                                                    [DO NOT PUBLISH]



            IN THE UNITED STATES COURT OF APPEALS

                    FOR THE ELEVENTH CIRCUIT

                   _____________________________

                            No. 14-12969
                        Non-Argument Calendar
                   _____________________________

                    Docket No. 1:12-cv-03010-ODE


METRO BROKERS, INC.,

                                                          Plaintiff-Appellant,

                                 versus

TRANSPORTATION INSURANCE COMPANY,

                                                         Defendant-Appellee.



                 _______________________________

               Appeal from the United States District Court
                  For the Northern District of Georgia
                ________________________________

                             (March 5, 2015)



Before TJOFLAT, WILSON and EDMONDSON, Circuit Judges.
PER CURIAM:



      In this insurance coverage dispute, Metro Brokers, Inc. (“Metro”) appeals

the district court’s (1) grant of summary judgment in favor of Metro’s insurer,

Transportation Insurance Company (“TIC”) and (2) denial of Metro’s motion for

reconsideration. No reversible error has been shown; we affirm.

      Metro is a real estate brokerage firm conducting business in Georgia. Metro

maintained bank accounts with Fidelity Bank (“Bank”) and used the Bank’s online

system to make payments from Metro’s accounts. On 10 December 2011, thieves

logged into the Bank’s online banking system using a Metro employee’s access ID

and password. Then, using a randomly generated single-transaction security code,

the thieves authorized various payments -- totaling over $188,000 -- from a Metro

client escrow account to several other bank accounts. Over $154,000 of the stolen

funds remains unrecovered.

      Although the exact details of the theft are unknown, the parties agree that all

available evidence suggests that the thieves used a key-logger virus known as

“Zeus” (which was found on several Metro computers) to gain access to Metro

employee access IDs and passwords.




                                         2
      Metro filed a claim for the loss under Metro’s insurance policy (“Policy”)

with TIC. TIC denied coverage based on the Policy’s malicious-code and system -

penetration exclusions. Metro, on the other hand, contends that the loss is not

excluded and is covered by the Policy’s Fraud and Alteration (“F&A”)

endorsement.

      In two detailed and well-reasoned opinions, the district court concluded that

the Policy did not cover Metro’s loss and, thus, that TIC was entitled to summary

judgment on Metro’s breach of contract claim. The district court determined that

Metro’s loss was not covered by the Policy’s F&A endorsement for two reasons:

(1) the fraudulent electronic transfers did not involve a “check, draft, promissory

note, bill of exchange, or similar written promise, order or direction to pay a sum

certain;” and (2) Metro’s loss fell within the Policy’s exclusions for losses caused

by malicious code or system penetration. Because Metro’s claim was not covered

under the Policy, the district court granted summary judgment for TIC on Metro’s

claims for breach of contract and for bad faith.

      We review de novo a district court’s grant of summary judgment, viewing

the evidence and drawing all reasonable inferences in favor of the non-moving

party. Harrison v. Benchmark Elecs. v. Huntsville, Inc., 593 F.3d 1206, 1211

(11th Cir. 2010).

                                          3
      Under Georgia law, “[a]n insurance policy is governed by the ordinary rules

of contract construction.” Banks v. Bhd. Mut. Ins. Co., 686 S.E.2d 872, 874 (Ga.

Ct. App. 2009). Whether the language in an insurance policy is ambiguous is a

matter of law for the court to decide. Id. “Extrinsic evidence to explain ambiguity

in a contract becomes admissible only when a contract remains ambiguous after

the pertinent rules of construction have been applied.” Claussen v. Aetna Cas. &

Sur. Co., 380 S.E.2d 686, 687 (Ga. 1989). “When the language of a policy is

unambiguous and capable of but one reasonable construction, we enforce the

contract as written.” Banks, 686 S.E.2d at 874. “The words used in policies of

insurance, as in all other contracts, bear their usual and common significance, and

policies of insurance are, as in all other contracts, to be construed in their ordinary

meaning.” Lawyers Title Ins. Corp. v. Griffin, 691 S.E.2d 633, 636 (Ga. Ct. App.

2010).

      Metro argues that its loss is covered by the Policy’s F&A endorsement. We

disagree. The Policy’s F&A endorsement provides that TIC “will pay for loss

resulting directly from ‘forgery’ or alteration of, on, or in any check, draft,

promissory note, bill of exchange, or similar written promise, order or direction to

pay a sum certain . . . .” The term “forgery” is defined in the Policy as “the signing

of the name of another person or organization with intent to deceive.”

                                           4
      The electronic fund transfers in this case did not involve a “check, draft,

promissory note, [or] bill of exchange.” The transfers also cannot be characterized

as involving a “written promise, order or direction to pay” that was “similar” to the

three enumerated instruments. Under both federal and Georgia law, electronic

fund transfers are distinguished from -- and treated differently from -- fund

transfers made by check, draft, or bill of exchange. See 15 U.S.C. § 1693a(7)

(emphasis added) (the Electronic Fund Transfer Act defines an “electronic fund

transfer” as “any transfer of funds, other than a transaction originated by check,

draft, or similar paper instrument, which is initiated through an electronic terminal,

telephonic instrument, or computer or magnetic tape so as to order, instruct, or

authorize a financial institution to debit or credit an account.”); O.C.G.A. § 11-4A-

108 (providing expressly that Georgia’s Uniform Commercial Code on fund

transfers does not apply to electronic fund transfers governed by the federal

Electronic Fund Transfer Act).

      Moreover, Metro has also failed to demonstrate that the theft involved the

“signing of [a] name,” as required under the Policy’s “forgery” definition.

Although the thieves used the stolen access ID and password to access the Bank’s

online system (and then used a randomly generated security code to authorize the




                                          5
transfers), nothing establishes that doing so constituted the “signing of the name of

another person or organization” under the terms of the Policy.

      First, nothing about the Policy’s provision that “signatures that are produced

or reproduced electronically” will be considered “the same as handwritten

signatures” -- in and of itself -- establishes that an access ID and password

constitute a “signature” (electronic or otherwise) within the meaning of the Policy.

      Second, contrary to Metro’s argument, the Georgia Court of Appeals’

decision in Allstate Ins. Co. v. Renshaw, 258 S.E.2d 744 (Ga. Ct. App. 1979), does

not control here. In Renshaw, the state court concluded a loss resulting from the

theft of plaintiff’s bank card and personal identification number (PIN) constituted a

“forgery” under plaintiff’s homeowners insurance policy. Because the policy

contained no definition of the term “forgery,” the court relied on the definitions of

“forgery” and “writing” found in Georgia’s criminal code. The court concluded

that the recording of plaintiff’s PIN number was a “writing” within the meaning of

Georgia’s criminal code. Here -- unlike in Renshaw -- the Policy defined

expressly and unambiguously the term “forgery.” Thus, we need not (and must

not) rely on Georgia’s criminal code to interpret the Policy’s language. The

question of whether the unauthorized use of Metro’s access ID and password was a

“writing” under Georgia’s criminal code has no significance to this case.

                                          6
       Because Metro has failed to demonstrate that its loss was covered under the

Policy’s F&A endorsement, TIC was entitled to summary judgment on Metro’s

breach of contract claim. See Allstate Ins. Co. v. Grayes, 454 S.E.2d 616, 618 (Ga.

Ct. App. 1995) (“To establish a prima facie case on a claim under a policy of

insurance the insured must show the occurrence was within the risk insured

against.”).

       We also agree with the district court’s conclusion that Metro’s claim fell

under the Policy’s malicious-code exclusion. * That the thieves (in some way) used

a computer virus to commit their theft is undisputed. The Policy defines

“malicious code” as including, among other things, “computer viruses.” Although

Metro argues that the computer virus did not in fact “cause” the loss (because of

the thieves’ intervening conduct), the Policy states unambiguously that it does not

cover losses “caused directly or indirectly” by malicious code “regardless of any

other cause or event that contributes concurrently or in any sequence to the loss.”

Based on this broad (but plain) exclusionary language, we conclude that Metro’s

loss is excluded.

       Because Metro’s loss is not covered by the Policy, Metro’s claims for both

breach of contract and for bad faith must fail. See Lawyers Title Ins. Corp. v.

*
 Because we conclude that Metro’s loss is excluded under the malicious-code exclusion, we do
not decide whether the loss would also fall under the system-penetration exclusion.
                                                7
Griffin, 691 S.E.2d 633, 636-37 (Ga. Ct. App. 2010) (concluding that, to establish

a bad faith claim under O.C.G.A. § 33-4-6, an insured must show, among other

things, that his claim is covered under the insurance policy).

      AFFIRMED.




                                          8
