- New York Attorney General Letitia James announced Tuesday she's suing Citibank for allegedly failing to protect customer funds from online fraudsters and for not reimbursing victims who had thousands stolen from their accounts.1
- James filed the lawsuit at the US District Court for the Southern District of New York. It states that New York customers lost millions of dollars due to Citi’s weak security and anti-fraud measures, with some people losing their entire life savings.2
- In a statement, James’ office said Citi “fails to respond to fraudulent activity appropriately and quickly,” noting that the bank’s systems didn't adequately respond to red flags, including scammers who used unrecognized devices, accessed accounts from different locations, and changed account usernames and passwords.3
- The suit also claims Citi left customers who reported potential fraud on long hold lines and didn't sufficiently protect accounts until customers visited a local branch. Citi representatives also allegedly failed to take necessary steps to restore customer funds as promised and falsely told customers to execute special affidavits in person to detail the scams that stole their money.3
- The lawsuit calls for Citi to reimburse victims under the Electronic Fund Transfer Act. Previously, Citibank’s parent company, Citigroup, came under regulatory scrutiny over risk management concerns, and in 2020, it was fined $400M and ordered to improve its risk management systems.4
- James is requesting Citi relinquish any profits gained from instances of fraud, pay a $5K fine for each violation, and appoint a third-party monitor to identify all customers who were victims. A Citi spokesperson said the bank has worked to improve its security and that “banks are not required to make clients whole when those clients follow criminals’ instructions.”5
- Narrative A, as provided by New Rochelle. All banks must be held responsible when they don't protect their customers from scammers, and, in some instances, ignore fraud. In this case, CitiBank thinks a basic disclaimer against scams is enough to remove any liability for stolen customer funds, but that's not true. Security measures must be improved and customers must be reimbursed when they're victimized.
- Narrative B, as provided by Consumer NZ. It's easy to just blame the banks in situations like this, but there are many factors at play. First and foremost, banks shouldn't be held liable in instances of customer negligence. Sometimes, banks should reimburse customers, but it's also incumbent on customers to be more careful because there are always going to be scammers trying to make a quick buck.