Via ComputerWorld.com (full story):
Computerworld - A federal judge has rejected BancorpSouth’s plan to use contractual agreements with customers as a shield against liability claims stemming from an online heist of some $440,000 that was illegally wire-transferred from the account of one of the bank’s commercial customers in March 2010.
The customer, Choice Escrow and Title LLC in Springfield, Mo., filed a lawsuit Tupelo, Miss,-based BancorpSouth in November 2010 alleging that the bank failed to implement commercially reasonable security measures as defined in the Funds Transfer Act provisions of the Uniform Commercial Code (UCC).
BancorpSouth countersued earlier this year arguing that Choice Escrow was solely responsible for the breach because it allowed hackers to gain access to legitimate login credentials.
The bank contended that Choice Escrow signed a contract that included an agreement not to hold BancorpSuth responsible for losses stemming from the a failure to use the online services in a secure manner.
In its lawsuit, BankcorpSouth said Choice Escrow should be held liable for legal costs and other expenses for breaching the terms of the contract by filing claims against the bank.
In a four-page ruling last week, Judge John Maughmer of the U.S. District Court for the Western District of Missouri rejected the bank’s claims, ruling that Funds Transfer Act provisions preempted any other agreement between Choice Escrow and Bancorp South.
The judge did note that both sides in the dispute had made convincing arguments to support their case.
The ruling means that the case between BancorpSouth and Choice Escrow could soon head to trial.
The case is one of several asking courts to decide who is responsible for online account takeovers where attackers use legitimate access credentials to initiate illegal wire transfers from commercial accounts.