Internet Banking Authentication: A Bad Moon Rising

Much blathering has occurred in trade publications recently (some of the blathering expectorated by this blog's author) about the dire implications to banks of the recent federal district court decision in Experi-Metal v. Comerica Bank followed by the recent supplement to the FFIEC guidelines on authentication in an internet banking environment. In the Experi-Metal's case, the judge found that Comerica Bank had not acted in "good faith" under the definition of "good faith" found in Article 4A of the Michigan Uniform Commercial Code. That definition incorporates a subjective ("honesty in fact") and an objective ("commercial reasonableness") standard, and while the judge determined that Comerica Bank met the subjective portion, he determined that it failed the objective portion based upon the specific facts of that case. The judge rejected the bank's expert witness testimony, notwithstanding the widespread reputation and high esteem of that particular expert among those of us who practice in this area. As I read the opinion, it appeared to me that the bank complied with the FFIEC guidelines prior to their recent supplementation, which is the standard that should apply to decide this case. In my view, based solely upon my reading of the opinion (I didn't hear the evidence or read the briefs), the judge seemed disposed to disfavor the bank. Then again, I'm a tool of capitalist oppressors, so I'm undoubtedly biased myself. Comerica Bank has announced that it's appealing the judgment and from my standpoint, I'm not going to panic about this decision until the last appeal is exhausted. That hasn't stopped others from panicking, however. One famous pundit flatly stated in the trade press that as to some court cases that are pending in this area, the judges will have to render decisions in favor of the customers based upon the newly issued supplementary guidance. I could not disagree more. The supplementary guidance shouldn't be applied retroactively to judge the commercial reasonableness of conduct during a time before it was issued. In fact, the FFIEC is giving banks until the end of 2011 to start complying with the new guidance, which tells you clearly that the "experts" on online banking authentication and security think it is "reasonable" that banks be given some lead time (albeit not much) to get up to speed. Therefore, if I was defense counsel in one of these cases, I wouldn't be tossing and turning all night worried about how the supplementary guidance was going to torpedo my case. That said, it's pretty clear that banks need to get off the dime and get cracking on meeting the supplemntary guidance. The plaintiffs' tort bar is licking its chops, and come January 1, 2012, those vultures fine men and women will be looking for victims negligent banks to squeeze every dime out of they can sue on behalf of business clients that can't walk and chew gum at the same time are victimized by the customer's a bank's bad online security practices.

Read more detail on Recent Banking and Finance Law Posts –

Legal notice about the Internet Banking Authentication: A Bad Moon Rising rubric : Hukuki Net Legal News is not responsible for the privacy statements or other content from Web sites outside of the site. Please refer the progenitor link to check the legal entity of this resource hereinabove.

Do you need High Quality Legal documents or forms related to Internet Banking Authentication: A Bad Moon Rising?

This entry was posted in Banking and Finance law and tagged , , , , . Bookmark the permalink.

Leave a Reply