December 17, 2021

EFT breach

Internet banking is a significant risk exposure that reduces the effectiveness of the traditional methods of controlling access to personal information and cybercrime is aided by gaining access to personal information (Electronic Funds Transfer: Exploring the Difficulties of Security – Mpakwana Annastacia Mthembu University of South Africa (, accessed 17-12-2021)).

In Galactic Auto (Pty) Ltd v Andre Venter (405/2017) [2019] ZALMPPHC 27 (14 June 2019), the creditor sent the debtor an invoice via email and thereafter sent the debtor its banking details. Instead of receiving the creditor’s banking details, the debtor received banking details from an email address that was similar but not identical to the one used by the creditor. The debtor made payment to the fraudulent bank account, unaware that the details did not belong to the intended recipient. The high court held that the creditor is obliged to prove only that it provided the debtor with the correct bank details – that is, that the baking details which the creditor sent to the debtor were correct. Once this onus is discharged, the onus shifts to the debtor to prove that the money was transferred to the bank account provided by the creditor. The court relied on Mannesmann Demag (Pty) Ltd v Romatex Ltd and Another [1988] 2 ALL SA 353 (D) in that payment, even when accepted by the creditor, remains conditional and is only finalised when then payment is honoured. The court held that to detect interception and fraudulent alteration, the debtor was merely required to verify the bank account details with the creditor before making payment. Had the debtor done this, the risk would have been mitigated.

In Fourie v Van der Spuy and De Jongh Inc. and Others 2020 (1) SA 560 (GP) the court held that a legal practitioner’s explanation that fraud occurred would not release him /her from liability, due to the principal-agent relationship being in existence. In Nissan South Africa (Pty) Ltd v Marnitz NO & Others 2005(1) SA 441 (SCA) the court stated that “payment is a bilateral juristic act requiring the meeting of two minds”. The court held that the attorneys had failed to pay the amount due to the client, and therefore they had failed to discharge the obligation to the client. The court emphasised that had a verification process been undertaken the fraud would not have occurred. It is therefore vital for professionals who hold money on behalf of others to put in place strong measures to reduce the risk of fraud, and failure to do so will be viewed as a breach of their fiduciary duties.

It is recommended that businesses also obtain appropriate cyber fraud insurance policies. Legal practitioners cannot raise a defence that they have discharged their obligation by making payment according to the information they received without taking steps to verify such information. The duty to verify this information is even stronger as they are required to exercise a certain degree of care and skill in doing so.

Existing legislation is not adequate and appropriate for prosecuting Electronic Funds Transfers (internet payments) crimes. The high degree of security and privacy is of utmost importance to the regulation, protection and use of internet banking because of the challenges it poses on the payment system (Mpakwana Annastacia Mthembu (op cit)).

Please note that our blog posts are informal commentaries on developments in the law at the time of publication and not legal advice.

About the author 

Sipho Nkosi

Sipho Nkosi is an experienced Legal Professional with a demonstrated history of working in the legal services industry. A strong legal professional with a B Proc degree focused in Law from the University of Natal (Howard College), with a keen interest in corporate governance and a profound insight into Compliance Risk Management. Skilled in litigation and procedural law, and an affiliate member of the Compliance Institute Southern Africa.

Leave a Reply
{"email":"Email address invalid","url":"Website address invalid","required":"Required field missing"}