UNITED STATES DISTRICT COURT EASTERN DISTRICT OF NEW YORK -----------------------------------------------------------------x QUICK CASH, INC.,
Plaintiff, MEMORANDUM AND ORDER -against- 25-CV-2760 (OEM) (SDE)
CAPITAL ONE FINANCIAL CORPORATION and CAPITAL ONE BANK,
Defendants. -----------------------------------------------------------------x ORELIA E. MERCHANT, United States District Judge: On April 17, 2025, Plaintiff Quick Cash, Inc. (“Plaintiff”) brought this action against Defendants Capital One Financial Corporation and Capital One Bank (“Defendants”) in New York State Court, County of Queens, No. 711149/2025, alleging, inter alia, negligence by Defendants in connection with a fraudulent wire transfer. See Notice of Removal, Exhibit A, Dkt. 1-1 (“Complaint” or “Compl.”). On May 16, 2025, Defendant removed this action to this Court asserting federal court diversity jurisdiction under 28 U.S.C. § 1332. See Notice of Removal, Dkt. 1. Before the Court is Defendants’ fully briefed motion to dismiss the Complaint under Federal Rule of Civil Procedure 12(b)(6) (“Rule 12(b)(6)”) for failure state claims upon which relief can be granted. See Capital One Financial Corporation’s and Capital One, N.A.’s Memorandum of Law in Support of Motion to Dismiss Plaintiff’s Complaint, Dkt. 18-1 (“Motion or “Mot.”); Quick Cash Inc.’s Memorandum of Law in Opposition to Dismiss Plaintiff’s Complaint, Dkt. 20 (“Opposition” or “Opp’n”); Capital One Financial Corporation’s and Capital One, N.A.’s Reply Memorandum of Law in Support of Motion to Dismiss Plaintiff’s Complaint, Dkt. 19 (“Reply”). For the following reasons, Defendants’ Motion is granted in part and denied in part. BACKGROUND1 A. The Parties’ Banking Relationship
Plaintiff is a New York corporation that “provides monies to ATM machines owned by Plaintiff throughout New York City which allows the Plaintiff to receive a Commission from any monies cashed through said ATM machines.” Compl. ¶ 1. Defendant Capital One Financial Corporation “is a one-bank holding company that provides financial services by and through its wholly owned subsidiary, [Defendant] Capital One Bank.” Id. ¶ 2. Plaintiff has banked with Defendants for approximately twenty years. Id. ¶¶ 4, 5, 19. Plaintiff’s President, Sudhir K. Arora (“Arora”), is the only individual authorized to sign checks, deposit money, withdraw money, initiate wire transfers, or conduct any other banking transactions with Defendants on behalf of Plaintiff. Id. ¶¶6-7. During the parties’ twenty-year banking relationship, Plaintiff has initiated wire transfers via Defendants, through Intellix,2 twice a week,
averaging approximately $1,000,000 to $1,500,000 weekly. Id. ¶ 8. These wire transfers “have consistently been made to the same payee ‘Safe and Sound’ for which this payee banks with FlagStar Bank, formerly known as Signature Bank.” Id. ¶ 9. Plaintiff alleges the security procedure in place for an online request for wire transfers is as follows: after an online request for wire transfer is made, Plaintiff typically receives an authorization code texted to the registered telephone number on file, and Plaintiff then computes
1 Unless noted otherwise, the following facts are drawn from Plaintiff’s Complaint and are accepted as true for the purpose of ruling on Defendants’ Motion. See Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009).
2 While Intellix is referenced throughout the Complaint, Plaintiff does not explain what “Intellix” is. See Compl. ¶¶ 8, 13, 21 , 24. Defendants explain that Intellix is “a treasury management software system designed to provide business with online access to various banking services and financial tools, including payment processing such as wire transfers,” Mot. at 3, and Plaintiff does not dispute this characterization, see generally Opp’n. that code into an online portal. Id. ¶ 10. Additionally, Defendants will immediately call Plaintiff to verify the wire transfer, thereby confirming the payee’s name and the amount of the wire before authorizing the transfer. Id. Further, to initiate a wire transfer to a new payee, Plaintiff alleges it must first create a “new template” by completing a form and adding the new payee onto the
computer system with the “permission/approval and or authorization” of Defendants, and once a new payee is created, Intellix confirms via telephone that Plaintiff authorized the new payee. Id. ¶ 21. B. The Treasury Management Services Agreement and Dual Control Waiver Plaintiff’s use of Defendants’ services, including Intellix, is governed by Defendants’ Treasury Management Services General Provisions. See Declaration of Philip A. Goldstein in Support of Capital One Financial Corporation and Capital One, N.A.’s Motion to Dismiss Plaintiff’s Complaint (“Goldstein Decl.”), Exhibit 2, Dkt. 18-4 (“TM Terms”).3 Plaintiff’s agreement to the TM Terms, including its use of Intellix, is memorialized in a document signed by Arora. See Goldstein Decl., Exhibit 3, Dkt.18-5 (“TM Terms Authorization and Agreement”).
In agreeing to the TM Terms, Plaintiff agreed that wire transfers initiated in accordance with Defendants’ security procedures would be “considered authorized.” TM Terms § 3(a). The security procedures include “[c]redentials, security codes, keys, personal identification numbers, template numbers, algorithms, callback procedures or other programs or keystrokes that are adopted for use in the Services to verify the authenticity of Instructions and other communications
3 Defendants submit the contracts governing the use of its services as attachments to their Motion. As Plaintiff asserts claims arising from its agreements with Defendants to certain security procedures, Defendants contend that the Complaint “relies heavily upon [the] terms and effects” of the governing contracts,” thereby rendering the contracts “integral” to the Complaint. Mot. at 3 n.3 (quoting DiFolco v. MSNVC Cable L.L.C., 662 F.3d 104, 111, (2d Cir. 2010)). Plaintiff does not dispute that the contracts are “integral” to the Complaint, nor does it dispute the authenticity or accuracy of the contracts submitted by Defendants. See generally Opp’n. Further, the Court agrees that the parties’ agreed-upon security procedures are integral to Plaintiff’s Complaint in that Plaintiff’s claims rely heavily on their terms and effects. See Compl. ¶¶ 27, 44-57. Accordingly, the Court considers the contracts governing the security procedures. See DiFolco, 662 F.3d at 111. from [Plaintiff].” Id. § 28. Plaintiff further agreed “to implement appropriate measures to safeguard the Security Procedures and establish procedures to safeguard their confidentiality.” Id. § 3(e). Despite this agreement to implement appropriate security measures of its own, Plaintiff waived the use of a dual control security procedure, which is “a process whereby one user
originates a Payment Order and a second user approves the Payment Order prior to [Defendants] processing the Payment Order on behalf [Plaintiff].” Goldstein Decl., Exhibit 5, Dkt. 18-7 (“Dual Control Waiver”).4 C. The Fraudulent Wire Transfer On or about October 23, 2023, online hackers attacked Plaintiff’s business account maintained with Defendants. Compl. ¶ 11. These hackers infiltrated Plaintiff’s account and “manipulated the system, creating a new payee,” and facilitating a wire transfer in the sum of $298,653.21. Id. ¶¶ 11, 13, 15. Defendants phoned Plaintiff to verify the transfer the day after the transfer was completed. Id. ¶ 10. Based on its long history of wire transfers with Defendants and the unfamiliar sum of
Free access — add to your briefcase to read the full text and ask questions with AI
UNITED STATES DISTRICT COURT EASTERN DISTRICT OF NEW YORK -----------------------------------------------------------------x QUICK CASH, INC.,
Plaintiff, MEMORANDUM AND ORDER -against- 25-CV-2760 (OEM) (SDE)
CAPITAL ONE FINANCIAL CORPORATION and CAPITAL ONE BANK,
Defendants. -----------------------------------------------------------------x ORELIA E. MERCHANT, United States District Judge: On April 17, 2025, Plaintiff Quick Cash, Inc. (“Plaintiff”) brought this action against Defendants Capital One Financial Corporation and Capital One Bank (“Defendants”) in New York State Court, County of Queens, No. 711149/2025, alleging, inter alia, negligence by Defendants in connection with a fraudulent wire transfer. See Notice of Removal, Exhibit A, Dkt. 1-1 (“Complaint” or “Compl.”). On May 16, 2025, Defendant removed this action to this Court asserting federal court diversity jurisdiction under 28 U.S.C. § 1332. See Notice of Removal, Dkt. 1. Before the Court is Defendants’ fully briefed motion to dismiss the Complaint under Federal Rule of Civil Procedure 12(b)(6) (“Rule 12(b)(6)”) for failure state claims upon which relief can be granted. See Capital One Financial Corporation’s and Capital One, N.A.’s Memorandum of Law in Support of Motion to Dismiss Plaintiff’s Complaint, Dkt. 18-1 (“Motion or “Mot.”); Quick Cash Inc.’s Memorandum of Law in Opposition to Dismiss Plaintiff’s Complaint, Dkt. 20 (“Opposition” or “Opp’n”); Capital One Financial Corporation’s and Capital One, N.A.’s Reply Memorandum of Law in Support of Motion to Dismiss Plaintiff’s Complaint, Dkt. 19 (“Reply”). For the following reasons, Defendants’ Motion is granted in part and denied in part. BACKGROUND1 A. The Parties’ Banking Relationship
Plaintiff is a New York corporation that “provides monies to ATM machines owned by Plaintiff throughout New York City which allows the Plaintiff to receive a Commission from any monies cashed through said ATM machines.” Compl. ¶ 1. Defendant Capital One Financial Corporation “is a one-bank holding company that provides financial services by and through its wholly owned subsidiary, [Defendant] Capital One Bank.” Id. ¶ 2. Plaintiff has banked with Defendants for approximately twenty years. Id. ¶¶ 4, 5, 19. Plaintiff’s President, Sudhir K. Arora (“Arora”), is the only individual authorized to sign checks, deposit money, withdraw money, initiate wire transfers, or conduct any other banking transactions with Defendants on behalf of Plaintiff. Id. ¶¶6-7. During the parties’ twenty-year banking relationship, Plaintiff has initiated wire transfers via Defendants, through Intellix,2 twice a week,
averaging approximately $1,000,000 to $1,500,000 weekly. Id. ¶ 8. These wire transfers “have consistently been made to the same payee ‘Safe and Sound’ for which this payee banks with FlagStar Bank, formerly known as Signature Bank.” Id. ¶ 9. Plaintiff alleges the security procedure in place for an online request for wire transfers is as follows: after an online request for wire transfer is made, Plaintiff typically receives an authorization code texted to the registered telephone number on file, and Plaintiff then computes
1 Unless noted otherwise, the following facts are drawn from Plaintiff’s Complaint and are accepted as true for the purpose of ruling on Defendants’ Motion. See Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009).
2 While Intellix is referenced throughout the Complaint, Plaintiff does not explain what “Intellix” is. See Compl. ¶¶ 8, 13, 21 , 24. Defendants explain that Intellix is “a treasury management software system designed to provide business with online access to various banking services and financial tools, including payment processing such as wire transfers,” Mot. at 3, and Plaintiff does not dispute this characterization, see generally Opp’n. that code into an online portal. Id. ¶ 10. Additionally, Defendants will immediately call Plaintiff to verify the wire transfer, thereby confirming the payee’s name and the amount of the wire before authorizing the transfer. Id. Further, to initiate a wire transfer to a new payee, Plaintiff alleges it must first create a “new template” by completing a form and adding the new payee onto the
computer system with the “permission/approval and or authorization” of Defendants, and once a new payee is created, Intellix confirms via telephone that Plaintiff authorized the new payee. Id. ¶ 21. B. The Treasury Management Services Agreement and Dual Control Waiver Plaintiff’s use of Defendants’ services, including Intellix, is governed by Defendants’ Treasury Management Services General Provisions. See Declaration of Philip A. Goldstein in Support of Capital One Financial Corporation and Capital One, N.A.’s Motion to Dismiss Plaintiff’s Complaint (“Goldstein Decl.”), Exhibit 2, Dkt. 18-4 (“TM Terms”).3 Plaintiff’s agreement to the TM Terms, including its use of Intellix, is memorialized in a document signed by Arora. See Goldstein Decl., Exhibit 3, Dkt.18-5 (“TM Terms Authorization and Agreement”).
In agreeing to the TM Terms, Plaintiff agreed that wire transfers initiated in accordance with Defendants’ security procedures would be “considered authorized.” TM Terms § 3(a). The security procedures include “[c]redentials, security codes, keys, personal identification numbers, template numbers, algorithms, callback procedures or other programs or keystrokes that are adopted for use in the Services to verify the authenticity of Instructions and other communications
3 Defendants submit the contracts governing the use of its services as attachments to their Motion. As Plaintiff asserts claims arising from its agreements with Defendants to certain security procedures, Defendants contend that the Complaint “relies heavily upon [the] terms and effects” of the governing contracts,” thereby rendering the contracts “integral” to the Complaint. Mot. at 3 n.3 (quoting DiFolco v. MSNVC Cable L.L.C., 662 F.3d 104, 111, (2d Cir. 2010)). Plaintiff does not dispute that the contracts are “integral” to the Complaint, nor does it dispute the authenticity or accuracy of the contracts submitted by Defendants. See generally Opp’n. Further, the Court agrees that the parties’ agreed-upon security procedures are integral to Plaintiff’s Complaint in that Plaintiff’s claims rely heavily on their terms and effects. See Compl. ¶¶ 27, 44-57. Accordingly, the Court considers the contracts governing the security procedures. See DiFolco, 662 F.3d at 111. from [Plaintiff].” Id. § 28. Plaintiff further agreed “to implement appropriate measures to safeguard the Security Procedures and establish procedures to safeguard their confidentiality.” Id. § 3(e). Despite this agreement to implement appropriate security measures of its own, Plaintiff waived the use of a dual control security procedure, which is “a process whereby one user
originates a Payment Order and a second user approves the Payment Order prior to [Defendants] processing the Payment Order on behalf [Plaintiff].” Goldstein Decl., Exhibit 5, Dkt. 18-7 (“Dual Control Waiver”).4 C. The Fraudulent Wire Transfer On or about October 23, 2023, online hackers attacked Plaintiff’s business account maintained with Defendants. Compl. ¶ 11. These hackers infiltrated Plaintiff’s account and “manipulated the system, creating a new payee,” and facilitating a wire transfer in the sum of $298,653.21. Id. ¶¶ 11, 13, 15. Defendants phoned Plaintiff to verify the transfer the day after the transfer was completed. Id. ¶ 10. Based on its long history of wire transfers with Defendants and the unfamiliar sum of
money, Plaintiff knew the transfer was an error and responded “NO” when asked to authorize it. Id. ¶ 13. When Plaintiff subsequently contacted its banker at a local branch, it was informed that the wire transfer was not stopped in time. Id. ¶ 14. By the time Defendants “telephoned [Plaintiff] to authenticate the wire transfer, it had already been authorized and completed.” Id. The parties have been largely unsuccessful in recouping the lost funds. Id. ¶¶ 16-19. While Plaintiff was able to recover $9,300 as the result of a complaint filed with the Consumer Financial Protection Bureau, Defendants have refused to return the remaining stolen funds, taking the
4 When referencing the Dual Control Waiver, the Court cites the page numbers contained in the automatically generated ECF header. position that they “followed an agreed upon commercially reasonably security procedure in the processing the wire transfer and the loss of funds was the Plaintiff’s fault.” Id. ¶¶ 25-27. LEGAL STANDARD To survive a motion to dismiss for failure to state a claim for relief pursuant to Rule
12(b)(6), “a complaint must contain sufficient factual matter, accepted as true, to ‘state a claim to relief that is plausible on its face.’” Ashcroft v. Iqbal, 556 U.S. 662, 678 (quoting Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007)); Hogan v. Fischer, 738 F.3d 509, 514 (2d Cir. 2013). “A claim has facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Iqbal, 556 U.S. at 678; Hogan, 738 F.3d at 514. “The plausibility standard is not akin to a ‘probability requirement,’ but it asks for more than a sheer possibility that a defendant has acted unlawfully.” Iqbal, 556 U.S. at 678; see also Pension Benefit Guar. Corp. ex rel. St. Vincent Cath. Med. Ctrs. Ret. Plan v. Morgan Stanley Inv. Mgmt. Inc., 712 F.3d 705, 718 (2d Cir. 2013). Determining whether a plausible claim for relief is stated is “a context-specific task that
requires the reviewing court to draw on its judicial experience and common sense.” Iqbal, 556 U.S. at 679. “In determining the adequacy of the complaint, the court may consider any written instrument attached to the complaint as an exhibit or incorporated in the complaint by reference, as well as documents upon which the complaint relies and which are integral to the complaint.” Subaru Distrib. Corp. v. Subaru of Am., Inc., 425 F.3d 119, 122 (2d Cir. 2005). “[T]he tenet that a court must accept as true all of the allegations contained in a complaint is inapplicable to legal conclusions.” Iqbal, 556 U.S. at 678; see also Pension Benefit Guar. Corp., 712 F.3d at 717 (“Although for the purposes of a motion to dismiss we must take all of the factual allegations in the complaint as true, we ‘are not bound to accept as true a legal conclusion couched as a factual allegation.’” (quoting Iqbal, 556 U.S. at 678)). “While legal conclusions can provide the framework of a complaint, they must be supported by factual allegations.” Pension Benefit Guar. Corp., 712 F.3d at 717 (quoting Iqbal, 556 U.S. at 679). DISCUSSION
Plaintiff asserts four causes of action: negligence, Compl. ¶¶ 32-37; gross negligence, id. ¶¶ 38-43; refund due to Defendants’ failure to follow their security procedures, id. ¶¶ 44-57; and refund based on Defendants’ lack of good faith in accepting the fraudulent online payment order, id. ¶¶ 58-63.5 Defendants move to dismiss all claims. See generally Mot. A. Negligence Claims Defendants contend that Plaintiff’s negligence and gross negligence claims fail as a matter of law. Mot. at 8. Specifically, Defendants assert that: (1) New York Uniform Commercial Code Article 4-A (“Article 4-A”) precludes common law negligence claims; (2) Defendants do not owe Plaintiff an extracontractual duty in tort; and (3) Plaintiff’s negligence claims fail under the economic loss doctrine. Mot. at 8-14. Plaintiff opposes each of Defendant’s arguments. Opp’n
at 7-13. 1. Article 4-A Preemption Defendants contend that Article 4-A preempts Plaintiff’s common law negligence and gross negligence claims. Mot. at 8-10. Plaintiff asserts that these claims are not preempted “because they are grounded in well-established exceptions that courts recognize when banks act recklessly or fail to follow their own safeguards.” Opp’n at 10.
5 Plaintiff originally brought five causes of action, including a claim for forgery. See Compl. ¶¶ 28-31. However, the parties stipulated to the dismissal of that cause of action on July 16, 2025, see Stipulation of Dismissal as for the First Cause of Action Without Prejudice, Dkt. 14, which the Court so ordered the following day, see Order, dated July 17, 2025. Article 4-A “governs the procedures, rights, and liabilities arising out of commercial electronic funds transfers.” Grain Traders, Inc. v. Citibank, N.A., 160 F.3d 97, 100 (2d Cir. 1998); N.Y. U.C.C. § 4-A-102 & cmt. “[C]ommon law claims arising from electronic funds transfers are precluded ‘when such claims would impose liability inconsistent with the rights and liabilities
expressly created by Article 4-A.’” Fisher & Mandell, LLP v. Citibank, N.A., 632 F.3d 793, 797 (2d Cir. 2011) (quoting Grain Traders, 160 F.3d at 103). To determine whether a common law claim is inconsistent with Article 4-A and therefore preempted, “the critical inquiry is whether its provisions protect against the type of underlying injury misconduct alleged in a claim.” Ma v. Merrill Lynch, Pierce, Fenner, & Smith, Inc., 597 F.3d 84, 89-90 (2d Cir. 2010). Plaintiff’s negligence and gross negligence claims are preempted. At their core, these claims concern the unauthorized wire transfer and the circumstances of that transfer. See Compl. ¶¶ 34, 40, 42. These underlying injuries fall squarely within Article 4-A. See Ma, 597 F.3d 84 at 89 (“Sections 4-A-202, 4-A-203, and 4-A-204 of the N.Y. UCC govern liability for unauthorized funds transfers.”).
Plaintiff’s arguments to the contrary are unpersuasive. Plaintiff asserts that its claims concern more than an unauthorized wire transfer—namely, Defendants “independent failure to comply with its own mandatory security procedures.” See Opp’n at 9-10. But Plaintiff offers no authority to support its position that preemption does not apply in such circumstances. Simply put, “[s]ince all of [Plaintiff’s] claims are, at their core, assertions that [it] did not order or approve any of the disputed electronic transfers of funds from his accounts, . . . resort to Article [4-A] . . . is unavoidable. Ma, 597 F.3d at 90; see, e.g., Jajati v. JPMorgan Chase Bank, N.A., 711 F. Supp. 3d 169, 176-77 (E.D.N.Y. 2024) (granting a motion to dismiss the plaintiff’s negligence and gross negligence claims upon a finding that they fell “squarely within the ambit of Article 4-A”). Accordingly, Plaintiff’s negligence and gross negligence claims are dismissed as preempted, and the Court need not reach Defendants’ arguments regarding extracontractual duty or the economic loss doctrine. B. Article 4-A Claims
Plaintiff also asserts claims for a “[r]efund due to Defendant’s failure to follow Bank’s security Procedure,” and a “[r]efund Based on Bank’s Lack of Good Faith in Acceptance of the Fraudulent Online payment Orders.” Compl. at 8, 11. The Court construes these claims as seeking a refund of an unauthorized wire transfer pursuant to New York Uniform Commercial Code Article 4-A-204 (“Article 4-A-204”). See N.Y. U.C.C. § 4-A-204(1) (“If a receiving bank accepts payment order issued in the name of its customer as sender which is . . . not authorized and not effective as the order of the customer under Section 4-A-202, . . . the bank shall refund any payment order received from the customer to the extent the bank is not entitled to enforce payment. . . .”). Defendants contend that Plaintiff’s Article 4-A-204 claims “are barred by the parties’
contract, which provide that Plaintiff agreed to be bound by wire transfer instructions issued in accordance with [Defendants’] security procedures, and those procedures are commercially reasonable.” Mot. at 14. Plaintiff argues that the wire transfer was unauthorized within the meaning Article 4-A-204 notwithstanding the written parties’ agreements and that Defendants did not comply with a commercially reasonable security procedure on which the parties agreed. Opp’n at 13-17. 1. Authorization To state a claim under Article 4-A-204, a customer must allege “that a receiving bank accepted a payment order issued in its name; and that the payment order was: (i) not authorized and not effective as the order of the customer; or (ii) not enforceable, in whole or in part, against the customer.” 2006 Frank Calandra, Jr. Irrevocable Tr. v. Signature Bank Corp., 816 F. Supp. 2d 222, 233 (S.D.N.Y. 2011), aff’d, 503 F. App’x 51 (2d Cir. 2012) (citing N.Y. U.C.C. § 4-A- 204); see also Regatos v. North Fork Bank, 838 N.E.2d 629, 632 (N.Y. 2005). “A payment order
is authorized where the receiving bank had actual, implied or apparent authority from the customer to accept the transfer request.” Frank Calandra, 816 F. Supp. 2d at 233; see N.Y. U.C.C. § 4-A- 202(1) (“A payment order received by the receiving bank is the authorized order of the person identified as sender if that person authorized the order or is otherwise bound by it under the law of agency.”). Where “contracts exist regarding the banking relationship at issue” that are unambiguous and pertain to “the bank’s authority to process payment orders, the ‘plain meaning of the language chosen by the contracting parties’ must be enforced.” Frank Calandra, 816 F. Supp. 2d at 233 (quoting Topps Co. v. Cadbury Stani S.A.I.C, 526 F.3d 63, 68 (2d Cir. 2008)). Under the TM Terms, Plaintiff agreed that wire transfers initiated in accordance with Defendants’ security procedures would be “considered authorized.” TM Terms § 3(a). The
security procedures include “[c]redentials, security codes, keys, personal identification numbers, template numbers, algorithms, callback procedures or other programs or keystrokes that are adopted for use in the Services to verify the authenticity of Instructions and other communications from [Plaintiff].” Id. § 28. Plaintiff also agreed “to implement appropriate measures to safeguard the Security Procedures and establish procedures to safeguard their confidentiality.” Id. § 3(e). Further, Plaintiff “acknowledge[d] [Defendants’] recommendation that [Plaintiff] establish a process whereby one user originates a Payment Order and a second user approves the Payment Order prior to [Defendants] processing the Payment Order on behalf [Plaintiff]” but waived that dual control security procedure and assumed “responsibility to implement controls to mitigate the risk of malicious activity compromising the security of [Plaintiff’s] account.” Dual Control Waiver at 2. The parties disagree as to the meaning of these provisions. Defendants contend that because the subject wire transfer “was initiated using Plaintiff’s security codes and credentials and
from Plaintiff’s Account, which Plaintiff failed to secure,” Defendants were authorized to accept the payment pursuant to the clear and unambiguous terms of the parties’ agreement. Mot. at 16- 17 (citing Compl. ¶¶ 11, 15, 24). However, Plaintiff argues that Defendants did not abide by the agreed-upon security procedures when they failed to verify, either by telephone or writing, the wire transfer or the creation of a new payee before completing the transfer. Compl. ¶¶ 10, 45, 46; see TM Terms § 3(a) (“Any Payment Orders or other Instructions communicated to Bank in Customer’s name in compliance with the Security Procedures, and all access to and use of the Channels and other Services using the Security Procedures assigned to customer, are considered authorized by Customer and enforceable under the terms of the Agreement if accepted by Bank in good faith.” (emphasis added)); see id. at 25 (including “callback procedures” in the TM Term’s
definition of “Security Procedures”). It is unclear under the parties’ agreement whether Defendants’ alleged failure to engage in the verification would nonetheless render the transfer authorized. See Law Debenture Tr. Co. of New York v. Maverick Tube Corp., 595 F.3d 458, 465 (2d Cir. 2010) (stating that contractual ambiguity “exists where the terms of the contract could suggest more than one meaning when viewed objectively by a reasonably intelligent person who has examined the context of the entire integrated agreement and who is cognizant of the customs, practices, usages, and terminology as generally understood in the particular trade or business”). Avoiding questions of contractual integration and resolving any ambiguities in Plaintiff’s favor, Plaintiff has plausibly alleged that the wire transfer was unauthorized.6 See Subaru, 425 F.3d at 122 (noting that the court “should resolve any contractual ambiguities in favor of the plaintiff” on a motion to dismiss); Ohr Somayach/Joseph Tanenbaum Educ. Ctr. v. Farleigh Int’l Ltd., 438 F. Supp. 3d 195, 208 (S.D.N.Y. 2020) (“[B]ecause the factors the court must consider when determining whether a
contract is integrated are ‘fact based,’ whether a contract is integrated often is ‘not appropriate for determination on a motion to dismiss.’” (quoting All R’s Consulting, Inc. v. Pilgrims Pride Corp., 06-CV-3601, 2008 WL 852013, at *12 n.7 (S.D.N.Y. Mar. 28, 2008))). 2. Commercial Reasonability, Good Faith, and Compliance If a plaintiff demonstrates that the payment order was unauthorized, the default is that the bank will bear the loss of the unauthorized transfer. Regatos v. North Fork Bank, 257 F. Supp. 2d 632, 640 (S.D.N.Y. 2003); N.Y.U.C.C. § 4-A-204(1). However, Article 4-A-202(2) “provides that even where a payment order is not authorized, it is ‘effective’ as the order of the customer where the bank and its customer agree on a security procedure to verify the wire transfer, the security procedure is commercially reasonable, and the bank accepted the payment order in good faith and
in compliance with the security procedure.” McCarthy v. JPMorgan Chase Bank, 772 F. Supp. 3d 298, 310 (E.D.N.Y. 2025) (citing N.Y. U.C.C. § 4-A-202(2)). Here, the parties did expressly agree to a security procedure that was commercially reasonable. “A security procedure is deemed to be commercially reasonable if (a) the security procedure was chosen by the customer after the bank offered, and the customer refused, a security
6 Defendants rely on Frank Calandra for the proposition that Defendants had implied or apparent authority to accept the transfer request under the TM Terms. Mot. at 16-17. However, in that case, the court found that the parties’ agreement as to the defendant’s authority to transfer funds under the circumstances was unambiguous. Id. at 234-36. Here, there is ambiguity as to whether Defendant’s failure to verify the transfer or the new payee before accepting the transfer was “in compliance with the Security Procedures” such the transfer could be consider authorized. See TM Terms § 3(a); id. § 28; Law Debenture Tr. Co., 595 F.3d at 465. Further, Frank Calandra was resolved on summary judgment, where the court could more comfortably determine whether the contract was integrated. See Navigant Consulting, Inc. v. Kostakis, 07-CV-2302, 2007 WL 2907330, at *8 (E.D.N.Y. Oct. 4, 2007) (“Generally, courts determining whether or not an agreement is integrated . . . do so at the summary judgment stage.”). procedure that was commercially reasonable for that customer, and (b) the customer expressly agreed in writing to be bound by any payment order, whether or not authorized, issued in its name and accepted by the bank in compliance with the security procedure chosen by the customer.” N.Y. U.C.C. § 4-A-202(3). Plaintiff agreed that Defendants’ security procedures are
“commercially reasonable” and “suitable” for Plaintiff. TM Terms § 3(a). Plaintiff also refused to adopt dual control when recommended by Defendants, thereby acknowledging that “Single Control is deemed to be [a] commercially reasonable Security Procedure” and agreeing “to be bound by and liable for any Payment Orders, whether or not authorized, issued in [Plaintiff’s] name and accepted by [Defendants] in good faith compliance with the Single Control Security Procedure.” Dual Control Waiver at 2. However, Plaintiff has plausibly alleged that Defendants did not comply with the agreed- upon security procedure. Opp’n at 15 (arguing that Defendants failed to complete “(i) template verification for the payees subject to an approximate 24-hour review period, and (ii) telephone confirmation with [Plaintiff] prior to execution of processing of the new payee.”); see Compl ¶¶ 10,
45, 46, 52. Defendants argue that these additional security procedures alleged by Plaintiff contradict the express terms of the Dual Control Waiver, which authorizes Defendants “to act solely on the instructions of a single user to process a Payment Order.” Dual Control Waiver at 2; see Reply at 10. Although the Court need not credit as true alleged contractual terms that contradict the express terms of the parties’ contract, see Northwell Health, Inc. v. Premera Blue Cross, 23- CV-389, 2025 WL 959651, at *14 n.8 (E.D.N.Y. Mar. 15, 2025 (collecting cases), the Court disagrees that the alleged security procedures are plainly contradictory to the parties’ written contractual terms. Specifically, the Dual Control Waiver could reasonably be interpreted to apply to the processing of payment orders only and not to the verification of a new payee. See Dual Control Waiver at 2. Further, as discussed above, the Court declines to engage in an analysis of contractual integration at this stage in the litigation. See Ohr Somayach, 438 F. Supp. 3d at 208. Accordingly, Plaintiff has plausibly alleged a viable claim under Article 4-A-204. CONCLUSION
For the foregoing reasons, Defendants’ Motion is granted in part and denied in part. Plaintiff’s negligence and gross negligence claims, Plaintiff’s Second and Third Causes of Action, are hereby dismissed. Plaintiff’s Fourth and Fifth Causes of Action, which the Court construes as a single Article 4-A-204 claim, remain. SO ORDERED. /s/ ORELIA E. MERCHANT United States District Judge May 22, 2026 Brooklyn, New York