Verify before you pay: South Africa’s SCA reinforces buyer’s duty in BEC fraud case, Reece Martin, Christopher MacRoberts, Ashleigh Maistry, Gina Willson

In Northcliff Nissan v Hyundai Louis Trichardt, South Africa’s Supreme Court of Appeal (SCA) confirmed that Hyundai Louis Trichardt (Hyundai) was responsible for paying for two vehicles it purchased, even though a cybercriminal had fraudulently redirected the payment.

This decision aligns with previous decisions involving Business Email Compromise (BEC) fraud, underscoring that it is the buyer’s responsibility to verify payment details before transferring funds.

Case Background

In October 2018, Northcliff Nissan sold two vehicles to Hyundai for R290,000. The agreement was that Hyundai would pay via electronic funds transfer (EFT) using the banking details provided on emailed invoices. The vehicles would be released once payment was received.

Although Northcliff Nissan sent invoices with the correct banking details, Hyundai mistakenly transferred the funds to a fraudulent account after receiving altered invoices. As a result, Northcliff Nissan never received the payment, leading to a legal dispute over whether Hyundai had fulfilled its payment obligations.

Regional Court Ruling

The Regional Court found that Hyundai had failed to verify the banking details and was therefore liable. It ordered Hyundai to pay the R290,000, plus interest and legal costs.

High Court Appeal

On appeal, the High Court reversed the decision. It ruled that Northcliff Nissan had not proven a breach of contract by Hyundai. Since the claim was contractual rather than delictual (based on wrongdoing), the burden was on Northcliff Nissan to prove Hyundai’s breach. The claim was dismissed with costs.

Supreme Court of Appeal judgment

The SCA disagreed with the High Court’s reasoning. It clarified that Northcliff Nissan’s claim was simply for payment of the purchase price. Hyundai, in turn, claimed it had already paid. Therefore, Hyundai had the burden of proving that payment was made correctly.

The SCA reaffirmed a key legal principle: in a sale, the buyer must ensure that payment reaches the seller’s correct bank account. An EFT is only complete when the funds arrive in the intended account.

Because Hyundai failed to verify the banking details and paid into a fraudulent account, it had not fulfilled its obligations. The SCA ruled that Hyundai remained liable for the payment.

Key Takeaways

BEC fraud is a growing threat in South Africa. The SCA emphasised the need for sound verification and payment controls.
Buyers must verify banking details. The debtor must ensure payment is made to the correct account. Applying a two-factor authentication control before making a payment, such as a phone call to verify emailed bank account details, is a sensible safeguard. Use any verification tools available to check bank account confirmation letters and invoices.
Falling victim to BEC fraud does not excuse payment obligations.
Creditors are not legally required to protect buyers against BEC fraud. The SCA reaffirmed this, in line with its earlier decision in ENS v Hawarden, especially when the buyer failed to take reasonable precautions.

If you need help improving your cyber risk strategy, contact our team for practical guidance and support.