Court ruling could leave bank on hook for online fraud
Federal case changes legal requirements for banks regarding commercial customers
August 21, 2012 — CSO — Patco Construction. v. People's United Bank hasn't made the mainstream evening news. But it is the top headline in the online banking world, thanks to a recent court decision in the case.
For the first time, a federal Court of Appeals has ruled that a bank's electronic transaction security procedures failed to meet the standard required under the Uniform Commercial Code (UCC) as "commercially reasonable," putting the bank on the hook for losses due to fraud.
Patco, a small property development and contractor in Sanford, Maine, sued People's United for authorizing six fraudulent withdrawals from its account in May 2009, totaling $588,851, even after the bank's security system had flagged each transaction as high-risk. The bank was able to block or recover $243,406 of that total.
The July 3 ruling, by the First Circuit U.S. Court of Appeals, does not end the case -- it denies a summary judgment to dismiss the suit sought by the bank, upholds the denial of a summary judgment sought by Patco and remands the case back to the district court level.
It also makes it unlikely that the case will ever be adjudicated in court. Chief Judge Sandra Lynch suggested at the end of the decision that, "on remand the parties may wish to consider whether it would be wiser to invest their resources in resolving this matter by agreement," a recommendation that William Repasky, a trial lawyer with Frost Brown Todd and an expert on online banking, called "most curious."
But Repasky also said that even if the parties do reach a private settlement and no official case law results, the court decision will have precedent-setting impact. "This is the highest court in the land to rule this way on this kind of case," he said.
Repasky will be cohosting a webinar on Wednesday at 11 a.m. EDT with George Tubin, security strategist and online banking fraud expert for security vendor Trusteer, to talk about how the case has changed the legal requirements for banks regarding their commercial customers.
Repasky said it is first important to understand the difference between individual and commercial banking customers. A bank's responsibilities to the former are governed by the Electronic Fund Transfer Act, while its duties to commercial customers are governed by Article 4A of the UCC.
The two major responsibilities to commercial customers, he said, are that a bank's security system must be "commercially reasonable," and that electronic transactions must be made in "good faith."