Fake payment orders by e-mail
The client worked as a doctor and was resident in an African country affected by war. He had temporarily resided in the USA and later in England. He claimed that the only payments he had made during the long account relationship with the bank had gone into his account at the same bank in the USA. The first payment apparently made by the fraudsters to a bank account in Australia, which was supposedly in his name, was returned by the recipient bank because it could not be attributed to the recipient. According to the client, the bank should have become suspicious and contacted him, which it did not do. All subsequent payments had been described as urgent and the orders had been written in very bumpy and incorrect English. The payment purposes were nonsensical or could not be reconciled with the client’s usual activities. For example, USD 25,000 had been transferred to a towing service. The client acknowledged that he had recorded his payment orders on a document that he sent to the bank by email. The signatures on the documents were written in Arabic and English. On the forged orders, these signatures had been arranged differently and dots had been visible in the background. The telephone number given by the fraudsters did not correspond to the one he had used for conversations with his client advisor. Finally, the bank rejected a payment order received by e-mail and demanded an original order. When the fraudsters protested in awkward English, the bank had explained in an e-mail reply that the rejection had been made as a precautionary measure against forgery, and had then executed the order anyway. The customer also complained about numerous other points which, in his opinion, indicated fraud and a lack of diligence on the part of the bank. His account was practically emptied by the fraudsters with the forged payment orders.
As the bank had only replied superficially to the customer’s complaint, the Ombudsman asked it to comment on the arguments in detail. In response, the bank explained that so-called risk transfer clauses in payment transactions were permissible according to the case law of the Federal Supreme Court. In such clauses, the liability for damages resulting from the non-recognition of forgeries is shifted to the customer if there is no gross negligence on the part of the bank. Gross negligence occurs when elementary rules of due diligence are disregarded. In the bank’s opinion, there was no breach of due diligence in connection with the payment orders received by e-mail. According to the cited case law, a bank must only verify the authenticity of payment orders within the framework of the modalities established between the client and the bank. If, as in the present case, it is customary for a client to transmit payment orders by e-mail, the bank does not have to take any extraordinary measures that would be incompatible with payment transactions as a mass transaction. It did not have to systematically assume that orders coming from the client’s e-mail account did not originate from him. On the contrary, based on the risk transfer clause, it was the client’s responsibility to protect himself against the misuse of his e-mail account. A breach of due diligence on the part of the bank could only be assumed if it would have been obvious to any reasonable person, based on clear indications regarding the address, the text or the content of the orders, that the client’s e-mail account had been misused.
In the client’s case, all payment orders, both disputed and undisputed, had been sent from the same email address. The client had only pointed out problems with his email address when all but two payments had already been made. The differences in the signatures were marginal and only recognisable in an ex-post analysis.
The bank was therefore of the opinion that it had checked the payment orders with due diligence, with the exception of the last two. It repeated its offer to the client to compensate him for these last two payments and to round this amount up to USD 30,000. She set a short deadline for accepting the offer.
The Ombudsman objected to setting such a deadline for the acceptance of the settlement. He always tries to avoid unnecessary delays in the ombudsman process. However, customers should not be forced to take legal action simply because time pressure and time limits prevent amicable solutions.
For the rest, the Ombudsman agreed in principle with the bank that the case had to be assessed against the background of the principles described by the bank in the case law of the Federal Supreme Court. However, he had doubts as to whether, in view of the numerous inconsistencies in the e-mail payment orders, it could be assumed that the bank had exercised sufficient diligence in checking the orders, even taking into account the clause on the passing on of damages. In a second contact, he asked the bank to reconsider its position. The bank then increased its settlement offer slightly to 50% of the loss suffered by the client. The Ombudsman would have hoped that the bank would go further, but submitted the settlement proposal to the client, as he could no longer assume that a better solution could be reached in the mediation procedure. The client finally accepted the settlement proposal.