dissenting:
I respectfully dissent. The majority opinion concludes that Chavez and Mercantil Commercebank agreed only to the security procedure defined in section 5(i) of the Funds Transfer Agreement and that section 5(iii) of the Agreement, which permits the Bank also to use “any other means” to verify payment orders, is not part of the parties’ agreed upon security procedure. Majority Opinion at 901-02. But that conclusion reflects a strained reading of the Agreement and related provisions of Florida law. Because the Agreement encompassed both the required and discretionary security procedures, which together here were commercially reasonable, and the Bank acted in good faith when it accepted the payment order, I would affirm the judgment in favor of the Bank.
A The Agreement to Additional Means for Verification of Payment Orders Is Part of the Agreed, Security Procedures.
Under Florida law, Chavez bears the risk of loss for the allegedly fraudulent payment order if he agreed to a commercially reasonable security procedure, and the Bank relied on that procedure in good faith when it accepted the payment order. Florida law defines a “security procedure” in relevant part as “a procedure established by agreement of a customer and a receiving bank for the purpose of ... [verifying that a payment order or communication amending or canceling a payment order is that of the customer.” Fla. Stat. § 670.201. The “security procedure” under Florida law is not limited to what the parties expressly define as the “security procedure,” but incorporates all procedures agreed upon by the parties to serve that purpose.
These parties agreed to two procedures for verifying the authenticity of payment orders. Section 5(i) provides that “[t]he parties shall comply with the security procedure selected on Annex 1 to this Agreement.” And Section 5(iii) provides that “[a]t its option, the Bank may use, in addition to the Security Procedure selected by the Client, any other means to verify any Payment Order or related instruction.” These provisions, when read together, establish that Chavez agreed to the use of *905both the required procedure he selected in Annex 1 and any other security procedures adopted by the Bank, in its discretion, to verify the payment order.
The majority contends that “any other means” is not synonymous with “additional security procedures agreed upon by the parties” because the Agreement had already defined “Security Procédure” in a more limited manner, Majority Opinion at 901-02, but that argument both misreads the Agreement and Florida law. Section 5(iii) provides that, “[a]t its option, the Bank may use, in addition to the Security Procedure selected by the Client, any other means to verify any Payment Order or related instruction.” Section 5(iii) reflects that the Bank must use the security procedure selected by the customer in Annex 1 and that the Bank, at its option, may also employ additional security procedures. The use of the words “in addition” and “any other means” clarify that the additional means envisioned are additional security procedures, as does the location of this provision in section 5, which is titled “Security Procedure.” And Florida law defines “Security Procedure” in section 670.201 in language that tracks the text of section 5(iii) of the Agreement. Section 670.201 defines a security procedure as “a procedure established by agreement ... for the purpose of ... [verifying ... a payment order,” Fla. Stat. § 670.201, and section 5(iii) permits the Bank to use “any other means to verify any Payment Order.”
The majority also misreads section 5(ii) of the Agreement. Section 5(ii) provides, in relevant part, that “unless and until any additional or different procedures are specified in a writing that is signed by the Bank and made a part of this Agreement, the use of the Security Procedure in the manner set forth in this Agreement shall be the sole security procedure required with respect to any Order.” According to the majority, this language “shows that the parties agreed upon only the security procedure selected by Chavez in the annex.” Majority Opinion at 901. But the majority reaches this conclusion by relying on the word “sole” at the expense of the rest of the provision. See id. The text clarifies that the security procedure selected in Annex 1 was the “sole security procedure required with respect to any Order.” But that provision does not undermine the discretionary authority granted to the Bank in section 5(iii) to adopt additional security procedures to verify payment orders. When section 5(ii) is read in the light of section 5(iii), the meaning of the Agreement is evident. Chavez could not require the Bank to adopt “any other means” under the Agreement, but he could also not object to the adoption by the Bank of any other means because he had agreed to that exercise of discretion by the Bank. Contrary to the majority’s suggestion, see id. at 903, the amendment process is still meaningful under this reading because Chavez could not gain greater rights to security under the Agreement without the consent of the Bank.
The majority attempts to distinguish Filho v. Interaudi Bank, No. 03 Civ. 4795(SAS), 2008 WL 1752693 (S.D.N.Y. Apr. 16, 2008), on the ground that the agreement in that case “explicitly granted to the bank the right to select the security procedure,” Majority Opinion at 902, but the Agreement in this appeal too explicitly granted the bank the right to select an additional security procedure. The only difference between this case and Filho is that the Agreement in this case also established a minimum level of security selected by Chavez that the Bank had to provide to him. The creation of that minimum baseline of security does not override the additional grant of authority to the Bank to use additional means to verify the authenticity *906of payment orders. To the extent that the Bank adopted additional procedures in this case and those procedures were commercially reasonable, the Bank may rely on them under section 202. See Fla. Stat. § 670.202(2).
B.The Bank Adopted Commercially Reasonable Procedures.
Although section 5(iii) of the Agreement allowed the Bank to adopt additional security procedures, those procedures had to be commercially reasonable for Chavez to bear the risk of loss under section 202. The Bank performed several security procedures to determine the authenticity of the allegedly fraudulent order: the Bank employee checked the presenter’s identification, compared the signature on the written order to the signature on file, verified the accuracy of the account number provided on the order, reviewed the availability of sufficient funds to process the requested order, and confirmed that Chavez had a funds transfer agreement in place for the account.
The security procedures adopted by the Bank for payment orders on Chavez’s account were commercially reasonable. The Florida statute instructs us to consider several factors to determine commercial reasonableness:
The commercial reasonableness of a security procedure is a question of law to be determined by considering the wishes of the customer expressed to the bank; the circumstances of the customer known to the bank, including the size, type, and frequency of payment orders normally issued by the customer to the bank; alternative security procedures offered to the customer; and security procedures in general use by customers and receiving banks similarly situated.
Fla. Stat. § 670.202(3). All of these factors weigh in favor of a finding of commercial reasonableness. The Bank complied with Chavez’s requested security procedure and adopted additional procedures for Chavez’s protection. Chavez had certified in the Agreement that “the Security Procedure is sufficient to protect the interests of the Client in light of the Client’s needs, and no special circumstances exist with respect to the Client that would require any other security procedure.” The Bank offered, and Chavez rejected, two different security procedures that would have utilized individual passcodes and test keys. And an expert for the Bank presented undisputed testimony that the security procedures used by the Bank satisfied the prevailing standards in the banking industry.
C.The Bank Complied with Its Security Procedure in Good Faith When It Accepted the Payment Order.
The final requirement for the application of the safe harbor provision of section 202 is that the Bank acted in good faith and in compliance with the agreed-upon security procedures when it accepted the payment order. See Fla. Stat. § 670.202(2). The district court held that “Mercantil acted in good faith in accepting and processing the subject payment order.” Chavez did not challenge this holding on appeal. Chavez waived any argument that the Bank did not act in good faith and in compliance with its security procedures when it accepted the order. See United States v. Nealy, 232 F.3d 825, 830 (11th Cir.2000).
D.Conclusion.
For the foregoing reasons, I respectfully dissent. I would affirm the judgment in favor of the Bank.