United States District Court, N.D. Illinois, Eastern Division
December 3, 2014
ENVISION HEALTHCARE, INC., Plaintiff,
FEDERAL DEPOSIT INSURANCE CORPORATION, as Receiver for First Chicago Bank & Trust, and FEDERAL DEPOSIT INSURANCE CORPORATION, in its corporate capacity, Defendants.
MEMORANDUM OPINION AND ORDER
MANISH S. SHAH, District Judge.
Envision Healthcare, Inc. was a customer of First Chicago Bank & Trust. Envision claims that in March 2011, a computer hacker stole the log-in information for one of the company's employees, and used that employee's user ID and password to access the bank's online banking system. According to Envision, the hacker then issued a wire-transfer order in the employee's name, which the bank processed the next day. Envision sued the bank in state court, alleging breach of contract, negligence, and breach of the bank's implied duty of good faith and fair dealing. The bank was closed by Illinois authorities two days later, and the Federal Deposit Insurance Corporation was appointed as receiver. The FDIC, substituted as defendant in this case, moves for summary judgment on Counts I, II, and III of Envision's amended complaint. Envision cross-moves for summary judgment on the same counts. For the reasons discussed below, defendant's motion is granted, and Envision's cross-motion is denied.
I. Legal Standard
Summary judgment may be granted where "there is no genuine issue of material fact and... the movant is entitled to judgment as a matter of law." Hussey v. Milwaukee Cnty., 740 F.3d 1139, 1142 (7th Cir. 2014) (quoting Jackson v. Indian Prairie Sch. Dist. 204, 653 F.3d 647, 654 (7th Cir. 2011)). A genuine issue of material fact exists "if the evidence is such that a reasonable jury could return a verdict for the nonmoving party." Serednyj v. Beverly Healthcare, LLC, 656 F.3d 540, 547 (7th Cir. 2011) (quoting Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 248 (1986)). In reviewing a summary-judgment motion or a cross-motion for summary judgment, I must construe all facts, and draw all reasonable inferences from those facts, in favor of the non-moving party. United States v. P.H. Glatfelter Co., 768 F.3d 662, 668 (7th Cir. 2014) (quoting Laskin v. Siegel, 728 F.3d 731, 734 (7th Cir. 2013)).
A. The Cash Management User Agreement
On May 28, 2009, Envision Healthcare entered a banking agreement with First Chicago Bank & Trust. See  at 3-4 ¶ 6; see also Exhibit C to the Amended Complaint, [39-1] at 4-7. Daniel Kubik, Envision's controller, signed on behalf of Envision. See  at 4 ¶ 7; see also [39-1] at 7-8. This agreement, entitled the Cash Management User Agreement (CMUA), addressed "eBanking" services ( i.e., "BeB" services) to be provided by the bank to Envision. See  at 2-3 ¶ 5; see also [39-1] at 4. The CMUA provided:
[The] Bank will verify that [Envision] has authorized, canceled or amended an entry that constitutes a payment order solely by means of the security procedures inherent in the BeB product. This Security Procedure uses SSL encryption and requires use of a Company ID, User ID and User Password.... [Envision] expressly agrees to be bound by any Order, whether or not authorized, issued in its name and accepted by Bank in compliance with the Security Procedure.
[39-1] at 4 ¶ 4. The agreement also stated:
The Bank will act on instructions received under valid Passwords, will have no duty to further verify the identity of any BeB user with valid Passwords and shall not have any liability for transactions occurring on [Envision's] account originated with valid Passwords.
Id. ¶ 3.
The CMUA further provided that once Envision had executed that agreement and the attached "enrollment form" (and the bank had approved the company's use of BeB), Envision would receive a corresponding company ID, user ID, and password. See id. After Envision obtained its BeB credentials, it would then have the ability "to set up additional users to access [its] accounts." Id. Under the CMUA, Envision was "solely responsible for the use by anyone of BeB who utilize[d Envision's] correct Passwords." Id.
In the enrollment form attached to the CMUA, see id. at 8, Envision could designate a "Company Administrator" who would have "maintenance authority over [Envision's] Passwords." Id. By designating someone as such an Administrator, Envision "authorized [the bank] to establish and issue initial passwords" to that person. Id. Molly Hamideh was listed as the appointed Company Administrator for Envision Healthcare in the enrollment form executed by Daniel Kubik on May 28, 2009. See id.; see also  at 5 ¶ 10.
Also included in the enrollment form signed by Kubik was a section entitled "Requested Services for Company Accounts." See [39-1] at 8. In this section was a table in which specific bank-account numbers could be "indicated" for use with specific eBanking services, such as "Wire, " "Remote Deposit, " and "Loan Sweep." See id. In the form signed by Kubik on May 28, 2009, this table was left blank. See id.; see also  at 8-9 ¶ 6.
B. The Wire Transfer Agreement
Also on May 28, 2009, Daniel Kubik executed on behalf of Envision Healthcare a "Wire Transfer Agreement" with First Chicago Bank & Trust. See Exhibit E to the Amended Complaint, [39-1] at 12-13; see also  at 6 ¶¶ 14-15. This agreement authorized the bank "to initiate a funds transfer from any of [Envision's] accounts, " based on "payment orders received by [the bank] in writing with [Envision's] original signature" or the original signature of one of Envision's "Authorized Agents." [39-1] at 12 ¶ 2. The agreement further provided that such Authorized Agents should be named in Exhibit A to that document. See id. ¶ 2(a).
Exhibit A to the Wire Transfer Agreement included a table in which the names of any Authorized Agents, and "the account numbers from which they [were] authorized to request transfers, " could be listed. See id. at 13. The table in Exhibit A to the Wire Transfer Agreement executed by Daniel Kubik in May 2009 was left blank. See id.; see also  at 8-9 ¶ 6.
C. The March 31, 2011 Wire Transfer
On March 31, 2011, someone used the log-in information of Envision employee Molly Hamideh to sign on to First Chicago Bank's BeB website and issue a wire-transfer order from one of Envision's accounts (No. *4804). See  at 15-16 ¶¶ 37-39. The bank processed the order the next day (April 1) and wired $125, 760.90 out of Envision's *4804 account to a third-party bank account in Phoenix, Arizona. See id. at 16 ¶¶ 39, 40; see also  at 21 ¶ 32.
Envision maintains that it was not Molly Hamideh who ordered the wire transfer on March 31, 2011, but an unknown individual who was merely posing as Hamideh, and who had fraudulently obtained her ID and password information through a "phishing" scam. See  at 15 ¶ 37; see also  at 20 ¶ 30. Accordingly, on April 4, 2011, Envision notified the bank of its belief that an unauthorized transfer had been processed against the company's account. See  at 17 ¶ 43. Only $945.30 of the transferred funds were recovered. See  at 24 ¶ 38.
D. Procedural History
In July 2011, Envision filed a breach-of-contract suit against First Chicago Bank & Trust in the Circuit Court of Cook County, Illinois. See [1-1]. Envision alleged that the bank had breached its agreement with Envision by honoring a wire-transfer order that was unauthorized (Count I). See id. at 7. Also included in Envision's complaint were claims that the bank had been negligent (Count II) and that the bank had breached its implied duty of good faith and fair dealing (Count III). See id. at 8-9. Two days after Envision filed suit, the bank was closed by the Illinois Department of Financial and Professional Regulation. See  at 2 ¶ 3. The Federal Deposit Insurance Corporation was appointed as the bank's receiver, see id., and the FDIC removed the case to federal court, see .
Envision ultimately amended its complaint, asserting against FDIC (in its capacity as receiver) the same contract, negligence, and breach-of-good-faith claims originally asserted against the bank. See  at 7-10 (Counts I-III). Before me are FDIC-Receiver's motion for summary judgment, , and Envision's cross-motion for summary judgment, , on Counts I, II, and III of the amended complaint.
A. Breach of Contract (Count I)
Envision asserts that the bank breached the Cash Management User Agreement by processing the wire-transfer order issued with Molly Hamideh's BeB username and password on March 31, 2011. See  at 2. The CMUA provides that the agreement "is subject to applicable federal laws and the laws of the State of Illinois." [39-1] at 7 ¶ 20. Illinois generally enforces choice-of-law provisions in contracts, see Lyon Fin. Servs., Inc. v. Ill. Paper and Copier Co., 732 F.3d 755, 758-59 (7th Cir. 2013) (citing Hofeld v. Nationwide Life Ins. Co., 59 Ill.2d 522 (1975)), and neither party here contends that Illinois law should not govern the CMUA. Thus, I follow Illinois law in assessing the breach-of-contract claim.
To prove a breach of contract in Illinois, the plaintiff must show the existence of "a valid contract, performance by the plaintiff, breach by the defendant, and damages." Norem v. Lincoln Benefit Life Co., 737 F.3d 1145, 1148 (7th Cir. 2013) (citing Elson v. State Farm Fire & Cas. Co., 295 Ill.App.3d 1 (1998)). Envision contends that the bank breached paragraph 4 of the Cash Management User Agreement when the bank processed the online wire-transfer request made under Molly Hamideh's BeB user information on March 31, 2011. See  at 2 (citing [39-1] at 4 ¶ 4.). Paragraph 4 of the CMUA states:
[The] Bank will verify that [Envision] has authorized, canceled or amended an entry that constitutes a payment order solely by means of the security procedures inherent in the BeB product. This Security Procedure uses SSL encryption and requires use of a Company ID, User ID and User Password.
[39-1] at 4 ¶ 4.
Illinois generally follows the "four corners" rule of contract interpretation, which provides that in interpreting a contract, the court must "initially look to the language of the contract alone." Air Safety, Inc. v. Teachers Realty Corp., 185 Ill.2d 457, 462 (1999) (citations omitted). If, on its face, the contractual language is unambiguous, the contract is interpreted as a matter of law, without the use of extrinsic ( i.e., "parol") evidence. See id. (citation omitted).
Paragraph 4 of the CMUA is unambiguous. Under the above-quoted provision of that agreement, the bank must verify that Envision has authorized an online payment order-here, a wire-transfer order-" solely by means of the security procedures inherent in the BeB product." [39-1] at 4 ¶ 4 (emphasis added). In other words, as long as the bank follows the "inherent" BeB security procedures, it has fulfilled its duty to verify that an instruction was indeed authorized by the account-holder. But what are the security procedures inherent in the BeB product? The CMUA explains what these are, too. According to the agreement, the security procedure for BeB "requires use of a Company ID, User ID and User Password." Id. Thus, so long as the bank verifies that an online wire-transfer instruction was issued by someone using valid BeB log-in information, the bank has followed the relevant security procedures and has satisfied its obligations under paragraph 4 of the CMUA.
Envision claims that the bank breached paragraph 4 of the agreement by processing a wire-transfer order made with Molly Hamideh's BeB user information, since Hamideh was not actually authorized to order such transfers. See  at 2. Hamideh was not so authorized, says Envision, because she was not listed in the Wire Transfer Agreement as being able to wire money out of the *4804 account, and because that particular account was not listed in the enrollment form (attached to the CMUA) as requiring online wire-transfer service. See  at 6-7, 8 (noting that the relevant tables in those documents were left blank). In essence, Envision seeks to hold the bank liable for failing to verify that the valid BeB credentials used to issue a payment order were indeed the credentials of someone who had been formally authorized by Envision to wire money out of a specific account. But, as just explained, this is not what the CMUA required.
Under paragraphs 3 and 4 of the CMUA, the bank needed only to confirm that the instruction it received online came from someone using valid BeB log-in credentials. Envision admits that the alleged "hacker" in this case used Hamideh's username and password, see  at 2, and nowhere contends (or presents evidence indicating) that the log-in information used was invalid. To impose on the bank an additional obligation-that is, a duty to ensure that each instruction it received was from a BeB user formally authorized to issue that particular order-would be to shoulder the bank with a burden it never agreed to carry. See [39-1] at 4 ¶ 4 ("[Envision] expressly agrees to be bound by any Order, whether or not authorized, issued in its name and accepted by [the] Bank in compliance with the Security Procedure.") (emphasis added); id. ¶ 3 ("The Bank will act on instructions received under valid Passwords... and shall not have any liability for transactions occurring on [Envision's] account originated with valid Passwords."); id. at 5 ¶ 11 ("[Envision] assume[s] sole responsibility for any unauthorized use of [its] account's Passwords, and shall... hold the Bank harmless from all... losses and damages related to or arising out of any unauthorized transactions."). Thus, whether Molly Hamideh was formally authorized-either at the time Envision executed the CMUA or at some later time-to wire money out of the *4804 account is immaterial to whether the bank fulfilled its duties under paragraph 4 of the CMUA.
In short, even assuming that (1) Molly Hamideh was not formally authorized by Envision to issue wire-transfer orders for the company's *4804 account, (2) it was not Hamideh herself who issued the wire-transfer order on March 31, 2011, but a hacker impersonating her, and (3) conducting online wire transfers was not a service Envision opted into with the bank-I find that no reasonable jury would conclude that the bank breached paragraph 4 of the CMUA by processing the March 31, 2011 order. If an online order were placed with a valid password, the bank promised it would verify the validity of the password, no more, and the parties agreed the bank would not be liable for any transaction (authorized or not) conducted while using that password. Accordingly, defendant is entitled to judgment as a matter of law on Envision's breach-of-contract claim. Defendant's motion for summary judgment on Count I of the complaint is therefore granted, and Envision's cross-motion for summary judgment on Count I is denied.
B. Negligence (Count II)
Envision also asserts that the bank acted negligently by processing the wire-transfer order that issued from Molly Hamideh's BeB user account on March 31, 2011. See  ¶¶ 60-63 (Count II); see also  at 6-13;  at 3-5. Defendant argues that Envision cannot proceed with this claim as a matter of law-and thus defendant is entitled to summary judgment on Count II of the complaint-because it is barred by the economic-loss doctrine. See  at 8-9. I agree.
The economic-loss doctrine-known as the Moorman doctrine in Illinois- precludes plaintiffs from recovering in tort "for purely economic losses arising out of a failure to perform contractual obligations." Wigod v. Wells Fargo Bank, N.A., 673 F.3d 547, 567 (7th Cir. 2012) (citing Moorman Mfg. Co. v. Nat'l Tank Co., 91 Ill.2d 69 (1982)). As Envision here seeks only to recover the money it lost from the purportedly unauthorized wire transfer (and related costs), see  at 9, Count II of Envision's complaint is barred by Moorman unless the duty that was allegedly breached arose outside the contract. See Wigod, 673 F.3d at 567 (citing Congregation of the Passion, Holy Cross Province v. Touche Ross & Co., 159 Ill.2d 137 (1994)). Thus, "the key question is whether the defendant's duty arose by operation of contract or existed independent of the contract." Id. (citing Catalan v. GMAC Mortg. Corp., 629 F.3d 676, 693 (7th Cir. 2011)).
The duties of care that the bank allegedly breached in 2011 arose expressly from the contracts entered into by Envision and the bank. See, e.g.,  at 6 (stating that the bank acted negligently in processing the March 31, 2011 wire-transfer order because, " [a]ccording to the contracts, Molly Hamideh could not issue wire transfers... and Account No. *4804 was never authorized for outgoing wire transfers") (emphasis added). In its response brief, Envision argues that the bank was also under an independent, common-law duty to exercise reasonable care in providing any services that the bank had (by contract) agreed to undertake, and is therefore liable for any harm resulting from a failure to exercise such care. See  at 4 (quoting Vancura v. Katris, 238 Ill.2d 352, 382 (2010)). There are several problems with this argument.
First, the common-law duty of care identified by Envision does not apply to the bank in this case and, therefore, cannot subject defendant to liability here. The duty of reasonable care discussed in Vancura -that is, the duty of care as defined in Section 323 of the Restatement (Second) of Torts-imposes liability on service-providers only for physical harm, not mere economic loss. See Vancura, 238 Ill.2d at 382 ("One who undertakes... to render services... is subject to liability to the other for physical harm resulting from his failure to exercise reasonable care" (quoting Restatement (Second) of Torts § 323 (1965)) (emphasis added); see also id. (observing that "section 323 [is] explicitly limit[ed] to situations in which the plaintiff has suffered physical' or bodily' harm"). Envision alleges only economic harm, so Section 323 of the Restatement cannot save its negligence claim from Moorman preclusion.
Banks are, however, generally subject to a duty of reasonable care toward their depositors. See Mutual Service Cas. Ins. Co. v. Elizabeth State Bank, 265 F.3d 601, 613-14 (7th Cir. 2001) (applying Illinois law). This duty arises from the position of trust that banks occupy with respect to the funds placed in their custody. See id. at 613. As this duty of care exists "irrespective of the terms of the contract" a bank may otherwise have with its customer, it is conceivable that the Moorman doctrine would not bar a tort claim founded on the alleged breach of such a duty. See id. at 617-18 (discussing but not deciding the issue). Envision does not identify this particular duty or argue that it applies here. Regardless, its existence is not enough to preserve Envision's negligence claim because the Uniform Commercial Code, as adopted by the Illinois legislature, governs the situation presented here.
In Illinois (and elsewhere), the UCC generally governs the relationship between a bank and its customers. See 810 ILCS 5/4-101 et seq. The Moorman doctrine seeks to "maintain the integrity of [the] carefully articulated body of rules in the UCC." Mutual Service, 265 F.3d at 617 (citation omitted) (internal quotation marks omitted). Thus, common-law principles may supplement the UCC-and so may provide the foundation for an action in tort-only where particular provisions of the UCC have not displaced those rules. See id. at 614, 617; Dixon, Laukitis, and Downing, P.C. v. Busey Bank, 993 N.E.2d 580, 587-88 (Ill.App.Ct. 2013) (discussing Mutual Service ). In other words, a negligence claim asserted against a bank, based solely on economic loss, cannot proceed if specific provisions of the UCC have already delineated the bank's responsibilities in the circumstances at hand. See Dixon, 993 N.E.2d at 588; cf. Mutual Service, 265 F.3d at 614.
Such is the case here. Envision contends that the bank was negligent in honoring the wire-transfer order issued from Molly Hamideh's BeB user account on March 31, 2011. See  at 6-13;  at 5. But Article 4A of the UCC already sets forth a detailed scheme concerning the bank's rights and responsibilities when presented with an electronic payment order such as the one at issue. See generally 810 ILCS 5/4A ("Funds Transfers"). Section 202(b) of that article, for example, governs whether such a payment order is deemed effective-even if not "authorized" under Section 202(a)-where, as here, the "bank and its customer have agreed that the authenticity of payment orders issued... in the name of the customer as sender will be verified pursuant to a security procedure." Id. at 5/4A-202(b). Section 203(a) sets forth the circumstances in which a payment order deemed "effective" may nonetheless be unenforceable, and Section 204 provides remedies for when the bank accepts a payment order that is unauthorized or unenforceable. See id. at 5/4A-203(a)(2), 5/4A-204(a). Article 4A, in other words, has displaced common-law rules that might otherwise prescribe a bank's obligations when processing electronic wire-transfer orders. See Travelers Cas. & Sur. Co. of Am. v. Bank of Am., N.A., No. 09 C 06473, 2010 WL 1325494, at *2 (N.D. Ill. Mar. 30, 2010) ("Article 4A displaces common law causes of action that are covered by its provisions....").
Envision also argues that the bank was negligent in maintaining adequate security procedures in the first instance. See  at 12-13. But Article 4A of the UCC provides that procedures for verifying authorization of an electronic payment order need only be "commercially reasonable, " 810 ILCS 5/4A-202(b), and enumerates which factors a court must consider in determining whether the specific procedure employed was indeed reasonable, see id. at 5/4A-202(c). Thus, here, too, the UCC has displaced the common law.
The UCC supports contract-based causes of action for purported violations of the Code's provisions. But Envision has brought no such claims, instead grounding Count II of its complaint in tort. For the reasons discussed above, a tort-based claim is barred under the Moorman doctrine and so cannot proceed as a matter of law. Envision argues, however, that because the Cash Management User Agreement and Wire Transfer Agreement each state that the bank may be liable for its negligence, Envision's negligence claim necessarily must be permitted. See  at 3. But Envision misunderstands the import of the provisions it cites.
The CMUA states that the bank "shall be liable only for its negligence... in performing th[e] services " required by that agreement. [39-1] at 6 ¶ 14 (emphasis added). Similarly, the WTA provides that the bank will be liable "only for its negligence in performing its obligation under this Agreement. " [39-1] at 12 ¶ 9 (emphasis added). In other words, the "negligence" clauses further cabin the bank's liability under the two agreements by requiring the plaintiff to prove not just that the bank failed to meet an obligation as contracted, but that the bank did so negligently. The "negligence" clauses, in short, raise the bar for prevailing on a breach-of-contract claim under either agreement-a bar that, as explained above, Envision has failed to clear in the first instance. On these facts, the "negligence" clauses do not provide a separate, tort-based cause of action on which Envision may base its suit.
Defendant's motion for summary judgment on Count II of the complaint is therefore granted. Envision's cross-motion for summary judgment on Count II is accordingly denied.
B. Breach of the Duty of Good Faith and Fair Dealing (Count III)
Envision also contends that, in processing the wire-transfer order issued using Molly Hamideh's BeB log-in information, the bank breached a duty of good faith and fair dealing implied in the Cash Management User Agreement and Wire Transfer Agreement. See  ¶¶ 64-67. Defendant argues that this claim, too, fails as a matter of law, because in Illinois there is no such independent cause of action. See  at 11-12. I agree.
In Illinois, the duty of good faith and fair dealing is implied in every contract. See Seip v. Rogers Raw Materials Fund, L.P., 408 Ill.App.3d 434, 443 (2011). This duty requires a party "vested with contractual discretion to exercise it reasonably, and not arbitrarily, capriciously, or in a manner inconsistent with the reasonable expectations of [the] parties." Id. (citing Kirkpatrick v. Strosberg, 385 Ill.App.3d 119, 131 (2008)). It is not, however, "an independent source of duties for the parties to a contract." Id .; see also Iowa Physicians' Clinic Med. Found. v. Physicians Ins. Co. of Wis., 547 F.3d 810, 812 (7th Cir. 2008) (discussing Illinois courts' "steadfast refusal, " other than in insurance-contract cases, "to recognize an independent tort arising from the breach of [the implied good-faith] covenant") (citation omitted).
In practice, this means two things: first, a claim for breach of an implied duty of good faith and fair dealing cannot stand on its own, but must be included as a theory of liability within a larger breach-of-contract claim, see Wilson v. Career Educ. Corp., 729 F.3d 665, 674 (7th Cir. 2013) (discussing Illinois law) (citation omitted); second, even if appropriately pleaded, the good-faith duty is merely a tool of construction used to determine the parties' intent where two conflicting interpretations of a contract are possible, see Seip, 408 Ill.App.3d at 443 (citing Fox v. Heimann, 375 Ill.App.3d 35, 42 (2007)); see also Cramer v. Ins. Exch. Agency, 174 Ill.2d 513, 523-24 (1996)) (noting that, where one possible construction imputes bad faith to a party but the other does not, the latter should be adopted) (citing Martindell v. Lake Shore Nat'l Bank, 15 Ill.2d 272, 286 (1958)).
Envision has not pleaded its duty-of-good-faith theory (Count III) as part of its breach-of-contract claim (Count I), as it was required to do. See . Moreover, Envision has not adequately explained how the good-faith duty even comes into play as a necessary tool of construction in this case. Use of the good-faith construction tool typically occurs where one party to the contract has been given, per the terms of that agreement, "broad discretion in performing its obligations." Gore v. Ind. Ins. Co., 376 Ill.App.3d 282, 286 (2007) (citing Dayan v. McDonald's Corp., 125 Ill.App.3d 972, 990 (1984)). A party has broad contractual discretion where, for example, it is "peculiarly within the power of that party" to bring about a condition precedent to the contract, Dayan, 125 Ill.App.3d at 990, or has unrestricted discretion in terminating an at-will employment contract, see id. In such instances, an implied covenant of good faith is read into the agreement, imposing a reasonable limitation on the exercise of that discretion. See id. at 990-91.
Envision argues that paragraph 4 of the CMUA and paragraph 2 of the WTA provided such discretion to the bank here because, according to Envision, these paragraphs vested in the bank the discretion to honor (or not) a given wire-transfer order. See  at 6. I disagree. Paragraph 4 of the CMUA states that the bank "will verify that [Envision] has authorized... a payment order solely by means of the security procedures inherent in the BeB product." [39-1] at 4 ¶ 4. This provision does not vest in the bank broad or unrestricted discretion in deciding whether to process a payment order made online through its BeB system; the provision states that the bank " will verify" proper authorization " solely " using procedures set forth explicitly in that contract. Nor does this paragraph place within the bank's power the ability to bring about (or not) a condition precedent to the contract. In fact, it's the other way around: the bank's contractual obligation ( i.e., to verify authorization through the BeB security procedure) is not triggered unless and until Envision-or someone claiming to represent Envision-submits a payment order online.
Paragraph 2 of the WTA is set up in a similar fashion. Under that paragraph, Envision "authorizes and directs" the bank to initiate a funds transfer whenever the bank "receives from [Envision] a payment order which on its face complies with the Security Procedure established by this agreement." [39-1] at 12 ¶ 2. Again, the bank's obligation (to verify authorization) is triggered by someone else's action, and even when triggered, the bank is hardly imbued with broad discretion in fulfilling it. Under the terms of the contract, the bank must verify that the name on the written payment order corresponds to one previously identified to the bank as belonging to someone who has authority to issue such orders. See id. at 12-13 ¶¶ 2, 13.
Envision's claim for breach of an implied duty of good faith and fair dealing cannot proceed as a matter of law. Defendant's motion for summary judgment on Count III of the complaint is therefore granted, and Envision's cross-motion for summary judgment on Count III is denied.
Envision's online-banking information was purportedly stolen, resulting in an alleged diversion of more than $125, 000 from one of the company's accounts. While it is unfortunate that Envision has been unable to recover the majority of those funds, the bank did not break its promise to its customer-the bank promised to check the validity of the online password used to order a transaction, no more. For the reasons discussed above, defendant's motion for summary judgment on Counts I, II, and III of the amended complaint, , is granted; Envision's cross-motion on the same counts, , is denied.