On 30 October 2018, Intengo Imoto (Pty) Ltd t/a Northcliff Nissan (seller) sold two Nissan NP200 vehicles to Zoutpansberg Motor Wholesalers CC t/a Hyundai Louis Trichardt (purchaser) for R145,000 each (total R290,000). The parties agreed that payment would be made by electronic funds transfer (EFT) into the seller's FNB bank account as detailed in invoices to be emailed. Mr Sutherland (seller's representative) emailed the invoices with correct banking details (account ending in 769, branch 370) to Mr Meth and Mr Schlebush (purchaser's representatives) on 30 October 2018. On 31 October and 1 November 2018, the purchaser sent proofs of payment showing amounts paid into a different FNB account ending in 997. Mr Sutherland released both vehicles upon receiving the proofs of payment without verifying the funds had been received. On 7 November 2018, the seller discovered the payments had not been received in its account but had been paid into a fraudulent account due to interception and fraudulent substitution of banking details in the email. Evidence indicated the email was intercepted on the purchaser's side after leaving the seller's server. The purchaser never verified the banking details before making payment and did not call any witness from its accounts department to explain the payment process.
1. The appeal is upheld with costs. 2. The order of the high court is set aside and replaced with the following order: 'The appeal is dismissed with costs.' [This has the effect of reinstating the Regional Court's order that Hyundai pay Intengo R290,000 plus mora interest and costs.]
The binding legal principles established are: (1) For effective payment by EFT to occur, the payee must acquire the unfettered or unrestricted right to the immediate use of the funds - the funds must actually be received in the payee's bank account. (2) Payment into a bank account other than the seller's account, without the seller's authority, even where banking details were fraudulently substituted through email interception, does not discharge the purchaser's obligation to pay. (3) The risk of ensuring payment reaches the correct creditor lies with the debtor/purchaser - it is the debtor's duty to seek out the creditor. This principle applies equally to EFT payments as to other forms of payment. (4) Where a purchaser pleads payment as a defence to a claim for the purchase price, the purchaser bears the onus to prove on a balance of probabilities that payment was actually made to and received by the seller. (5) A purchaser who makes payment by EFT without verifying the banking details of the seller and who pays into a fraudulent account has not discharged the onus of proving payment to the seller.
The Court made the following non-binding observations: (1) This kind of incident (email interception and fraudulent substitution of banking details) appears to occur often in commercial transactions. (2) It is normal business practice in car dealerships to request payment by way of EFT. (3) If creditors were required to protect debtors against the risk of interception of payments, this would create a real danger of indeterminate liability (citing Edward Nathan Sonnenberg Inc. v Hawarden). (4) The Court noted Mr Meth's concerning inability to explain a third payment notification showing the correct account details, and commented that this anomaly called for an answer from Hyundai but remained unexplained. (5) The Court observed that if the IT expert (Mr Roux) had been given access to Hyundai's mail server and computer, he would have been able to determine more accurately when the interception occurred and when the changes were made to the banking details.
This judgment is significant in South African law as it clarifies the legal position regarding EFT payments in the context of cybercrime and email interception fraud. It establishes that: (1) the debtor/purchaser bears the risk when making EFT payments into fraudulent accounts resulting from email interception; (2) payment is only complete when funds are actually received in the creditor's account, not when transferred to a fraudulent account; (3) the debtor has a duty to verify banking details before making payment and cannot shift this responsibility to the creditor; (4) it is untenable to impose a legal duty on creditors to protect debtors from email hacking; (5) the onus remains on the party pleading payment to prove payment was actually made to the creditor. The case provides important guidance on risk allocation in the digital age and reinforces the traditional principle that 'it is the debtor's duty to seek out his creditor'. It reflects the courts' adaptation to challenges posed by cybercrime while maintaining established principles of the law of payment. The judgment has practical implications for commercial transactions conducted via email and EFT, emphasizing the need for payment verification by the paying party.