Monday, September 10, 2012
"The judgment puts us on notice there may be inconsistencies between contractual agreements in the payment space and statutory rules governing payments," Atlas said of the federal court decision in Choice Escrow and Land Title LLC v. BancorpSouth Bank.
In March 2009, Choice Escrow had $440,000 stolen from its trust account with BancorpSouth Bank when a wire transfer request for that amount was made by thieves using the correct Choice user identification and password. The fraudulent wire transaction request was fulfilled by the bank. The money was transferred to a bank in the Republic of Cypress and to an account held by an entity called Brolaw Services Ltd.
Choice sued BSB to reclaim the money. It argued that it had never heard of, done business with or held money for Brolaw, nor had it authorized any wire transfer to the Brolaw account. BSB countersued, claiming Choice signed contracts obligating Choice to indemnify BSB for any losses, costs, liabilities or expenses associated with the account.
In its Aug. 20, 2012, ruling dismissing the BSB counterclaim, the federal court agreed with Choice that the bank's counterclaims were invalidated by the Electronic Fund Transfer Act of the Uniform Commercial Code.
"The issue here, then, is whether a written indemnity agreement between a bank and its customer whereby the customer agrees to indemnify the bank for any losses, costs, liabilities or expenses is inconsistent with the Fund Transfers Act," Federal Judge John Maughmer wrote in his decision. "Although a close call, the Court concludes that the Fund Transfer Act does displace the types of indemnity agreement being relied upon by BSB in support of its counterclaims.
"The indemnity agreements at issue here … could effectively require Choice to pay back to BSB those amounts that BSB might owe to Choice under the Fund Transfer Act. Such a result seems at odds with the purpose of the act."
"This shows the contract alone is not the whole story; a lot of our readers already know that," Atlas said. "I wonder if this decision applies to a wrongly initiated ACH [automated clearing house] transaction."
Atlas said the Choice case points to an unresolved issue in payments – who is liable for a loss of funds when customers lose control of their authentication credentials? Customers will argue bank security should detect the fraud. Banks will claim they shouldn't be held responsible for customers losing control of their security credentials.
"This is a hot topic in the law," Atlas said. "What is the responsibility of a secure provider like a bank that provides access after an account is hacked? What is the responsibility for fraud when a hacker provides the correct identification information to the account provider?"
Atlas said there is a more far reaching point for ISOs and processors. "ISOs spend a lot of energy negotiating ISO agreements, and 95 percent of those agreements do not adequately address who pays for unforeseen new costs to the detriment of both parties," he said, citing Visa Inc.'s Fixed Acquirer Network Fee, taxpayer identification number matching and evolving Payment Card Industry Data Security Standard requirements as examples of unanticipated costs.
"These new costs present a challenge in the relationship between the processors and ISOs," he said. "This [Choice] judgment is analogous to a case where a bank and a customer have a deal but can't rely on that deal to solve a dispute over unforeseen costs. The question is whether the bank is at fault for doing what it is contracted to do. It's a hot topic in academic legal circles. The case law is just now coming into existence."
Atlas called the effort to impose requirements to limit fraud without losing the usefulness and convenience of the service "a delicate balance."
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.