25 May 2017
Visit EBAday.com

ACH liability up for grabs as court finds against bank in second US cyber-heist suit

17 June 2011  |  15828 views  |  2 Vault combination lock

A Michigan court has found in favour of Experi-Metal in its $560,000 cyber-heist suit against Comerica Bank, contradicting a ruling last week in a separate small business ACH fraud case which came down on the side of the bank.

In the Experi-Metal case, Judge Patrick Duggan of the US District Court for the Eastern District of Michigan said that the bank should have done a better job of picking up the fraudulent transactions running from the company's accounts after its financial controller was duped into opening a malware-laden phishing e-mail.

In summing up, Duggan said "a bank dealing fairly with its customers, under these circumstances, would have detected and/or stopped the fraudulent wire activity earlier".

In a separate case heard in Maine last week, the presiding magistrate ruled that Ocean Bank was not responsible for the loss of around $345,000 from a business customer account following a similar cyber-attack.

With multiple cases of ACH wire fraud piling up in the US, the rulings leave the critical liability issues open to debate.

Comerica says it plans to file an appeal against the Michigan ruling, pushing the issue higher up the justice system to an appellate court, where the verdict will hold sway over future district court adjudications.

Comments: (2)

Bruce Shirey
Bruce Shirey - The Rinaldi Group - San Diego | 17 June, 2011, 16:14

It appears the Michigan judge has either common sense or attended business school and a few classes in logical thinking vs the now more apparent clueless Portland, ME judge.  One would think if payments security is attempting to standardize using PCI, then acts of fraud would also have a set of standards or at least parameters.  Perhaps Durbin ought to spend time protecting the consumers and businesses against blatant fraud and not intervening in transactional fees that ultimately get offset by the introduction of new fees in other areas.  Just a thought!

1 thumb up! 1 thumb up! (Log in to thumb up)
Ketharaman Swaminathan
Ketharaman Swaminathan - GTM360 Marketing Solutions - Pune | 20 June, 2011, 11:22

This ruling applies to ACH, which is not a same-day settlement system. It's interesting to view its impact on realtime systems like Fed/CHAPS or near-realtime ones like FPS. Carrying out the required fraud detection checks takes a few minutes / hours, the payment misses the scheme roundtrip duration SLA (e.g. 2 hours in the case of FPS, a few seconds in the case of CHAPS) as a result. The bank is not guilty of wrongdoing but how will the court rule in case the corporate sues the bank for delaying the payment?

Worse still, what if banks sit on the payment and enjoy the float, acting out the pretense of carrying out fraud checks? They're clearly guilty of wrongdoing, but will it ever be possible to prove their guilt in any court of law?

By signing up with a bank, a corporate acknowledges the level of security provided and understands the level of concomittant risks involved. When the issue clearly lies on the corporate's side - like in this case where its Financial Controller opened a malware-laden email - a court-driven review of contractual roles and responsibilities can prove to be a double-edged sword.

Be the first to give this comment the thumbs up 0 thumb ups! (Log in to thumb up)
Comment on this story (membership required)

Finextra news in your inbox

For Finextra's free daily newsletter, breaking news flashes and weekly jobs board: sign up now

Related stories

US judge backs bank against customer who sued over hack

US judge backs bank against customer who sued over hack

08 June 2011  |  7987 views  |  3 comments
Banks face greater scrutiny under White House cyber-security plans

Banks face greater scrutiny under White House cyber-security plans

13 May 2011  |  6612 views  |  0 comments
Crooks hacking US accounts and wiring money to China - FBI

Crooks hacking US accounts and wiring money to China - FBI

28 April 2011  |  9230 views  |  0 comments
Account takeover fraud plaguing US small businesses

Account takeover fraud plaguing US small businesses

04 April 2011  |  9415 views  |  0 comments
Cybercrook peddles Zeus source code

Cybercrook peddles Zeus source code

24 March 2011  |  8736 views  |  0 comments
Banks failing to protect small businesses from cyber crime wave

Banks failing to protect small businesses from cyber crime wave

10 March 2010  |  10664 views  |  0 comments
IronKey bids to crack corporate banking cybercrimewave

IronKey bids to crack corporate banking cybercrimewave

22 February 2010  |  7739 views  |  0 comments
Sophisticated cybercrooks cracking bank security efforts

Sophisticated cybercrooks cracking bank security efforts

30 September 2009  |  12814 views  |  0 comments
visit dh.comvisit www.events.sap.comvisit www.response.ncr.com

Top topics

Most viewed Most shared
BBVA launches Open API marketplaceBBVA launches Open API marketplace
9581 views comments | 44 tweets | 64 linkedin
Banks must get on AI bandwagon now – new Finextra researchBanks must get on AI bandwagon now – new F...
9522 views comments | 22 tweets | 31 linkedin
Twins fool HSBC voice biometrics - BBCTwins fool HSBC voice biometrics - BBC
9149 views comments | 21 tweets | 24 linkedin
UK SMEs missing out on £1.6bn by not accepting 'next gen' paymentsUK SMEs missing out on £1.6bn by not...
6868 views comments | 25 tweets | 18 linkedin
BBVA brings info and payments to social and messaging networksBBVA brings info and payments to social an...
6850 views comments | 11 tweets | 17 linkedin

Featured job

Six Figure Base + Commission + Stock Options
London

Find your next job