Uniform Commercial Code Article 4A | Electronic Banking
Brian Krebs is publicizing many chilling stories of cybertheft, where small-to-medium enterprises lose money from their online accounts maintained at regional banks. Lawsuits abound.
In good part, the electronic funds transfer (EFT) relationship between a bank and its business (commercial) customer is governed by Uniform Commercial Code Article 4A. What are the rules when an unidentified computer thief wires money out of a businesses account? This chart summarizes what Article 4A says on the topic.
Following is an article I published in 1993, where I argued that UCC 4A properly balanced the interests of banks and their business customers. I’ve edited the only slightly from what I wrote in 1993.
The rash of stories that Krebs is publicizing is unprecedented in the 20-some-odd-year history of UCC 4A. In light of this rash, I am re-evaluating what I wrote in 1993. Notice that the hypothetical case I discussed below involved $5 million, whereas the cases Krebs exposes involve only tens or hundreds of thousands of dollars. The corporate victims of today's heist are less able to acquire expertise in IT security.
I’m not finished with my re-evaluation, but here's what I wrote . . .
UCC 4A's Delicate Balance
Hypothetical Question: Suppose a precocious 17-year-old uses her PC to send an electronic payment order to bank, relieves a corporate bank of $5 million, and vanishes with the cash. Neither the bank nor the corporate customer knows who committed the crime or how. Who should eat the loss . . .