December 31, 2025 By DADA DEPUTY CLERK IN THE UNITED STATES DISTRICT COURT FOR THE WESTERN DISTRICT OF VIRGINIA CHARLOTTESVILLE DIVISION
Patricia Goolsby, ) Plaintiff, v. Civil Action No. 3:25-cv-00009 Bank of America, N.A., Defendant.
MEMORANDUM OPINION Plaintiff Patricia Goolsby received a phone call from Bank of America. Or so she thought. Unfortunately, the caller was a fraudster, who tricked Goolsby into disclosing her account information and then emptied her bank account. After the Bank investigated and denied her claim, Goolsby sued to hold the Bank liable for refusing to reimburse her loss. Defendant Bank of America moves to dismiss, (Dkt. 25), arguing that it investigated the claim and appropriately concluded that the transfer was not unauthorized. For the reasons stated below, the court will grant the motion in part and deny in part. I. Background On September 17, 2024, Patricia Goolsby received a phone call from someone purpotting to be calling from Bank of America (“BOA”). (Am. Compl. J 15 (Dkt. 21).) The caller informed Goolsby that someone had attempted to use her debit card in Florida and that they were initiating a fraud prevention process. (Id. 416.) Goolsby confirmed that she was not in Florida and had not authorized any transactions there. (Id. 17.) The caller then offered
to cancel Goolsby’s debit card, told her they would need to verify her identity, and sent her a code via text message for that purpose. (Id. ¶¶ 18–19.) The text appeared to be from Bank of America’s customer service number. (Id. ¶ 19.) The caller confirmed Goolsby’s mailing
address “so that a replacement card could be sent.” (Id. ¶ 24.) Unbeknownst to Goolsby, this caller was a fraudster who had “spoofed” their phone number so that the incoming call on her phone looked it was from Bank of America. (Id. ¶ 21.) Upon information and belief, the fraudster then opened an account under Goolsby’s name at Navy Federal Credit Union using her address and requested a transfer from Bank of America to the new Navy Federal Credit Union account without Goolsby’s knowledge or
permission. (Id. ¶¶ 25, 27.) This prompted confirmation codes to be sent to Goolsby via text message, which the fraudster explained away as “reversal code[s]” for the fraudulent transactions in Florida. (Id. ¶ 42.) Goolsby provided these codes to the fraudster because she believed the fraudster was from Bank of America. (See id. ¶ 93.) Goolsby, however, has not been able to get any information from Navy Federal Credit Union about the account opened in her name or the missing funds. (Id. ¶ 40.)
Goolsby disputed the transfer with Bank of America, which triggered an investigation by the Bank. (Id. ¶¶ 101, 102, 104.) The Bank concluded that no error occurred on their end and sent Goolsby a denial letter. (Id. ¶¶ 104–05.) Goolsby brought suit against Bank of America on March 7, 2025, almost six months after the transfer. (See Dkt. 1.) She filed an amended complaint on May 28, (Dkt. 21), and the Bank moved to dismiss on June 27, 2025, (Dkt. 25). II. Standard of Review Motions to dismiss under Rule 12(b)(6) test the legal sufficiency of a complaint. Edwards v. City of Goldsboro, 178 F.3d 231, 243 (4th Cir. 1999). They do not “resolve contests
surrounding the facts, the merits of a claim, or the applicability of defenses.” Bing v. Brivo Sys., LLC, 959 F.3d 605, 616 (4th Cir. 2020) (quoting King v. Rubenstein, 825 F.3d 206, 214 (4th Cir. 2016)). To survive a Rule 12(b)(6) motion to dismiss, a plaintiff must plead sufficient factual allegations to “state a claim to relief that is plausible on its face.” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (quoting Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007)). A claim is plausible on its face “when the plaintiff pleads factual content that allows the court to draw
the reasonable inference that the defendant is liable for the misconduct alleged.” Id. In reviewing a motion to dismiss for failure to state a claim, “a court must consider the factual allegations in the complaint as true and draw all reasonable inferences in favor of the plaintiff.” Bing, 959 F.3d at 616. III. Analysis Goolsby brings suit on behalf of herself and all those similarly situated,1 seeking to
represent a class “to remedy the harm caused by BOA’s illegal behavior.” (Am. Compl. ¶ 5.) She alleges Bank of America violated the Electronic Fund Transfer Act of 1978 (“EFTA”) (Counts I and III), breached their deposit agreement (Count II), and violated the Uniform Commercial Code and its Virginia equivalent (Count IV). (Id. ¶¶ 89–129.)
1 The court analyzes the claims in the Complaint as to Goolsby only and does not make any determination about the existence of a class at this time. A. Electronic Fund Transfer Act (EFTA) – Counts I and III The Electronic Fund Transfer Act of 1978 (15 U.S.C. § 1693 et seq.) is intended to “provide a basic framework establishing the rights, liabilities, and responsibilities of the
participants in electronic fund and remittance transfer systems.” 15 U.S.C. § 1693(b). The Act protects consumers making electronic transactions by setting rules for banks, establishing consumer rights, and requiring certain disclosures. The EFTA provides a private right of action against a financial institution that “fails to comply” with any provision of the Act. Id. § 1693m(a). The parties do not dispute that the transfers at issue are governed by the EFTA.
Goolsby alleges that Bank of America’s investigation and decision not to reimburse her for her loss violated two provisions of the EFTA. 1. Excess Consumer Liability Under § 1693g (Count I) The EFTA sets caps on consumer liability for “unauthorized transfer[s].” Id. § 1693g. If consumers provide notice to their financial institution within two business days of discovering an “unauthorized transfer,” Section 1693g caps their liability at $50. Id. § 1693g(a).
If the consumer waits more than two business days after discovery to provide notice, their liability is still capped at $500. Id. An unauthorized transfer under the EFTA is “an electronic fund transfer from a consumer’s account initiated by a person other than the consumer without actual authority to initiate such transfer and from which the consumer receives no benefit.” Id. § 1693a(12). Transactions are not considered “unauthorized,” though, if they are “initiated by a person
other than the consumer who was furnished with the card, code, or other means of access to such consumer’s account by such consumer, unless the consumer has notified the financial institution involved that transfers by such other person are no longer authorized.” Id. Goolsby asserts that Bank of America violated the EFTA by declining to reimburse
her for her loss, thereby holding her “responsible for the full amount of the unauthorized transfer [from her account] rather than the limits set forth by § 1693g(a).” (Am. Compl. ¶ 91, 94.) Bank of America counters that it appropriately investigated the transfers and determined that they did not constitute “unauthorized transfers” under the EFTA, and that Goolsby has not alleged a plausible claim that the Bank’s finding was improper. (Def.’s Br. at 7–8 (Dkt. 26).)
“When, as here, a bank concludes that the EFTA authorizes liability in excess of the default cap, the consumer must allege facts plausibly suggesting that the bank’s conclusion is wrong in order to state a claim that the bank has violated § 1693g.” Widjaja v.
Free access — add to your briefcase to read the full text and ask questions with AI
December 31, 2025 By DADA DEPUTY CLERK IN THE UNITED STATES DISTRICT COURT FOR THE WESTERN DISTRICT OF VIRGINIA CHARLOTTESVILLE DIVISION
Patricia Goolsby, ) Plaintiff, v. Civil Action No. 3:25-cv-00009 Bank of America, N.A., Defendant.
MEMORANDUM OPINION Plaintiff Patricia Goolsby received a phone call from Bank of America. Or so she thought. Unfortunately, the caller was a fraudster, who tricked Goolsby into disclosing her account information and then emptied her bank account. After the Bank investigated and denied her claim, Goolsby sued to hold the Bank liable for refusing to reimburse her loss. Defendant Bank of America moves to dismiss, (Dkt. 25), arguing that it investigated the claim and appropriately concluded that the transfer was not unauthorized. For the reasons stated below, the court will grant the motion in part and deny in part. I. Background On September 17, 2024, Patricia Goolsby received a phone call from someone purpotting to be calling from Bank of America (“BOA”). (Am. Compl. J 15 (Dkt. 21).) The caller informed Goolsby that someone had attempted to use her debit card in Florida and that they were initiating a fraud prevention process. (Id. 416.) Goolsby confirmed that she was not in Florida and had not authorized any transactions there. (Id. 17.) The caller then offered
to cancel Goolsby’s debit card, told her they would need to verify her identity, and sent her a code via text message for that purpose. (Id. ¶¶ 18–19.) The text appeared to be from Bank of America’s customer service number. (Id. ¶ 19.) The caller confirmed Goolsby’s mailing
address “so that a replacement card could be sent.” (Id. ¶ 24.) Unbeknownst to Goolsby, this caller was a fraudster who had “spoofed” their phone number so that the incoming call on her phone looked it was from Bank of America. (Id. ¶ 21.) Upon information and belief, the fraudster then opened an account under Goolsby’s name at Navy Federal Credit Union using her address and requested a transfer from Bank of America to the new Navy Federal Credit Union account without Goolsby’s knowledge or
permission. (Id. ¶¶ 25, 27.) This prompted confirmation codes to be sent to Goolsby via text message, which the fraudster explained away as “reversal code[s]” for the fraudulent transactions in Florida. (Id. ¶ 42.) Goolsby provided these codes to the fraudster because she believed the fraudster was from Bank of America. (See id. ¶ 93.) Goolsby, however, has not been able to get any information from Navy Federal Credit Union about the account opened in her name or the missing funds. (Id. ¶ 40.)
Goolsby disputed the transfer with Bank of America, which triggered an investigation by the Bank. (Id. ¶¶ 101, 102, 104.) The Bank concluded that no error occurred on their end and sent Goolsby a denial letter. (Id. ¶¶ 104–05.) Goolsby brought suit against Bank of America on March 7, 2025, almost six months after the transfer. (See Dkt. 1.) She filed an amended complaint on May 28, (Dkt. 21), and the Bank moved to dismiss on June 27, 2025, (Dkt. 25). II. Standard of Review Motions to dismiss under Rule 12(b)(6) test the legal sufficiency of a complaint. Edwards v. City of Goldsboro, 178 F.3d 231, 243 (4th Cir. 1999). They do not “resolve contests
surrounding the facts, the merits of a claim, or the applicability of defenses.” Bing v. Brivo Sys., LLC, 959 F.3d 605, 616 (4th Cir. 2020) (quoting King v. Rubenstein, 825 F.3d 206, 214 (4th Cir. 2016)). To survive a Rule 12(b)(6) motion to dismiss, a plaintiff must plead sufficient factual allegations to “state a claim to relief that is plausible on its face.” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (quoting Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007)). A claim is plausible on its face “when the plaintiff pleads factual content that allows the court to draw
the reasonable inference that the defendant is liable for the misconduct alleged.” Id. In reviewing a motion to dismiss for failure to state a claim, “a court must consider the factual allegations in the complaint as true and draw all reasonable inferences in favor of the plaintiff.” Bing, 959 F.3d at 616. III. Analysis Goolsby brings suit on behalf of herself and all those similarly situated,1 seeking to
represent a class “to remedy the harm caused by BOA’s illegal behavior.” (Am. Compl. ¶ 5.) She alleges Bank of America violated the Electronic Fund Transfer Act of 1978 (“EFTA”) (Counts I and III), breached their deposit agreement (Count II), and violated the Uniform Commercial Code and its Virginia equivalent (Count IV). (Id. ¶¶ 89–129.)
1 The court analyzes the claims in the Complaint as to Goolsby only and does not make any determination about the existence of a class at this time. A. Electronic Fund Transfer Act (EFTA) – Counts I and III The Electronic Fund Transfer Act of 1978 (15 U.S.C. § 1693 et seq.) is intended to “provide a basic framework establishing the rights, liabilities, and responsibilities of the
participants in electronic fund and remittance transfer systems.” 15 U.S.C. § 1693(b). The Act protects consumers making electronic transactions by setting rules for banks, establishing consumer rights, and requiring certain disclosures. The EFTA provides a private right of action against a financial institution that “fails to comply” with any provision of the Act. Id. § 1693m(a). The parties do not dispute that the transfers at issue are governed by the EFTA.
Goolsby alleges that Bank of America’s investigation and decision not to reimburse her for her loss violated two provisions of the EFTA. 1. Excess Consumer Liability Under § 1693g (Count I) The EFTA sets caps on consumer liability for “unauthorized transfer[s].” Id. § 1693g. If consumers provide notice to their financial institution within two business days of discovering an “unauthorized transfer,” Section 1693g caps their liability at $50. Id. § 1693g(a).
If the consumer waits more than two business days after discovery to provide notice, their liability is still capped at $500. Id. An unauthorized transfer under the EFTA is “an electronic fund transfer from a consumer’s account initiated by a person other than the consumer without actual authority to initiate such transfer and from which the consumer receives no benefit.” Id. § 1693a(12). Transactions are not considered “unauthorized,” though, if they are “initiated by a person
other than the consumer who was furnished with the card, code, or other means of access to such consumer’s account by such consumer, unless the consumer has notified the financial institution involved that transfers by such other person are no longer authorized.” Id. Goolsby asserts that Bank of America violated the EFTA by declining to reimburse
her for her loss, thereby holding her “responsible for the full amount of the unauthorized transfer [from her account] rather than the limits set forth by § 1693g(a).” (Am. Compl. ¶ 91, 94.) Bank of America counters that it appropriately investigated the transfers and determined that they did not constitute “unauthorized transfers” under the EFTA, and that Goolsby has not alleged a plausible claim that the Bank’s finding was improper. (Def.’s Br. at 7–8 (Dkt. 26).)
“When, as here, a bank concludes that the EFTA authorizes liability in excess of the default cap, the consumer must allege facts plausibly suggesting that the bank’s conclusion is wrong in order to state a claim that the bank has violated § 1693g.” Widjaja v. JPMorgan Chase Bank, N.A., 21 F.4th 579, 584 (9th Cir. 2021).2 In other words, to state a claim under § 1693g, Goolsby must sufficiently allege that the transfer was in fact “unauthorized” under the EFTA. She carries her burden here.
Goolsby sufficiently alleges that the transfer was initiated by a person “without actual authority to initiate such transfer.” 15 U.S.C. § 1693a(12). The EFTA “does not hold banks liable for transfers made with the customer’s authorization.” Cook v. USAA Fed. Savs. Bank, No. 8:22-cv-01469, 2023 WL 3949735, at *2 (D. Md. June 12, 2023) (cleaned up). But “it is self-evident that an individual falsely posing as a customer service representative—with no
2 The United States Court of Appeals for the Fourth Circuit does not appear to have interpreted or commented on § 1963g. The court finds persuasive authority compelling here. connection to [Bank of America]—would not have the ‘actual authority’ to initiate a transfer, as required by § 1693a(12).” Green v. Capital One, N.A., 557 F. Supp. 3d 441, 448 (S.D.N.Y. 2021).
Goolsby alleges that “[w]hen BOA receives a request to send money . . . it sends a series of automated texts messages to the accountholder seeking confirmation of the transaction(s).” (Am Compl. ¶ 33.) The fraudster convinced her that the “flurry of confirmation texts” she received from the Bank was “automatically generated to confirm a ‘reversal code’ for the fraudulent transactions.” (Id. ¶¶ 35, 42.) Goolsby maintains that “any responses [she] provided to messages from BOA were the result of her false belief that the
person she was speaking to on the phone was affiliated with BOA, and that his instructions to her were valid and correct.” (Id. ¶ 29.) As Goolsby points out, the Consumer Financial Protection Bureau’s Official Interpretation of the EFTA’s implementing regulation, Regulation E, provides that an unauthorized transfer includes one that is initiated by someone who obtained access from the consumer “through fraud or robbery.” (Id. ¶ 56.) Drawing inferences in the light most favorable to Goolsby, the court finds that she sufficiently alleged
the caller “obtained the [confirmation] codes from [her] through fraud,” (see id. ¶ 93), and that the transfer was “initiated by a person other than the consumer without actual authority.” 15 U.S.C. § 1693a(12). Goolsby also sufficiently alleges that she received no benefit from the transfer. (Id. ¶ 38.) She claims that the fraudster used her mailing address to open up an account at Navy Federal Credit Union, transferred the funds from her Bank of America account to the new account, and withdrew the funds quickly upon arrival. (Id. ¶¶ 24, 25, 27, 35, 38, 39.) She avers that Navy Federal Credit Union “will not discuss the account with her.” (Id. ¶ 40.) Bank of America tries to make this case about its investigation into the transfer. It
argues that at the time Goolsby disputed the transfer, she only “explained that she had not authorized charges or transfers showing on [the] accounts,” but despite this, the Bank had determined the transfer was “made to an account that provided a benefit to a valid signer on the account.” (Def.’s Br. at 8.) Taken together, the Bank contends, these allegations are not enough to for Goolsby to state a claim “that the Bank reached an incorrect conclusion based on the information it had.” (Id.)
But the reasonableness or propriety of the Bank’s conclusion based on the information it had at the time of Goolsby’s dispute is not at issue. At this stage, the issue is whether Goolsby has sufficiently stated a claim that the transfers were “unauthorized” under the EFTA. The Bank does not present a single argument as to how Goolsby could have received a benefit from the transfer. Goolsby has clearly stated enough facts to support the inference that she did not receive a benefit from the transfer, and therefore sufficiently alleges that the
transfer was “unauthorized” under the EFTA. Both parties agree that the Bank did not reimburse Goolsby for her loss. (Am. Compl. ¶ 94; Def.’s Br. at 7.) Accordingly, the court finds that Goolsby stated a claim that the Bank violated 15 U.S.C. § 1693g. 2. Failure to Provide Notice Under § 1693f (Count III) If a consumer notifies a bank of an “error” in their account, the EFTA obligates the bank to “investigate the alleged error, determine whether an error has occurred, and report or
mail the results of such investigation and determination to the consumer within ten business days.” 15 U.S.C. § 1693f(a). An unauthorized electronic transfer counts as an “error” under the statute. Id. § 1693f(f). If the bank determines after investigation that an error did not occur, it is required to deliver a written “explanation of its findings” within three business days
of the conclusion of its investigation. Id. § 1693f(d); 12 C.F.R. § 1005.11(d)(1). Along with this explanation, the bank must provide notice to the consumer of their right to request reproductions of all documents relied upon to conclude such error did not occur. 15 U.S.C. § 1693f(d). The bank must “promptly” provide those reproductions upon request. Id. Unlike the above claim under § 1693g, the Bank’s conduct during and after its investigation is relevant to Goolsby’s notice claim under § 1693f. Goolsby alleges that the
Bank provided only “form denial letters” that did not “contain any meaningful explanation of BOA’s findings.” (Am. Compl. ¶ 105.) Rather, she claims, the letters “contain[ed] boilerplate statements that could apply to virtually any supposed investigation of an unauthorized transfer.” (Id. ¶ 106.) Goolsby never claims, though, that the Bank failed to provide her with notice of her right to reproductions or to provide the reproductions themselves under § 1693f(d). Her claim that the Bank failed to “in some instances” appears to refer to her
alleged class members, and not specifically to her. (See id. ¶ 108.) The Bank argues that Goolsby’s allegations are “wholly conclusory,” since she does not allege any facts about when she received the notice of denial or what the letter said or failed to say, other than her vague statement about “boilerplate statements.” (Def.’s Br. at 4.) The court agrees with the Bank. Goolsby only levies conclusory allegations about the Bank’s failure to follow its EFTA notice obligations. She does not allege what these “boilerplate
statements” say, do not say, or why they could apply to “any supposed investigation” and are not specifically tailored to her investigation. Nor does she allege what information the Bank failed to consider or steps that it failed to take during its investigation. Accordingly, the court finds that Goolsby fails to state a claim that the Bank violated their notice obligations under
15 U.S.C. § 1693f. B. Breach of Contract (Count II) Goolsby alleges that she, as a Checking Account customer of Bank of America, has a contractual relationship to the Bank through its Deposit Agreement and Disclosures (“Account Agreement”). (Am. Compl. ¶ 46.) She claims that Bank of America “materially breached” the agreement by “failing to limit” her losses to the amounts “set forth in the
Account Agreement.” (Id. ¶¶ 99–100.) The Account Agreement mirrors the EFTA, limiting customer liability for unauthorized transfers to $50 or $500 depending on how quickly the customer notifies the Bank. (Id. ¶ 46.) Relevant here, the Account Agreement also states, in part: If you give your card, PIN or other access device or code to anyone, you may be liable for all transactions made by that person, or anyone else that person authorizes to use your card or PIN, until you advise us that such person is not authorized to use them. This does not cover situations where you provide account access because you were fraudulently induced or otherwise coerced through fraud or robbery. (Id. ¶ 47) (emphasis added). To state a claim for breach of contract, Goolsby must sufficiently allege that the Bank breached a legally enforceable obligation it owed to her. Ramos v. Wells Fargo Bank, NA, 770 S.E.2d 491, 493 (Va. 2015). So here, Goolsby must allege that the Bank breached the Account Agreement by failing to reimburse her losses from the transfer. The Account Agreement exempts customers from liability when a customer “provide[s] account access because [they] were fraudulently induced.” (Am. Compl. ¶ 47.) Goolsby alleges that she provided codes to the fraudster, who initiated the transfers from her account, based on the “false belief that the person she was speaking to on the phone was affiliated with BOA.” (See id. ¶¶ 29, 93.) Had
she known the fraudster was not affiliated with the Bank, she would not have provided any information. (Id. ¶¶ 27–30.) At this stage, Goolsby has alleged enough to suggest that she was fraudulently induced to provide access to her Bank of America account. And both parties agree that the Bank refused to reimburse her losses. (Id. ¶ 94; Def.’s Br. at 7.) Accordingly, the court finds that Goolsby stated a claim that the Bank breached the Account Agreement. C. Uniform Commercial Code (Count IV)
In her Amended Complaint, Goolsby brings a claim under the Uniform Commercial Code and its Virginia equivalent. (Am. Compl. ¶¶ 114–29.) She pleads this claim “as an alternative to her EFTA claims.” (Id. ¶ 114.) Goolsby contends that Bank of America violated the U.C.C. and the Virginia U.C.C. by failing to issue her a refund for the “unauthorized transfers” from her account. (Id. ¶ ¶ 127–29.) Defendants counter that the Virginia U.C.C. expressly exempts transactions that are governed by the EFTA, and that since the parties do
not dispute that the EFTA applies to the transfers at issue, Goolsby cannot plead the U.C.C. claim in the alternative. (Def.’s Br. at 12–13.) In her response brief, Plaintiff concedes that if the Bank agrees that the EFTA applies to the transfers at issue, she is “content with the dismissal of this claim.” (Pl.’s Resp. at 18.) The U.C.C. and its Virginia equivalent both expressly except transfers governed by the EFTA. Save an exception that is not relevant here, the U.C.C. subsections “do[] not apply to
a funds transfer any part of which is governed by the Electronic Fund Transfer Act of 1978.” Va. Code Ann. § 8.4A-108(a); U.C.C. § 4A-108. Both parties agree that the transfers at issue are governed by the EFTA. (Am. Compl. { 34; Def.’s Br. at 13.) Accordingly, the court will dismiss Goolsby’s U.C.C. claim. IV. Conclusion For the foregoing reasons, the court will grant in part and deny in part Bank of America’s motion to dismiss, (Dkt. 25). The motion will be denied as to Goolsby’s EPTA Excess Liability claim (Count I) and her breach of contract claim (Count I). The motion will be granted as to Goolsby’s EFTA Notice claim (Count IIT) and her UCC claim (Count IV). Those claims will be dismissed without prejudice. An appropriate Order will issue. ENTERED this 31st day of December, 2025.
HON. JASMINE H. YOON UNITED STATES DISTRICT JUDGE
-11-