MANHATTAN (CN) — A federal judge Tuesday denied Citibank’s attempt to dismiss a lawsuit from New York Attorney General Letitia James who claimed the bank failed to protect its customers from online scammers and reimburse victims who were targeted.
U.S. District Judge Paul Oetken said in his decision that the country’s third-largest bank must face some of James’ claims that it violated the 1978 Electronic Fund Transfer Act, which requires banks make an effort to protect customers against theft.
James filed the lawsuit last January, and specifically detailed stories of two New York Citi customers whose life savings — $35,000 and $40,000, respectively — were stolen by scammers and never reimbursed by the bank.
In its motion to dismiss, Citibank pushed bank against those claims and said the law does not apply to transfers from a consumer’s account made to pay for a wire transfer.
But Oetken found that Congress’s intention in passing the law was to protect consumers from “sophisticated, technological frauds,” and added that the bank’s reading to exclude wire transfers would “operate in derogation” of that purpose.
Citibank had also moved to dismiss James’ claim that the bank is required to protect customers against scammers who consolidate funds from multiple accounts into one account to steal a larger sum of money without the need for multiple payment orders.
The bank argued that this method, known as an intrabank transfer, is not protected by the the act because consumers don’t “benefit” and lose funds in such a transaction.
But Oetken disagreed and found that the intrabank transfers consolidate consumer funds to facilitate a subsequent fraud.
James also claims that Citibank specifically instructs customers to waive the act’s protections before it investigates fraud claims.
In its user agreement that the bank requires customers to sign, Citibank says that its “records will be conclusive” barring any substantial evidence to the contrary.
“Unlike the first provisions, this language is more ambiguous, since it does not speak of Citibank’s internal procedures, but of the conclusiveness of ‘Citibank records’ generally,” Oetken wrote. “Because there is a reasonable reading of this contract language that alters the burden of proof to which a consumer is entitled in an EFTA action, the court holds that NYAG has adequately alleged at this stage that the quoted section of the User Agreement limits a statutory right and thus violates 15 U.S.C. § 1693l.
However, Oetken did dismiss James’ claim that Citibank failed to disclose security protocols governing an electronic fund transfer, finding that the bank’s protocols are not an “element, prerequisite or limitation” on the offer to transfer.
He also dismissed claims that Citibank failed to detect and respond to “red flags” for identity theft and failed to refund fraudulent payment orders.
Citigroup said in a statement that it is disappointed by the court’s decision, but is looking at next steps.
“The industry-standard practices we employ have long been recognized as satisfying applicable law,” Citigroup said.
James, on the other hand, praised the court’s decision.
“Citi’s failures to protect its customers’ accounts are costing New Yorkers millions of dollars,” James said in a statement. “Today’s decision will allow us to continue our case against Citi to help those whose savings were stolen and ensure the bank follows the law to protect its customers.”
The attorney general is seeking restitution for customers who were denied reimbursement, a $5,000 fine for each violation and the appointment of a third-party monitor to identify affected customers.