Fraud Verdict: Opinions Vary

'Good Faith,' 'Reasonable Security' High Points in New Ruling

By , June 17, 2011.
Fraud Verdict: Opinions Vary


See Also: Financial Malware: Detection and Defense Strategies

District Court's opinion this week in an ACH and wire fraud case between a bank and its former commercial customer has fueled discussion about liability, reasonable security and the contractual obligation banks have to protect their customers' commercial accounts. [See Court Favors EMI in Fraud Suit.]

In a 27-page bench opinion, U.S. District Judge Patrick J. Duggan says Comerica Bank should have detected and stopped fraudulent transfers it approved for Michigan-based Experi-Metal Inc., a former Comerica customer. EMI sued Comerica 18 months ago, after Comerica approved fraudulent wire transfers totaling more than $1.9 million, asking that the bank reimburse the more than $550,000 EMI lost as a result of the transfers.

"There are a number of considerations relevant to whether Comerica acted in good faith with respect to this incident," the opinion states. "A bank dealing fairly with its customer, under these circumstances, would have detected and/or stopped the fraudulent wire activity earlier," Duggan writes. "Comerica fails to present evidence from which this Court could find otherwise."

On June 13, the court ordered Comerica to pay EMI for the losses. Comerica says it expects to appeal the decision. "While we respect the judge's opinion, Comerica believes it acted in good faith and plans to appeal," Comerica says in a statement issued about the opinion. "As noted by the judge, Comerica's security token technology is commercially reasonable and in compliance with current Federal Financial Institutions Examination Council guidelines. We presented evidence that disputes the allegations made against us and believe that, following a review of the evidence, the appellate court will agree and reverse this decision."

EMI attorney Richard Tomlinson says the case highlights a number of points, the least of which relates to corporate ethics. "It tells us that the banks can't rely on their own self-serving contracts; they have to have an objective good-faith standard," he says. "This allows the courts to look at the banks' actions and determine whether they are good faith and fair."

Implications for Banks?

The court's message in the EMI-Comerica is pretty clear, but not simple, says privacy attorney David Navetta, who specializes in IT security. "The real focus here was the good faith requirement under UCC [Uniform Commercial Code] 4A-202," he says. "The burden to establish good faith was on Comerica, according to the court."

Navetta says the court did not find evidence of intentional wrongdoing, but it did focus on whether Comerica practiced "reasonable commercial standards of fair dealing."

"This is where the opinion gets a bit confused," Navetta says. "One the one hand, the court indicated that the bank had established commercially reasonable security. On the other hand, the court based its decision on the lack of fraud detection mechanisms employed by Comerica."

Navetta says the court's view was that Comerica should have had better fraud detection mechanisms to detect and analyze risks.

Jim Payne, director of business development of Missouri-based Choice Escrow, which lost $440,000 to wire fraud, says banks should have better fraud mechanisms in place, and that the judge's opinion in the EMI case is a win for small business. Choice Escrow in November 2010 sued its former bank, BankcorpSouth, alleging inadequate security measures.

Other recent account takeover incident striking small businesses include:

  • Village View Escrow of Redondo Beach, Calif., which in March lost $465,000 to an online hack, and has recently filed a suit against its former bank;
  • Hillary Machinery, which in January 2009 was sued by its bank, Plains Capital Bank, after a heated legal battle over ACH fraud liability. The suit was later settled for undisclosed terms; and
  • The Catholic Diocese of Des Moines, Iowa, which in August lost $600,000 in fraudulent ACH transactions.

Follow Tracy Kitten on Twitter: @FraudBlogger

  • Print
  • Tweet Like LinkedIn share
Get permission to license our content for reuse in a myriad of ways.
ARTICLE Growing the Privacy Profession

No longer just a second fiddle to security, privacy has emerged as a global hot topic - and a...

Latest Tweets and Mentions

ARTICLE Growing the Privacy Profession

No longer just a second fiddle to security, privacy has emerged as a global hot topic - and a...

The ISMG Network