When Kingsport, Tenn.,-based construction company TennesseeElectric filed suit against its bank, the $278 million TriSummitBank, also headquartered in Kingsport, it drew a line in the legalsand that could change the fundamental relationship betweenbusiness customers and their banks.

Stung by a $327,000 cyberheist, TEC claimed that the fault isTriSummit's and the construction company wants its money back. Italso has asked the court to award $2 million in punitivedamages.

Usually in cases involving businesses, such as the recentcase involving BancorpSouth and Choice Escrow, the presumptionhas been that the bank will prevail.

That is very different than with consumer fraud cases which fallunder Regulation E, federal doctrine that limits the banking lossesconsumers may suffer.

Businesses, by contrast, fall under the Universal CommercialCode, which offers much more protection to banks andcorrespondingly little to businesses.

But the TEC case may turn that assumption on its ear.

Why does this matter to credit unions?

Francois Henriquez, a lawyer with Shutts and Bowen in Miami whoprimarily handles credit union clients, said that every largecredit union he works with is in member business services or islooking to get into it.

It's an attractive revenue stream, Henriquez elaborated, andmany credit unions appear to believe they can very capably servesmall and mid-sized businesses.

Both sides of this story in Tennessee are not yet known. WhatTEC has said is damning, indicated multiple experts, assuming thefacts are not later shown to be different by TriSummit.

Apparently, Russian hackers dipped into the TEC account andstole $327,000. Roughly $135,000 was “clawed back byTriSummit,” reported security blogger Brian Krebs,who broke this story.

Best guesses are that malware was downloaded to TEC's computersand the criminals got the login credentials that way.

Either way, TriSummit paid out 55 ACH transfers, according toTEC's complaint, and – in a departure from norm – TriSummit did notseek verbal confirmation of the transfers in a phone call.

The phone call is key.

As recently as February 2012, TriSummit and TEC had agreed touse telephone verification before ACH payments wereprocessed. That call was supposed to come in on a line thatis recorded. Apparently no such call came in, or so TECalleged in its complaint.

“TriSummit is toast,” Aite analyst Julie Conroy said.

However, she stressed that in her opinion this case will notaffect future cybersecurity litigation. The facts, at leastas presently known, turn on the bank's failure to follow through onthe telephone verification procedures to which it hadagreed.

“There was a written agreement that the bank will do XYZ and itdidn't,” Conroy said.

Kenneth Ehrlich, co-chair of the financial services practice atlaw firm Nutter in Boston, where he said he represents eight ornine credit unions, stressed that in his view none of this changesanything for financial institutions.

“The financial institutions will win if there are no facts thatshow culpability on the part of the FI,” he said.

Ehrlich added: “The credit union generally wins unless it screwsup.”

In this instance, TEC has alleged substantial bungling byTriSummit. The bank has not offered its side.

So if the decision goes against the financial institution, itcan be presumed it would be because of the bungling, not because ofany shift in perception of the legal protection enjoyed byfinancial institutions under the Universal Commercial Code.

“The member will not be able to hold the credit union liable ifthe credit union has been using commercially reasonableprocedures,” Henriquez said.

Don't be too quick to take solace from the opinions thatfinancial institutions will probably emerge from the TEC case nonethe weaker. That's because, Conroy said, threats aimed at you aremounting.

“We have seen a shift. Criminals are putting more focus onsmall and mid-sized business and also financial institutions,” shesaid.

It has become very difficult to breach the money center banks.Small financial institutions? Not so much.

“The bigger banks are putting in better defenses. Criminals willgo to smaller financial institutions,” Trusteer cyber fraud expertGeorge Tubin said. “Smaller FIs haveto wake up; there are very sophisticated cyber criminals and theyare coming after you.”

“The odds,” Conroy said, “shifted a long time ago. They now aresolidly in favor of the criminals.”