I had a player who wanted to do a re-build about 10 sessions into our game, the character he brought next session was centered around forging. Cash, credsticks, everything. And mugging 'links is something I would guess every GM's had to deal with, this is how I did so:
I told him to do cash he'd need at a minimum; two facilities (for the various printing, watermarking, hologramming equipment) and a shop (for the engraving of plates), and that as cash transactions are so rare, any cash used (in a legit setting at least) is immediately screened with high-tech equipment for forgeries. That initial investment alone took care of that.
I told him that to forge credsticks, which I said operate on a principle like cryptocurrency (which I have very little knowledge of, as did he), it would require two workshops (one for software - specific, non-standard program development tools, and one for hardware - the sticks themselves), and would require series of extended tests for him to make custom software, hardware, and hacking (each at high target numbers with long intervals, and with high risk and difficulty for the hacking part) to get everything positioned as it needed to be (basically, making your own unbacked cryptocurrency). Then once the money is "withdrawn" from the credstick and put in a bank, it is at risk of being exposed as fake. He didn't build a character around LOG (plus it sounded like a lot of work, and high risk, which it should be), so that took care of that.
Purchases using a commlink are essentially conducted rather like an instantaneous debit or credit transaction, except nowadays the fraud protection measures are infinitely more sophisticated and just as instantaneous as the transaction. The cyber mugging your players are trying/most likely to try would probably be taking money from a victim (comes straight out of their bank), and putting it in a certified credstick? To hack someone's commlink to get it to cough up some dough, you're ultimately going up against a bank's security system. Sure, you may use Exploit (or Sleaze in 5E's case?) to get a high-enough access level (Admin/ a lot of marks?) to say "conduct this transaction" (send money from the vicitim's account to PC's certified credstick). At that point, if the transaction is smaller than a few hundred nuyen (amount configurable by the owner of the account, usually 100-400 Y? similar to how ATM withdrawals are limited), the bank "just" sends a highly encrypted message "Are you sure you want to complete this transaction?" to the victim (which they should notice unless the message is decrypted and intercepted), while multiple bank Agents simultaneously are scanning for and logging subscriptions, icons, 'link ID's, running traces to make sure everyone is who/where they say they are, yada yada yada, at very high levels of capability. Certified credsticks are certified for a reason, they're linked to SINs (fake or not), so the player is risking losing a SIN in this mugging, which most SINs are worth more than 100-400 Y, ya dig? And then larger amounts of money get their very own Spider-bankers w/ Agents/IC to oversee the transaction. Basically, just make it known to your player(s) that it's very hard because the banks are very good, and very risky. It's like stealing cars in SR, you just want make it more trouble than it's worth.