Defend Truth


High court orders financial services firm to pay client over R800,000 lost in cybercrime fraud

High court orders financial services firm to pay client over R800,000 lost in cybercrime fraud
The high court in Johannesburg has ordered PSG Wealth Financial Planning to pay a client more than R800,000, plus interest, which was stolen by fraudsters through email cybercrime. (Archive photo: Ashraf Hendricks)

Judge found that PSG Wealth Financial Planning had not complied with its own policy to protect clients against cybercrime.

The high court in Johannesburg has ordered a financial services company to pay a client more than R800,000 stolen by fraudsters through email cybercrime.

Judge Denise Fisher ruled in favour of Jan Jacobus Gerber who sued PSG Wealth Financial Planning for the loss he sustained due to the unlawful electronic transfer of money intended for his retirement that he had invested with the company.

Judge Fisher said it had become routine for business to be conducted via email and it had now become common for these emails to be accessed remotely by fraudsters. She said business email compromise (BEC) had become rife and that both parties had been victims of the fraud.

“The question is, who should bear the losses,” she said.

Judge Fisher said Gerber had a share portfolio which had been managed by PSG, through its representative Jonathan Fisher, for more than a decade.

Gerber had a share and cash portfolio with investments totalling R855,413 as at September 2019. This could be liquidated and paid out at Gerber’s request.

The Judge said that the contact between Fisher and Gerber was rare. The dealings entailed no more than a monthly statement, detailing his account activity, sent via email to Gerber.

Then, in October 2019 there was a “somewhat unusual request” when Fisher received an email, purportedly from Gerber, requesting to liquidate R250,000. The email also provided details of a new bank account with FNB.

Fisher emailed back, asking for confirmation of the new account. An email was sent back, containing a letter, ostensibly from FNB, which appeared to have an official bank stamp and reflected that the account had been opened in 2002.

Judge Fisher said PSG branches were run on a franchise system, and as part of that agreement, were given access to a central client service which could verify bank account details. The FNB account details were sent for verification. The report came back that the identity attached to the FNB account did not match Gerber’s details. It showed that the account had in fact only been opened less than three months prior, and the phone number and email address were not valid.

However, Fisher said these verification reports were often unreliable. His personal assistant Jocelyn van Stavel emailed Gerber to confirm that this was his account.

“Unsurprisingly, came the response from the hijacked email that the payment should be made into it,” Judge Fisher said.

When Van Stavel made a “courtesy” call to Gerber to let him know the money had been paid, Gerber had been driving and responded ‘goed so’ (‘that’s fine’) — although he did not know what she was referring to.

A second email from the hacker soon followed asking for more money, which was paid out, effectively wiping out Gerber’s investment.

Judge Fisher said the emboldened hacker was alerted by Van Stavel that Gerber’s wife also had an investment account. The hacker then requested R400,000 from his wife’s account. But when that email arrived, Van Stavel testified that “something didn’t look right”.

Fisher then contacted his clients, who both confirmed they had not asked to withdraw any funds.

A subsequent investigation revealed that Gerber’s email had been hacked, and all the emails to and from PSG were diverted to a separate file which did not appear in his inbox or outbox.

PSG argued that while it had a duty to protect Gerber’s money, it could not be liable for loss under circumstances in which his computer system had been hacked. This was a “tacit term” of the agreement, it said.

But Judge Fisher said to import such a term would be counterintuitive. “The protection against technological fraud would be meaningless if the client had to assume the obligation to prevent hacking. After all, [PSG] is paid handsomely for the services provided, including the provision of fraud protection,” she said.

“There is no evidence that [Gerber] did anything or failed to do anything to protect his system from being hacked. He testified that his system was password protected and that he had an effective virus protection installed. This was not challenged.”

Judge Fisher said the contracts dictated that instructions had to be given via email and “arguably [PSG] thus assumed the risk of employing this system of communication”.

The Judge said the call to Gerber had been a “courtesy call”, not one seeking confirmation that the monies were to be paid into another bank account.

PSG had not established that it complied with its contractual obligations to protect Gerber against cybercrime, she said. Judge Fisher ordered PSG to pay Gerber R811,488.98, plus interest and the costs of the application. DM

First published by GroundUp.


Comments - Please in order to comment.

Please peer review 3 community comments before your comment can be posted


This article is free to read.

Sign up for free or sign in to continue reading.

Unlike our competitors, we don’t force you to pay to read the news but we do need your email address to make your experience better.

Nearly there! Create a password to finish signing up with us:

Please enter your password or get a sign in link if you’ve forgotten

Open Sesame! Thanks for signing up.

[%% img-description %%]

The Spy Bill: An autocratic roadmap to State Capture 2.0

Join Heidi Swart in conversation with Anton Harber and Marianne Merten as they discuss a concerning push to pass a controversial “Spy Bill” into law by May 2024. Tues 5 Dec at 12pm, live, online and free of charge.

A South African Hero: You

There’s a 99.8% chance that this isn’t for you. Only 0.2% of our readers have responded to this call for action.

Those 0.2% of our readers are our hidden heroes, who are fuelling our work and impacting the lives of every South African in doing so. They’re the people who contribute to keep Daily Maverick free for all, including you.

The equation is quite simple: the more members we have, the more reporting and investigations we can do, and the greater the impact on the country.

Be part of that 0.2%. Be a Maverick. Be a Maverick Insider.

Support Daily Maverick→
Payment options