[DO NOT PUBLISH]
IN THE UNITED STATES COURT OF APPEALS
FOR THE ELEVENTH CIRCUIT
_____________________________
No. 14-12969
Non-Argument Calendar
_____________________________
Docket No. 1:12-cv-03010-ODE
METRO BROKERS, INC.,
Plaintiff-Appellant,
versus
TRANSPORTATION INSURANCE COMPANY,
Defendant-Appellee.
_______________________________
Appeal from the United States District Court
For the Northern District of Georgia
________________________________
(March 5, 2015)
Before TJOFLAT, WILSON and EDMONDSON, Circuit Judges.
PER CURIAM:
In this insurance coverage dispute, Metro Brokers, Inc. (“Metro”) appeals
the district court’s (1) grant of summary judgment in favor of Metro’s insurer,
Transportation Insurance Company (“TIC”) and (2) denial of Metro’s motion for
reconsideration. No reversible error has been shown; we affirm.
Metro is a real estate brokerage firm conducting business in Georgia. Metro
maintained bank accounts with Fidelity Bank (“Bank”) and used the Bank’s online
system to make payments from Metro’s accounts. On 10 December 2011, thieves
logged into the Bank’s online banking system using a Metro employee’s access ID
and password. Then, using a randomly generated single-transaction security code,
the thieves authorized various payments -- totaling over $188,000 -- from a Metro
client escrow account to several other bank accounts. Over $154,000 of the stolen
funds remains unrecovered.
Although the exact details of the theft are unknown, the parties agree that all
available evidence suggests that the thieves used a key-logger virus known as
“Zeus” (which was found on several Metro computers) to gain access to Metro
employee access IDs and passwords.
2
Metro filed a claim for the loss under Metro’s insurance policy (“Policy”)
with TIC. TIC denied coverage based on the Policy’s malicious-code and system -
penetration exclusions. Metro, on the other hand, contends that the loss is not
excluded and is covered by the Policy’s Fraud and Alteration (“F&A”)
endorsement.
In two detailed and well-reasoned opinions, the district court concluded that
the Policy did not cover Metro’s loss and, thus, that TIC was entitled to summary
judgment on Metro’s breach of contract claim. The district court determined that
Metro’s loss was not covered by the Policy’s F&A endorsement for two reasons:
(1) the fraudulent electronic transfers did not involve a “check, draft, promissory
note, bill of exchange, or similar written promise, order or direction to pay a sum
certain;” and (2) Metro’s loss fell within the Policy’s exclusions for losses caused
by malicious code or system penetration. Because Metro’s claim was not covered
under the Policy, the district court granted summary judgment for TIC on Metro’s
claims for breach of contract and for bad faith.
We review de novo a district court’s grant of summary judgment, viewing
the evidence and drawing all reasonable inferences in favor of the non-moving
party. Harrison v. Benchmark Elecs. v. Huntsville, Inc., 593 F.3d 1206, 1211
(11th Cir. 2010).
3
Under Georgia law, “[a]n insurance policy is governed by the ordinary rules
of contract construction.” Banks v. Bhd. Mut. Ins. Co., 686 S.E.2d 872, 874 (Ga.
Ct. App. 2009). Whether the language in an insurance policy is ambiguous is a
matter of law for the court to decide. Id. “Extrinsic evidence to explain ambiguity
in a contract becomes admissible only when a contract remains ambiguous after
the pertinent rules of construction have been applied.” Claussen v. Aetna Cas. &
Sur. Co., 380 S.E.2d 686, 687 (Ga. 1989). “When the language of a policy is
unambiguous and capable of but one reasonable construction, we enforce the
contract as written.” Banks, 686 S.E.2d at 874. “The words used in policies of
insurance, as in all other contracts, bear their usual and common significance, and
policies of insurance are, as in all other contracts, to be construed in their ordinary
meaning.” Lawyers Title Ins. Corp. v. Griffin, 691 S.E.2d 633, 636 (Ga. Ct. App.
2010).
Metro argues that its loss is covered by the Policy’s F&A endorsement. We
disagree. The Policy’s F&A endorsement provides that TIC “will pay for loss
resulting directly from ‘forgery’ or alteration of, on, or in any check, draft,
promissory note, bill of exchange, or similar written promise, order or direction to
pay a sum certain . . . .” The term “forgery” is defined in the Policy as “the signing
of the name of another person or organization with intent to deceive.”
4
The electronic fund transfers in this case did not involve a “check, draft,
promissory note, [or] bill of exchange.” The transfers also cannot be characterized
as involving a “written promise, order or direction to pay” that was “similar” to the
three enumerated instruments. Under both federal and Georgia law, electronic
fund transfers are distinguished from -- and treated differently from -- fund
transfers made by check, draft, or bill of exchange. See 15 U.S.C. § 1693a(7)
(emphasis added) (the Electronic Fund Transfer Act defines an “electronic fund
transfer” as “any transfer of funds, other than a transaction originated by check,
draft, or similar paper instrument, which is initiated through an electronic terminal,
telephonic instrument, or computer or magnetic tape so as to order, instruct, or
authorize a financial institution to debit or credit an account.”); O.C.G.A. § 11-4A-
108 (providing expressly that Georgia’s Uniform Commercial Code on fund
transfers does not apply to electronic fund transfers governed by the federal
Electronic Fund Transfer Act).
Moreover, Metro has also failed to demonstrate that the theft involved the
“signing of [a] name,” as required under the Policy’s “forgery” definition.
Although the thieves used the stolen access ID and password to access the Bank’s
online system (and then used a randomly generated security code to authorize the
5
transfers), nothing establishes that doing so constituted the “signing of the name of
another person or organization” under the terms of the Policy.
First, nothing about the Policy’s provision that “signatures that are produced
or reproduced electronically” will be considered “the same as handwritten
signatures” -- in and of itself -- establishes that an access ID and password
constitute a “signature” (electronic or otherwise) within the meaning of the Policy.
Second, contrary to Metro’s argument, the Georgia Court of Appeals’
decision in Allstate Ins. Co. v. Renshaw, 258 S.E.2d 744 (Ga. Ct. App. 1979), does
not control here. In Renshaw, the state court concluded a loss resulting from the
theft of plaintiff’s bank card and personal identification number (PIN) constituted a
“forgery” under plaintiff’s homeowners insurance policy. Because the policy
contained no definition of the term “forgery,” the court relied on the definitions of
“forgery” and “writing” found in Georgia’s criminal code. The court concluded
that the recording of plaintiff’s PIN number was a “writing” within the meaning of
Georgia’s criminal code. Here -- unlike in Renshaw -- the Policy defined
expressly and unambiguously the term “forgery.” Thus, we need not (and must
not) rely on Georgia’s criminal code to interpret the Policy’s language. The
question of whether the unauthorized use of Metro’s access ID and password was a
“writing” under Georgia’s criminal code has no significance to this case.
6
Because Metro has failed to demonstrate that its loss was covered under the
Policy’s F&A endorsement, TIC was entitled to summary judgment on Metro’s
breach of contract claim. See Allstate Ins. Co. v. Grayes, 454 S.E.2d 616, 618 (Ga.
Ct. App. 1995) (“To establish a prima facie case on a claim under a policy of
insurance the insured must show the occurrence was within the risk insured
against.”).
We also agree with the district court’s conclusion that Metro’s claim fell
under the Policy’s malicious-code exclusion. * That the thieves (in some way) used
a computer virus to commit their theft is undisputed. The Policy defines
“malicious code” as including, among other things, “computer viruses.” Although
Metro argues that the computer virus did not in fact “cause” the loss (because of
the thieves’ intervening conduct), the Policy states unambiguously that it does not
cover losses “caused directly or indirectly” by malicious code “regardless of any
other cause or event that contributes concurrently or in any sequence to the loss.”
Based on this broad (but plain) exclusionary language, we conclude that Metro’s
loss is excluded.
Because Metro’s loss is not covered by the Policy, Metro’s claims for both
breach of contract and for bad faith must fail. See Lawyers Title Ins. Corp. v.
*
Because we conclude that Metro’s loss is excluded under the malicious-code exclusion, we do
not decide whether the loss would also fall under the system-penetration exclusion.
7
Griffin, 691 S.E.2d 633, 636-37 (Ga. Ct. App. 2010) (concluding that, to establish
a bad faith claim under O.C.G.A. § 33-4-6, an insured must show, among other
things, that his claim is covered under the insurance policy).
AFFIRMED.
8