Section 4-A-203. Unenforceability of Certain Verified Payment Orders.

(1) If an accepted payment order is not, under subsection (1) of Section 4-A-202, an authorized order of a customer identified as sender, but is effective as an order of the customer pursuant to subsection (2) of Section 4-A-202, the following rules apply:

(a) By express written agreement, the receiving bank may limit

the extent to which it is entitled to enforce or retain

payment of the payment order.

(b) The receiving bank is not entitled to enforce or retain

payment of the payment order if the customer proves that the

order was not caused, directly or indirectly, by a person (i)

entrusted at any time with duties to act for the customer

with respect to payment orders or the security procedure, or

(ii) who obtained access to transmitting facilities of the

customer or who obtained, from a source controlled by the

customer and without authority of the receiving bank,

information facilitating breach of the security procedure,

regardless of how the information was obtained or whether the

customer was at fault. Information includes any access

device, computer software, or the like.

(2) This section applies to amendments of payment orders to the same extent it applies to payment orders.