Lawsuit targets bank after clients lose millions in cyber fraud
Over 140 Bank of Montreal (BMO) customers who claim to have lost significant sums through unauthorized transfers are banding together to file a class-action lawsuit against the bank.
Collectively, they've lost more than $1.5 million, according to organizer Lisa Wong. This comes two years after CBC News first reported similar incidents involving BMO customers.
"We have people from all walks of life," said Wong, who lost $15,500 herself. Victims include new immigrants, professionals such as doctors and engineers, and business owners. Wong claims that BMO's security measures fail to protect against increasingly sophisticated cybercrime.
Cyberattacks involve hackers gaining access to customers' accounts through methods like malware that steal digital credentials. The criminals then make unauthorized e-transfers and wire transfers and set up bill payments.
BMO has opted against reimbursing the customers, saying their passwords were used correctly and one-time codes were properly entered.
While the Ombudsman for Banking and Investment Services (OBSI) – which mediates disputes between banks and clients – reports a rise in e-transfer fraud, cases are often difficult to resolve. In many instances, the bank is absolved of liability if a customer unknowingly shared their information, even if unauthorized transfers occur.
OBSI spokesperson Mark Wright said these cases are often complex as the perpetrators are difficult to locate.
"We are not able to recommend that the bank pay compensation to the consumer because our investigations show the consumer has unknowingly shared or given access to their confidential information and the bank has complied with its obligations," Wright said in an email.
"In the digital world we live in, these scams are fast evolving and are becoming more sophisticated, targeting millions of Canadians with malicious texts and phone calls," BMO spokesperson Jeff Roman told CBC News. "We realize how difficult it is when a customer unfortunately falls victim to these criminals, and we provide support based on the specifics of their individual cases and circumstances."
He said the bank provides support to prevent these situations but cannot share security details.
Read next: A 90-day AI-Powered blueprint for broker success
Cybercrime expert Kenrick Bagnall believes the customers' devices were likely infected with malware that harvested their login information, which was then sold on the dark web. He said the bank's security procedures appeared to be followed properly.
The Canadian Bankers Association did not directly address the question of bank liability for such losses, instead stating that banks "are committed to helping protect their customers from financial scams."
Make sure to get all the latest news to your inbox on Canada’s mortgage and housing markets by signing up for our free daily newsletter here.