Bank, Customer Headed to Trial

Judge Denies Comerica's Motion for Summary Judgment
Bank, Customer Headed to Trial
In a move pushing the Experi-Metal vs. Comerica Bank case closer to a courtroom showdown over "reasonable security," a district court judge has denied Comerica's motion for summary judgment.

Judge Patrick Duggan of Michigan's Eastern District Court in Detroit, in a 16-page opinion, says, "The Court finds a genuine issue of material fact with respect to whether Comerica accepted the wire transfer orders in Experi-Metal's name on January 22, 2009 in 'good faith.'"

The case is set to be heard after mid-November, with Nov. 16 being set as the final pre-trial conference date.

The bank had filed its motion for summary judgment in April, stating that the case should have never been filed. The Dallas-based bank was sued by its business customer, Experi-Metal, in December 2009.

In its original complaint. Experi-Metal Inc., a Sterling Heights, MI-based company, alleged that Comerica opened its customers to phishing attacks by sending emails asking customers to click on a link to update the bank's security software. EMI says even though the bank had two-factor authentication using digital certificates for its online banking portal, the phishing scam was able to circumvent these measures.

Experi-Metal contends that Comerica's actions opened the company's online bank account to a successful phishing attack where more than $550,000 was stolen and sent overseas.

Comerica counters that the EMI credentials used to initiate the wire transfers were valid, and the phishing website the employee went to would have been discovered as fake "to any reasonably alert person who was responsible for safeguarding EMI's financial records and digital credentials."

The bank also says its online security approach was reasonable "because they were in general used by other similarly situated customers of other banks."

In his opinion, Judge Duggan says Comerica failed to present evidence from which the "Court can conclude that it could not reasonably have stopped the transfers before it did."

"Comerica claims that 'though it was physically impossible to instantly stop the transfers, it did so as quickly as it could, initiating this process immediately after talking to Experi-Metal,'" Duggan writes, going on to state that Comerica doesn't have evidence to back up that claim.


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.co.uk, you agree to our use of cookies.