§12A-4A-203.

§12A-4A-203.
   
   UNENFORCEABILITY OF CERTAIN VERIFIED PAYMENT ORDERS
   
   (a) If an accepted payment order is not, under subsection (a) of
   Section 10 of this act, an authorized order of a customer identified
   as sender, but is effective as an order of the customer pursuant to
   subsection (b) of Section 10 of this act, the following rules apply:
   
   (1) By express written agreement, the receiving bank may limit the
   extent to which it is entitled to enforce or retain payment of the
   payment order.
   
   (2) The receiving bank is not entitled to enforce or retain payment of
   the payment order if the customer proves that the order was not
   caused, directly or indirectly, by a person (i) entrusted at any time
   with duties to act for the customer with respect to payment orders or
   the security procedure, or (ii) who obtained access to transmitting
   facilities of the customer or who obtained, from a source controlled
   by the customer and without authority of the receiving bank,
   information facilitating breach of the security procedure, regardless
   of how the information was obtained or whether the customer was at
   fault. Information includes any access device, computer software, or
   the like.
   
   (b) This section applies to amendments of payment orders to the same
   extent it applies to payment orders.