In an important decision last week, the U.S. Court of Appeals for the First Circuit held, as a matter of law, that People's United Bank's online banking security procedures were not commercially reasonable, even though its selected authentication technology fully complied with the Federal Financial Institutions Examination Council (FFIEC) guidelines for Authentication in an Internet Banking Environment.This case of PATCO CONSTRUCTION COMPANY, INC. v. PEOPLE'S UNITED BANK is a really big deal but a little outside the scope of what we usually deal with around here.
The gist is that with today's decision, banks have more responsibility to shield their business customers from fraud. That responsibility, however, will entail a cost that will ultimately be borne by customers in higher fees — applied directly to this this case, wiring fees. But if not appealed and/or upheld, it means banks will be offering customers more security and charging higher prices, part of which will flow to security providers including biometric ID management providers.
A couple of good blog posts already exist out there to bring interested readers up to speed:
Technology & Marketing Law Blog: Bank ACH Fraud Victims Get Mixed Rulings (Venkat Balasubramani - June 18, 2011). This one covers the first round and mixed decisions in two different but related cases.
Thinking About Security: Decision on Appeal of Patco v. Ocean Bank (Bill Murray - July 11, 2012). This one covers more recent news.