INTRODUCTION

On 2 September 2024, the Western Cape High Court delivered a judgement in a matter involving a business email compromise that affected the sale of a motor vehicle. In this instance, emails between the First Respondent, Motus Ford Culemborg, and the First Applicant, Movienet Networks (Pty) Ltd, duly represented by Mogambury Pather, the Second Applicant, containing bank account details were intercepted. This resulted in the Applicants making payment of a deposit into the bank account of a fraudulent third party. The dispute was centred on the release of the purchased vehicle and the responsibility for the intercepted deposit.

ISSUES

The Applicants sought an interim interdict forcing the dealership to release the vehicle. The Applicants argued that they fulfilled their obligations: the deposit was paid; financing was approved by ABSA Bank Limited; confirmation of insurance was provided; and the release note was signed.

The Respondents blamed cyber criminals for the interception of banking details, denied liability, and relied on a term of the contract of sale that stated that ownership and possession of the vehicle will remain with the dealership until full payment has been received.

THE COURT’S FINDINGS

The court ruled that while the Applicants had established a clear right to possess the vehicle, the Respondents’ contractual right to retain ownership until full payment complicated the matter. It was established that the interdict sought by the Applicants was not the appropriate remedy for resolving liability for the misdirected deposit and dismissed the application. The court emphasised the need for negotiation or alternative dispute resolution.

Furthermore, despite financing the purchase, the court held that Absa (“the Bank”) should not be awarded possession, as the ownership dispute centred on the Applicants and the First Respondent. The Bank had not actively pursued a claim, and the sale agreement lacked clarity on Absa’s rights in deposit fraud cases. The court found that Absa’s role was financial rather than managerial in resolving the dispute.

With regard to the interception of banking details, Bhoopchand AJ, made reference to the case of Edward Nathan Sonnenberg Inc v Hawarden¹, where the Supreme Court of Appeal ruled that ENS was not liable for a client’s financial loss due to business email compromise, stressing that verifying banking details is the payer’s responsibility. However, this case was distinguished by finding strong evidence that the email compromise originated from the Respondents’ side due to domain security vulnerabilities.

While purchasers must verify payment details, sellers also bear responsibility for securing communication channels. The Respondents’ failure to address cybersecurity risks and their delayed response to the Applicant undermined their defence.

Nonetheless, the court reaffirmed that if a purchaser transfers funds to a fraudulent third party instead of the seller, they remain liable for the debt.

CONCLUSION

This case serves as a cautionary account for both businesses and consumers navigating digital transactions. While cyber fraud remains a persistent challenge, proactive measures in email security, payment verification, and due diligence can mitigate risks. The evolving landscape of cyber crime will likely prompt further legal developments in determining liability in such cases, shaping the future of digital commerce and financial security. Moreover, the Applicants were unsuccessful in establishing a clear case for an interim interdict or vindicatory relief due to unresolved issues around ownership, possession and the disputed deposit.