NEW YORK (BLOOMBERG) -- Citibank was sued by New York Attorney General Letitia James for allegedly failing to adequately protect customers from online banking scams and refusing to reimburse victims.
The bank hasn’t put in place sufficient safety measures and security protocols to prevent fraudsters from stealing money through online and mobile banking, including by wire transfers or through payment apps including Zelle and Venmo, James said in a suit filed Tuesday in federal court.
Citi has failed to use “sufficiently robust data security measures to protect consumer financial accounts, respond appropriately to red flags, or limit theft by scam,” the attorney general alleged in the complaint.
New York is targeting the bank’s data security measures at a time when consumers are losing billions to financial fraud and scammers are using increasingly sophisticated tools, including artificial intelligence, to dupe their victims.
“Banks are supposed to be the safest place to keep money, yet Citi’s negligence has allowed scammers to steal millions of dollars from hardworking people,” James said in a statement.
In a statement, Citi said it follows all laws and regulations on wire transfers and “works extremely hard to prevent threats from affecting our clients and to assist them in recovering losses when possible.” According to Citi, it isn’t required to reimburse customers when they follow instructions provided by scammers and there’s no way for the bank to know they’re being ripped off.
Citi said it has “taken proactive steps,” including the use of fraud prevention tools, security protocols and customer education to reduce fraud.
James claimed Citi isn’t complying with the federal Electronic Fund Transfer Act by blaming customers who fall victim to online scams rather than adequately securing their accounts and failing to reimburse losses when the law requires it.
The complaint includes claims from Citibank customers in New York, including a woman who said $40,000 was stolen from a retirement account after she clicked a link in a text message that looked like it came from Citi. The customer, who is not named, said she clicked on a link but didn’t provide any of her information, and then called her local branch, concerned the text message was fraudulent.
“Don’t worry about it, it happens all the time,” she claimed a Citibank representative told her.
The bank denied her reimbursement claim weeks later, she said.
The state is seeking an order forcing Citibank to provide an accounting of all customer claims for lost money connected to unauthorized payment orders and debit authorizations that were denied in the last six years. It’s also seeking restitution and damages for the customers, plus penalties.
The case is New York v. Citibank N.A., 24-cv-00659, US District Court, Southern District of New York (Manhattan).