Sixth Circuit Says Computer Fraud Victim Has Coverage for His Loss Under Michigan Law
Over the past year, there has been a major increase in the number of businesses seeking insurance coverage for losses they incurred as a result of “fraudulent instruction” scams. A fraudulent instruction scam is where a criminal hacker collects data from the victim’s computer that allows the hacker to send plausible-looking requests to transfer funds to bogus accounts.
The victims of such scams often assume they have insurance coverage for their loss under the “computer fraud” section of their crime policies—only to find that their insurers claim otherwise. Two years ago, a Michigan manufacturer found itself in that situation when it was the victim of a fraudulent instruction scam and its insurance carrier denied coverage. In a major victory for policyholders, on July 13, 2018, the Sixth Circuit Court of Appeals, interpreting Michigan law, held that the company was fully covered for the fraudulently-caused loss. Accordingly, Michigan businesses that have purchased computer fraud coverage should assume that if they are victimized by a fraudulent instruction scam, their insurers should step up and cover their losses.
American Tooling Center is a Michigan tool and die manufacturer that subcontracts some of its manufacturing work to a vendor in China. In 2005, the company received a series of emails, purportedly from its Chinese vendor, claiming that the vendor had changed bank accounts. The emails directed American Tooling to wire transfer payments for services rendered to the vendor’s new accounts. After American Tooling had transferred $834,000, it learned that the emails were bogus—sent by a fraudster impersonating its Chinese vendor.
American Tooling had a business insurance policy with Travelers that provided coverage for, among other things, losses due to computer fraud. When Travelers denied coverage, American Tooling sued. After the federal district court in Ann Arbor sided with Travelers, American Tooling appealed to the Sixth Circuit Court of Appeals. In a major pro-policyholder ruling, the appeals court reversed, finding that there was coverage under the Computer Fraud clause in Travelers’ policy.
One of Travelers’ primary justifications for denying coverage was that American Tooling’s loss had not been “directly caused” by the computer fraud within the meaning of the Computer Fraud clause. That clause reads as follows: “[Travelers] will pay the Insured for the Insured’s direct loss of, or direct loss from damage to, Money, Securities and Other Property directly caused by Computer Fraud.” According to Travelers, the loss was not directly caused by the computer fraud because there were intervening causes of the loss that were not fraudulent.
Specifically, argued Travelers, the chain of events that were precipitated by the fraudulent emails and led to the loss (i.e., the wire transfers) included the following non-fraudulent steps : (1) before responding to the fraudulent emails, American Tooling verified that its Chinese vendor had completed the transactions for which payment was due; (2) American Tooling reviewed all of its outstanding invoices and determined to pay those of its Chinese vendor; (3) American Tooling then signed into the banking portal and manually entered the fraudulent banking information emailed by the impersonator; (4) after submitting the wire transfer, American Tooling’s assistant comptroller approved the payment; and (5) following that approval, the wire transfer was made.
Travelers claimed that “directly caused” means the loss must immediately follow the fraud; that is, there cannot be intervening steps that are not fraudulent. This same argument, which has been made by insurers in numerous other “computer fraud” coverage disputes, has found mixed results in the courts. Here, the argument was soundly rejected by the Sixth Circuit. The appellate court reasoned that “directly caused” does not mean that the loss must immediately follow the fraud; it simply means that the loss must be the ultimate result of the fraud. Consequently, American Tooling’s loss was fully covered.
The lesson from this case is that a Michigan insured who has computer fraud coverage and is victimized by an online imposter, should have coverage if the insured can show that its loss was ultimately caused by the fraudulent scheme—regardless of the number of intervening steps between the fraud and the loss.