Almost a third of South Africans claim to have been victims of fraud, according to InSites Consulting SA’s recently published annual SITEisfaction Report, which surveyed the online customers of the country’s six main consumer banks.
About 32% said they’d fallen victim to fraud in the 2021 survey - 2% more than in 2020.
In all the fraud cases I’ve encountered, the victim lost their own money - one or more of their bank accounts were drained in a series of transactions.
But in a most curious case, the fraud victim had no money in his account - nor access to any form of credit - but the bank paid almost R3m over to the fraudsters, then sued its customer for the amount, plus interest!
It’s all laid out in a judgment handed down in the Mahikeng High Court in late August in a case involving FNB and Godfrey Kgethile.
Towards the end of 2005, Kgethile was unemployed and performing odd jobs to survive when he visited an internet café in Vryburg, North West. While checking his emails on one of the public computers, a “pop-up screen” appeared with a message telling him he had won, as the judgment puts it, “a certain sum of money in foreign currency”.
He clicked on a link, provided his personal details to receive the money and immediately got a phone call from “Elana”, who introduced herself as his account manager.
She asked Kgethile for all his bank account details in order for his “ample winnings” to be deposited, along with copies of his debit card, municipal account and his South African identity document.
He obliged and didn’t get the money, of course.
But “Elana” didn’t get any of his money either because his account was empty.
In fact the account was dormant at the time due to lack of activity. Plus, the Smart Account he opened with FNB in August 2010 had no credit or overdraft facility.
But the bank paid almost R3m into that fraudster’s account anyway and wanted it back from Kgethile, with interest, because, the bank said, he breached the terms of the account contract.
It is clear that the so-called error points to a compromised computer system where all of the bank’s clients appear to have been at risk. There is further no evidence to suggest that the respondent had a hand in the compromised computer system.
— Judge André Petersen
The relevant section reads: “You [the customer] will be liable for any unauthorised transaction that has been charged to the account through any person other than you, the cardholder, using the card for purchases/transactions made by mail order, telephone or electronically, unless you can prove that such person did not get the card or card number because of the cardholder’s negligence.” FNB said Kgethile recklessly divulged his details and documents to an unknown person and was thus liable for the bank’s loss.
Alternatively, FNB said, Kgethile could have deliberately defrauded the bank himself and be “enriched” by that R3m.
Kgethile denied that he got a cent of that money.
As a plot twist, the “unlawful payments” did not reflect on Kgethile’s statement at the end of October 2015, but only at the end of November and during December. And the bank’s computer software, which normally blocks unlawful payments being processed, wasn’t functioning from October 18 to 21 2015, during which time the “illegal payments” were made.
Kgethile said it took the bank “a long time” to contact him with the news that he owed it R2,926,291.59, and a representative tried to get him to sign an acknowledgment of debt.
The next he heard of the matter was when the court application was served on him by the bank. Kgethile contended he was a victim of cybercrime, having been drawn into disclosing his personal details and his identity, which was then stolen. He pointed out that the banking service he had applied for allowed for neither a credit nor an overdraft facility, so the only funds that could be used were those that either he or a third party had deposited into the account.
Kgethile’s advocate made the point that it was the bank which allowed funds to be paid out in excess of the daily and monthly limits of the agreement - that R3m was paid out in two days from funds Kgethile did not have in his account and could not authorise.
Judge André Petersen said the bank’s evidence fell “gravely shy” of proving Kgethile’s carelessness was the “real, direct or immediate” cause of the bank having been misled, “when regard is had to the transactions and the very manner in which all the transactions took place in the virtual realm of banking in the digital age”.
“The bank, in terms of the agreement, could only act on valid instructions from [Kgethile] and not on fraudulent transactions.
“The transactions on the respondent’s account were limited to R5,000 per day, to a maximum of R999,999 per month.
“The transactions giving rise to the bank’s cause of action exceeded the daily limit and in a matter of two days exceeded the monthly limit.
“In this regard, the bank acted contrary to the terms of the agreement by allowing transactions which exceeded these limits, when on its own version, the respondent had no funds in his account.”
It was also imperative for the bank to contact Kgethile and raise a red flag on the transactions before making the payment, given he had no funds in his account, the judge said.
“The bank’s computer systems being down during October 2015 ... cannot be relegated to being a mere error.
“It is clear that the so-called error points to a compromised computer system where all of the bank’s clients appear to have been at risk. There is further no evidence to suggest that the respondent had a hand in the compromised computer system.”
The judge found FNB was “clearly careless” in relation to the non-avoidance of the loss and acted contrary to the agreement, and that was the cause of its loss.
The application, on the main and the alternative claims, was thus dismissed.
As for the costs of the application, judge Petersen said given Kgethile and FNB had been careless, “it would be fair and just that no order be made as to costs”.
Talk about throwing good money after bad ...
Would you like to comment on this article?
Sign up (it's quick and free) or sign in now.
Please read our Comment Policy before commenting.