The U.S. Fifth Circuit Court of Appeals recently overturned a summary judgment finding coverage for the insured under the insured’s crime-protection policy after falling victim to a fraud perpetrated, in part, through email. Apache Corp. v. Great Am. Ins. Co., 2016 WL 6090901 (5th Cir. Oct. 18, 2016).
The insured was defrauded by changing bank account information for a known vendor following an unauthorized request from criminals. The criminals emailed the insured from a similar, but false, email account confirming the change, and the insured confirmed the change by calling a telephone number provided in the falsified request. The insured then began making authorized payments of legitimate invoices from the vendor to the criminals’ bank account instead of to its vendor’s account.
The insured sought coverage under the “Computer Fraud” provision, which states, “[w]e will pay for loss of … money … resulting directly from the use of any computer to fraudulently cause a transfer of that property from inside the premises to a person (other than a messenger) outside those premises….” The insurer denied the claim because it argued the loss did not result “directly” from the use of a computer, as the insured confirmed the change via telephone, and because the use of a computer did not cause the transfer of funds as the invoices were approved and paid through the insured’s normal accounting procedures. The insured argued that the confirming telephone call and approval of the bank account change “[did] not rise to the level of negating the e-mail as being a ‘substantial factor.’” The insured sued, and the trial court granted the insured’s motion for summary judgment finding coverage under the policy.
On appeal, the Fifth Circuit made an Erie-guess as to the interpretation of the computer-fraud provision and reversed, concluding that the email was merely incidental to the authorized transfer of money and that the transfers were not made because of fraudulent information, but because the insured elected to pay legitimate invoices, albeit to the wrong account. Ultimately, the Fifth Circuit held that the computer fraud provision could not be interpreted as reaching any fraudulent scheme in which an email communication was part of the process.