Court Rules Claim for Negligent Online Security Against Bank May Go Forward


As Illinois consumer protection attorneys, we were pleased to see that an Illinois federal court has allowed a couple to continue a claim against their bank over a complex billing dispute. David Johnson’s Digital Media Lawyer Blog reported Sept. 2 on the case brought by Marsha and Michael Shames-Yeakel, a couple from Indiana who had $26,500 stolen from their home equity line of credit. Citizens Financial Bank held them liable for the loss, but they refused to pay. In response, the bank reported the “bad debt” to credit bureaus and threatened to repossess their home. The Shames-Yeakels sued Citizens. Shames-Yeakel v. Citizens Financial Bank, U.S.D.C., Northern District of Illinois, Case No. 07-c-5387.

According to a ruling posted by Wired (PDF), the Shames-Yeakels run an accounting and computer programming business out of their home. They had a business checking account as well as personal accounts and a home equity line of credit with Citizens, where they were customers for nearly 30 years. The HELOC was connected to their business checking account, but the four advances they took paid for personal expenses or expenses that mixed personal and business use, such as a new roof for their home, which includes their home office. In early 2007, an unknown person gained access to the HELOC and transferred the $26,500 to their business checking account, then eventually to a bank in Austria. They were unable to have the money returned, and Citizens held the Shames-Yeakels liable for the loss.

The Shames-Yeakels complained to Citizens, but to no avail; the bank pointed to language releasing it from liability in their online banking agreement. They also complained to the federal Office of Thrift Supervision, which said Citizens’ actions were legal. The Electronic Funds Transfer Act doesn’t protect HELOCs, it said, and the Truth in Lending Act covers only personal, not business, accounts. It found that the HELOC was a business account because it was linked to a business checking account. The Shames-Yeakels sued Citizens for violations of the Truth in Lending Act, the Fair Credit Reporting Act, the Electronic Funds Transfer Act, the Indiana Uniform Consumer Credit Code and common-law negligence and breach of contract.

Citizens then moved for summary judgment, the basis for the ruling at hand. U.S. District Judge Rebecca Pallmeyer granted summary judgment on the count relying on the Electronic Funds Transfer Act and restricted plaintiffs’ use of the Fair Credit Reporting Act. However, she denied it as to negligence and the Truth in Lending Act. The Digital Media Lawyer Blog, and Wired, focused on the negligence claim, which argued that the bank provided inadequate online security. Citizens employed a widely used contractor named Fiserv to protect its accounts with a simple username and password. The Shames-Yeakels argued that Citizens should have used a multi-layered security system using a “token” that provides additional verification. They also cited security experts suggesting such a system as early as 2005 and said Citizens failed to warn them of known security risks.

In her analysis, the judge started by reminding readers that summary judgment seeks only to decide whether there’s a genuine issue of material facts at hand. In the case of the negligence claim, she found that there was. In Indiana and many other states, courts have found that banks have a duty to protect customers’ confidential information. “If this duty … is to have any weight in the age of online banking,” she wrote, “then banks must certainly employ sufficient security measures to protect their customers’ online accounts.” She found the evidence presented about multi-layered security measures, and reports warning Citizens to use these measures, sufficient to require a trial, but warned the plaintiffs not to make arguments relying on the discarded causes of action.

The judge also rejected Citizens’ arguments for summary judgment on the TILA claim, which was based on their claim that the HELOC was for business purposes. Noting that caselaw requires judges to look at the substance rather than the form of transactions, she found that “Plaintiffs’ use of their home equity line of credit appears overwhelmingly personal in nature.” This is enough to survive summary judgment and require a proper trial, she found. She also found partially for the Shames-Yeakes on their Fair Credit Reporting Act claim. Because Citizens reported the debt as delinquent but failed to note that the debt was disputed, it may have violated the FCRA. However, she rejected the couple’s argument that Citizens failed to make reasonable investigations of their credit reporting disputes, and granted summary judgment on that claim only.

Lubin Austermuehle is proud to represent consumers like the Shames-Yeakels in litigation against large corporations trying to take advantage of them. Our Illinois billing fraud lawyers have successfully fought practices involving billing for charges consumers never agreed to, fraudulent “sales” and “lemon” vehicles, among others. With more than 20 years of experience, we understand the most common arguments defendants use to skirt consumer protection laws — and we know how to counter them. Based in Chicago and Oakbrook Terrace, Ill., near Wheaton, Naperville, Aurora and Lisle, we represent consumers from across Illinois, Indiana, Wisconsin and all of the United States, in individual claims like these as well as in class actions. If you believe your rights as a consumer have been violated by a company taking advantage of its power over customers, our Chicago billing fraud attorneys can help. To set up a free evaluation of your case, please call us toll-free at 630-333-0333 or contact us through the Internet.

Contact Information