ABA Banking Journal - October 2012 - (Page 61)

legal issues BY THOMAS PINDER Rethink cyber security Patco decision finds banks must do more The cost of operating a technologically secure bank may have just gone up. The First Circuit’s ruling in Patco Construction Co. v. People’s United Bank means banks can be liable for the money cyber thieves steal from a customer’s commercial account. Patco joined Ocean Bank’s “ebanking” program in 2003, primarily for weekly payroll; the payments exceed $37,000. In 2008, People’s United Bank acquired Ocean Bank. In May 2009, hackers infiltrated Patco’s account and initiated six fraudulent transfers totaling $588,851.26. The thieves apparently used computer malware to steal Patco’s customized answers to security questions and passwords. The bank recovered just $243,406.83. Patco sued, claiming the bank’s “commercially unreasonable” security procedures allowed hackers to steal security data. Article 4A of the Uniform Commercial Code generally holds banks responsible for the loss of any unauthorized funds transfer, but banks may shift the risk of loss to a commercial customer if transfers follow commercially reasonable security procedures. The bank argued that its ebanking agreement detailed the procedures and limited the bank’s liability. The district court held that the bank’s security systems were commercially reasonable. The First Circuit reversed the decision: The bank’s “collective failures” made security procedures inadequate. Initially, Patco users answered “challenge questions” for all transfers over $100,000, but in June 2008, the bank lowered the threshold to all transfers over one dollar. Before June 2008, none of Patco’s transfers required challenge questions, but every transfer after June 2008 triggered them. Consequently, both thresholds were rendered ineffective. Given the prevalence of keystroke-copying malware, the court concluded the bank increased fraud risk by requiring questions for every transaction. It also criticized the bank for neither monitoring transactions for fraud nor notifying Patco before suspicious transactions were processed. It noted the fraudulent wires that were flagged as “highly suspicious” simply triggered the same challenge questions. This led the court to question the bank’s decision not to strengthen its security with other readily available technology, such as security tokens. Although the bank’s security system was found commercially unreasonable, Patco may not be blameless. The court of appeals did not determine Photo: Carlos a. oliveras/shutterstoCk.Com the party ultimately responsible for the loss. On remand, the First Circuit ordered the district court to determine the duties Patco had to allay the loss caused by the bank’s inadequate procedures. Regardless of how the district court rules, the Patco decision suggests bank security programs that rely only on customer user names, passwords, and challenge questions will increase a bank’s liability if a commercial account is compromised. Based on the court’s analysis, at a minimum, banks should consider fortifying and tailoring their systems to meet the needs of each commercial customer. n Thomas Pinder is associate general council at ABA. Contact him at tpinder@aba.com october 2012 | ABA BANKING JOURNAL | 61

Table of Contents for the Digital Edition of ABA Banking Journal - October 2012

ABA Banking Journal - October 2012
Contents
Chairman’s View
Editor’s Column
The Economy
Bank Notes
Picture This
Ag bank rebrands—literally
Pass the Aspirin
Tech Topics
Ready for the leadership ride
Community Bank Survival: Matter of attitude?
Card biz: Playing the hand you’re dealt
ABA At Your Service
100 years of service to farmers
Compliance Inbox
Legal Issues
First Person

ABA Banking Journal - October 2012

https://www.nxtbook.com/naylor/BAKS/BAKS0515
https://www.nxtbook.com/naylor/BAKS/BAKS0415
https://www.nxtbook.com/naylor/BAKS/BAKS0315
https://www.nxtbook.com/naylor/BAKS2/BAKS1014
https://www.nxtbook.com/naylor/BAKS2/BAKS0914
https://www.nxtbook.com/naylor/BAKS2/BAKS0814
https://www.nxtbook.com/naylor/BAKS2/BAKS0714
https://www.nxtbook.com/naylor/BAKS2/BAKS0614
https://www.nxtbook.com/naylor/BAKS2/BAKS0514
https://www.nxtbook.com/naylor/BAKS2/BAKS0414
https://www.nxtbook.com/naylor/BAKS2/BAKS0314
https://www.nxtbook.com/naylor/BAKS2/BAKS0214
https://www.nxtbook.com/naylor/BAKS2/BAKS0114
https://www.nxtbook.com/naylor/BAKS2/BAKS1213
https://www.nxtbook.com/naylor/BAKS2/BAKS1113
https://www.nxtbook.com/naylor/BAKS2/BAKS1013
https://www.nxtbook.com/naylor/BAKS2/BAKS0913
https://www.nxtbook.com/naylor/BAKS2/BAKS0813
https://www.nxtbook.com/naylor/BAKS2/BAKS0713
https://www.nxtbook.com/naylor/BAKS2/BAKS0613
https://www.nxtbook.com/naylor/BAKS2/BAKS0513
https://www.nxtbook.com/naylor/BAKS2/BAKS0413
https://www.nxtbook.com/naylor/BAKS2/BAKS0313
https://www.nxtbook.com/naylor/BAKS2/BAKS0213
https://www.nxtbook.com/naylor/BAKS2/BAKS0113
https://www.nxtbook.com/naylor/BAKS2/BAKS1212
https://www.nxtbook.com/naylor/BAKS2/BAKS1112
https://www.nxtbook.com/naylor/BAKS2/BAKS1012
https://www.nxtbook.com/naylor/BAKS2/BAKS0912
https://www.nxtbook.com/naylor/BAKS2/BAKS0712
https://www.nxtbook.com/naylor/BAKS2/BAKS0612
https://www.nxtbook.com/naylor/BAKS2/BAKS0512
https://www.nxtbook.com/naylor/BAKS2/BAKS0412
https://www.nxtbook.com/naylor/BAKS2/BAKS0312
https://www.nxtbook.com/naylor/BAKS2/BAKS0212
https://www.nxtbook.com/naylor/BAKS2/BAKS0112
https://www.nxtbook.com/naylor/BAKS2/BAKS1211
https://www.nxtbook.com/naylor/BAKS2/BAKS1111
https://www.nxtbook.com/naylor/BAKS2/BAKS1011
https://www.nxtbook.com/naylor/BAKS2/BAKS0911
https://www.nxtbook.com/naylor/BAKS2/BAKS0811
https://www.nxtbook.com/naylor/BAKS2/BAKS0711
https://www.nxtbook.com/naylor/BAKS2/BAKS0611
https://www.nxtbook.com/naylor/BAKS2/BAKS0511
https://www.nxtbook.com/naylor/BAKS2/BAKS0411
https://www.nxtbook.com/naylor/BAKS2/BAKS0311
https://www.nxtbook.com/naylor/BAKS2/BAKS0211
https://www.nxtbook.com/naylor/BAKS2/BAKS0111
https://www.nxtbook.com/naylor/BAKS2/BAKS1210
https://www.nxtbook.com/naylor/BAKS2/BAKS1110
https://www.nxtbook.com/naylor/BAKS2/BAKS1010
https://www.nxtbook.com/naylor/BAKS2/BAKS0910
https://www.nxtbook.com/naylor/BAKS2/BAKS0810
https://www.nxtbookmedia.com