Circuit Says: Email Use Alone Did Not Activate Computer Fraud Coverage

November 16, 2016 | Insurance Coverage

The U.S. Court of Appeals for the Fifth Circuit has ruled that an insurance company was not required to cover its insured’s loss under the computer fraud provision of a crime protection insurance policy where the only computer use was an email to the insured asking it to change a vendor’s bank account information.

The Case

An Apache Corporation employee in Scotland received a telephone call from a person identifying herself as a representative of Petrofac, a vendor for Apache. The caller instructed Apache to change the bank account information for its payments to Petrofac. The Apache employee replied that the change request could not be processed without a formal request on Petrofac letterhead.

A week later, Apache’s accounts payable department received an email from a “” address that advised that Petrofac’s “accounts details have now been changed” and that “[t]he new account takes … immediate effect and all future payments must now be made into this account.” An attachment to the email was a signed letter on Petrofac letterhead, providing both old bank account information and the new bank account number, with instructions to “use the new account with immediate effect.”

Unaware that the email was a fraud – Petrofac’s authentic email domain name was “” – an Apache employee called the telephone number provided on the letterhead to verify the request and confirmed the authenticity of the change request. After another Apache employee approved and implemented the change, Apache started transferring funds for payment of Petrofac’s invoices to the new bank account.

Within one month, however, Apache learned that Petrofac had not received the approximately $7 million that Apache had transferred to the new – and fraudulent – account. After an investigation, Apache recouped a substantial portion of the funds. It said, however, that it had suffered a loss, before the $1 million policy deductible, of approximately $2.4 million.

Apache submitted a claim to Great American Insurance Company (“GAIC”), Apache’s insurer, under the computer fraud provision of Apache’s crime protection insurance policy.

GAIC denied the claim, advising Apache that its loss had not resulted “directly from the use of a computer” and that use of a computer had not caused the transfer of funds.

Apache sued GAIC and the parties moved for summary judgment. The U.S. District Court for the Southern District of Texas ruled in favor of Apache, and GAIC appealed to the U.S. Court of Appeals for the Fifth Circuit.

The Fifth Circuit’s Decision

The circuit court, applying Texas law, vacated the district court’s decision and rendered judgment in favor of GAIC.

In its decision, the circuit court pointed to the “cross-jurisdictional uniformity” among courts in declining to find coverage for a loss under a computer fraud policy when the computer use was “limited to email correspondence.” The Fifth Circuit said that it agreed with those courts, reasoning that the email sent to Apache was part of the fraudulent scheme directed at Apache but that the email was “merely incidental to the occurrence of the authorized transfer of money.”

In the circuit court’s view, to interpret the computer fraud provision in the GAIC policy as reaching any fraudulent scheme in which an email communication was part of the process would convert the policy’s computer fraud provision to “one for general fraud.”

Here, it declared, the transfers were made to the fraudulent account only because, after receiving the email, Apache had “failed to investigate accurately the new, but fraudulent, information provided to it.” If Apache had performed “a more thorough investigation,” it never would have changed the vendor payment account information, the circuit court stated.

Therefore, it concluded, Apache’s loss was not a covered occurrence under the computer-fraud provision of the GAIC policy.

The case is Apache Corp. v. Great American Ins. Co., No. 15-20499 (5th Cir. Oct. 18, 2016).

Share this article:
  • Robert Tugander

Related Publications

Get legal updates and news delivered to your inbox