A Michigan court has found in favour of Experi-Metal in its $560,000 cyber-heist suit against Comerica Bank, contradicting a ruling last week in a separate small business ACH fraud case which came down on the side of the bank.
In the Experi-Metal case, Judge Patrick Duggan of the US District Court for the Eastern District of Michigan said that the bank should have done a better job of picking up the fraudulent transactions running from the company's accounts after its financial controller was duped into opening a malware-laden phishing e-mail.
In summing up, Duggan said "a bank dealing fairly with its customers, under these circumstances, would have detected and/or stopped the fraudulent wire activity earlier".
In a separate case heard in Maine last week, the presiding magistrate ruled that Ocean Bank was not responsible for the loss of around $345,000 from a business customer account following a similar cyber-attack.
With multiple cases of ACH wire fraud piling up in the US, the rulings leave the critical liability issues open to debate.
Comerica says it plans to file an appeal against the Michigan ruling, pushing the issue higher up the justice system to an appellate court, where the verdict will hold sway over future district court adjudications.