{"id":1662,"date":"2011-07-21T21:30:14","date_gmt":"2011-07-21T16:00:14","guid":{"rendered":"http:\/\/sketharaman.com\/blog\/?p=1662"},"modified":"2011-07-23T00:10:52","modified_gmt":"2011-07-22T18:40:52","slug":"the-emergence-of-epayment-fraud-chasers","status":"publish","type":"post","link":"https:\/\/sketharaman.com\/blog\/2011\/07\/21\/the-emergence-of-epayment-fraud-chasers\/","title":{"rendered":"The Emergence Of ePayment Fraud Chasers"},"content":{"rendered":"

The jury’s out \u2013 well, not even selected – on this latest one but, at 1:1, the verdicts on the two previous lawsuits around EFT and ACH frauds in the USA are matched evenly between corporates and banks.<\/p>\n

\"<\/a>
<\/figcaption><\/figure>\n

It seems fair to find in favor of corporates where banks haven’t complied with FFIEC and other well-established security guidelines. Issued over five years ago, and updated last month, FFIEC’s\u00a0guidance around two factor authentication for Internet Banking have been around for a long enough time and there\u2019s really no excuse for the failure of banks to implement them. The growing popularity of Mint, OfferMatic, BillGuard and other websites that access the customer’s bank account on the basis of a simple username and password suggests that there are still plenty of banks in the US that fall under this category, at least when it comes to retail banking, and I won\u2019t be terribly surprised if a similar situation prevails in business banking as well. UPDATE:<\/strong> The complaint<\/a><\/strong> filed by Village View Escrow alleges that Professional Business Bank hadn’t implemented two factor authentication on its website even though its contract claimed that it had.<\/p>\n

However, things get very murky when banks get judged by a broader canvas of expectations around what they should, or shouldn\u2019t, be doing with payment instructions received from their customers.<\/p>\n

Take the lawsuit of Experi-Metal Inc. v. Comerica Bank, for instance. According to the\u00a0BankInfoSecurity<\/strong> <\/a>article quoted in the Finextra story<\/a><\/strong>, the court found in favor of EMI on the grounds that “EMI’s prior wire-transfer activity, which had been limited to a select group of domestic entities, should have been noted by Comerica before it approved transfers to overseas accounts”.<\/p>\n

This prompts the following questions:<\/p>\n

    \n
  1. Should a bank ignore the “there’s a first time for everything?” maxim?<\/li>\n
  2. If yes, by the same token, should a bank stop payments to all new beneficiaries just\u00a0because the corporate had never made payments to any of them in the past?<\/li>\n
  3. If no, why blame a bank for approving the first cross-border payment, which could signal the corporate\u2019s entry into an increasingly globalized world rather than fraud?<\/li>\n
  4. Assuming that the bank finds a cross-border payment suspicious, what is its contractual obligation to the corporate?<\/li>\n
  5. Assuming that the bank decides to go beyond its contractual obligation and takes the initiative to check with the corporate. As experienced bankers know, this could take a couple of hours at times, longer in case the authorized contact at the corporate is traveling or otherwise unavailable. Because of this time lapse, suppose the corporate misses the deadline for submission of security \/ earnest money deposit for an overseas government tender and sues the bank for loss of the business opportunity?<\/li>\n
  6. On the other hand, what if a bank sits on a payment on the pretense of carrying out fraud checks only to enjoy the float? Neither is this a rare scenario, as experienced treasures would agree!<\/li>\n<\/ol>\n

    As these issues illustrate, holding banks responsible for things other than contractual commitments and well-established security guidelines might result in unfavorable outcome in the long run \u2013 not just for banks but also for corporates. Let\u2019s hope that these cases are decided with this consideration in mind.<\/p>\n

    At this point, it\u2019s not clear if these are one-off cases or portend a tsunami of ePayment fraud lawsuits waiting to strike banks in the coming months and years. Either way, ‘ePayment Fraud Chasers’ will likely emerge as a new and lucrative category of practice in the American legal profession very soon!<\/p>\n","protected":false},"excerpt":{"rendered":"

    The jury’s out \u2013 well, not even selected – on this latest one but, at 1:1, the verdicts on the two previous lawsuits around EFT and ACH frauds in the…<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-1662","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/sketharaman.com\/blog\/wp-json\/wp\/v2\/posts\/1662","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/sketharaman.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/sketharaman.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/sketharaman.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/sketharaman.com\/blog\/wp-json\/wp\/v2\/comments?post=1662"}],"version-history":[{"count":0,"href":"https:\/\/sketharaman.com\/blog\/wp-json\/wp\/v2\/posts\/1662\/revisions"}],"wp:attachment":[{"href":"https:\/\/sketharaman.com\/blog\/wp-json\/wp\/v2\/media?parent=1662"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/sketharaman.com\/blog\/wp-json\/wp\/v2\/categories?post=1662"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/sketharaman.com\/blog\/wp-json\/wp\/v2\/tags?post=1662"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}