News & Resources

Major case ends in settlement

Dec 08, 2012 Dave King

The last decade has been marked by a seemingly constant stream of new and exciting technology, much of which has been targeted at enterprises. ACH cards and other electronic payments have completely refined the way in which accounts payable and receivable function, while mobile devices and cloud computing have provided businesses with opportunities to reduce operational expenditures. However, with great power comes great responsibility, and electronic payments represent a major threat when not used with security as a top priority. ACH and wire fraud has increased along with the rise of electronic payment popularity in the enterprise and can only be reduced through diligent and persistent monitoring of all transactions coming in and out of accounts. ACH fraud costs bank big
Finextra recently reported that People's United bank was sued by Patco Construction after the latter lost more than $500,000 in an instance of ACH wire fraud in 2009. According to the news provider, hackers used malware to infiltrate the bank's system and redirect the ACH payments to a fraudulent account. Now, after a very long and arduous lawsuit that has lost the bank its reputation and cost the construction company hundreds of thousands of dollars, People's United has decided to settle with Patco for the total $500,000 it lost, the source explained. This case was a landmark instance, as the banking, payment processing and merchant sectors all waited to see the outcome. Finextra added that the first court ruled in favor of the bank, but then a Boston First Circuit Court of Appeals overturned the decision, saying that People's United didn't have "commercially reasonable" security in place, and that this negligence directly led to the loss of more than half a million dollars. This is perhaps the most important case regarding ACH and wire transfer fraud, as it sets the precedence that financial institutions will need to keep their systems reasonably secure. What is commercially reasonable?
This will likely be a common discrepancy in the coming years, until security protocols begin to effectively decrease the prevalence of criminal activity. The term "commercially reasonable" was conceived to ensure judges and juries have flexibility in the face of emerging technologies, when stagnant legal standards can make rulings less effectual. Businesses can avoid incurring losses from thieves by going above and beyond simple PCI compliance requirements.