Fraudsters targeting unsuspecting victims by way of cybercrime, internet fraud or a phishing scheme is becoming a common occurrence. Scams within the banking industry have notably become more prevalent on a global scale as ecommerce transactions increase. In a rather unusual case where fraudsters who received the details of an FNB client’s dormant account with a daily limit of R5000.00 and monthly limit of R999 999.00, the High Court was tasked with considering the banking relationship between a bank and its client.
On 31 August 2021, a judgment in the Northwest High Court (Mahikeng) was handed down by Judge Andre Petersen where FNB (the applicant) lost its bid to hold its client, Godfrey Kgethile (the respondent), responsible for its losses plus interest amounting to R2.9m. This amount was lost to a scammer after the respondent was a victim of a phishing scheme where he had been persuaded to reveal his bank details and personal information after being told that he had won a certain sum of money in foreign currency.
Background
On 30 August 2010, the applicant represented by a duly authorised employee and the respondent in his personal capacity, entered into a written agreement in terms of which the applicant opened a banking account termed a Smart Account for the respondent. The bank facility was a debit card account and was not to be used for credit transactions, as only funds belonging to the respondent could be used in the account due to no credit being granted to the respondent in terms of the account. In terms of the banking agreement, the respondent was obligated to report unauthorised transactions within 30 days from the date of receipt of the bank statement. Transactions not reported thereafter would be deemed correct and done with the respondent’s permission.
In it’s application, the applicant contended that the respondent breached the terms of the agreement by using funds which did not belong to him, through the use of the account and linked debit card, contrary to the terms of the agreement. The applicant further alleged that the respondent was grossly negligent, alternatively acted fraudulently by using the account as an overdraft facility when his own funds were depleted during the month of October 2015. The applicant contended that the respondent had failed to report any unauthorised transactions or entries on the account within 30 days of the issuing of the respondent’s account statements and further failed to report the debit card, as either being lost or stolen.
In the alternative, the applicant submitted that the respondent was enriched at its expense, having made the unlawful payments with funds available to the applicant and not funds held by him in his bank account. The applicant’s cause of action bore the hallmarks of a delictual claim premised on the condictio indebiti, a cause of action the applicant conflated with its alternative cause of action based on fraud. The applicant explained that its computer software which normally blocks unlawful payments being processed, experienced a failure when it was not functioning between the period 18 to 21 October 2015.
The Court found that the applicant downplayed the computer system failure to block unlawful payments being processed as simply being an error, however, the Court found that it was clear that the so-called error resulted in a compromised computer system where all of the applicant’s clients appeared to have been at risk.’
The Decision of the High Court
In its assessment of the facts, the Court considered the symbiotic contractual relationship between a Bank and its client. This symbiotic relationship embraces a reciprocal duty of care. In considering comparative law, the Court made reference to Karak Brothers Co. Ltd v Burden where the following was said about the contractual duty of a bank to its customer:-
“…. a bank has a duty under its contract with its customer to exercise “reasonable care and skill” in carrying out its part with regard to operations within its contract with its customer. The standard of that reasonable care and skill is an objective standard applicable to bankers. Whether or not it has been attained in any particular case has to be decided in the light of all the relevant facts, which can vary almost infinitely.”
The Court also considered the judgment in Absa Bank Ltd v Hanley where Malan JA, stated as follows in respect of the duty of care of the client of a bank:
“The customer’s duty is a restricted one:
Save in respect of drawing documents to be presented to the bank and in warning of known or suspected forgeries he has no duty to the bank to supervise his employees, to run his business carefully, or to detect frauds.
The negligence or carelessness of the customer must be the real, direct or immediate cause of the bank having been misled, and must be evident in the transaction itself, in the manner in which the cheque or payment instruction was drawn…
If the circumstances warrant it, a bank, before making payment, must make inquiries.”
The Court, having considered the principles of negligence and causation on the part of the respondent found that it was clear that he could not shy away from the fact that his conduct in providing his personal details and banking details to an unknown woman was negligent, if not careless.
Before deciding on the applicant’s main claim of breach of contract, the Court dealt with the applicant’s alternative claim premised on fraud and found that the applicant had failed on the evidence, to make a case on the alternative claim of fraud. The Court held that the elements of fraud on which the applicant solely relied were the respondent’s negligence when he provided his personal details and details of his bank account to an unknown woman which the court found to be a far cry from proof that his actions in this regard proved the remainder of the elements required to sustain the claim of fraud. Although the respondent should not have given his banking and personal details to a stranger, the finding that he was in fact negligent could not justify a finding that this negligence summarily entitles the applicant to damages for any consequences flowing from this specific negligent act. The applicant’s evidence ultimately failed to prove that the carelessness of the respondent was the real, direct or immediate cause of the applicant having been misled, when regard is had to the transactions and how they were effected in the virtual realm of banking in the digital age.
Turning to the applicant’s main cause of action which was premised on breach of contract, the Court considered with due regard to the fact that its own statements reflect the transactions which gave rise to its claim on breach of contract, as having reflected only at the end of November 2015 and the beginning of December 2015 whereas the transactions had taken place in October 2015. The Court therefore found that the applicant failed to adduce evidence of its compliance with its obligation to provide the respondent with bank statements for October 2015 and/or the transmission of “in contact” notifications, before it discovered the fraudulent transactions.
The Court further found that the applicant had in particular, failed to prove that it acted on the instructions of the respondent to effect the said payments when the transactions occurred over a two day period. The applicant acted contrary to the terms of the agreement by allowing transactions which exceeded his daily limits of R5000.00 and maximum monthly limit of R999 999.00, when the respondent, on the applicant’s own version, had no funds in his account. Ultimately, the Court accepted that both the applicant and the respondent were negligent or careless in respect of their contractual obligations in terms of the agreement. The Court held that it was clear that the so-called error points to a compromised computer system where all of the applicant’s clients appear to have been at risk. As a result, the High Court dismissed the application with costs.
This article was prepared by partner Bianca Da Costa and candidate attorney Catherine Hendriks.
