Defend Truth

GROUNDUP

High court orders financial services firm to pay client over R800,000 lost in cybercrime fraud

High court orders financial services firm to pay client over R800,000 lost in cybercrime fraud
The high court in Johannesburg has ordered PSG Wealth Financial Planning to pay a client more than R800,000, plus interest, which was stolen by fraudsters through email cybercrime. (Archive photo: Ashraf Hendricks)

Judge found that PSG Wealth Financial Planning had not complied with its own policy to protect clients against cybercrime.

The high court in Johannesburg has ordered a financial services company to pay a client more than R800,000 stolen by fraudsters through email cybercrime.

Judge Denise Fisher ruled in favour of Jan Jacobus Gerber who sued PSG Wealth Financial Planning for the loss he sustained due to the unlawful electronic transfer of money intended for his retirement that he had invested with the company.

Judge Fisher said it had become routine for business to be conducted via email and it had now become common for these emails to be accessed remotely by fraudsters. She said business email compromise (BEC) had become rife and that both parties had been victims of the fraud.

“The question is, who should bear the losses,” she said.

Judge Fisher said Gerber had a share portfolio which had been managed by PSG, through its representative Jonathan Fisher, for more than a decade.

Gerber had a share and cash portfolio with investments totalling R855,413 as at September 2019. This could be liquidated and paid out at Gerber’s request.

The Judge said that the contact between Fisher and Gerber was rare. The dealings entailed no more than a monthly statement, detailing his account activity, sent via email to Gerber.

Then, in October 2019 there was a “somewhat unusual request” when Fisher received an email, purportedly from Gerber, requesting to liquidate R250,000. The email also provided details of a new bank account with FNB.

Fisher emailed back, asking for confirmation of the new account. An email was sent back, containing a letter, ostensibly from FNB, which appeared to have an official bank stamp and reflected that the account had been opened in 2002.

Judge Fisher said PSG branches were run on a franchise system, and as part of that agreement, were given access to a central client service which could verify bank account details. The FNB account details were sent for verification. The report came back that the identity attached to the FNB account did not match Gerber’s details. It showed that the account had in fact only been opened less than three months prior, and the phone number and email address were not valid.

However, Fisher said these verification reports were often unreliable. His personal assistant Jocelyn van Stavel emailed Gerber to confirm that this was his account.

“Unsurprisingly, came the response from the hijacked email that the payment should be made into it,” Judge Fisher said.

When Van Stavel made a “courtesy” call to Gerber to let him know the money had been paid, Gerber had been driving and responded ‘goed so’ (‘that’s fine’) — although he did not know what she was referring to.

A second email from the hacker soon followed asking for more money, which was paid out, effectively wiping out Gerber’s investment.

Judge Fisher said the emboldened hacker was alerted by Van Stavel that Gerber’s wife also had an investment account. The hacker then requested R400,000 from his wife’s account. But when that email arrived, Van Stavel testified that “something didn’t look right”.

Fisher then contacted his clients, who both confirmed they had not asked to withdraw any funds.

A subsequent investigation revealed that Gerber’s email had been hacked, and all the emails to and from PSG were diverted to a separate file which did not appear in his inbox or outbox.

PSG argued that while it had a duty to protect Gerber’s money, it could not be liable for loss under circumstances in which his computer system had been hacked. This was a “tacit term” of the agreement, it said.

But Judge Fisher said to import such a term would be counterintuitive. “The protection against technological fraud would be meaningless if the client had to assume the obligation to prevent hacking. After all, [PSG] is paid handsomely for the services provided, including the provision of fraud protection,” she said.

“There is no evidence that [Gerber] did anything or failed to do anything to protect his system from being hacked. He testified that his system was password protected and that he had an effective virus protection installed. This was not challenged.”

Judge Fisher said the contracts dictated that instructions had to be given via email and “arguably [PSG] thus assumed the risk of employing this system of communication”.

The Judge said the call to Gerber had been a “courtesy call”, not one seeking confirmation that the monies were to be paid into another bank account.

PSG had not established that it complied with its contractual obligations to protect Gerber against cybercrime, she said. Judge Fisher ordered PSG to pay Gerber R811,488.98, plus interest and the costs of the application. DM

First published by GroundUp.

Gallery

Comments - Please in order to comment.

Please peer review 3 community comments before your comment can be posted

X

This article is free to read.

Sign up for free or sign in to continue reading.

Unlike our competitors, we don’t force you to pay to read the news but we do need your email address to make your experience better.


Nearly there! Create a password to finish signing up with us:

Please enter your password or get a sign in link if you’ve forgotten

Open Sesame! Thanks for signing up.

We would like our readers to start paying for Daily Maverick...

…but we are not going to force you to. Over 10 million users come to us each month for the news. We have not put it behind a paywall because the truth should not be a luxury.

Instead we ask our readers who can afford to contribute, even a small amount each month, to do so.

If you appreciate it and want to see us keep going then please consider contributing whatever you can.

Support Daily Maverick→
Payment options

Daily Maverick Elections Toolbox

Download the Daily Maverick Elections Toolbox.

+ Your election day questions answered
+ What's different this election
+ Test yourself! Take the quiz