Biz Vs. Bank: War of Words Heats up

Attorney: PlainsCapital Bank is 'Dodging and Weaving'
Biz Vs. Bank: War of Words Heats up
In what's shaping up to be a heavyweight legal bout between a bank and its business customer, the attorney for Plano, TX-based Hillary Machinery accuses PlainsCapital Bank of "dodging and weaving" around the fundamental issue of reasonable security.

Patrick Madden, the Dallas attorney representing Hillary Machinery, last week filed a response to PlainsCapital's most recent request for Hillary's case to be dismissed or heard under federal Regulation J, which covers wire transfers.

Should the case be heard based on Regulation J, Madden says, "[Hillary] would have no basis under state law to make a claim against the bank for inadequate security."

About the bank's claim that its online banking security is "commercially reasonable," Madden responds with one word - Negligence. The manner in which PlainsCapital protected Hillary Machinery's account was negligent, he says. "Negligence, in the court's definition, means the failure to use reasonable care."

War of Words

This conflict began when PlainsCapital, a $4.4 billion bank headquartered in Dallas, filed suit against Hillary Machinery Inc., following a series of incidents that began last November, when cyber thieves made a series of ACH and wire transactions that totaled $801,495 from Hillary's bank account.

The bank was able to retrieve about $600,000 of the money, but when Hillary subsequently sent a letter requesting that the bank refund the remaining $200,000, PlainsCapital responded by filing a lawsuit in U.S. District Court for the Eastern District of Texas. The lawsuit requests that the court certify that PlainsCapital's security was, in fact reasonable, and that it processed the wire transfers in good faith.

Hillary filed a counter suit in February, saying it would not be bullied by the bank, and has since then moved its business accounts to another bank in Texas, citing security as a factor.

In his most recent filing, Madden argues against the bank's request for dismissal of Hillary's claims, or for the case to be limited to Regulation J.

"Regulation J is intended to operate only under the circumstances if the wire transfer is not operated correctly," Madden says. "The wire transfer worked in these instances -- the thieves submitted to PlainsCapital requests, and the money was sent exactly where it was directed to go."

The fundamental issue, Madden contends, is that PlainsCapital allowed access to the Hillary Machinery account, enabling the thieves to make wire and ACH transfers to European accounts. "PlainsCapital did not catch that these multiple transfers were being made from Europe and back to Europe," he says.

"It appears that PlainsCapital is doing a lot of dodging and weaving," Madden says of the various requests that the bank has made to the court. "It is ironic because it is a case where the bank sued its customer. It's ironic that a bank customer has lost over $200,000 due to what we believe to be inadequate security on the bank's part."

Up next, Madden says, a judge likely will decide if the bank's security can be analyzed under normal state law and causes of action, such as negligence and deceptive trade practices. "Will the bank be tried as any other business would be for negligence? The bank is saying it is different -- not subject to that kind of scrutiny," Madden says. "This strikes business people as wrong."

PlainsCapital Bank: 'Confident'

Asked to comment on the latest filings, PlainsCapital Bank spokesperson John Floeter says, "Our legal counsel's concerns about confidentiality prevent us from discussing the lawsuit or any details of the customer's banking relationship with PlainsCapital."

The bank is "confident that our systems meet requirements to be commercially reasonable," Floeter says. "The cyber attack wasn't against our system."


About the Author

Linda McGlasson

Linda McGlasson

Managing Editor

Linda McGlasson is a seasoned writer and editor with 20 years of experience in writing for corporations, business publications and newspapers. She has worked in the Financial Services industry for more than 12 years. Most recently Linda headed information security awareness and training and the Computer Incident Response Team for Securities Industry Automation Corporation (SIAC), a subsidiary of the NYSE Group (NYX). As part of her role she developed infosec policy, developed new awareness testing and led the company's incident response team. In the last two years she's been involved with the Financial Services Information Sharing Analysis Center (FS-ISAC), editing its quarterly member newsletter and identifying speakers for member meetings.




Around the Network

Our website uses cookies. Cookies enable us to provide the best experience possible and help us understand how visitors use our website. By browsing bankinfosecurity.eu, you agree to our use of cookies.