For a moment, let's assume that you own a business that contracts to sell custom manufactured equipment.
When the equipment is ready, you email the Buyer to confirm; request wire transfer of payment; and to arrange a pick-up.
In this scenario, the Buyer confirms receipt of your email and will send payment and a truck to pick up the equipment. The Buyer's carrier shows up to take possession of the equipment, but the money never hit your account. The Buyer insists it wired the money three days ago. Someone, somewhere fell for a Business Email Compromise - or B-E-C - Scam. The money is gone.
So, who bears the loss?
Do you, the manufacturer, have to release the equipment without having received the funds?
Does the Buyer have to pay a second time?
Does a vendor to the Buyer or Manufacturer bear some responsibility in letting the scammer inside the system?
The answer to all these questions is "it depends." It depends on whose system was compromised and what safeguards were in place to prevent BEC scams. In Georgia, the Courts have yet to squarely address these issues, but other jurisdictions have set a framework for analyzing liability.
So, as the courts work to assign liability in this burgeoning area of law, it seems that the best defense is always to take reasonable precautions. What those precautions are will depend on many variables and you should consult with your IT and legal professionals to ensure your business is protected.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.