Cybercrime remains rife, despite the efforts to combat it. In a recent court case, the court reaffirmed the legal position as to who bears responsibility for payment where a third-party accesses an email system, changes the banking details, and payment is made into an incorrect account.
In brief, the facts of the matter under discussion are as follows:
Dealer 1 bought a car from Dealer 2. These dealers are dealers of the same car brand. Dealer 2 sent confirmation of banking details to Dealer 1 via email. Unbeknown to Dealer 2, its email system had been accessed by a third-party, who changed the banking details.
Dealer 1 proceeded to make payment without taking any steps to verify the account details. It later transpired that the payment was made into the incorrect bank account. Subsequently, Dealer 2 instituted action against Dealer 1 for non-payment of the purchase price.
Fraudulent activity of spoofing
In this case, it was important that, a few years before the incident, there was a notification to all the dealerships of this car brand warning them of the fraudulent activity of spoofing – whereby criminals access email systems and change banking account details.
To guard against such activities, the dealers had a protocol in place which required them to take steps to verify the banking details before making a payment. A principal at each dealership had to approve the payment requests. Therefore, salespersons could not make a payment without getting the principals’ approval. In this case, the salesperson of Dealer 1 did not verify the banking details. Additionally, the principal of Dealer 1, before approving the payment, had asked the salesperson whether she had verified the banking details, who responded affirmatively.
Dealer 1 raised the defence of estoppel at court and argued that it (Dealer 1) used the banking details received from Dealer 2. After considering a plethora of cases, the court dismissed the defence of estoppel and found in favour of Dealer 2. In arriving at its conclusion, the court considered that all dealerships of this car brand are aware of the ongoing fraudulent activities of this nature. The salesperson who had lied to her principal by saying that she had verified the banking details when she had, in fact, not done so.
Dealer 1’s argument that Dealer 2 should have implemented measures to prevent third parties from accessing its email system could not succeed because it (Dealer 1) did not tender any evidence that there were no measures to prevent such activities and/or evidence showing what Dealer 2 should have done to avoid such incidents.
Cybercrime will always be part of our lives
It is apparent that cybercrime will always be part of our lives and our approach, to combat it, will always be reactive. Whilst there are insurance policies purported to cater for such incidents, there are no guarantees that the policy will pay out for the loss suffered.
Different insurance policies provide different types of coverage. For example, some only assist with the investigation costs, some specifically exclude coverage for losses resulting from hacking incidents, whereas some only cover a certain percentage of the losses 
suffered. Potential policyholders need to assess their risks, with the assistance of an underwriter/broker, and take out appropriate cover.
From the above, it is evident that the debtor bears the ultimate responsibility of verifying banking details before making a payment. One pragmatic step of doing this is to make a telephone call to verify the banking details. Potential policyholders must implement and adhere to protocols intended to guard against cybercrime. Continuous awareness and training of staff members is necessary.
Mthokozisi Maphumulo | Senior Associate | Litigation Attorney | Adams and Adams | mail me |
Related FAQs: email spoofing – who is responsible for payment?
Q: What is the recent court ruling regarding responsibility for payment in cases of email system spoofing?
A: The recent court ruling reaffirms who bears responsibility for payment where the email system is spoofed.
Q: Why is it important to be aware of cybercrime risks in email systems?
A: Understanding cybercrime risks in email systems is crucial to prevent financial losses and maintain data security.
Q: How can individuals protect themselves from email system spoofing?
A: Individuals can protect themselves by being cautious of suspicious emails, avoiding clicking on unknown links and regularly updating security measures.
Q: What are some common cybercrime tactics related to email system spoofing?
A: Common cybercrime tactics include phishing emails, malware attachments and impersonation of legitimate entities through email.
Q: How are businesses affected by cybercrime in email systems?
A: Businesses may face financial losses, data breaches, damage to reputation, and legal implications due to cybercrime in email systems.
Q: Where can I find more information about cybersecurity and cybercrime prevention?
A: You can explore topics related to cybersecurity, cybercrime prevention, and legal responsibility on platforms like Biznews Premium.
Q: How can advertisers protect their online transactions from cybercrime?
A: Advertisers can enhance their online security by implementing secure payment processes. And by training employees on cybersecurity best practices and monitoring for suspicious activities.
