New York Attorney General Letitia James sued Citibank over its alleged failure to defend customers against hacks and scams and refusal to reimburse victims after allowing fraudsters to steal millions from their accounts.
The NY Attorney General’s lawsuit against Citibank says the financial institution’s refusal to compensate victims of fraud is a violation of the Electronic Fund Transfer Act (EFTA) which mandates that banks reimburse customers for any funds lost or stolen via unauthorized electronic transactions.
The complaint claims that because it’s providing online and mobile banking options for wire transfers, Citibank should compensate fraud victims, akin to the protections afforded to victims of electronic credit or debit card fraud under the same legislation.
However, NY AG James alleges that Citibank exploited a specific exception within these regulations, which led to consumer claims of reimbursement after getting hacked or falling victim to scams being denied and causing substantial financial losses for New York consumers, amounting to millions of dollars.
“Banks are supposed to be the safest place to keep money, yet Citi’s negligence has allowed scammers to steal millions of dollars from hardworking people,” said Attorney General James.
“Many New Yorkers rely on online banking to pay bills or save for big milestones, and if a bank cannot secure its customers’ accounts, they are failing in their most basic duty. There is no excuse for Citi’s failure to protect and prevent millions of dollars from being stolen from customers’ accounts and my office will not write off illegal behavior from big banks.”
The NY AG’s investigation into how Citibank protects customers from scammers and hackers found inadequacies in responding to potential red flags of fraudulent activities. Notably, the bank’s systems didn’t effectively react to attackers using unrecognized devices, accessing accounts from new locations, or even when changing users’ banking credentials.
Furthermore, Citibank failed to flag and prevent attempts to transfer funds from multiple accounts into a single account, making it easy for malicious actors to quickly transfer tens of thousands of dollars from their victims’ Citibank accounts within minutes.
The complaint also highlights Citibank’s alleged failure to automatically initiate investigations or report fraudulent activities to law enforcement after customers’ initial reports were filed with the bank.
Victims reporting fraud to Citibank also face lengthy telephone holds, allowing scammers to keep transferring stolen funds to bank accounts under their control at third-party banks.
Citibank representatives also allegedly falsely assured customers who had their accounts hacked or taken over by scammers that their funds were secure and promised the return of stolen funds without taking immediate action.
Furthermore, they falsely directed consumers to local Citibank branches to execute special affidavits detailing the scams they fell victim to, information that was subsequently used to blame the victims and deny their reimbursement claims using boilerplate letters listing predetermined conclusions, such as failure to adequately safeguard their own accounts or handing over their account info to scammers.
“Through this lawsuit, Attorney General James is seeking to stop Citi’s deceptive practices and to collect restitution for victims who were denied reimbursement in the last six years, penalties, and disgorgement,” James said.
Two years ago, James also led a coalition of attorneys general from multiple U.S. states urging major banks—including JPMorgan Chase, Bank of America, U.S. Bank, and Wells Fargo—to eliminate overdraft fees on consumer accounts.
Update January 30, 14:49 EST: Citibank sent the following statement after the article was published:
Citi closely follows all laws and regulations related to wire transfers and works extremely hard to prevent threats from affecting our clients and to assist them in recovering losses when possible. Banks are not required to make clients whole when those clients follow criminals’ instructions and banks can see no indication the clients are being deceived. However, given the industry-wide surge in wire fraud during the last several years, we’ve taken proactive steps to safeguard our clients’ accounts with leading security protocols, intuitive fraud prevention tools, clear insights about the latest scams, and driving client awareness and education. Our actions have reduced client wire fraud losses significantly, and we remain committed to investing in fraud prevention measures to help our clients secure their accounts against emerging threats.
Source: www.bleepingcomputer.com