Citibank, one of the largest banks in the United States, on Tuesday was sued by New York Attorney General Letitia James for allegedly failing to protect its customers and refusing to reimburse victims of electronic fraud.
The lawsuit, filed in the U.S. District Court for the Southern District of New York, claims that Citibank does not implement strong online protections to prevent unauthorized account takeovers, misleads customers about their rights after their accounts are hacked and money stolen, and illegally refuses to reimburse to victims of fraud, states a press release.
The Office of the Attorney General (OAG) further claims that Citibank’s lax security protocols and procedures and ineffective monitoring systems have cost New York Citibank customers millions of dollars — in some instances, their entire life savings to scammers and hackers. It also found that the bank failed to respond “appropriately and quickly” which caused the customers to lose millions.
“Banks are supposed to be the safest place to keep money, yet Citibank’s negligence has allowed scammers to steal millions of dollars from hardworking people,” said Attorney General James in a press release.
“Many New Yorkers rely on online banking to pay bills or save for big milestones, and if a bank cannot secure its customers’ accounts, they are failing in their most basic duty. There is no excuse for Citi’s failure to protect and prevent millions of dollars from being stolen from customers’ accounts and my office will not write off illegal behavior from big banks.”
The attorney general also gave examples of New York victims losing tens of thousands of dollars due to fraud. In one example, a victim clicked a malicious link in the message received that appeared to be from Citi, which instructed her to log onto a website or call her local branch. When the customer called her local branch to report the suspicious activity, they allegedly told the victim not to worry about it.
Three days later, the customer discovered that a scammer changed her banking password, enrolled in online wire transfers, transferred $70,000 from her savings to her checking account, and then electronically executed a $40,000 wire transfer. The customer continued to contact the bank for weeks and also submitted affidavits, but eventually, she was told that her claim for fraud was denied.
In a statement, Citibank said the company “works extremely hard” to prevent threats to its customers, and assists them in recovering losses when possible.
“Banks are not required to make customers whole when those customers follow criminals’ instructions and banks can see no indication the customers are being deceived. However, given the industry-wide surge in wire fraud during the last several years, we’ve taken proactive steps to safeguard our clients’ accounts with leading security protocols, intuitive fraud prevention tools, clear insights about the latest scams, and driving client awareness and education,” the company added.
“Our actions have reduced client wire fraud losses significantly, and we remain committed to investing in fraud prevention measures to help our clients secure their accounts against emerging threats.”
James has alleged in the lawsuit that since Citibank makes wire transfers available to consumers online and through mobile banking apps, they must compensate victims of fraud under the Electronic Fund Transfer Act (EFTA), which requires them to pay back their customers for any funds lost or stolen through unauthorized electronic payments.
