The Maine-based construction company called PATCO has settled its dispute with People’s United Bank, foregoing damages and legal fees but according to PATCO management, recovering from the bank the stolen account balances. The case is one of several in which smaller businesses have lost money as a result of fraudulent outgoing wires and ACH payments, and the relative responsibilities of the bank and the commercial account holder are still being tested.
According to Tracy Kitten, writing for BankInfoSecurity:
The appellate ruling in the PATCO case… opened the door for future cases to explore the obligation commercial customers have for ensuring their own security. Pointing to Article 4A of the Uniform Commercial Code, which provides protections to commercial customers similar to those provided for consumers under Regulation E, the court suggested commercial customers have some responsibilities.
Under Article 4A, a bank typically bears the risk of loss when unauthorized funds transfers are approved. The bank may shift that risk of loss onto the customer by either proving the commercial reasonableness of its offered security procedures or by proving that it approved the fraudulent payment or transfer on good faith and in compliance with security procedures noted in its contract with the customer. But in its July ruling, the appeals court said: “Article 4A does not appear to be a one-way street. Commercial customers have obligations and responsibilities as well.”
Had the parties not settled, their ongoing legal dispute likely would have involved a review of whether PATCO fulfilled its own obligations under the Uniform Commercial Code.
Banks will continue to be tested with respect to the adequacy of their security, as well as their compliance with stated policies and contractual commitments to customers. There is no question that online banking has become a key part of commercial banking relationships, and security is presently being stressed further by mobile means. Both customers and bankers need to recognize that both are at risk, and each must take appropriate actions to minimize those risks.
Click here to read more from BankInfoSecurity. Click here and here to read more about this case.
