Court Rules Computer Fraud Insurance Policy Inapplicable to Most Common Form of Computer-Related Fraud

PDF

Professionals

Practice Areas

R. Steven DeGeorge
Robinson Bradshaw Publication
Feb. 20, 2017

A federal appeals court has issued a ruling that is bad news for businesses victimized by computer fraud scams. The ruling renders computer fraud coverage virtually worthless in relation to the most common form of computer-related fraud. Although the ruling was issued under Texas law, it may signal a growing trend. The ruling underscores the importance of thorough investigation before making any payment that presents even a hint of irregularity.

The case, Apache Corporation v. Great American Insurance Company, arose from the sort of email scam we read about with growing frequency. In this instance, Latvia-based crooks targeted Apache Corporation, a sophisticated public company with annual revenues exceeding $6 billion. An email the fraudsters sent to Apache’s accounts-payable department appeared to come from a regular vendor, although the email domain name was modified slightly. The fraudulent email informed Apache that the “vendor” had changed banks, and future invoices should be sent to the new account. Attached to the email was a letter that appeared in all respects to have come from the actual vendor. The letter contained all necessary details regarding the old and new bank accounts. An Apache employee telephoned the number on the letterhead, and the “vendor” confirmed the change. Of course, like the email address, the telephone number belonged to the crooks. Apache later received legitimate invoices from the actual vendor, and wired about $7 million to the new account. 

Upon discovering the fraud, Apache asked its insurer to cover the loss under the “computer fraud” section of its crime insurance policy. The policy covers losses “resulting directly from the use of any computer to fraudulently cause a transfer” of money. Seems clear enough, but the insurance company denied the claim on the ground that the loss “did not result directly from the use of a computer nor did the use of a computer cause the transfer of funds.”

Apache sued the insurer, and the trial court granted summary judgment in Apache’s favor. However, the court of appeals sided with the insurer and vacated the judgment. Although the court of appeals conceded the crucial role of computer fraud in the loss, it nonetheless ruled that the policy provided no coverage. The court found that the “reason” Apache sent funds to the crooks’ bank account was not the email that fraudulently instructed Apache to use the account, but rather the invoices from its actual vendor. Notably, the court of appeals pointed out that a more careful investigation by Apache before sending the funds would have prevented the loss, suggesting that coverage may somehow depend on the insured’s vigilance. However, the insurance policy said nothing of the sort, and it is the inherent nature of fraud that the victim is duped into taking action.

The court of appeals’ decision teaches a couple of lessons. First, a computer fraud insurance policy providing coverage only where the loss is caused “directly” by the use of a computer may offer no coverage for the most common form of computer-related fraud. Second, businesses must investigate carefully before sending money under circumstances that appear abnormal in the slightest.

Main Menu

Robinson, Bradshaw & Hinson, P.A. Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek