A federal judge in Michigan recently granted summary judgment to Travelers in American Tooling Center, Inc. v. Travelers Casualty and Surety Company of America, Case No. 16-12108, United States District Court, Eastern District of Michigan. That decision interpreted the “computer fraud” provision of Travelers’ insurance policy, finding no coverage for the insured for the losses claimed.
The basic facts were that American Tooling asked its vendor in China, YiFeng, for all outstanding invoices by email. American Tooling received a response by email, from an account that looked very much like the YiFeng account, and which directed American Tooling to send payment for the invoices to a new bank account. Unfortunately, the email was fraudulent, and $800,000 was wired to the fraudster without verifying the banking instructions.
When it learned of the fraud, American Tooling made a claim under its Travelers policy, which provided coverage for the insured’s loss of money “directly caused by Computer Fraud.” The policy defined “Computer Fraud” as the use of any computer to fraudulently cause a transfer of money from inside the insured’s premises or financial institution premises to a person or a place outside the premises or the financial institution premises. Travelers argued that the loss was not directly caused by the use of any computer, noting the intervening acts of the insured’s personnel between the receipt of the fraudulent email and the transfer of funds.
Relying on the case Apache Corp v. Great American Ins. Co., 662, Fed. Appx. 252 5th Cir. 2016), a case with similar facts, the court found that the sending and receipt of fraudulent emails did not constitute the use of a computer to fraudulently cause a transfer. The court distinguished the case of Medidata Solutions, Inc. v. Federal Ins. Co., Case No. 15-CV-907 (S.D.N.Y. July 21, 2017) because the language of the policy in that case did not include the “direct loss” or “directly caused by computer fraud” language. The court was further persuaded by decisions out of the Ninth Circuit that have required the unauthorized transfer of funds to meet the policy requirement that the transfer be fraudulently caused. In this case, the exchange of emails did not directly cause the transfer of funds, and the court declined to find coverage for the loss.
The conclusion here is that how the Computer Fraud coverage in a policy will be interpreted depends first upon the precise language of the policy wording, and then on the forum court that will interpret that language. The policy language is not uniform, and coverage interpretations vary.