Although the rapid increase in technology in the past twenty years has a lot of advantages, it also has many disadvantages. One of the biggest disadvantages is electronic fraud precipitated through computer hacking. Computer hacking and the use of malware has resulted in criminals obtaining personal credit card and other information which are then in turn used to fuel fraudulent transactions around the world.

In a twist, in the recent case of Du v. Jameson Bank, 2017 ONSC 2422, an alleged computer hacker gained access to a bank customer's email address and used it to instruct the customer's bank to transfer, in two separate transactions, a total of USD $135,000 to fraudsters in Singapore.

Parties' arguments

While the customer contended that the bank should be liable for his losses based on, among other grounds, breach of contract, conversion and breach of Guideline 6 under the Proceeds of Crime (Money Laundering) and Terrorist Financing Act (the "Act"), the bank argued that in making the purported fraudulent transfer of funds it was merely acting upon instructions that were validly transmitted to it from the customer's authorized email address and that the customer was responsible, as set out in the contract between the customer and the bank, for failing to adequately secure his email address.

The bank also argued that it had not failed to comply with the Act because the customer had signed an Application Form (the "Application") when opening his account. The customer's signature on the Application meant that the bank was not required to verify his identity before wire transferring funds from the customer's account to the fraudsters in Singapore; the bank was simply entitled to rely on the email instructions which originated from the customer's authorized email address.

The Court agreed with the bank.

Relevant facts

The facts showed that the customer on opening his account signed the Application, which contained the following provision:

By signing below you certify that the information provided as part of this application is accurate and complete. You authorize those individuals as listed above to provide Jameson Bank with the information required in future dealings with Jameson Bank. You acknowledge that you were provided with the terms and conditions and privacy policy (also available on the website at www.JamesonBank.com).

The relevant terms of the Application and account agreements provided, among other things, that the bank could rely on electronically transmitted instructions and that the customer would keep any access codes and security devices safe and confidential, and that he would change them.

The customer also acknowledged the risks associated with electronic communications, but that any electronic communication the bank received from the customer or in his name could be considered to be duly authorized and binding upon him.

On the Application, the customer listed a particular email address as his means of electronic communication.

Shortly after opening his account, the customer began to communicate with the bank by email. In one of those emails he instructed the bank to wire transfer money to the U.S. as a down-payment on a real estate transaction. The bank complied with the electronic instructions to the satisfaction of the customer.

Subsequently, the bank received additional electronic instructions from the customer. However, unlike the previous instructions to wire transfer money to the U.S., the customer contended that many of the subsequent emails were sent to the bank by fraudsters. As a result of these fraudulent emails, the bank, in two separate transactions, wire transferred from the customer's account USD $135,000 to fraudsters located in Singapore.

Breach of contract claim dismissed

With respect to breach of contract, the customer argued that the bank should have dishonoured the electronic instructions and that since he had been a victim of fraud liability was automatically transferred to the bank.

The Court held that the bank had a common law and contractual obligation to honour its customers' instructions and was entitled to treat its customer's mandate at its face value. By making the wire transfers to Singapore, the bank was merely complying with the customer's instructions received via the email address he had provided in the Application.

Although the customer submitted that he had not read the Application and therefore should not be bound by it, the Court determined that the law clearly provided that a person was bound by an agreement to which they had put their signature whether they had read the agreement's contents or had chosen to leave them unread. Also, in the circumstances, the bank had no obligation to question the purported transfer.

Claim in conversion disallowed

With respect to conversion, the customer relied on the leading case of the Supreme Court of Canada in Boma Manufacturing Ltd. v. Canadian Imperial Bank of Commerce. He argued that the fraudulent emails instructing the bank to wire transfer funds out of his account were analogous to a fraudulent cheque. But the Court held that an email was not analogous to a cheque or a Bill of Exchange. More specifically, an email was not a chattel "that can be negotiated from party to party". Therefore, the bank could not be liable for conversion.

Claim under Act untenable

Lastly with respect to the claim under the Act, the customer argued that s. 54 required every financial entity to ascertain the identity of a person who opens an account before conducting a foreign currency exchange transaction of $3,000 or more. Both impugned wire transfers exceeded $3,000 and were in foreign currency.

However, this requirement did not apply where that person had signed "a signature card in respect of an account, other than a credit card, that the financial entity opens."

A "signature card" was defined under s. 1 as:

"signature card", in respect of an account, means any record that is signed by the person authorized to give instructions in respect of the account.

The Court found that the customer's signature on the Application satisfied the definition of "signature card" under the Act. Thus, since the purported fraudulent transactions in issue did not arise from an opening of an account and a "signature card" existed, the bank was not required to ascertain the customer's identity again when complying with the email instructions. Section 54 of the Act did not apply.

The Court ultimately granted summary judgment to the bank and dismissed the customer's claim.

Case is significant to banking industry

This case is significant to the banking industry.

It once again confirms that banks can rely on the contracts they enter into with customers and that customers, who sign those contracts, will be bound by the terms contained therein even if they don't read them.

Also, the case shows that banks can rely on electronically communicated instructions where permitted to do so by agreement and that the responsibility for ensuring that an email is secure from computer hackers and fraudsters is on the customer. This is very important in a world where electronic commerce and the use of email to provide instructions is becoming more prevalent. Here, the entire purpose behind permitted instructions to be given electronically was for the customer's convenience.

Lastly, this case is important for its conclusions in connection with conversion and the interpretation of the Act.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.