The Fifth Circuit upheld the district court's denial of coverage under the policy's Computer Transfer Fraud provision. Mississippi Silicon Holdings, L.L.C. v. Axis Ins. Co., 2021 U.S. App. LEXIS 3112 (5th Cir. Feb. 4, 2021).
Mississippi Silicon Holdings' (MSH) chief Financial Officer, John Lalley, received an email from a regular vendor, Energoprom, advising that future payments should be routed to a new bank account. The email body also contained previous emails between Lalley and Energoprom concerning invoices and shipment details. Lalley authorized two wire transfers from MSH to Energoprom's new bank account totaling approximately $1.025 million.
In December 2017, MSH realized it had sent the wire transfers to the fraudster's bank account, not that of Energoprom. MSA submitted a sworn proof of loss to Axis. The claims was granted under the Social Engineering Fraud provision and Axis paid MSH the $100,000 policy limit. Coverage under the Computer Transfer Fraud provision, with a limit of $1 million, was denied. Axis determined that the Computer Transfer Fraud provision did not apply because: (1) the funds were transferred with MSH employees' knowledge; and (2) the fraud was accordingly not confined to the computer system, as the policy required.
The Computer Transfer Fraud provision read:
The insurer will pay for loss of . . . Covered Property resulting directly from Computer Transfer Fraud that causes the transfer, payment, or delivery of Covered Property from the Premises or Transfer Account to a person, place, or account beyond the Insured Entity's control, without the Insured Entity's knowledge or consent.
MSH contended that the receipt of the fraudulent email fell within the Computer Transfer Fraud provision. Axis argued the Computer Transfer Fraud provision was not implicated because the scheme only involved emails that did not have any functionality that permitted them to do anything other than sit in MSH's email system.
MSH sued. Both parties moved for summary judgment. The district court granted summary judgment to Axis because the loss was not caused by the fraudulent computer use, but by the affirmative acts of MSH employees in initiating and authorizing the transfer.
On appeal, the Fifth Circuit agreed with Axis. The manipulation of emails did not constitute Computer Transfer Fraud as defined by the policy. The fraudsters apparently gained access to the company's email system, but they did not manipulate those systems through the introduction of data or programs that could independently instruct the computer system to act upon electronic data. Unfortunately for MSH, coverage did not extend to the fraud scheme at issue here.