety solution. People could consider uninstalling their apps, reinstalling them only when they need to make a payment and then disabling them again.

“It really doesn’t take that much time,” says the detective, asking not to be named because he wasn’t authorized by the department to speak. “It keeps the bad guys out of your bank account. This is a new thing — and it’s only going to get worse.”

Contributing: Sophie Sherry, Rosemary Sobol

The Latest
Five lawsuits filed accuse the state police of having negligently approved Robert E. Crimo III’s gun ownership application in 2019 even though the Highland Park police issued a “clear and present danger” alert against him months earlier.
Inspector General Deborah Witzburg wanted to bar David Brown from being rehired after he refused to cooperate with an investigation linked to a drug bust involving a police chief’s car. Police officials rebuffed the request.
Anthony Driver, president of the Community Commission for Public Safety and Accountability, said the referral to Inspector General Deborah Witzburg was based on ‘information from multiple knowledgeable sources that raised serious concerns’ about the Civilian Office of Police Accountability.
Also facing several criminal charges is Sameer Suhail, owner of a medical supply company, who’s accused of participating in the fraud along with ex-CFO Anosh Ahmed and Loretto’s then-chief transformation officer, Heather Bergdahl.
Newly released records provide the clearest picture of last month’s attack on the Cook County state’s attorney. They also show that her office was closely involved in the investigation and the decision to bring serious charges in the case.