New York state’s attorney general’s office on Tuesday said it had sued Citibank for allegedly failing to protect customers from electronic fraud and secure reimbursement for victims, which it said had cost customers in the state millions of dollars.
In a lawsuit filed in Manhattan federal court, Attorney General Letitia James alleged Citi’s lax security protocols allowed scammers to gain easy access to users’ accounts and steal their deposits through unauthorized wire transfers.
“Banks are supposed to be the safest place to keep money, yet Citi’s negligence has allowed scammers to steal millions of dollars from hardworking people,” James said in a statement.
In a statement, a Citi spokesperson said the bank had taken steps to boost security, resulting in a significant drop in wire fraud.
But the spokesman said the bank had followed all laws and regulations related to wire transfers.
“Banks are not required to make clients whole when those clients follow criminals’ instructions and banks can see no indication the clients are being deceived,” the spokesman said.
James’ lawsuit asked Citibank to disgorge profits, pay a $5,000 fine for each instance in which it violated the law, and appoint a third-party monitor to identify all customers who were harmed.
James said customers who reported fraud were subject to lengthy telephone holds, and were told by Citi staff that they would get reimbursed even though the bank took no immediate steps to recover funds.
The lawsuit mentions two clients. One had $40,000 stolen from her retirement savings account in 2021 after clicking the link in a text message that appeared to be from Citi.
The customer reported suspicious activity and was told not to worry.
But three days she later discovered a scammer had changed her banking password and enrolled in online wire transfers.
The bank denied her fraud claim.
Another New Yorker had $35,000 stolen after reviewing her online account and finding a message that it had been suspended and telling her to call a phone number.
A scammer told her he would send her Citi codes to verify recent suspicious activity.
He then transferred all of the money in the customer’s three savings accounts into her checking account, changed her online passwords, and stole the $35,000.
This story originally appeared on NYPost