Forensic Science Expert Witness' Conclusions About Citigroup's Security Standards Rejected

Forensic Science Expert Witness’ Conclusions About Citigroup’s Security Standards Rejected

Hamrit, a citizen of Algeria who lives in Washington, D.C., has been a Citibank customer with a personal checking and savings account since July 2019. In early May 2020, Hamrit’s relationship manager at Citibank, Jim Riutta, encouraged Hamrit to join the Citi Personal Wealth Management (“CPWM”) program.

He alleged that, while monitoring the trading activity for AERC stock, “a malfunction occurred on the brokerage account function of the Citibank App resulting in a ‘buy’ order of 7650 shares of AERC being wrongly executed at the purchase price of USD51.39 per share for a total purchase price of USD393133.50 excluding estimated commissions of USD2.95.” Hamrit maintains that he never confirmed this transaction, yet “[t]he Citibank App automatically swept the funds for this transaction from [his] personal accounts” without his authorization or approval.

The narrow issue to be determined by the Court is whether Plaintiff opened the online brokerage account which is the subject of the hearing (the “C29 Account”), and in doing so agreed to the unambiguous arbitration provision (the “Arbitration Agreement”) in the Account Application and Client Agreement (the “Client Agreement”).

Defendants Citigroup Global Markets, Inc., Citi Personal Wealth Management, and Citigroup, Inc. (collectively, “Citigroup”) filed a motion in limine to exclude the proffered expert testimony of Larry F. Stewart.

Forensic Science Expert Witness

Larry F. Stewart is a forensic scientist that specializes in chemistry and document security. He has earned an Associate of Arts degree from Florida Technological University in Orlando, a Bachelor of Science in Forensic Science degree from the University of Central Florida, also in Orlando and a Master of Forensic Sciences degree from Antioch University in Yellow Springs, Ohio. Also, Stewart has worked for the U.S. Government as a scientist and manager for over 25 years and in private practice for over 17 years.

Get the full story on challenges to Larry Stewart’s expert opinions and testimony with an in-depth Challenge Study. 

Discussion by the Court

Hamrit sought to offer expert conclusions from Larry F. Stewart that fall into two buckets. First, Stewart testified that the security standards Citigroup employed did not align with those of the National Institute of Standards and Technology (“NIST”) for high value transactions. Second, Stewart concluded that Citigroup’s system did not truly verify Hamrit’s identity given discrepancies in the account opening documentation.

Citigroup argued that Stewart is not qualified to offer an opinion regarding the financial technology matters relevant to whether Hamrit electronically executed the arbitration agreement, and also contended that Stewart’s testimony would not be helpful to the trier of fact as his opinions did not stem from any specialized expertise but instead merely convey lay observations.

Qualifications

The parties disagree on whether Stewart’s experiences qualify him to offer an expert opinion on the narrow issue of the trial: whether Hamrit electronically executed an arbitration agreement with Citigroup when his online brokerage account was opened.

Citigroup contended that Stewart is not qualified to offer an expert opinion concerning whether Hamrit electronically executed an arbitration agreement because he “has no demonstrated expertise in cybersecurity, financial technology, opening of online accounts, or computer science generally.”

A key piece of evidence in this case is a document called a ThreatMetrix report. One of Citigroup’s witnesses at trial, a Citigroup fraud risk officer named Eustacio Valfre, explained that this report captures “[e]ach digital session” that a client has on Citigroup’s online platform and that the report “has a bunch of different data points that [Citigroup’s fraud officers] review” when assessing fraud risk. 

The Court held that Stewart plainly is not qualified to offer an expert opinion regarding the ThreatMetrix report. During voir dire, Stewart testified that he has never received any training concerning ThreatMetrix, has never offered an opinion concerning ThreatMetrix, and has never drafted a report concerning ThreatMetrix. 

Relevance and Reliability

There are multiple instances of Stewart basing his testimony on insufficient or incomplete information to draw conclusions regarding the authenticity of the records at issue.

To begin with, the Court requires no expertise, for example, to observe that Hamrit’s “residential address at the date of the Account Application and Client Agreement was different from the residential address stated therein,” that Hamrit’s “immigration status is different from that stated in the Account Application and Client Agreement,” or that a document has “different fonts,” contains a “blurred image,” or lacks a signature. These are simply lay observations concerning the contents of two documents, which in no way rely on Stewart’s purported expertise in document security. 

Stewart’s purported opinion that Citigroup did not verify Hamrit’s identity because there were discrepancies in the account opening documentation, therefore, does not rely on any expertise but is drawn from lay matters that the Court is “capable of understanding and deciding without the expert’s help.’”

Stewart’s proffered conclusion that Citigroup’s security standards were insufficient relied on a fundamentally flawed premise as he assumed the absence of biometric authentication. Stewart testified that Hamrit’s purported account-opening transaction did not comply with the standards of the NIST for large dollar transactions. Yet, the undisputed evidence at trial established that Hamrit’s account had in place biometric identification for access and that such access was indeed used when his online brokerage account was opened.

Held

The Court granted the Defendants’ motion in limine to exclude the proffered expert testimony of Larry F. Stewart.

Key Takeaways:

  • Stewart’s failure to base his conclusions on complete and accurate information severely diminishes any probative value of his testimony. And in particular, Stewart’s flawed assumption that biometric access was not in place when Hamrit’s online brokerage account was opened, in the face of overwhelming and undisputed evidence to the contrary, renders his conclusion about whether Citigroup met the NIST’s standards devoid of any probative value and require exclusion of that conclusion.
  • Stewart’s purported expertise in “document security” was devoid of any knowledge or training that would allow him to opine on the probative value of the information in a technical product like the ThreatMetrix report that captures a variety of pieces of digital evidence and requires specialized training to properly understand and interpret.

Case Details:

Case Caption:Hamrit V. Citigroup Global Markets, Inc. Et Al
Docket Number:1:22cv10443
Court:United States District Court, New York Southern
Order Date:November 26, 2024

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *