April
2017
Georgia Federal District Court Holds There is No Computer Fraud Coverage for a Loss Enabled by a Coding Error
InComm Holdings, Inc. v. Great American Ins. Co., Case No. 1:15-cv-2671 (U.S.D.C., D. Ga. March 16, 2017). The court found no coverage under a Computer Fraud policy for claims arising from a scheme involving a Prepaid Debit Card Plan. The insured, InComm, was a debit card processor providing a service enabling customers to load funds onto prepaid debit cards issued by banks. The funding was done by purchasing “chits” from retailers, such as CVS or Walgreens, for the amount of the chit plus a service fee. InComm’s computers allowed debit cardholders to request transactions on their account, including redeeming the chits to load funds onto their cards, using telephone voice commands or touch-tone codes. With the redemption, InComm would transfer funds to the banks. However, there was a coding error in InComm’s computer system. If cardholders used more than one telephone simultaneously to redeem the same chit, they would be credited with multiples of the amount of the chit. In a well-organized scheme, a criminal ring redeemed 1,933 chits an average of 13 times, for a total of 25,553 unauthorized redemptions, with a total value of $11,477,287. The scheme spread over 28 states, and many of the purported individual “holders” of the relevant debit cards were a victim of identity theft.
Great American’s policy provides coverage for Computer Fraud, insuring against “loss of …money … resulting directly from the use of any computer to fraudulently cause a transfer ….” (Emphasis added.)
Applying Georgia law, the court granted Great American’s motion for summary judgment. First, it found that the wrongdoers did not use a computer to make the redemptions. They used a telephone. It said “A person thus “uses” a computer where he takes, holds or employs it to accomplish something. That a computer was somehow involved in a loss does not establish that the wrongdoer ‘used’ a computer to cause a loss.” It went on to hold that even if a computer had been used, the “loss” did not result “directly” from that use. Nor did it result “directly” from the initial fraudulent redemptions, because they did not automatically cause the transfer of funds. Instead, the “loss” did not occur until the funds held by the banks were used to pay sellers for purchases made by the wrongdoers. Rather, the loss occurred because InComm itself chose to make transfers to the banks, and it was that decision that resulted “directly” in the loss.