Judge dismisses BancorpSouth defense in online theft suit
Bank contended that Choice Escrow's failure to secure online credentials caused $440,000 online heist
Computerworld - A federal judge has rejected BancorpSouth's plan to use contractual agreements with customers as a shield against liability claims stemming from an online heist of some $440,000 that was illegally wire-transferred from the account of one of the bank's commercial customers in March 2010.
The customer, Choice Escrow and Title LLC in Springfield, Mo., filed a lawsuit Tupelo, Miss,-based BancorpSouth in November 2010 alleging that the bank failed to implement commercially reasonable security measures as defined in the Funds Transfer Act provisions of the Uniform Commercial Code (UCC).
BancorpSouth countersued earlier this year arguing that Choice Escrow was solely responsible for the breach because it allowed hackers to gain access to legitimate login credentials.
The bank contended that Choice Escrow signed a contract that included an agreement not to hold BancorpSuth responsible for losses stemming from the a failure to use the online services in a secure manner.
In its lawsuit, BankcorpSouth said Choice Escrow should be held liable for legal costs and other expenses for breaching the terms of the contract by filing claims against the bank.
In a four-page ruling last week, Judge John Maughmer of the U.S. District Court for the Western District of Missouri rejected the bank's claims, ruling that Funds Transfer Act provisions preempted any other agreement between Choice Escrow and Bancorp South.
The judge did note that both sides in the dispute had made convincing arguments to support their case. "The Court having read the briefing of the parties finds this to be a very close call," Maughmer said.
"On one hand, it seems obvious that the drafters of the UCC wanted banking sector parties to be protected from common law negligence claims and to encourage uniformity and consistency," Maughmer said. "On the other hand, it seems unlikely that the drafters of the UCC wanted to discourage business entities from freely exercising their rights to contract the terms of their relationships."
To accept BancorpSouth's arguments would effectively mean that Choice would have to pay back to the bank what the bank would otherwise owe to Choice under the Funds Transfer Act, the judge wrote. "Such a result seems at odds with the purpose of the Act."
The ruling means that the case between BancorpSouth and Choice Escrow could soon head to trial.
In an email to Computerworld, Jim Payne, director of business development at Choice Escrow, expressed satisfaction over the ruling.
"We are ready to get this nightmare over and maybe we are now a little closer," Payne said.
BancorpSouth officials could not be reached for comment.
The case is one of several asking courts to decide who is responsible for online account takeovers where attackers use legitimate access credentials to initiate illegal wire transfers from commercial accounts.
- Big Data, Big Mess: Sound Risk Intelligence Through Complete Context This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Using Cyber Insurance and Cybercrime Data to Limit Your Business Risk This paper examines the challenges of understanding cyber risks, the importance of having the right cyber risk intelligence, and how to use this...
- 5 Tips to Secure Small Business Backdoors in the Enterprise Supply Chain This paper examines the insecurity of the small businesses in the supply chain and offers tips to close those backdoors into the enterprise.
- Confront consumerization with convergence Virtualization expert Elias Khnaser spotlights the security, compliance, and governance issues that arise when enterprise users "consumerize" with shadow IT and public cloud...
- NSS Labs & Cisco Present: Evaluating Leading Breach Detection Systems Today's constantly evolving advanced malware and APTs can evade point-in-time defenses to penetrate networks. Security professionals must evolve their strategy in lockstep to...
- Will the Real Endpoint Threat Detection and Response Please Stand Up? This webinar explores new technologies & process for protecting endpoints from advanced attackers as well as the innovations that are pushing the envelope... All Legal White Papers | Webcasts