Experi-Metal Inc v. Comerica Bank
Filing
19
REPLY to Response re 13 Amended MOTION for Summary Judgment filed by Comerica Bank. (Attachments: # 1 Index of Exhibits Index of Exhibits, # 2 Exhibit 6A-Phone records, # 3 Exhibit 9-Nosanchuk Declaration, # 4 Exhibit 9A-Records of Experi-Metal's Training, # 5 Exhibit 10-Letter re Name Change, # 6 Exhibit 11-Excerpt of 2008 Experi-Metal Activity on TM Connect Web, # 7 Exhibit 12-NetVision User Guide) (Kapalla, Lara)
<![CDATA[
UNITED STATES DISTRICT COURT EASTERN DISTRICT OF MICHIGAN SOUTHERN DIVISION EXPERI-METAL, INC., a Michigan corporation, Plaintiff, v. COMERICA BANK, a foreign banking organization, Defendant. Richard B. Tomlinson (P27604) Daniel R. Boynton (P30359) Joseph W. Thomas (P33226) DRIGGERS, SCHULTZ & HERBST, P.C. Attorneys for Plaintiff 2600 West Big Beaver Road, Suite 550 Troy, MI 48084 (248) 649-6000 rtomlinson@driggersschultz.com Todd A. Holleman (P57699) Lara Lenzotti Kapalla (P67667) MILLER CANFIELD PADDOCK AND STONE, PLC Attorneys for Defendant 150 W. Jefferson, Suite 2500 Detroit, MI 48226 (313) 963-7420 holleman@millercanfield.com kapalla@millercanfield.com Case No. 2:09-CV-14890 Hon. Patrick J. Duggan
REPLY SUPPORTING COMERICA BANK'S MOTION FOR SUMMARY JUDGMENT
INTRODUCTION/CLARIFICATION OF FACTS Experi-Metal has tried to muddy the facts to avoid summary judgment. It has made a number of statements that, while technically true, are misleading. Though these statements suggest factual disputes, none actually exist on any material issue. Experi-Metal claims it signed an agreement to place wire transfers through Comerica's NetVision program, not TM Connect Web. But Experi-Metal fails to disclose this is a distinction without a difference, as these programs are one and the same. NetVision is simply the name that TM Connect Web went by prior to 2006. Experi-Metal claims it did not authorize Mr. Maslowski to place online wire transfers when the program was known as TM Connect Web, or receive training on other available security features at that time. Experi-Metal fails to disclose it instead did these things when the program was known as NetVision. The exhibits and affidavits Experi-Metal attached to its response brief do not actually challenge facts material to Comerica's motion. Based on the undisputed, material facts, Comerica is entitled to summary judgment on Experi-Metal's claims. I. EXPERI-METAL HAS FAILED TO RAISE ANY GENUINE ISSUE OF FACT THAT IT AGREED TO USE COMERICA'S SECURITY PROCEDURE Experi-Metal admits it agreed to use Comerica's online banking and online wire transfer services. See Pl's Ex 1 ¶ 5.1 And, in January 2006, when Comerica changed the name of its online system from NetVision to TM Connect Web, see Ex 9 ¶¶ 2-3; Ex 10, the agreement that covered Experi-Metal's use of Comerica's online wire transfer service remained in effect. Experi-Metal's argument to the contrary contradicts the plain terms of the parties' contracts and, as such, fails to create a material issue of fact. See Zurich Ins Co v CCR & Co, 226 Mich App 599, 603-605; 576 NW2d 392 (1998) (when contract language was clear, affidavits regarding the provisions of the contract were impermissible extrinsic evidence that did "not create a triable
1
Comerica's Exhibits 1-8 are attached to its original brief, with the exception of Ex 6-A which was inadvertently omitted. Only Exhibits 6-A and Exhibits 9-12 are attached to this reply brief. 1
issue of fact in avoidance of the motion [for summary disposition]...."). What the parties' contracts say is a matter of law for this Court to determine, based on the plain meaning of the contract terms. See Zurich at 604. The November 21, 2003 Agreement Experi-Metal admits it signed states, "Customer agrees to receive Funds Transfer services (the "Service"), offered by Bank, and Bank agrees to provide the Service to Customer." Ex 1. NetVision (now called TM Connect Web) is the system used to access the Funds Transfer Service, it is not the Service itself. There was no need to sign a new contract either when Comerica renamed the system in 2006, or when it began to use secure token technology to authenticate online transfers in 2008. Under the parties' November 21, 2003 contract: [Experi-Metal] agrees that the Service provided by Bank and its affiliates shall be governed by and acknowledges receipt of the Comerica Treasury Management Services Master Agreement ... and any applicable implementation documents and user guides as such documents are amended from time to time. Id. (emphasis added). The parties acknowledged provision of the online Funds Transfer Service would not remain static and that changes would be addressed in the applicable user guides, not by signing an entirely new contract. The Master Agreement incorporated by reference likewise states that Comerica can update the security procedures used to access the online Funds Transfer Service, and that "use of the Service after Bank provides notice of any such described change will be deemed Customer's acceptance of the new Security Procedure." Ex 2-B §§ 4.c. See also id § 16. And there is no genuine issue of fact that Experi-Metal continued to use this Service. The November 21, 2003 Funds Transfer agreement states that "Customers may send payment order[s] or receive incoming funds transfers using this service." Ex 1. While ExperiMetal claims it did not send wire transfers after NetVision became known as TM Connect Web, Experi-Metal did continue to receive wires. See Ex 11 p. 3. And it is undisputed that ExperiMetal did not cancel the service as it was supposed to do if it did not agree with a proposed
2
service change. See Ex 2-B §§ 16, 17c. Experi-Metal had Comerica continue to provide it with the ability to send online wire transfers, even if it did not exercise this ability. As such, it made use of this Service after it was notified of the change in security procedures. See MERRIAMWEBSTER'S COLLEGIATE DICTIONARY, 11th Ed ("use" is "the ability or power to use something"). Finally, Experi-Metal regularly used TM Connect Web to access its accounts and perform various other tasks, including Automated Clearing House transfers. See Ex 11 p. 1. It used the two factor authentication procedure with secure tokens to access the system, and in so doing agreed this procedure was a commercially reasonable way to authenticate its online banking transactions. See Ex 2-B at p. 2 § 4.c. II. WHETHER THE AGREED UPON SECURITY PROCEDURE WAS COMMERCIALLY REASONABLE IS AN ISSUE OF LAW, NOT FACT "Commercial reasonableness of a security procedure is a question of law," it is not, as Experi-Metal urges, an issue of fact that can preclude summary judgment. MCL § 440.4702(3). Experi-Metal's arguments that other security procedures could have been used are immaterial. "The standard is not whether the security procedure is the best available. Rather it is whether the procedure is reasonable for the particular customer and the particular bank, which is a lower standard." U.C.C. § 4-A203, cmt. 4. As argued above, Experi-Metal already acknowledged in its contract with Comerica that the security procedure used was commercially reasonable for its particular types of transactions. This agreement is clear and cannot be altered by parol evidence, such as the declaration of Lance James2 or affidavit of Valiena Allison. See Zurich, supra.
2
Mr. James' declaration does not contain the required statutory language to be effective, see 28 U.S.C. § 1746, and also fails to address the factors relevant to the Court's determination. Mr. James has no personal knowledge of the wishes Experi-Metal expressed to Comerica, the circumstances of Experi-Metal that were known to Comerica, or the alternative security procedures Comerica offered. The last factor, what security procedures were in general use at the time by similarly situated customers and banks, is not addressed. 3
III.
EXPERI-METAL FAILED TO RAISE ANY GENUINE ISSUE OF FACT THAT COMERICA DID NOT FOLLOW THE PROCEDURE THE PARTIES AGREED UPON, AND DID SO IN GOOD FAITH Experi-Metal does not claim that Comerica failed to follow the security procedure that
was in place, two factor authentication with token technology. Instead, it rehashes its arguments that a different procedure, other than the one it agreed to, could have been used. This does not create an issue of fact as to whether the procedure the parties did agree to use was followed. Experi-Metal states that Keith Maslowski was not authorized to make such transfers "when Comerica instituted the wire transfer service through TM Connect Web." See Pl's Ex 1 ¶ 17. But this statement is immaterial. Just as new agreements did not need to be entered into when the name of the system used to provide online wire transfer service was changed from NetVision to TM Connect Web, Experi-Metal did not have to, and did not, change the designations it had previously made regarding who was authorized to place online wire transfers on its behalf. When it signed up to make wire transfers in 2003, Experi-Metal authorized Mr. Maslowski to place these transfers. See Ex 9 ¶ 8. Though, as administrator of the account, Ms. Allison had the ability to revoke this authorization, she never did so. See id ¶¶ 12-13. See also Ex 12 at 20. It is immaterial that another authorization was not submitted for Mr. Maslowski after NetVision became known as TM Connect Web; his prior authorization remained effective. As the transfers in this case were not initiated by telephone, it is also immaterial whether Mr. Maslowski was authorized to initiate wire transfers over the phone. See Pl's Ex 3 (stating that once the "caller" provides various information, no call back is required). Mr. Maslowski did not have to be authorized to initiate wires by phone in order to initiate wires online. ExperiMetal has failed to create a genuine issue of fact that Mr. Maslowski was authorized to place online wire transfers.
4
Finally, Experi-Metal has not created any genuine issue as to whether Comerica accepted the payment orders in good faith. Experi-Metal acknowledges that Comerica notified it that an atypical number of transfers were being made. Had Comerica been acting in bad faith, it would not have called Experi-Metal. And though Experi-Metal alleges that Comerica violated "reasonable commercial standards of fair dealing" by permitting Experi-Metal to place those transfers to begin with, Experi-Metal ignores the fact that, had it required additional approvers for transfers initiated online as Comerica offered, these transfers would not have gone through. Ms. Allison claims that "[a]t the time of the change to the secure token technology" she was not trained on the use of TM Connect Web or told she could have the account set up to require wire transfer approval from additional persons. Pl's Ex 1 ¶¶ 13-14. Again, her statements do not create any issue of fact, as Comerica agrees that Ms. Allison received that training and information when she first signed up for the online wire service, not after it became known as TM Connect Web. See Ex 9 ¶ 10. See also Ex 12 at 9 (listing approval features available through NetVision in 2003). Experi-Metal knew of, but did not use, these features. Finally, Experi-Metal alleges Comerica did not act in good faith because it was unable to immediately stop the wire transfers. But MICH. COMP. LAWS § 440.4702(2) recognizes that the bank must be given "a reasonable opportunity to act" on customer instructions, and does not have to follow any instructions that contradict the parties' written agreements whatsoever. Comerica did not have to stop or recall the wire transfers, but it is undisputed that it did so. Though it was physically impossible to instantly stop the transfers, Comerica did so as quickly as it could, initiating this process immediately after talking to Experi-Metal. See Ex 6 ¶ 5. And, it is undisputed that Comerica's actions prevented additional losses; while Experi-Metal's credentials were used to authorize $1,901,269 in wire transfers, Comerica was able to recover all
5
but approximately $560,000 for Experi-Metal. See Ex 5 ¶ 6. Comerica acted fully consistent with the parties' agreements and exceeded its required duties when it became aware of unusual activity, and thus acted in good faith. IV. EXPERI-METAL FAILED TO RAISE ANY GENUINE ISSUE OF FACT THAT THE CRIMINALS OBTAINED EXPERI-METAL'S SECURITY INFORMATION FROM EXPERI-METAL ITSELF Experi-Metal never denies that the criminals received its security information from its employee, Keith Maslowski. Instead, it claims it was unreasonable for Comerica to think Experi-Metal could ignore phishing scam emails, even after it had been warned about these scams, because Comerica had somehow "trained" its users to give up their security information. While immaterial,3 this contention is unsupported. First, Mr. Maslowski knew Comerica had ceased using digital certificates as of May 1 2008, nine months prior. And as Experi-Metal's exhibits show, the emails Comerica sent when it did use digital certificates were not like the email Mr. Maslowski received in January of 2009. Experi-Metal's digital certificates expired, and were up for renewal, around May 20 of each year, not in January. See Pl's Exs 5-6. The renewal emails that Experi-Metal had received in April or May of each year directed users to the website of their security vendor VeriSign, not to a Comerica website. See id (displaying various links hosted by https://onsite.verisign.com). And when users entered the VeriSign website, they were instructed to enter a one time Renewal ID/PIN that Comerica supplied to them for the sole purpose of renewing their certificate, not the four digit pin they used to access their accounts, their confidential user IDs, or their passwords. See id. Comerica warned Experi-Metal, it would "never" ask for that information. See Ex 3. Experi-Metal's Exhibits confirm it never did.
3
If the criminal obtained the information used to breach the security procedure from the customer, the customer is liable "regardless of how the information was obtained or whether the customer was at fault." MICH. COMP. LAWS § 440.4703(b)(ii). 6
When Mr. Maslowski clicked on the bogus link and divulged Experi-Metal's security information, he did so knowing that Comerica had not used digital certificates for nine months, had historically only required renewal in late May, had always directed him to a VeriSign website in the past, had never before required him to supply his password, had told him it never would ask for his password, and had warned him of phishing scams. Comerica is not liable for his actions. CONCLUSION For the foregoing reasons, Comerica Bank respectfully requests this Court to dismiss Experi-Metal, Incorporated's Complaint against it. Respectfully submitted, MILLER, CANFIELD, PADDOCK AND STONE, P.L.C. Todd A. Holleman (P57699) Lara Lenzotti Kapalla (P67667) By: s/Lara Lenzotti Kapalla Attorneys for Defendant Comerica Bank 150 West Jefferson, Suite 2500 Detroit, MI 48226 (313) 963-6420 kapalla@millercanfield.com
Dated: May 6, 2010
7
CERTIFICATE OF SERVICE I hereby certify that on May 6, 2010, I electronically filed the foregoing paper with the Clerk of the Court using the ECF system and the Court will send notification of such filing to the parties. Richard B. Tomlinson - rtomlinson@driggersschultz.com
s/Lara Lenzotti Kapalla Miller, Canfield, Paddock and Stone, PLC 150 West Jefferson, Suite 2500 Detroit, MI 48226 (313) 963-6420 kapalla@millercanfield.com
17,932,566.1\022754-01932
]]>
Disclaimer: Justia Dockets & Filings provides public litigation records from the federal appellate and district courts. These filings and docket sheets should not be considered findings of fact or liability, nor do they necessarily reflect the view of Justia.
Why Is My Information Online?
