Some people may be surprised how the courts interrupt what is a computer crime. In a recent case American Tooling Center Inc (ATC) v Travelers Casualty Insurance (Travelers) in US District court the Judge ruled that even though the manufacturer lost over $800,000 via the use of fraudulent e-mails the Travelers Cyber policy did not provide coverage for this exposure. From the court transcript:
“On March 18, 2015, ATC’s Vice President/Treasurer, Gary Gizinski, sent an email to his contact at YiFeng, requesting copies of all outstanding invoices. In response, Gizinski received an email purportedly from YiFeng, but which was actually sent by a third party. The third party made the email appear to be from YiFeng by using the “yifeng-rnould” domain, which is easily confused for the correct domain: “yifeng-mould.com”). The third party, pretending to be from YiFeng, instructed ATC to send payment for several legitimate outstanding invoices to a new bank account. Without verifying the new banking instructions, ATC wire transferred approximately $800,000 to a bank account that was not controlled by YiFeng. By the time the fraud was detected, the funds had been transferred and the wire transfers could not be retracted. YiFeng did not receive payment for the invoices, although ATC eventually paid YiFeng about 50% of the invoice amounts, or about $400,000.
ATC filed a claim under its Travelers insurance policy, which was denied. Travelers contends that ATC’s loss was not a “direct loss” that was “directly caused by the use of a computer,” as required by the policy. The policy covers “computer crime” as follows: “The Company will pay the Insured for the Insured’s direct loss of, or direct loss from damage to, Money, Securities and Other Property directly caused by Computer Fraud.” Pl.’s Ex. A (emphasis in original). “Computer Fraud” is defined as
The use of any computer to fraudulently cause a transfer of Money, Securities or Other Property from inside the Premises or Financial Institution Premises:
1. to a person (other than a Messenger) outside the Premises or Financial Institution Premises; or
2. to a place outside the Premises or Financial Institution Premises.”
The US District court ruled that the transfer of funds by ATC does not in of itself because of fraudulent e-mails fall under the definition of a direct use of computer and upheld Travelers denial of ATC’s claim.
This particular exposure would better have been handled under a properly endorsed Crime Policy.