In today’s digital economy, where transactions are often completed with a few clicks, a recent court decision has delivered a wake-up call to people in business: if you are the one paying, the risk is yours to manage.
The Supreme Court of Appeal’s ruling in Intengo Imoto (Pty) Ltd v Zoutpansberg Motor Wholesalers CC is not just a legal outcome — it’s a lesson. In this case, a buyer paid for two vehicles via electronic funds transfer (EFT), but the money landed in a fraudulent account due to a cyber scam. The seller never received the funds, and the buyer argued that it had fulfilled its obligation. The court disagreed. The message was clear: payment is only complete when the correct party receives the money. If you pay into the wrong account, even if tricked by a convincing email, you haven’t paid. The court emphasised that the onus is on the payer to verify banking details and ensure the funds reach the intended recipient.
This ruling aligns with another recent decision in Edward Nathan Sonnenberg Inc v Judith Mary Hawarden, where a buyer lost millions to a similar scam. The court refused to hold the law firm liable, noting that the buyer had multiple opportunities to verify the payment details but failed to do so. The court warned against creating “indeterminate liability” for service providers when clients neglect basic cyber hygiene.
Both cases highlight a growing threat: Business Email Compromise (BEC). BEC is a sophisticated form of cyber fraud where criminals intercept or impersonate legitimate email communications to manipulate payment instructions. These scams often succeed not because of technical brilliance, but because someone failed to double-check. In the eyes of the law, that failure can be costly.
Together, these cases signal a shift in judicial thinking: businesses must take proactive responsibility for digital risk. Courts are increasingly reluctant to protect those who fail to protect themselves.
What this means for businesses:
- Verification is non-negotiable: Before making any payment, especially for large transactions, verify the recipient’s banking details through a trusted, independent channel. A phone call to a known contact can prevent a loss of any amount (and especially when it its six figures!).
- Email is not secure: Avoid sending or relying on banking details via email. If you must, use encrypted platforms or secure portals. Cybercriminals are proficient at intercepting and manipulating email threads to insert false information.
- Train your teams: Ensure your finance and procurement teams are trained to spot red flags, like subtle changes in email addresses, urgent requests for payment, or last-minute banking changes. Most cyber scams often succeed because of human error, not technical failure.
In a world where one wrong click can cost millions, the courts have made it clear: when it comes to payments, vigilance is not optional, it is your responsibility.
This article was penned by Boitumelo Monnakgotla and Wildu du Plessis.