Dec 08, 2012 Dave King
Finextra recently reported that People's United bank was sued by Patco Construction after the latter lost more than $500,000 in an instance of ACH wire fraud in 2009. According to the news provider, hackers used malware to infiltrate the bank's system and redirect the ACH payments to a fraudulent account. Now, after a very long and arduous lawsuit that has lost the bank its reputation and cost the construction company hundreds of thousands of dollars, People's United has decided to settle with Patco for the total $500,000 it lost, the source explained. This case was a landmark instance, as the banking, payment processing and merchant sectors all waited to see the outcome. Finextra added that the first court ruled in favor of the bank, but then a Boston First Circuit Court of Appeals overturned the decision, saying that People's United didn't have "commercially reasonable" security in place, and that this negligence directly led to the loss of more than half a million dollars. This is perhaps the most important case regarding ACH and wire transfer fraud, as it sets the precedence that financial institutions will need to keep their systems reasonably secure. What is commercially reasonable?
This will likely be a common discrepancy in the coming years, until security protocols begin to effectively decrease the prevalence of criminal activity. The term "commercially reasonable" was conceived to ensure judges and juries have flexibility in the face of emerging technologies, when stagnant legal standards can make rulings less effectual. Businesses can avoid incurring losses from thieves by going above and beyond simple PCI compliance requirements.