Knowing Your Rights: New York’s AG Takes Action Against Citibank Regarding Online Banking Fraud

News Categories

Our Practice Areas

Knowing Your Rights: New York’s AG Takes Action Against Citibank Regarding Online Banking Fraud

When money is stolen from your bank account, your legal rights will depend on the mode of transaction employed by the fraudster. Most online banking transactions are governed by the Electronic Fund Transfer Act (the “EFTA”), but some—namely wire transfers—are governed by a particular set of state laws (Article 4A of the Uniform Commercial Code) that are not as consumer friendly.

The EFTA, for example, allows consumers to recover actual damages, statutory damages, their attorneys’ fees and costs, and—in some circumstances—treble actual damages. Remedies under Article 4A, on the other hand, are generally limited to the amount of the loss plus interest. The EFTA also affords greater protections generally, meaning that you’re more likely to have a claim if your money is stolen via a transaction covered by the EFTA. Those nuances are discussed in earlier installments of our “Knowing Your Rights” series (links above).

Of course, because the EFTA is better for consumers, financial institutions seek to avoid its application whenever possible. In fact, we’ve come to learn that many financial institutions often ignore the EFTA even when there is no doubt that an electronic fund transfer was used to carry out the online banking fraud. One example we’ve highlighted is a predicate electronic fund transfer that sets up an external wire transfer. Financial institutions typically ignore predicate transfers so that they can self-servingly assess their liability under Article 4A.

We’ve seen this framing in at least three scenarios: when money is routed from a personal account through a linked business account; when money is first moved from a savings account to a checking account; and when money is transferred from a checking account to an investment account. Typically, those predicate transfers are performed by fraudsters so that an external wire transfer option is made available. That is, the money is moved to an account with wire transfer capabilities, which allows for a more instantaneous external transfer. In other circumstances, internal transfers are made to relax red flag triggers that might otherwise alert a financial institution to ongoing fraud. In any event, predicate transfers performed by a fraudster are invariably made to assist the fraudster’s scheme—and not to benefit the consumer. Despite that reality, financial institutions often tell consumers that the EFTA does not apply and that the stolen funds are as good as gone.    

The Attorney General of New York recently accused Citibank, N.A. of such misleading practices, among several others. In that federal court filing, it was alleged that “Citi does not treat intra-bank transfers among accounts that provide funds for fraudulent activity as unauthorized EFTs.” Complaint ¶ 62, New York v. Citibank, N.A., No. 1:24-cv-650 (S.D.N.Y Jan. 30, 2024). That filing further stated that Citibank’s wire transfers are, in any event, electronic fund transfers because the stolen money is not actually wired from the consumer’s account but is debited via an electronic fund transfer and then wired by Citibank. On a more general level, New York’s lawsuit took aim at Citibank’s deficient online banking security measures. As summarized in a press release:

The lawsuit alleges that Citi does not implement strong online protections to stop unauthorized account takeovers, misleads account holders about their rights after their accounts are hacked and funds are stolen, and illegally denies reimbursement to victims of fraud. The Office of the Attorney General (OAG) has found that the bank fails to respond to fraudulent activity appropriately and quickly. As a result of Citi’s lax security, New York customers have lost millions of dollars, and in some instances, their entire lifesavings, to scammers and hackers. Attorney General James is seeking to hold Citi accountable for failing to protect its customers and require the company to pay back defrauded New Yorkers with interest, pay penalties, and adopt enhanced anti-fraud defenses to prevent scammers from stealing consumers’ funds.”

As illustrated by that lawsuit, there are several layers to the laws that govern online banking fraud. If you are such a victim, please do not hesitate to contact our office to receive a free consultation before accepting your financial institution’s decision to deny your claim for reimbursement. At Kelly Guzzo, PLC, we are committed to assisting victims of online banking fraud.