Skip the navigation

Judge dismisses BancorpSouth defense in online theft suit

Bank contended that Choice Escrow's failure to secure online credentials caused $440,000 online heist

August 29, 2012 11:42 AM ET

Computerworld - A federal judge has rejected BancorpSouth's plan to use contractual agreements with customers as a shield against liability claims stemming from an online heist of some $440,000 that was illegally wire-transferred from the account of one of the bank's commercial customers in March 2010.

The customer, Choice Escrow and Title LLC in Springfield, Mo., filed a lawsuit Tupelo, Miss,-based BancorpSouth in November 2010 alleging that the bank failed to implement commercially reasonable security measures as defined in the Funds Transfer Act provisions of the Uniform Commercial Code (UCC).

BancorpSouth countersued earlier this year arguing that Choice Escrow was solely responsible for the breach because it allowed hackers to gain access to legitimate login credentials.

The bank contended that Choice Escrow signed a contract that included an agreement not to hold BancorpSuth responsible for losses stemming from the a failure to use the online services in a secure manner.

In its lawsuit, BankcorpSouth said Choice Escrow should be held liable for legal costs and other expenses for breaching the terms of the contract by filing claims against the bank.

In a four-page ruling last week, Judge John Maughmer of the U.S. District Court for the Western District of Missouri rejected the bank's claims, ruling that Funds Transfer Act provisions preempted any other agreement between Choice Escrow and Bancorp South.

The judge did note that both sides in the dispute had made convincing arguments to support their case. "The Court having read the briefing of the parties finds this to be a very close call," Maughmer said.

"On one hand, it seems obvious that the drafters of the UCC wanted banking sector parties to be protected from common law negligence claims and to encourage uniformity and consistency," Maughmer said. "On the other hand, it seems unlikely that the drafters of the UCC wanted to discourage business entities from freely exercising their rights to contract the terms of their relationships."

To accept BancorpSouth's arguments would effectively mean that Choice would have to pay back to the bank what the bank would otherwise owe to Choice under the Funds Transfer Act, the judge wrote. "Such a result seems at odds with the purpose of the Act."

The ruling means that the case between BancorpSouth and Choice Escrow could soon head to trial.

In an email to Computerworld, Jim Payne, director of business development at Choice Escrow, expressed satisfaction over the ruling.

"We are ready to get this nightmare over and maybe we are now a little closer," Payne said.

BancorpSouth officials could not be reached for comment.

The case is one of several asking courts to decide who is responsible for online account takeovers where attackers use legitimate access credentials to initiate illegal wire transfers from commercial accounts.

Our Commenting Policies