Loss Caused by Fraudulent Exploitation of Coding Error Does Not Implicate Computer Fraud Coverage

A Georgia federal district court has held that a fraudulent scheme using telephones to exploit a computer coding vulnerability in the insured’s system that ultimately led to a loss was not covered under a computer fraud provision in a commercial crime policy.  Incomm Holdings, Inc. v. Great Am. Ins. Co., 2017 WL 1021749 (N.D. Ga. Mar. 16, 2017).

The insured managed a prepaid card program.  As part of the program, cardholders would load funds onto prepaid cards issued by banks.  To load funds, the cardholders called a designated telephone number and inputted certain information.  As a result of the coding error in the insured’s computer system, cardholders were able to call into the system from multiple phones at the same time and make multiple loads, which enabled them to access more funds than they purchased.  Before the insured fixed the coding error, cardholders made approximately $10.3 million in unauthorized redemptions.  As required by contract, the insured paid that amount to the issuing bank.

The insured sought coverage under a computer fraud provision in its commercial crime policy, which afforded coverage for “loss of, and loss from damage to, money, securities and other property resulting directly from the use of any computer to fraudulently cause a transfer of that property from inside the premises or banking premises: a. to a person (other than a messenger) outside those premises; or b. to a place outside those premises.”  The insurer denied coverage, and coverage litigation ensued.

The district court granted summary judgment in favor of the insurer, holding that the loss did not fall within the scope of the crime policy’s coverage.

First, the court ruled that the loss was not caused by the “use[] of a computer.”  The court noted that each cardholder used a phone – which is not a “computer” – to make fraudulent redemptions.  The court also rejected the notion that the cardholders “used” the insured’s computer system, observing that “[l]awyerly arguments for expanding coverage to include losses involving a computer engaged at any point in the causal chain – between the perpetrators’ conduct and the loss – unreasonably strain the ordinary understanding of ‘computer fraud’ and ‘use of a[] computer.’”

As an alternate basis for its ruling, the court determined that the incident did not involve the “loss of … money … resulting directly from” computer fraud.  The court reasoned that the “loss” at issue was not the insured’s payment to the issuing bank, but instead occurred when the payments were made to merchants from the cardholder funds.  As such, the court ruled that the “loss” was not caused “directly” by the fraudulent customer loads, but instead the loss was caused “directly” by the insured’s decision to transfer funds to the bank, as required by its contract.

Tags

Wiley Executive Summary

Sign up for updates

Wiley Rein LLP Cookie Preference Center

Your Privacy

When you visit our website, we use cookies on your browser to collect information. The information collected might relate to you, your preferences, or your device, and is mostly used to make the site work as you expect it to and to provide a more personalized web experience. For more information about how we use Cookies, please see our Privacy Policy.

Strictly Necessary Cookies

Always Active

Necessary cookies enable core functionality such as security, network management, and accessibility. These cookies may only be disabled by changing your browser settings, but this may affect how the website functions.

Functional Cookies

Always Active

Some functions of the site require remembering user choices, for example your cookie preference, or keyword search highlighting. These do not store any personal information.

Form Submissions

Always Active

When submitting your data, for example on a contact form or event registration, a cookie might be used to monitor the state of your submission across pages.

Performance Cookies

Performance cookies help us improve our website by collecting and reporting information on its usage. We access and process information from these cookies at an aggregate level.

Powered by Firmseek