Cybercrime: The use of electronic confirmation for verification and authentication purposes to authorise the release of funds

by | Apr 14, 2020 | Publications, Tech Law | 0 comments

In this current digital age, numerous electronic transactions take place online daily. A signature serves as a critical authentication and verification tool in commercial transactions, and it enables the process of giving instructions to take place with a reasonable expectation for compliance. In Global & Local Investments Advisors (Pty) Ltd v Fouche (71/2019) [2020] ZASCA 8 (delivered 18 March 2020), the Supreme Court of Appeal was called upon to decide whether a financial advisor can be held liable if it paid funds into fraudulent accounts based on a fake ‘signature’.

Overview of the case

In 2015, Mr Nickolaus Ludick Fouché (hereinafter referred to as “Mr Fouché”), a mining consultant, gave a written mandate (hereinafter referred to as “the mandate”) to Global and Local Investments Advisors (PTY) LTD (hereinafter referred to as “Global”) to act as his agent and invest money with a bank on his behalf. The mandate stipulated that all instructions must be sent to Global by fax or either by email with Mr Fouché’s signature.

In August 2016, as a result of Mr Fouché’s Gmail account being hacked by fraudsters, three emails were sent to Global using Mr Fouché’s authentic email credentials with instructions that funds be to be transferred to a third party. The emails ended with the word “Nick”.

Following this instruction, Global paid out R804 000,00 (eight hundred and four thousand rands) from Mr Fouché’s account to an unknown third party in three different days in August 2016. When Mr Fouché became aware of this, he notified Global that the emails had not been sent by him. He, therefore, claimed payment of the amounts paid to the third party on the basis that Global had acted contrary to the terms of the mandate.

Global’s defence to the claim is that the instructions emanated from Mr Fouché’s legitimate email address. Therefore, Global submitted that it acted within the terms of the mandate. Furthermore, in terms of section 13(3) of the Electronic Communications and Transactions Act 25 of 2002 (hereinafter referred to as “the Act”), the typewritten name “Nick” at the end of the email, satisfied the signature requirement.

High Court’s decision

The High Court found in favour of Mr Fouché. It stated that the mandate ‘specifically required the signature of the Mr Fouché for a valid instruction and not merely an email or fax message purporting to be sent’.

The learned Judge concluded that Global’s conduct conflicts with the terms of the mandate which required an instruction bearing Mr Fouché’s signature. He added that “Signatures are used as a basis to determine authority and can be checked for authenticity“. The typewritten name of Mr Fouché at the end of the email was not enough to satisfy the signature requirement in terms of the Act. Consequently, Global’s conduct was found to be unlawful, and as a result, Mr Fouché’s claim was successful.

The Supreme Court of Appeal’s decision

The Supreme Court of Appeal dismissed Global’s Appeal with costs stating that the emails “were not written nor sent by the person they purported to originate from. They are fraudulent as they were written and dispatched by person or persons without the authority to do so. They are not binding on Mr Fouché.”

Conclusion

This case demonstrates that online commercial transactions are very much susceptible to hacking. This is a warning to clients to ensure that when doing business online they should always insist on confirmation methods like a one-time pin sent to their mobile phone for verification and authentication, or physical written and signed letters and not just an email or fax for purposes of online commercial transactions.

Contact us at SchoemanLaw Inc for all your Cyber Crime related issues.

<download here>

Other Articles you might be interested in:

Return to articles