Giving Away Security Verification Codes Is Just Bad Business [SD NY]

The account holder had multiple personal bank accounts and one business account with the bank. First, the account holder received texts asking her to verify transactions from her personal accounts. She responded that the transactions were unauthorized and later spoke to someone she believed to be a representative at the bank. However, this person did not work for the bank. During the phone call with the fraudulent actor, the account holder provided him with a security verification number sent to her phone via SMS. The fraudulent actor assured the account holder that she would not be liable for the unauthorized transactions. Later that same day, the fraudulent actor wired over $90,000.00 out of her accounts. The bank repeatedly assured the account holder that her accounts were secure and that she had “no cause to worry.” The account holder submitted a police report and accompanying affidavit to the bank twice because the bank claimed to have mistakenly filed her claim with the wrong internal department. Eventually, the bank denied the account holder’s dispute of the wire transfers and denied both attempts by the account holder to contest the transfers. Ultimately, the bank returned approximately $6,000.00 to her respective accounts. The account holder initiated this suit against the bank, asserting a violation of the New York General Business Law §349 (“GBL”) and a claim for conversion. She alleged inadequacy in the bank’s security and investigation of the wire transfers. In response, the bank filed a motion to dismiss the account holder’s claims. The bank argued that the account holder failed to allege that the bank engaged in “consumer-oriented conduct,” nor did she allege the bank had engaged in materially misleading conduct.

In Seidler v. JP Morgan Chase Bank, N.A., No. 23-CV-01462(GHW)(VF), 2024 WL 344551, 2024 U.S. Dist. LEXIS 7067 (S.D.N.Y. Jan. 12, 2024) (opinion not yet released for publication), the court sided with the bank and dismissed the account holder’s claims under the GBL and for conversion. The GBL § 349 prohibits “deceptive acts or practices in the conduct of any business, trade or commerce or in the furnishing of any service.” For purposes of the GBL § 349, “a deceptive act is one that is ‘likely to mislead a reasonable consumer acting reasonably under the circumstances’” and requires a plaintiff to allege that “(1) the defendant’s deceptive acts were directed at consumers, (2) the acts are misleading in a material way, and (3) the plaintiff has been injured as a result.” Maurizio v. Goldsmith, 230 F.3d 518, 521 (2d Cir. 2000). Importantly, the GBL is directed towards “wrongs against the consuming public” and on conduct that “causes any ‘consumer injury or harm to the public interest.’” This is achieved by showing the conduct “potentially affect[s] similarly situated consumers.” Because the GBL is primarily focused on instances where the misrepresentations have the potential to be repeated to deceive other purchasers, private disputes “unique to the parties” do not violate the GBL. The court noted that the account holder’s evidence did not support a finding that the bank’s conduct extended their actions with other consumers. In addition, the court found that “there [were] no allegations connecting any alleged misrepresentation by [the bank] to the loss of the money in the [account holder’s] accounts.”

Next, the court considered the account holder’s conversion claim. New York conversion caselaw requires a plaintiff to allege that she has “(1) a ‘possessory right or interest in the property,’ and (2) the defendant had ‘dominion over the property or interference with it, in derogation of plaintiff’s rights.’” Colavito v. N.Y. Organ Donor Network, Inc., 8 N.Y.3d 43, 49-50 (N.Y. 2006). Importantly, the court stated the money deposited into the checking account by the account holder was “not sufficiently identifiable to support a claim for conversion” and merely “create[d] a debtor-creditor relationship.” Despite acknowledgment of this principal, the account holder filed the conversion claim under a theory that the bank’s “additional culpable conduct,” which caused the loss of the funds, made the bank culpable. The court dismissed this argument because the funds were not specific and identifiable. To determine whether funds are specific and identifiable, “courts have considered whether the money was segregated…and whether the party from whom recovery was sought was implicated in the bad acts alleged.” Here, the money was not segregated, and the bad acts did not implicate the bank (those claims were dismissed); as such, the court dismissed the account holder’s claim for conversion.

As to the security procedures, the court quickly dismissed this claim because it was clear from the complaint that there were procedures in place and that the account holder breached them by providing the security code to the fraudulent actor.

By Brendan Carter [email protected]

Edited By Hayden Mariott [email protected]  

Edited By Melissa Hightower [email protected]