The Banco del Austro case is over—settled. Which means no answer anytime soon to everyone's burning question: who pays for wire transfer hacks?
Over two year ago, hackers got into Banco del Austro's computer and send fraudulent wire instructions to Wells Fargo. Wells Fargo honored the instructions and sent Banco del Austro's money to the hackers. The resulting lawsuit raised a basic question: who pays? The victim, whose computer was hacked? Or the bank who honored the fraudulent wire instructions? That basic question raised all sorts of subsidiary questions. How will courts interpret UCC Article 4-A, which generally governs bank-to-bank wire transfers? What responsibility does a victim bear for its own cybersecurity? What kinds of anti-fraud measures do banks need before honoring wire instructions? How and when are those determined? What if a correspondent banking contract contains indemnification clauses?
The issues weren't settled on a motion to dismiss. Nor were they decided on summary judgment. (Because the summary judgment briefing was done under seal, we can only guess at some of the issues implicated.) And now that the case has settled, none of those questions will be answered anytime soon.