Call Today

When a Cyberfraud Case Becomes a Pleading Lesson: What Nathan’s Homes v. Fifth Third Bank Teaches About Commercial Wire-Transfer Litigation

Operations center with computers displaying red error messages and an access control keypad showing system failure

By Jeffrey T. Donner, Esq.

June 27, 2026

A business wakes up and discovers that $854,864 has disappeared from its bank account.

According to the complaint in Nathan’s Homes, Inc. v. Fifth Third Bank, N.A., that is what happened to a Florida business that maintained an account with Fifth Third Bank. The plaintiff alleged that the money was wired to two LLCs it did not recognize. The company promptly reported the problem to the bank. The dispute then escalated into federal litigation after the plaintiff alleged that the bank did not adequately resolve the issue, leaving the business to deal with returned checks, bank fees, lost business, layoffs, and broader operational damage.

Those facts are enough to get anyone’s attention. They also sound like the beginning of a lawsuit with serious consequences. But a lawsuit is not won because the facts sound bad. It is won, or lost, based on legal theories that actually fit those facts.

That is the central lesson of Judge Kyle C. Dudek’s order in Nathan’s Homes. The plaintiff filed an eleven-count complaint against Fifth Third Bank, asserting claims for violation of the Electronic Fund Transfer Act, breach of contract, negligence, gross negligence, negligent misrepresentation, fraudulent misrepresentation, intentional infliction of emotional distress, violation of FDUTPA, violation of Florida’s civil RICO statute, breach of fiduciary duty, and federal RICO.

Only one claim survived dismissal: negligent misrepresentation.

That does not mean the plaintiff proved its case. It does not mean the bank is liable. It means only that, at the motion-to-dismiss stage, the plaintiff pleaded enough to proceed on the theory that bank representatives allegedly made actionable statements about existing account-security protections.

The rest of the order is a useful reminder for businesses, banks, and litigators: commercial bank-fraud litigation is not a free-for-all. The account agreement matters. The governing law matters. The distinction between contract and tort matters. Fraud must be pleaded with particularity. RICO is not a substitute for a weak contract claim. And a corporation cannot recover for emotional distress.

The Account Agreement Was Not Background Paperwork

The first major issue was choice of law. The bank account agreement contained an Ohio choice-of-law provision applying to claims or disputes relating to or arising out of the agreement or services. The Court enforced that provision and applied Ohio law to the plaintiff’s state-law claims.

That point matters beyond this particular case. In commercial banking disputes, the account agreement often controls the battlefield before the parties ever get to discovery. Businesses sometimes think of bank documents as standardized paperwork that nobody reads. But when a large wire transfer disappears, those documents may determine the governing law, the applicable duties, the available remedies, the notice requirements, and the limits of liability.

A business client may see the issue simply: “Our money was stolen. The bank should have protected us.” But the court will ask different questions. What did the agreement require? What security procedures were available? What procedures were selected? What obligations did the customer assume? What law governs? What remedies did the parties preserve or limit?

Those questions are not technicalities. They often decide the case.

EFTA Did Not Apply Because the Plaintiff Was a Corporation

The plaintiff’s Electronic Fund Transfer Act claim failed because EFTA protects consumers, and the statute defines a consumer as a natural person. Nathan’s Homes was a corporation. That was fatal to the claim.

The plaintiff argued that discovery might show the account was used for purposes beyond business. The Court rejected that argument. The issue was not simply how the account was used. The problem was that the plaintiff was not a natural person.

That ruling is important because businesses sometimes reach for consumer-protection statutes after cyberfraud losses. The impulse is understandable. The company has lost money through an electronic transfer. The bank handled the account. The situation feels like something a consumer-protection statute should address.

But EFTA is not a general remedy for every unauthorized electronic funds transfer. A corporate plaintiff must fit its claim within the legal framework that actually applies to commercial accounts. That may mean contract law, Article 4A of the Uniform Commercial Code in the right case, misrepresentation, or another properly supported theory. But a corporation cannot become a “natural person” by describing the account as something other than purely commercial.

The Breach-of-Contract Claim Failed Because the Complaint Did Not Identify the Contract Provision Breached

The plaintiff’s breach-of-contract claim failed for a basic pleading reason. The complaint alleged that Fifth Third breached the account agreements and the implied covenant of good faith and fair dealing by failing to maintain reasonable security measures, failing to implement requested enhanced security measures, failing to investigate and reimburse unauthorized transactions, failing to act in good faith, and imposing improper fees and charges.

The Court held that was not enough because the complaint did not identify the specific contractual provision allegedly breached.

That is not a mere drafting preference. A breach-of-contract claim depends on the contract. If a plaintiff alleges that the bank had a contractual duty to implement certain security measures, investigate a fraud claim, reimburse unauthorized transfers, or avoid certain fees, the complaint should identify the contractual language that created those duties.

This is the kind of issue that separates a focused commercial complaint from a shotgun pleading. It is not enough to say, in substance, “The bank had a contract with us and did not protect us.” The pleading must connect the alleged misconduct to the actual contract.

The implied covenant of good faith and fair dealing does not solve that problem by itself. The implied covenant generally operates in relation to an express contractual obligation. It does not create an independent, free-floating duty to do whatever seems fair in hindsight.

For lawyers, the drafting lesson is direct: if the claim is contractual, plead the contract. Quote the operative provisions or identify them with precision. Do not make the judge infer what provision you mean.

Negligence Could Not Do the Work of Contract Law

The negligence and gross-negligence claims were also dismissed. Applying Ohio law, the Court held that the plaintiff’s negligence theories were barred by the economic loss rule because the alleged duties arose from the contractual banking relationship, not from an independent tort duty.

That conclusion is not surprising. The alleged duties were duties to maintain account security, monitor suspicious activity, investigate unauthorized transactions, and reimburse losses. Those duties existed, if at all, because of the account relationship and the parties’ agreements. Without the account and the banking contract, there would be no account to monitor, no wire-transfer relationship to administer, and no bank-customer framework for reimbursement.

The damages also sounded in economic loss: stolen funds, bank fees, supplier costs, lost revenue, business decline, credit harm, and reputational harm. The Court treated those as economic injuries, not separate physical injury to person or property.

This is a recurring problem in commercial litigation. When a party is harmed by another party’s poor performance, the word “negligence” often feels natural. But commercial carelessness is not always tortious negligence. If the alleged duty comes from the contract, and the damages are the same economic losses caused by the alleged contract failure, courts often keep the parties in contract law.

That does not mean banks can never face tort claims. It means the plaintiff must identify a duty independent of the contract and damages that are not simply the contract damages under a different label.

The Claim That Survived Was About What the Bank Allegedly Said

The negligent-misrepresentation claim survived because it was based on alleged statements by bank representatives concerning the current state of account security.

According to the complaint, the parties met several times to discuss improving the account’s security. The plaintiff alleged that Fifth Third representatives assured it that its funds were secure and that certain security measures “were” implemented. The Court treated those allegations as statements of present fact, not merely promises about future performance.

That distinction was crucial.

A statement that “we will improve your security later” is ordinarily a promise about future conduct. A statement that “these security protections are in place now” is different. If false, it may be an actionable misrepresentation of existing fact.

That is why the negligent-misrepresentation claim survived even though the negligence and contract claims did not. The Court could not determine, from the face of the complaint, whether the alleged security assurances were merely part of the written banking relationship or whether they were separate factual representations made by bank personnel. That uncertainty was enough to let the claim proceed.

For businesses, this is one of the most practical lessons from the case. If a bank representative makes a representation about security protections, confirm it in writing. If the bank says dual approval is active, confirm it. If the bank says wire blocks are in place, confirm it. If the bank says callback verification, positive pay, token authentication, or other fraud controls have been implemented, confirm it.

After a cyberfraud loss, the question may become very specific: What exactly did the bank say was in place before the money disappeared?

Fraud Must Be Pleaded Like Fraud

The fraudulent-misrepresentation claim did not survive. The Court held that the complaint failed to satisfy Rule 9(b), which requires fraud to be pleaded with particularity.

That means the complaint must allege the who, what, when, where, and how of the alleged fraud. General allegations about unnamed bank representatives and meetings at a branch are usually not enough.

This is another important drafting point. Fraud is a serious allegation. Courts require more than broad accusations and generalized descriptions. A plaintiff alleging fraud should identify who made the statement, when it was made, where it was made, what exactly was said, why it was false, how the plaintiff relied on it, and what damages resulted.

Negligent misrepresentation may sometimes survive with less detail, depending on the jurisdiction and the claim. Fraud usually will not.

RICO Was a Bad Fit for This Dispute

The plaintiff also pleaded federal RICO and Florida civil RICO claims. Both failed.

That part of the order should be read carefully by litigators. RICO has a gravitational pull in civil complaints because it sounds powerful. It suggests organized wrongdoing. It carries the possibility of treble damages. It changes the emotional temperature of a lawsuit.

But RICO is not a rhetorical device. It is not a way to make a commercial dispute look more serious. A civil RICO claim requires specific allegations of racketeering activity, a pattern, causation, injury, and an enterprise distinct from the defendant in the way the statute requires. If the plaintiff is really complaining about a bank’s handling of unauthorized transfers and reimbursement decisions, calling the dispute “racketeering” does not make it so.

The Court treated the RICO theories as conclusory efforts to transform a commercial banking dispute into something it was not. That is a dangerous move for any plaintiff. Overpleading can damage credibility. It can distract from the claim that might actually survive. And, as this order demonstrates, it can invite a direct judicial warning about frivolous pleading.

FDUTPA and Fiduciary Duty Also Failed

The FDUTPA claim failed because the Court applied Ohio law under the choice-of-law clause. The Court also noted that even if Florida law applied, FDUTPA contains exemptions for federally regulated banks, and the complaint alleged that Fifth Third was a national banking association.

The breach-of-fiduciary-duty claim failed for a different reason. Under Ohio law, an ordinary bank-customer relationship is not fiduciary in nature absent special circumstances. The plaintiff argued that the parties’ meetings about account security created such a relationship. The Court disagreed.

That result is consistent with the general commercial-law understanding of banking relationships. A bank may owe contractual duties. It may be required to follow applicable statutes and regulations. It may be liable for actionable misrepresentations. But an ordinary bank-customer relationship is usually an arm’s-length business relationship, not a fiduciary relationship.

Trusting a bank to hold money does not automatically make the bank a fiduciary. Nor does discussing account security necessarily transform the relationship into one of special trust and confidence.

A Corporation Cannot Suffer Emotional Distress

The intentional-infliction-of-emotional-distress claim was also dismissed. The Court held that the alleged conduct did not meet the high standard for outrageous conduct. More fundamentally, the plaintiff was a corporation.

A corporation can suffer economic damage. It can lose money. It can lose customers. It can suffer reputational harm. It can be impaired as a business. But it cannot suffer anxiety, humiliation, grief, or mental anguish.

That claim should not have been in the case.

The Court’s Warning About Shotgun Pleading Was the Real Message

The most pointed part of the order came at the end. Although the Court granted leave to amend, it warned that the complaint was a “textbook shotgun pleading” and “largely frivolous.” The Court cautioned that if the plaintiff amended, counsel needed to think carefully about which legal theories actually applied to the facts, or sanctions could follow.

That warning is the broader lesson of the case.

The plaintiff had one potentially viable theory: bank representatives allegedly made false statements about existing security measures, and the plaintiff allegedly relied on those statements. That theory survived.

But the complaint did not stop there. It added EFTA, FDUTPA, fiduciary duty, emotional distress, gross negligence, Florida civil RICO, and federal RICO. Most of those claims were either legally barred, poorly pleaded, or mismatched to the facts.

More claims do not always make a complaint stronger. Sometimes they make it weaker. A disciplined complaint tells the court what the case is really about. A bloated complaint tells the court that the plaintiff may not know.

Why This Case Matters for Businesses

For businesses, the lesson is not simply “banks are liable” or “banks are not liable.” The real lesson is that fraud prevention must be handled before the loss occurs.

Businesses should document bank-security discussions. They should know what protections are actually active on their accounts. They should not assume that a conversation at a branch means a security feature has been implemented. They should confirm, in writing, what fraud controls exist and what limits apply.

They should also understand that commercial accounts are not consumer accounts. The legal protections available to a business may differ significantly from the protections available to an individual consumer. That is especially important for companies that keep substantial funds in operating accounts or regularly send and receive wires.

A business that waits until after the money is gone may find that the account agreement, the governing law, and the bank’s security-procedure documents are far more important than anyone expected.

Why This Case Matters for Lawyers

For lawyers, Nathan’s Homes is a pleading lesson.

First, read the account agreement before drafting the complaint. The governing-law clause may control. The security-procedure provisions may define the duties. The notice provisions may create defenses. The limitation-of-liability language may shape the damages analysis.

Second, plead the contract claim like a contract claim. Identify the actual provisions breached.

Third, do not assume negligence will survive merely because the defendant’s conduct appears careless. If the relationship is contractual and the damages are economic, the economic loss rule may be a serious obstacle.

Fourth, if the case involves misrepresentations, separate statements of present fact from promises of future performance. That distinction may determine whether the claim survives.

Fifth, plead fraud with particularity. Name the speaker if possible. Identify the statement. Provide the date, location, context, falsity, reliance, and resulting damage.

Sixth, do not use RICO unless the facts actually support RICO. Courts know the difference between racketeering and a commercial dispute dressed up in racketeering language.

The Practical Bottom Line

Nathan’s Homes is not a final liability decision. It is a motion-to-dismiss order. The plaintiff still has to prove what happened, what was said, whether those statements were false, whether reliance was justified, and whether the alleged misrepresentations caused the loss.

But the order is still important because it shows how a court separates a potentially viable bank-fraud theory from a pile of legally defective claims.

The case is not really about whether cyberfraud is serious. It is. It is not really about whether losing $854,864 can devastate a business. It can. The case is about whether the complaint matched the law.

One claim did. Ten did not.

That is the lesson.