Payment Stolen by Impostor Will Not Be Covered Under Computer Fraud, Court Rules

After an impostor is able to steal from a company, is the insurance company responsible for lost revenue under a computer fraud clause?
By: | February 5, 2019

Posco Daewoo America Corp. imports and exports chemicals. Allnex USA Inc. is a leading supplier of specialty chemicals. Allnex owed Daewoo for a shipment of products, but an impostor stepped in before the bill could be settled.

The impostor posed as an employee of Daewoo and created a fake email account. They then sent an Allnex employee fraudulent emails requesting wire payments be sent. Over the next few months, the impostor was able to gain a total of $630,058 from Allnex through four separate bank accounts.

Then the fraud was discovered.

Allnex recovered $262,444, but Daewoo still wanted the remaining $367,613 to satisfy its original bill. Allnex disagreed. The company said that the unrecovered wire payments to the impostor satisfied the balance owed, and it was not responsible to pay that amount again.

Daewoo turned to its insurer Travelers Casualty and Surety Company of America. Daewoo said Travelers should indemnify it for the loss caused by the impostor, but Travelers denied the claim.

Travelers pointed to the policy’s computer fraud provision: “[t]he Company will pay the Insured for the Insured’s direct loss of, or direct loss from damage to, Money, Securities, and Other Property directly caused by Computer Fraud.”

In Travelers’ eyes, computer fraud was defined as “when someone hacks or obtains unauthorized access to or entry to a computer in order to make an unauthorized transfer.” The insurer said that no Daewoo computer w as hacked. The impostor used their own computer and created a fake account.

The court agreed, granting Travelers’ motion to dismiss without prejudice.

Scorecard: Because the account that was used to trick Allnex was not from a Daewoo computer, the computer fraud clause does not cover the lost money.

Takeaway: The digital age opens the door to many kinds of cyber attacks. Insurers can best prepare by writing detailed policies with specific exclusions when needed. This clearly defines coverages and avoids lengthy legal affairs down the road. &

Autumn Demberger is a freelance writer and can be reached at [email protected].

More from Risk & Insurance