EFT Fraud and Legal Implications


Despite stringent FICA requirements on the opening bank accounts, it is common knowledge that you have little or no chance of identifying the individual behind the account with sufficient clarity to enable you to recover the money paid or prosecuting the culprits in the case of EFT fraud. Furthermore, and to add to the woes of the person who paid into the wrong account, the courts have been strict in leaving the responsibility for paying into the correct account to the payer.

In the case of Galactic Auto (Pty) Ltd v Venter a businessman bought a vehicle and did an EFT payment in response to an emailed invoice that he received from the car dealership. He then took delivery of the vehicle, without realizing that the invoiced email had been intercepted and changed and that his payment had been transferred into a fraudulent account. The dealership then claimed the purchase price from him.

Neither Venter nor the dealership confirmed that the banking details on the invoice were in fact correct. Only once the payment did not reflect in the dealership’s bank account did they realize what had happened. Investigations done thereafter revealed that the email had been intercepted and the details on the invoice were changed. The dealership then instituted legal proceedings against Venter for the purchase price of the motor vehicle.

The court ultimately decided that Venter was liable and was of the opinion that Venter should have verified the account number, before making the transfer and that he still owed the car dealer the money. The court further stated that Venter, as the debtor, bore the liability and risk in the situation where invoices were intercepted and fraudulently altered.

Our courts will treat such instances in the similar vein as a cheque that has been intercepted and misappropriated by a thief.

The court held that to detect interception and fraudulent alteration, the debtor was merely required to verify the bank account details with the creditor before making the payment. Had the debtor done this, the risk would have been mitigated.

As the use of EFTs are the preferred payment method, it is clear as to why this case should be a clear warning for all. The court will not assist those that it deems to be negligent and it is therefore even more important to have a system of checks and balances in place when dealing with any methods of payment. Without these measures, it is likely that by the time you realise that the invoice has been compromised, the money would have already disappeared.

In the case of Fourie v Van der Spuy and De Jongh Inc a client put funds into a trust account, but due to a fraudulent email, the payer paid over R1.7 million into an account from which the money was immediately withdrawn.

The court found that the payers should have taken precautions and that they were accordingly liable.

The court emphasized that had a verification process been undertaken, the fraud would not have occurred.

The legal principle that the debtor remains liable until the payment has been credited into the creditor’s bank account has not changed. The court emphasised that account details must be verified.

Verification can be done inter alia by:

  • Comparing and verifying the original documents received with proof of banking details;
  • Phoning the verified creditor and verifying the banking details;
  • Sending the account number separately via alternative communications (eg, WhatsApp);
  • Never using the words “Account/Payment Details/Banking Details” in the heading or reference of an email.

To conclude, we reiterate that parties cannot merely accept banking details supplied by email, even if the email appears genuine and seems to come from the correct sender, at the expected time. Measures must be taken to verify the bank details, before making the transfer.

Contributor: Hafsa Rajub
Designation: Attorney
Department: Litigation
Email: Hafsa@pgpslaw.co.za