Don’t become a victim of cybercrime and EFT fraud…again!
27 Aug 2020
Everything from paying rent to paying for goods can now be done at the push of a button or the click of a mouse. Electronic funds transfers (“EFT’s”) are the most convenient way to effect payment. However, in the process, consumers open themselves up to being scammed by cybercrime or EFT fraud.
In recent case law, the High Court addressed the question of who bears the liability for any losses incurred as a result of EFT fraud. The first case that dealt with this issue is Fourie v Van der Spuy and De Jongh Inc. and Others. The client of a law firm applied to the High Court seeking an order for damages against two practising attorneys and their law firm. One of the attorneys had erroneously transferred funds out of the law firm’s trust account and into several bank accounts held by one or more unknown hackers due to a fraudulent email being sent from the client’s email account.
The Court placed the onus on the payor to confirm and verify any banking details, especially if these details were changed. The Court ordered the attorneys to pay the loss suffered by the client.
“It cannot be disputed by the Respondents that had the 2nd Respondent confirmed or verified the new bank details with the Applicant the fraud simply would not have occurred. It is abundantly clear from the facts that no verification process was followed and that the firm would have to carry the loss, not the Applicant.”
In Galactic Auto (Pty) Ltd v Venter and Mannesmann Demag (Pty) Ltd v Romatex the court used the example of a cheque being presented as a payment method:
“When a debtor tenders payment by cheque, and the creditor accepts it, the payment remains conditional and is only finalised once the cheque is honoured. Until that happens a real danger exists that the cheque may be misappropriated or mislaid and that someone other than the payee may, by fraudulent means, convert it into cash or credit, for instance, by forging an endorsement or by impersonating the true payee. That risk is the debtor’s since it is the debtor’s duty to seek out his creditor”
Cybercrime is currently regulated in terms of Chapter XIII of the Electronic Communications and Transactions Act 25 of 2002, but will in future be regulated by the Cybercrimes Bill (“Bill”) B 6B-2017. On 1 July 2020, the National Council of Provinces (NCOP) passed the Bill and now awaits President Cyril Ramaphosa’s approval so that it can be signed and accepted into law. The Bill specifically addresses cyber fraud in section 8 and cyber forgery in section 9. According to this Bill, a person guilty of such an offence may be convicted in terms of section 276 of the Criminal Procedure Act 51 of 1977, the penalties for which include imprisonment.
This Bill will open the door to new and interesting judgements by the Courts. However, for now, in order to mitigate your liability, we recommend adding a basic disclaimer to your email signature such as “Be aware of cyber fraud and cyber-related crimes. We will not accept any liability for any such fraud and the damages that may arise from acting on FRAUDULENT information, especially if the information requires a direct payment to an account that differs from our invoice/statement.”
- Data breaches: What is required?
- The role of directors in the age of cybercrime
- What happens when your attorney pays your money to the wrong person?
- Cybercrimes Bill under the spotlight
- Two important cases on EFT fraud
- Cybercrime: Business email compromises
- “Add to cart”: Doing business in a COVID-19 world part 2 – Business considerations