CYBERCRIME – COURT REAFFIRMS WHO BEARS RESPONSIBILITY FOR PAYMENT WHERE EMAIL SYSTEM IS SPOOFED!!

Cybercrime remains rife, despite the efforts to combat it. In a recent court case, the court reaffirmed the legal position as to who bears responsibility for payment where a third-party accesses an email system, changes the banking details, and payment is made into an incorrect account.

In brief, the facts of the matter under discussion are as follows:

Dealer 1 bought a car from Dealer 2. These dealers are dealers of the same car brand. Dealer 2 sent confirmation of banking details to Dealer 1 via email. Unbeknown to Dealer 2, its email system had been accessed by a third-party, who changed the banking details. Dealer 1 proceeded to make payment without taking any steps to verify the account details. It later transpired that the payment was made into the incorrect bank account. Subsequently, Dealer 2 instituted action against Dealer 1 for non-payment of the purchase price.

In this case, it was important that, a few years before the incident, there was a notification to all the dealerships of this car brand warning them of the fraudulent activity of spoofing – whereby criminals access email systems and change banking account details. To guard against such activities, the dealers had a protocol in place which required them to take steps to verify the banking details before making a payment. A principal at each dealership had to approve the payment requests. Therefore, salespersons could not make a payment without getting the principals’ approval. In this case, the salesperson of Dealer 1 did not verify the banking details. Additionally, the principal of Dealer 1, before approving the payment, had asked the salesperson whether she had verified the banking details, who responded affirmatively.

Dealer 1 raised the defence of estoppel at court and argued that it (Dealer 1) used the banking details received from Dealer 2. After considering a plethora of cases, the court dismissed the defence of estoppel and found in favour of Dealer 2. In arriving at its conclusion, the court considered that all dealerships of this car brand are aware of the ongoing fraudulent activities of this nature. The salesperson who had lied to her principal by saying that she had verified the banking details when she had, in fact, not done so. Dealer 1’s argument that Dealer 2 should have implemented measures to prevent third parties from accessing its email system could not succeed because it (Dealer 1) did not tender any evidence that there were no measures to prevent such activities and/or evidence showing what Dealer 2 should have done to avoid such incidents.

It is apparent that cybercrime will always be part of our lives and our approach, to combat it, will always be reactive. Whilst there are insurance policies purported to cater for such incidents, there are no guarantees that the policy will pay out for the loss suffered. Different insurance policies provide different types of coverage. For example, some only assist with the investigation costs, some specifically exclude coverage for losses resulting from hacking incidents, whereas some only cover a certain percentage of the losses suffered. Potential policyholders need to assess their risks, with the assistance of an underwriter/broker, and take out appropriate cover.

From the above, it is evident that the debtor bears the ultimate responsibility of verifying banking details before making a payment. One pragmatic step of doing this is to make a telephone call to verify the banking details. Potential policyholders must implement and adhere to protocols intended to guard against cybercrime. Continuous awareness and training of staff members is necessary.

View Related Blogs
View All
news

No Tracker, No Payout: Court Denies Motor Insurance Claim

Introduction:  On 31 January 2025, the Pretoria High Court delivered a judgement in a motor insurance case in which the insurer rejected the policyholder’s claim following the theft of their ve...

Insurance LawMtho Maphumulo
news

POLICE SEIZE COUNTERFEIT GOODS WORTH R5 MILLION

Police in Limpopo have made a significant impact on the illegal trade of counterfeit goods, seizing items worth R5 million (approximately $271 723) in Musina. The operation, conducted by multiple la...

Adams NewsSouth Africa
news

MINISTRY ISSUES PIVOTAL REPORT ON PROTECTION AND ENFORCEMENT OF IP

The Ministry of Investments, Trade, and Industry has issued the Second International Symposium on Intellectual Property Protection and Enforcement (ISIPPE-2) report which aims to reinforce Kenya’s c...

Adams NewsKenya