When is a fraud a “direct” result of computer use?

In an interesting case was brought to my attention today.  In Interactive Communications Int. v. Great American Ins. the court found that the insurance provider did not have to cover losses under Incomm’s “Computer Fraud” policy.

Incomm lost $11+ million when fraudsters were able to duplicate “chits” sold by Incomm.  The chits could then be converted to debit cards.  The fraud was perpetrated using Incomm’s IVR (Interactive Voice Response) computer system.

Now an IVR is a computer system, so a “Computer Fraud” policy should cover fraud perpetrated using a computer, right?  Not  so much…

The policy, according to its terms, covered “loss of, and loss from damage to, money, securities and other property resulting directly from the use of any computer to fraudulently cause a transfer of that property…”

So we know that a computer was used in the fraud, but the word the court triggered on was “directly.”

The court accepted that “manipulation of InComm’s computers set into motion” the fraud.  BUT, and this is a BIG BUT, did not directly cause the loss.

Without going too deep into the inner-workings of Incomm’s process, they transferred money to a third-party to hold until the debit card was used at a merchant.  In the court’s opinion, Incomm still had control over the money until it was paid to the merchant, so the loss wasn’t ” immediately and without intervention or interruption” the cause of the loss.

This logic will seem crazy to some and completely sensible to others.  The big takeaway is to review your insurance coverage, talk to your insurance broker, work through an example like this one, and make sure you fully understand what your insurance actually covers.