New York State's attorney general filed a lawsuit against Citi on Tuesday, accusing it of failing to prevent fraudsters from stealing an unspecified amount of money from customer accounts, and saying the bank must compensate fraud victims for any losses.
The lawsuit filed in federal court outlines a variety of ways in which Citi customers were tricked into revealing sensitive information that allowed hackers to access their accounts and steal millions of dollars. In what are known as phishing scams, some cases involved Citi customers receiving text messages or emails purporting to be from Citi but actually from criminals.
New York Attorney General Letitia James said Citi should have been suspicious when large transfers were requested from customer accounts that had not had such activity for decades — and that only minutes earlier their passwords had been changed.
In one case, when a customer called her local Citi branch concerned about a phishing message she had clicked on, the bank told her: “Don't worry about it — it happens all the time.” Three days later, more than $40,000 was transferred from her account, the lawsuit said. Citi later rejected her request to compensate her, saying it was her fault for clicking on the scammer's message.
The lawsuit holds Citi liable under the Electronic Fund Transfer Act of 1978.
“There is no excuse for Citi’s failure to protect and prevent the theft of millions of dollars from customer accounts,” said Ms. James, who, like prosecutors before her, was seeking higher office.
Banks are not required to compensate customers who are victims of such fraud, said Danielle Romero-Apsilos, a Citi spokeswoman. “Citi closely follows all laws and regulations related to bank transfers and works very hard to prevent threats from affecting our customers and help them recover losses when possible,” she said in a statement.
“Web maven. Infuriatingly humble beer geek. Bacon fanatic. Typical creator. Music expert.”