The decision is the latest involving disputes between banks and commercial customers over losses stemming from fraudulent wire transfers. Over the past few years, cybercriminals have looted tens of millions of dollars from numerous small businesses, municipalities, school districts, and other entities using the same technique.
In almost all cases, the attackers first managed to steal their victims' banking credentials, then used those credentials to gain access to their accounts to initiate the illegal wire transfers.
Banks have insisted that the thefts occurred only because the victims allowed attackers to gain access to their bank login credentials. Victims like Choice, meanwhile, have blamed the banks for failing to prevent the illegal wire transfers despite what they say should have been obvious red flags.
In a similar dispute last July between Ocean Bank and Patco Construction Company of Maine, a federal appeals court held that the bank had not implemented commercially viable measures to detect and protect against fraudulent wire transfers. A Michigan federal court ruled the same way in 2011 in a case involving Comerica Bank and Experi-Metal, a maker of automobiles parts that was robbed of $560,000 through fraudulent wire transfers.
Maughmer's ruling in the case was first reported by security blogger Brian Krebs.
Jaikumar Vijayan covers data security and privacy issues, financial services security and e-voting for Computerworld. Follow Jaikumar on Twitter at @jaivijayan or subscribe to Jaikumar's RSS feed. His e-mail address is firstname.lastname@example.org.
Read more about cybercrime and hacking in Computerworld's Cybercrime and Hacking Topic Center.