How do the courts deal with the victims of invoice fraud?

17 July, 2018

We are continuing to regularly hear about incidents of invoice fraud as discussed in my previous article here.  The usual scenario is where a customer intends to make payment to a supplier but is instead

directed to make payment to a fraudulent third party, usually because the fraudster has intercepted the supplier’s emails or hacked either email account.  Although this type of fraud is common, there have been very few reported cases on it, which is why the recent case of J Brazil Road Contractors v Belectric Solar Ltd [2018] (Case No: C1EQ331C2 County Court at Canterbury 22 January 2018 WL 01993147) is of interest.

In this case it was found that the customer of a contractor had no defence to the contractor’s claim for payment of its bill where the contractor’s BT email account had been hacked and unbeknown to the contractor, the customer had received an email from the contractor’s email account directing them to make payment to the fraudster’s account which they duly did. The court found that both the customer and the contractor were innocent victims of the scam but the customer was still liable to pay the contractor.

In terms of court proceedings, the contractor issued a claim for payment and the customer filed a short defence to argue that payment had already been made.  The contractor applied for summary judgment which was granted on paper and the customer applied to set it aside – that application was unsuccessful.  The customer appealed and the appeal was dismissed.

 The arguments raised

 During the proceedings the customer put forward the following main unsuccessful arguments:-

  • The customer could rely on the fraudulent instructions because they purported to come from the contractor’s email address.
  • The use of the contractor’s email even by a hacker amounted to ostensible authority for which the contractor is responsible.
  • The case was one of public importance and therefore the case should go forward to trial.

It was found that:

  • Both the contractor and customer had been victims. 
  • The hacker was not an agent of either party.
  • The customer had not made payment.
  • There were insufficient grounds to argue that the case was one of public importance and the customer had no real prospect of defending the claim.

Interestingly the appeal judge commented on other possible arguments which had not been raised in the case but which might be of use in similar matters:

  • If would have assisted the customer if they could have shown that the contractor was already aware prior to payment by the customer that the email account had been hacked and was being used to divert invoice payments.
  • It is well known that emails are not secure and unless the contractor represented to the customer that its BT email account was secure, a defence based on estoppel (an argument that the contractor’s own actions for example by not sufficiently securing its email account, prevent it from seeking a remedy at court) would not succeed. 
  • To avoid summary judgment a customer could argue that disclosure of fraudulent activity on the account is required and this could be a compelling reason as to why the matter should proceed to trial.

 Take away points

 Customers and suppliers both need to be alive to the risk of invoice fraud and email hacking as both will potentially be victims.

  • It would be wise for suppliers to encourage their customers to contact them before making any payments and to make them aware of potential invoice fraud.
  • Customers should always telephone ahead to a verified person at their supplier before making any payment to check the account details with them.
  • If a supplier becomes aware that their emails have been hacked they should take immediate action to secure the email account and keep a written record of the steps taken.

See here for more tips on how to protect your business from this type of fraud and what action to take where funds have been paid out as a result of fraud.