- within Corporate/Commercial Law topic(s)
- with Senior Company Executives, HR and Inhouse Counsel
- in United States
- with readers working within the Accounting & Consultancy, Metals & Mining and Pharmaceuticals & BioTech industries
Business e-mail compromise (BEC) remains one of the most common and costly forms of commercial fraud. A recent judgment from the Supreme Court of Appeal has once again clarified where the risk lies when payment instructions are intercepted and altered during a transaction.
In Intengo Imoto (Pty) Ltd v Zoutpansberg Motor Wholesalers CC 2025 (6) SA 143 (SCA), the Court was asked to determine whether a purchaser remains liable under a sale agreement when the seller's banking details are replaced with fraudulent details following an email interception.
The seller instituted action against the purchaser after it did not receive payment for the vehicles sold. The purchaser, however, argued that it had made payment, relying on the banking details it believed were supplied by the seller.
Crucially, the purchaser admitted that it had not verified the authenticity of the banking details it received. It also failed to produce adequate evidence that the payment had in fact been made to the seller, or that the breach resulted from the seller's email account being hacked rather than its own systems.
The Court's View
The Supreme Court of Appeal reaffirmed a long-standing principle that a debtor must "seek out" its creditor and ensure that payment reaches the correct account.
It underscored the following points:
- The onus rests on the purchaser (or debtor) to prove that valid payment was made.
- The debtor bears the risk of relying on unverified banking details.
- Creditors have no duty to protect debtors from the possibility that the debtor's own email system may have been compromised.
Because the purchaser could not prove that it had paid the correct party (or that its own systems were not breached), the Court held that the purchaser remained liable for the full purchase amount.
Practical Implications
This decision reinforces a strict approach to payment verification. In commercial transactions, the party making payment must take reasonable steps to ensure that banking details are correct and cannot shift the loss to a creditor simply because an email was intercepted.
As BEC fraud becomes more sophisticated, the implications of failing to verify payment instructions can be significant, often leaving the paying party to bear the full financial loss.
The SCA's judgment confirms that debtors remain responsible for ensuring that payment is correctly made to the creditor. Failure to verify banking details or provide evidence of proper payment leaves the debtor liable, even where fraud or hacking is suspected.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.
