Jump To: The Facts | The Travelers Coverage | The Conclusion

On October 31, 2017, the U.S. District Court for the District of New Jersey released its decision in Posco Daewoo America Corp. v. Allnex USA, Inc. and Travelers Casualty and Surety Company of America. This case features an interesting twist on the usual social engineering fraud claim scenario, in that it was the intended payee of the funds, not the payor, which asserted a claim under its own crime policy for recovery of funds which the payor had been duped into paying to an impostor. This type of claim has been referred to as a “reverse” social engineering fraud claim. Numerous such claims have been advanced by intended payees recently, typically when it comes to light that the payor did not maintain its own social engineering fraud coverage.

The Court applied traditional concepts of ownership in finding that the intended payee did not “own” the funds at any time, and thus could not establish that its claim met the ownership condition in its policy.

Continue Reading Posco Daewoo: U.S. District Court rejects Creditor’s “Reverse” Social Engineering Fraud Claim under its own Crime Policy

Jump To: The Facts | The Tort of Conversion and the Bills of Exchange Act | The Conclusion

On October 27, 2017 the Supreme Court of Canada released its long-awaited decision in Teva Canada Ltd. v. TD Canada Trust. In a 5:4 decision, the Supreme Court held that two banks that accepted fraudulent cheques procured by a dishonest employee were strictly liable in conversion to the employer, and could not establish the “fictitious or non-existing payee” defence afforded by subsection 20(5) of the Bills of Exchange Act.

The decision is a welcome development for Canadian fidelity insurers who seek to subrogate against banks in respect of certain types of employee cheque frauds. The Supreme Court reversed the decision of the Court of Appeal for Ontario, which had found that the payees were either fictitious or non-existing. The Supreme Court’s decision places fidelity insurers in an excellent position to look to banks as subrogation targets in appropriate circumstances.

Continue Reading Teva: Supreme Court of Canada rejects Fictitious or Non-Existing Payee Defence in finding Collecting Banks Liable for Employee Cheque Fraud

Blaneys partners David Wilson and Chris McKibbin will attend the joint FLA/ABA FSLC Conference. The FLA Conference on November 8 will focus on contemporary fidelity insurance issues, including social engineering fraud claims, knowledge of prior dishonesty, rescission, forensic investigations and communications with claimants and witnesses. The curriculum is designed for fidelity claims professionals, underwriters and lawyers. Chris will moderate the panel entitled The Future Ain’t What It Used To Be: Challenges Facing Fidelity and Commercial Crime Insurers in the 2020s. This panel addresses developing fidelity risks and exposures such as social engineering fraud, ransomware and Bitcoin and other cryptocurrencies.

  • To register, or for more information, click here.
  • A copy of the conference brochure may be accessed here.

The ABA FSLC Fall Meeting on November 9-10 is entitled “Managing and Litigating the Complex Fidelity Claim.” The program is designed as a workshop that will help fidelity claims professionals and lawyers gather useful practical tips to employ in claims handling. The program will feature a number of panel discussions on topics such as effective communications with insureds, discoverability of insurance company documents, ethics considerations, confidentiality agreements and litigation strategies. Chris will participate in the panel entitled Criminal Prosecution of the Accused, which considers how the fidelity claim investigation is affected by parallel criminal investigation and prosecution.

  • To register, or for more information, click here.
  • A copy of the conference brochure may be accessed here.
JUMP TO: THE FACTS | THE COMPUTER FRAUD COVERAGE | THE CONCLUSION

On August 1, 2017, the U.S. District Court for the Eastern District of Michigan released its decision in American Tooling Center, Inc. v. Travelers Casualty and Surety Company of America. The Court held that a vendor impersonation fraud loss did not fall within the terms of a crime policy’s computer fraud coverage. In coming to this conclusion, the Court found there was no direct causal link between the receipt of fraudulent emails by an insured requesting payment to the fraudster’s bank account, and the insured’s authorized transfer of funds to that bank account.

Continue Reading American Tooling Center: U.S. District Court finds no Coverage for Social Engineering Fraud Loss under Crime Policy’s Computer Fraud Insuring Agreement

JUMP TO: THE FACTS | THE FUNDS TRANSFER FRAUD COVERAGE | THE CONCLUSION

On July 4, 2017, the Alberta Court of Queen’s Bench released its decision in The Brick Warehouse LP v. Chubb Insurance Company of Canada. The Court found that a vendor impersonation loss did not fall within the terms of a crime policy’s Funds Transfer Fraud coverage. The case represents the first social engineering fraud decision in Canada since the widespread introduction of discrete social engineering fraud coverage, and confirms the principles adopted in several recent American social engineering fraud decisions, including the Ninth Circuit’s decision in Taylor & Lieberman (see our April 3, 2017 post), on which the Court expressly relied.

Continue Reading The Brick: Alberta Court of Queen’s Bench finds no Coverage for Social Engineering Fraud Loss under Crime Policy’s Funds Transfer Fraud Insuring Agreement

JUMP TO: THE FACTS | THE OWNERSHIP CONDITION | THE CONCLUSION

Guest Co-Author: John Tomaine

On May 31, 2017, the Eighth Circuit Court of Appeals released its decision in 3M Company v. National Union Fire Insurance Company of Pittsburgh, PA. The Court affirmed the decision of the U.S. District Court for the District of Minnesota (see our October 13, 2015 post), which had applied a crime policy’s ownership condition in ruling that the insured did not have coverage for the loss of investment earnings incurred when an investment entity in which it had a limited partnership interest collapsed due to the entity’s principals’ Ponzi scheme. The Eighth Circuit’s decision provides a good illustration of the interaction between the ownership condition and statutory and common law concepts of “ownership” as they relate to partnerships.

Continue Reading 3M: Eighth Circuit applies Crime Policy’s Ownership Condition in finding No Coverage for Loss of Undistributed Limited Partnership Earnings in Investment Fraud

JUMP TO: THE FACTS | THE INVENTORY EXCLUSION | THE CONCLUSION

The inventory exclusion precludes an insured from proving an employee theft loss solely by reliance on inventory calculations, independent of other proof of actual employee theft. A recent decision of the Court of Appeals of Kentucky, Khazai Rug Gallery, LLC v. State Auto Property & Casualty Insurance Company, provides a good example of the application of the inventory exclusion, and makes important findings with respect to whether it is appropriate to infer a connection between a demonstrated instance of employee theft and another similar instance for which there is insufficient independent evidence.

Continue Reading Khazai Rug: Court of Appeals of Kentucky applies Crime Policy’s Inventory Exclusion to Alleged Employee Theft Loss

Several recent decisions, such as Telamon Corporation v. Charter Oak Fire Insurance Company (see our March 13, 2017 post), have highlighted the importance of assessing the precise legal status of an alleged defaulter’s work relationship vis-à-vis the insured as part of a proper coverage analysis. The decision of the U.S. District Court for the Central District of California in Commercial Ventures, Inc. v. Scottsdale Insurance Company provides another example of the courts considering this challenging issue. In Commercial Ventures, the Court dealt with an alleged defaulter who was both a minority owner and the President of the insured, and specifically addressed whether contingent ownership distributions constituted “salary, wages or commissions” within the crime coverage’s definition of “Employee”.

The Facts

Commercial Ventures had two affiliated companies, Noblita, LLC (“Noblita”), which operated an apparel business, and Daylight Investors, LLC (“Daylight”), which owned 49 per cent of Noblita. Rik Guido personally owned another 49 per cent of Noblita, and was also its President. As an owner of Noblita, Guido was entitled to receive $27,500 per month, but only under certain conditions.

Noblita’s Limited Liability Company Operating Agreement (the “Operating Agreement”) defined Guido’s compensation as follows:

Mr. Guido will not be paid for such services [as President], but so long as (1) he is President of the Company and rendering his full time services to the Company (and in compliance with the terms of this Agreement) and (2) the company has adequate monies, Mr. Guido will receive a Distribution of twenty–seven thousand five hundred dollars ($27,500) per month.

The Operating Agreement defined “Distribution” as “the transfer of money or property by [Noblita] to one or more Members without separate consideration.”

In November 2013, Daylight sued Guido in state court, alleging that Guido participated in a fraudulent scheme whereby he transferred money and inventory from Noblita to a Florida-based company in which he had an ownership interest.

Commercial Ventures maintained a Business Management Indemnity Policy with Scottsdale, under which both Noblita and Daylight were additional insureds. The policy’s crime coverage included coverage for employee theft. Daylight notified Scottsdale of a potential employee theft loss arising from Guido’s alleged actions.

Scottsdale inquired as to the nature of Guido’s role with Noblita. Noblita’s controller advised that Guido was not entitled to take any distribution from Noblita unless the company had adequate monies or was profitable. The controller added that, during the majority of the months in which Guido worked for Noblita, it had negative operations and Guido was therefore not entitled to any distribution.

In Scottsdale’s view, Guido was a non-salaried member of Noblita, and was therefore not an “Employee” within the meaning of the crime coverage.

The Employee Theft Coverage

Scottsdale moved for summary judgment before the District Court on this issue. The crime coverage defined “Employee” as:

Any natural person while in the services of the Insured, including sixty (60) days after termination of service; provided the Insured:

i. compensates such person directly by salary, wages or commissions; and

 ii. has the right to direct and control such person while performing services for the Insured.

 The parties’ dispute centred on whether Guido’s contingent compensation constituted “salary, wages or commissions”. Commercial Ventures asserted that, because the crime coverage did not define the terms “salary, wages or commissions”, the terms were ambiguous. The Court considered dictionary definitions of those terms:

Salary

  • fixed compensation paid regularly for services.”
  • [a]n agreed compensation for services—esp. professional or semiprofessional services usu. Paid at regular intervals on a yearly basis, as distinguished from an hourly basis.”

Wage

  • a payment usually of money for labor or services usually according to contract and on an hourly, daily, or piecework basis.”
  • [p]ayment for labor or services, usu. Based on time worked or quantity produced; specif., compensation of an employee based on time worked or output of production.”

Commission

  • a fee paid to an agent or employee for transacting a piece of business or performing a service.”
  • [a] fee paid to an agent or employee for a particular transaction, usu. as a percentage of the money received from the transaction.”

The Court noted that the parties were in agreement that “salary, wages or commissions” constituted compensation for a person’s services, and held that:

… the Court finds that the definition of “employee” is unambiguous as it is clearly defined in the policy. In addition, “salary, wages or commissions” — words used to define “employee” — are not ambiguous as they are only subject to one interpretation in this case as well. Therefore, the issue becomes solely whether there is a triable issue of fact as to whether Plaintiff paid Mr. Guido for his services, in turn, meaning whether he was paid “salary, wages, or commissions.” [citations omitted]

The Court then considered whether Guido’s contingent compensation under the Operating Agreement could be considered “salary, wages or commissions”. The Court observed that accepting the insured’s arguments on this issue would entail that the definition of “Distribution”, which specifically indicated that distributions were made “without separate consideration”, would be meaningless, as would the provision stipulating that “Mr. Guido will not be paid for” his services as President. In accepting Scottsdale’s view, by contrast:

… the Court may give these provisions their plain meaning and may still read the Operating Agreement as a cohesive whole. In other words, in the Court’s view, it appears that the parties, as reflected in the Operating Agreement, intended to appoint Mr. Guido as President of Noblita and to provide him with ownership distributions. The Operating Agreement did not intend, however, to compensate Mr. Guido for his services as President; rather, it compensates him in his role as an owner through distributions only. Though the Operating Agreement indicates that Mr. Guido is entitled to his owner distributions only so long as he served as President, this does not mean that his owner distributions are intended to compensate him for his services. [emphasis added]

Consequently, Guido was not an “Employee” and no indemnity was available.

Conclusion

Although the decision is based on the interpretation of the specific contract between Noblita and Guido, Commercial Ventures provides general guidance as to the proper interpretation of the definition of “Employee” found in many crime coverages, as well as the meaning of the specific terms “salary, wages or commissions”. The Court rejected the insured’s contention that these terms were ambiguous, and found that ownership distributions did not fall within their ambit. The interpretive approach adopted in Commercial Ventures will be of assistance to fidelity claims professionals in assessing whether individuals who maintain both ownership and other roles within an insured come within the definition of “Employee”.

Commercial Ventures, Inc. v. Scottsdale Insurance Company, 2017 WL 1196462 (C.D. Cal.)

In the recent decision of Taylor & Lieberman v. Federal Insurance Company, the Ninth Circuit Court of Appeals affirmed a decision of the U.S. District Court for the Central District of California holding that a business management firm did not have coverage in respect of client funds which it was fraudulently induced to wire overseas.

While the District Court had held that the insured had failed to establish that it had sustained any “direct” loss at all (see our July 14, 2015 post), the Ninth Circuit affirmed the result on other grounds, holding that the insured had also failed to establish that the loss came within the substantive requirements of any of the Forgery, Computer Fraud or Funds Transfer Fraud insuring agreements.

The Facts

Taylor & Lieberman (“T&L”) was an accounting firm which also performed business management and account oversight services for various clients, including the client in issue. Clients’ funds were held in separate bank accounts maintained with City National Bank. Clients granted Powers of Attorney over their accounts to a designated individual at T&L, permitting transactions to be made in the accounts.

A fraudster obtained access to the client’s email account and sent two emails from that account to a T&L employee, as follows:

  • The first email directed the employee to wire $94,280 to an account in Malaysia. The employee did so, and then sent a confirming email to the client’s email account.
  • The next day, the employee received another email from the client’s account directing her to wire $98,485 to an account in Singapore. The employee again complied, and again sent a confirming email to the client’s email account.

The employee then received a third email, purportedly from the client, but sent from a different email address. The employee contacted the client by phone, and discovered that all three emails were fraudulent. T&L was able to recover some of the funds, but had to reimburse its client and incurred a net loss of nearly $100,000.

T&L submitted a claim under each of its Forgery Coverage, its Computer Fraud Coverage and its Funds Transfer Fraud Coverage. The District Court held that each of these coverages required “direct loss sustained by an Insured” and that, as a matter of law, no direct loss had been sustained.

On appeal, the Ninth Circuit did not disturb the finding with respect to direct loss, but affirmed the result on the basis that T&L had failed to establish that the loss came within the scope of any of the insuring agreements.

The Forgery Coverage

The Ninth Circuit quickly dismissed T&L’s contention that this insuring agreement’s requirement of a “Forgery or alteration of a financial instrument” did not require proof of a “Forgery” of a financial instrument, because the insuring agreement required only proof of an alteration of a financial instrument or a free-standing “Forgery” of any document, of any type. The Court held that the insuring agreement plainly required either a “Forgery” or an alteration of a financial instrument.

More substantively, the Court rejected T&L’s contention that the emails to T&L were financial instruments:

Here, the emails instructing T&L to wire money were not financial instruments, like checks, drafts, or the like. See Vons Cos., Inc. v. Fed. Ins. Co. … (C.D. Cal. 1998) (holding that wire instructions, invoices, and purchase orders were not “documents of the same type and effect as checks and drafts.”). And even if the emails were considered equivalent to checks or drafts, they were not “made, drawn by, or drawn upon” T&L, the insured. Rather, they simply directed T&L to wire money from T&L’s client’s account. In sum, there is no forgery coverage.

The Computer Fraud Coverage

The Computer Fraud insuring agreement required T&L to demonstrate “an unauthorized (1) “entry into” its computer system, and (2) “introduction of instructions” that “propogate[d] themselves” through its computer system.” The Court held that the sending of an email, without more, did not constitute an unauthorized entry into T&L’s computer system. Further, the emails were not an unauthorized introduction of instructions that propagated themselves through T&L’s computer system:

The emails instructed T&L to effectuate certain wire transfers. However, under a common sense reading of the policy, these are not the type of instructions that the policy was designed to cover, like the introduction of malicious computer code. … Additionally, the instructions did not, as in the case of a virus, propagate themselves throughout T&L’s computer system; rather, they were simply part of the text of three emails.

The Funds Transfer Fraud Coverage

The Funds Transfer Fraud insuring agreement indemnified against:

fraudulent written, electronic, telegraphic, cable, teletype or telephone instructions issued to a financial institution directing such institution to transfer, pay or deliver Money or Securities from any account maintained by an Insured Organization at such Institution, without an Insured Organization’s knowledge or consent.

The Court held that the requirements of the insuring agreement were not met:

This coverage is inapplicable because T&L requested and knew about the wire transfers. After receiving the fraudulent emails, T&L directed its client’s bank to wire the funds. T&L then sent emails confirming the transfers to its client’s email address. Although T&L did not know that the emailed instructions were fraudulent, it did know about the wire transfers.

Moreover, T&L’s receipt of the emails from its client’s account does not trigger coverage because T&L is not a financial institution.

As a result, there was no coverage available under the Federal policy.

Conclusion

Following the Fifth Circuit’s decision in Apache (see our October 24, 2016 post), the Ninth Circuit’s decision in Taylor & Lieberman provides another example of a clear trend on the part of the courts to refuse to find coverage for social engineering fraud losses under the “traditional” crime policy coverages (typically, computer fraud and funds transfer fraud coverages, but occasionally, as here, other coverages as well). The proliferation of social engineering frauds has created a new exposure for insureds, and fidelity insurers have responded by creating discrete social engineering fraud coverages. Like Apache, Taylor & Lieberman serves as a cautionary tale to businesses (and to their brokers) of how a business may be exposed to an uninsured loss in the event that it does not maintain such coverage.

Taylor & Lieberman v. Federal Insurance Company, 2017 WL 929211 (9th Cir.)

Guest Co-Author: John Tomaine

On March 16, 2017, the U.S. District Court for the Northern District of Georgia released its decision in InComm Holdings, Inc. v. Great American Insurance Company. The Court held that Great American’s computer fraud coverage did not respond where holders of prepaid debit cards used multiple simultaneous telephone calls to exploit a coding error in the insured’s computer system, thereby fraudulently increasing the balances on the cards. The Court also applied the recent appellate decisions in Apache (see our October 24, 2016 post) and Pestmaster (see our August 4, 2016 post) in holding that the loss scenario did not meet the direct loss requirement in the computer fraud insuring agreement.

The Facts

InComm was a debit card processor. Individuals could purchase prepaid debit cards issued by banks and then utilize InComm’s system to load funds onto those cards. InComm’s processing system consisted of an Interactive Voice Response (IVR) system and an Application Processing System (APS). The IVR system permitted cardholders, using telephone voice commands or touchtone codes, to load credit onto their cards. The APS provided transaction processing in respect of transaction instructions received through the IVR system. After the APS carried out the requested instruction, it would communicate the result to the IVR system, which would then report the result to the cardholder.

To add value to a card, a cardholder could purchase a chit from a retailer, which would then relay the funds to InComm by transferring them to an account maintained by InComm with Wells Fargo. To redeem the chit, the cardholder would call the IVR system and provide the unique PIN printed on the chit. The IVR system would then relay the information to the APS, which would verify the data and then add the value of the chit to the card.

After a chit is redeemed, InComm transfers the equivalent amount of funds to the bank that issued the card. The funds are then maintained by the issuing bank for the benefit of the cardholder until the cardholder makes a purchase, at which point the issuing bank remits funds to the vendor. InComm is not involved in payments by banks to vendors.

InComm contracted with Bancorp to serve as program manager for cards issued by Bancorp. When a Bancorp cardholder redeemed a chit, InComm would transfer the equivalent dollar amount from its Wells Fargo account to a special settlement account held at Bancorp in Bancorp’s name. The InComm-Bancorp contract provided that “[Bancorp] shall hold all Cardholder Balances in a fiduciary or custodial manner on behalf of [InComm] as holder[ ] of the Cardholder Balances for the benefit of Cardholders” and that “all Cardholder Balances shall be held in trust for the benefit of the Cardholders”.

For a period of several months in 2013 and 2014, there was a coding error in the IVR system which permitted a chit to be redeemed multiple times. Cardholders could exploit the coding error by making multiple simultaneous telephone calls to the IVR system, redeeming their chit multiple times, and obtaining multiples of the value of the chits, which were then used by the cardholders to make purchases. As a result of the misuse of the IVR system, InComm wired $10,769,039 to Bancorp in connection with these fraudulent transactions. Bancorp transmitted most of these funds to vendors, but currently retains $1,880,769 of the wrongfully-redeemed funds in its trust account.

The Computer Fraud Coverage

InComm submitted a claim under its computer fraud coverage, which provided that Great American would:

… pay for loss of, and loss from damage to, money, securities and other property resulting directly from the use of any computer to fraudulently cause a transfer of that property from inside the premises or banking premises:

a. to a person (other than a messenger) outside those premises; or

b. to a place outside those premises.

Great American reasoned that the cardholders had not engaged in computer fraud within the meaning of the policy, as they had utilized telephones, not computers, to make the calls. Great American also took the view that any loss to InComm was not a loss “resulting directly” from computer fraud. The Court accepted Great American’s position on both issues.

Relying on the Ninth Circuit’s recent Pestmaster decision, the Court held that the cardholders’ telephone usage could not be construed as the “use” of a computer, notwithstanding that their telephones were ultimately communicating with a computer system:

Use” also is not defined in the Policy. The word commonly is defined as to “take, hold, or deploy (something) as a means of accomplishing or achieving something; … A person thus “uses” a computer where he takes, holds or employs it to accomplish something. That a computer was somehow involved in a loss does not establish that the wrongdoer “used” a computer to cause the loss. To hold so would unreasonably expand the scope of the Computer Fraud Provision, which limits coverage to “computer fraud.” Cf. Pestmaster … (“Because computers are used in almost every business transaction, reading [a computer fraud insurance policy] provision to cover all transfers that involve both a computer and fraud at some point in the transaction would convert this Crime Policy into a ‘General Fraud’ Policy.”). It also would violate the Court’s obligation to read the Policy “as a layman would read it and not as it might be analyzed by an insurance expert or an attorney.” … Lawyerly arguments for expanding coverage to include losses involving a computer engaged at any point in the causal chain — between the perpetrators’ conduct and the loss — unreasonably strain the ordinary understanding of “computer fraud” and “use of a[ ] computer”. …

 The Policy does not cover InComm’s losses resulting from the unauthorized redemptions, because the cardholders used telephones, not computers, to perpetrate their scheme. [emphasis added]

Direct Loss

The Court also held that InComm had not established that it had sustained a loss “resulting directly” from the cardholders’ conduct. The Court observed that, under the terms of InComm’s contract with Bancorp, InComm retained an interest, as trustee, in the funds so long as they continued to be held by Bancorp. Consequently, a transfer from InComm’s Wells Fargo account to Bancorp was not itself a loss. The earliest that a loss could occur was when funds were paid out by Bancorp to vendors to settle the cardholders’ expenditure of the fraudulently-redeemed chits.

The Court continued:

This conclusion is underscored by the fact that funds wired to Bancorp, as a result of the fraudulent chit redemptions, are still in the Bancorp Account almost three years after the chits were wrongfully redeemed. That is, these funds have not been lost. InComm’s loss thus did not result “directly” from the fraudulent redemptions, because it occurred only after InComm wired money to Bancorp, after the cardholder used his card to pay for a transaction, and after Bancorp paid the seller for the cardholder’s transaction. … The losses here did not occur when funds were sent to Bancorp’s premises. They occurred when funds were sent, by Bancorp, to the premises or accounts of merchants from which cardholders purchased goods or services. [emphasis added]

The Court also observed that, even if the loss had occurred earlier in the process (i.e., when the funds left Wells Fargo), the loss still did not result directly from the chit redemptions. Great American pointed out that those fraudulent redemptions did not automatically transfer funds to issuers like Bancorp. A redemption did not reduce the available assets in InComm’s hands; instead, a redemption only triggered InComm’s contractual obligation to an issuer to fund the redemption.

The Court agreed. Relying on Pestmaster and Apache, the Court held that:

… InComm’s loss resulted directly — that is, immediately — from InComm’s decision to wire the funds to Bancorp, not from the cardholders’ redemptions. Apache, and the cases it discusses, warn that to find coverage based on the use of a computer, without a specific and immediate connection to a transfer, would effectively convert a computer fraud provision into a general fraud provision. … To accept InComm’s argument that the cardholders’ fraudulent redemptions resulted directly in the transfer of funds from InComm to Bancorp — where InComm itself chose to make the transfer — would violate the admonition in Apache and the other cases addressing computer fraud coverage.

The computer fraud insuring agreement in InComm’s policy is identical to the one at issue in Apache. Apache involved a social engineering fraud where someone impersonating a representative of Apache’s vendor sent “new” bank information to Apache via email, resulting in invoice payments being misdirected. In that case, the Fifth Circuit pointedly used language to lay the loss at the feet of the insured:

Doubtless, had the confirmation call been properly directed, or had Apache performed a more thorough investigation, it would never have changed the vendor-payment account information. Moreover, Apache changed the account information, and the transfers of money to the fraudulent account were initiated by Apache to pay legitimate invoices … Arguably, Apache invited the computer-use at issue, through which it now seeks shelter under its policy, even though the computer-use was but one step in Apache’s multi-step, but flawed, process that ended in its making required and authorized, very large invoice-payments, but to a fraudulent bank account.  

Similarly, the Court in InComm noted that:

InComm chose to wire funds to Bancorp because it was contractually required to do so and because, despite any reconciliation or verification process it had in place, it believed the redemptions were legitimate.

Then, borrowing language from Apache, the Court stated:

As in Apache, “the authorized transfer was made to the [Bancorp] account only because, after receiving [notice of the duplicate chit redemptions], [InComm] failed to investigate accurately new, but fraudulent, information provided to it.” [emphasis added].

Not only did the Apache and InComm courts refuse to find an “immediate” relationship between the alleged conduct and the claimed losses, they each observed that investigatory lapses on the part of the insureds could be considered intervening and superseding causes of their losses.

Conclusion

Although it arises from a rather complicated set of facts and legal relationships, InComm provides helpful general guidance on both the “use of a computer” and the “direct loss” requirements found in computer fraud insuring agreements.

The courts in Apache and Pestmaster recognized that computers are involved in virtually every business transaction, and that interpreting computer fraud coverage to cover every loss that involves both a computer and fraud at some point in the transaction would turn such coverage into a “general fraud policy”. The Court in InComm built on this insight by interpreting “the use of any computer to fraudulently cause a transfer” to require the fraudster’s use of a computer, not the use of a telephone to interact with the insured’s computer.

Further, the Court implicitly applied a “direct means direct” causation approach in finding that the loss was not one resulting directly from the cardholders’ conduct. This is underscored by the Court’s requiring a “specific and immediate connection” between the conduct and the loss, which could not be established, given the intervening steps which occurred here.

[Editors’ Note: Our guest co-author, John Tomaine, is the owner of John J. Tomaine LLC, a fidelity insurance and civil mediation consultancy in New Jersey.  After over thirty-one years with the Chubb Group of Insurance Companies, he retired as a Vice President in 2009.  He is an attorney admitted in Connecticut and New Jersey, and holds a Master’s Degree in Diplomacy and International Relations.  He is available to serve as an expert witness in fidelity claim litigation and to consult on fidelity claim and underwriting matters.]

InComm Holdings, Inc. v. Great American Insurance Company, 2017 WL 1021749 (N.D. Ga.)