X

NYAG James Sues Bank for Failure to Protect Electronic Fraud Victims

"Many New Yorkers rely on online banking to pay bills or save for big milestones, and if a bank cannot secure its customers’ accounts, they are failing in their most basic duty."
New York Attorney General Letitia James
"Many New Yorkers rely on online banking to pay bills or save for big milestones, and if a bank cannot secure its customers’ accounts, they are failing in their most basic duty."
New York Attorney General Letitia James

New York Attorney General Letitia James ("NYAG") sued a bank for failing to (i) protect victims of electronic fraud and (ii) reimburse their losses.

In the U.S. District Court for the Southern District of New York, the NYAG alleged that the bank failed to catch unauthorized electronic fund transfers and wire transfers from customers' accounts due to the failure of data security measures within the bank's systems. According to the Complaint, numerous bank customers had their accounts robbed by scammers submitting fraudulent wire transfers to the bank. The NYAG claimed that, under the Electronic Funds Transfer Act ("EFTA"), the bank is required to reimburse the accounts for these wire transfers which are unauthorized. The NYAG charges that the bank did not inform customers of their rights under the EFTA, nor did it make an attempt to recover the money that it had inappropriately wired out. The NYAG detailed specific examples of bank customers that were injured as a result.

In addition, the NYAG alleged the bank violated New York Executive Law § 63(12) and New York General Business Law § 349 by deceptively inducing customers to enter into agreements with misleading terms, and that the bank had materially inadequate security procedures which were in violation of New York's SHIELD Act. The alleged security deficiencies included the bank's failure to "adopt appropriate layered security, including [multi-factor authentication], algorithmic monitoring of consumer and account behavior, mechanisms to identify high-risk transactions or anomalous behavior that trigger strengthened procedures, or transaction limitations based on frequency, volume, and repeat activity."

The NYAG urged the Court to (i) issue an injunction against further violations, (ii) order an accounting for the last six years of all claims for losses in connection with unauthorized payment orders denied by the bank, (iii) order retention of third-party review to identify all victims "harmed by Defendant’s fraudulent and illegal practices alleged", (iv) order restitution and damages to all injured consumers, whether known or unknown, at the time of the decision and order, (v) order the bank to disgorge "all profits from the fraudulent and illegal practices alleged", (vi) order a $5,000 penalty for each violation of General Business law § 349 and (vii) order the payment to the NYAG of $2,000 per CPLR 8303(a)(6).

Primary Sources

  1. State of New York v. Citibank
  2. NYDFS Press Release: Attorney General James Sues Citibank for Failing to Protect and Reimburse Victims of Electronic Fraud
  3. New York Executive Law § 63(12)
  4. New York General Business Law § 349
  5. New York Shield Act: Senate Bill S5575B

Tags

Regulated Activities
Data Protection / Cybersecurity Funds Transfer
Sub-Activity
EFTA
Regulated Entities
Banking Entities
Sub-Entity
National Banks
Body of Law
Banking Law
Jurisdiction
US - Federal , States
Organization
States
Sub-Author
NYDFS