Chime rolls out upmarket tier — then hit by cyberattack claim

Chime spent April 2 telling customers with at least $3,000 a month in direct deposits that they could unlock a new “Prime” tier with 5% cash back and a 3.75% annual percentage yield on savings. Less than a week later, a pro-Iran cybercrime group said it had helped knock Chime offline. (bankingdive.com; bloomberg.com) The timing tells you what Chime is trying to become. For years it won customers by making basic checking feel easier than a branch bank, and now it is asking higher-income users to route paychecks there as their main account, not just a side app. (americanbanker.com; bankingdive.com) The new ladder has three rungs. Chime says “Base” is the standard account, “Plus” opens with at least $200 in one qualifying direct deposit or $400 across deposits in 34 days, and “Prime” requires $3,000 or more in qualifying direct deposits in the past 34 days. (markets.financialcontent.com) Prime is built to look richer without charging a monthly fee. Chime says the tier includes 5% cash back, a 3.75% savings yield, metal debit card access, travel perks, and priority support. (finance.yahoo.com; thepaypers.com) That deposit hurdle is the whole point. A customer who sends in $3,000 a month is usually using Chime for payroll, bill pay, and day-to-day spending, which gives the company more interchange revenue and stickier balances than a customer who only parks a little money there. (bankingdive.com; americanbanker.com) Then the other side of fintech showed up. Bloomberg reported that Chime was hit by a distributed denial-of-service attack on April 1, the kind of attack that floods a site with junk traffic until real users cannot get through, and the same report said Pinterest was hit too. (bloomberg.com; mercurynews.com) A distributed denial-of-service attack is less like a vault robbery than a fake crowd jamming every door of a store at once. Even if no money is stolen, a banking app that will not load can still strand customers who need to see balances, move cash, or pay rent that day. (mercurynews.com; bloomberg.com) The claim came during a wider burst of Iran-linked cyber activity. The Associated Press reported on April 8 that United States officials and private researchers were warning that hackers allied with Tehran were still targeting American organizations despite a shaky ceasefire, and Palo Alto Networks’ Unit 42 said on March 26 that it was tracking increased risk of destructive attacks tied to the conflict. (usnews.com; unit42.paloaltonetworks.com) For Chime, that turns a product launch into a stress test. If you want customers to trust you with their paycheck every two weeks, uptime stops being a software metric and starts being the digital version of whether the bank branch doors open in the morning. (bankingdive.com; bloomberg.com) That is why these two April headlines fit together. Chime is moving upmarket by courting customers with steadier incomes, and those customers are exactly the ones least likely to tolerate even a short outage when the app is supposed to function as their primary bank. (americanbanker.com; mercurynews.com)