The dangers of cybercrime and computer hacking were highlighted in a recent case before the Supreme Court of Appeal. Mosselbaai Boeredienste (Pty), trading as Mosselbaai Toyota, and OKB Motors CC, trading as Bultfontein Toyota, were involved in the dispute. The problem at hand involved the fraudulent diversion of electronic payment for a Toyota Etios. This incident serves as a stark reminder of the dangers that cybercriminals pose in the realm of electronic fund transfers.
The case began with an agreement between Bultfontein Toyota and Mosselbaai Toyota to purchase a Toyota Etios 1.5 Sprint. Before the vehicle could be released, Bultfontein Toyota was required to make a payment to Mosselbaai Toyota’s bank account. Mr Maritz, the sales manager at Mosselbaai Toyota, sent an invoice to Ms Marlie Steyn, the sales assistant at Bultfontein Toyota, after communicating via email and phone.
Bultfontein Toyota then paid the invoice amount of R159,353.76 into the specified bank account. However, it was later discovered that the invoice received by Ms Steyn was fraudulent. The banking information on the invoice had been replaced with those of another bank account, and payment was routed there. Even the proof of payment, which was sent to Mr Maritz via email, had changed banking information.
When the two dealerships discovered the fraud, they attempted to settle the matter amicably, but their efforts were futile. Mosselbaai Toyota eventually filed a lawsuit in the Bultfontein Magistrate’s Court against Bultfontein Toyota, seeking payment for the purchase price. Unfortunately for Mosselbaai Toyota, the court ruled against them, prompting an appeal to the Supreme Court of Appeal.
The case raised several important legal issues, including cybercrime liability and debtors’ responsibility to verify banking information. Judge Zeenat Carelse granted special leave to appeal and referred the case to the full court of the Free State Division of the High Court for further consideration, with the agreement of other judges.
Judge Carelse acknowledged the prevalence of cybercriminals targeting banking systems. She questioned whether the same legal principles that apply to intercepted cheques should be applied to cases involving intercepted electronic banking details. Conflicting high court rulings complicated matters even more.
One court ruled that the debtor is responsible for verifying the creditor’s banking information, while another ruled that a purchaser could not be held liable for funds transferred to an incorrect account due to fraudulent changes in the bank’s information. Furthermore, the court addressed the issue of negligence, with some decisions emphasising the importance of vigilance and contractual obligations when dealing with electronic transfers.
Bultfontein Toyota invoked the estoppel defence, claiming that Mosselbaai Toyota negligently misrepresented the accuracy of the banking details on the invoice. This defence was upheld by the trial court. Mosselbaai Toyota’s email system had been “spoofed,” and the interception occurred on their end. The court determined that Mosselbaai Toyota was aware of cybercrime risks in the automotive industry but failed to implement adequate preventative measures. As a result, the trial court ruled that Mosselbaai Toyota could no longer deny the changed bank details.
The Supreme Court of Appeal will now consider several factors in determining the appeal’s chances of success. These include the trial court’s failure to determine whether the alleged negligence was a direct cause of the payment being transferred to the wrong account, as well as the court’s failure to consider the foreseeability of damage caused by the third-party interceptor.
