Beware Of Cybercrime
The Covid-19 pandemic has driven homes and businesses to increasingly transact online from smartphones and laptops, but this convenience does not come without risks.
Some of the most important developments relating to cybercrime and its impact on businesses were illustrated in Galactic Auto (Pty) Ltd v Venter  JOL 45546 (LP) and Fourie v Van der Spuy and De Jongh Inc  JOL 45848 (GP). In Galactic Auto (Pty) Ltd v Venter, a businessman purchased a Ford Ranger that he urgently needed for a new business project. In response to an email that he received and was expecting from the car dealership, he made an EFT payment into the bank details provided in the email.
He took delivery of the Ford Ranger, but it later emerged that the transfer had gone into a fraudulent account. The dealership then claimed the R380 000.00 purchase price from him. In this case, the court found that he should have verified the account number before making the transfer and that he still owed the car dealer the money.
In Fourie v Van der Spuy and De Jongh Inc, the client put funds into the attorneys’ trust account, but due to a fraudulent email, the attorneys paid over R1,7 million into an account from which the money subsequently disappeared.
The court noted that the Attorneys Fidelity Fund had issued a risk alert to attorneys, warning that cyber risks were increasing and that attorneys must take adequate risk mitigation measures. The court found that the attorneys should have taken precautions and that they were liable, especially based on their duty of care towards the client.
These judgements demonstrate that cyber risk management is of paramount importance to all businesses. In both cases fraud was involved, and the court found that basic precautions should have been taken to verify the account numbers and the emails prior to making the transfers.
Chapter XIII of the Electronic Communications and Transactions Act 25 of 2002 currently regulates Cybercrime; but this will in future be regulated by the Cybercrimes Bill passed on 01 July 2020 by the National Council of Provinces and awaiting proclamation by the President.
The revamped Cybercrime Bill contains a wider range of offences than those contained in the Electronic Communications and Transactions Act. It now requires mutual assistance in relation to the investigation of cybercrime from electronic communication service providers as well as financial institutions which, in certain circumstances may involve the handing over of data and hardware. These institutions will be under an obligation to report cyber offences within 72 hours of becoming aware of them and to preserve any, and all information that will be of assistance to the investigation.
Some of the proactive initiatives that businesses should adopt include the introduction of policies relating to social media, passwords and security compromise among others. These policies should be assessed and reviewed regularly to ensure that they are in line with developing trends and to avoid contravening the Bill and incurring penalties. As an added precaution and control, some banks offer an Account Verification Service as part of online banking at a nominal fee. It is also of paramount importance for staff to be continuously educated and trained on cyber security issues.