Facebook-f Linkedin-in
Bissets logo hd
Search
Conveyancing Costs Calculator

Making An Eft Payment? Know Where Your Responsibility Lies In The Event Of Cybercrime

Intengo Imoto (Pty) Ltd v Zoutpansberg Motor Wholesalers CC 2025 JDR 2671 (SCA) 

In June 2025, judgment was handed down by the Supreme Court of Appeal (SCA) in the case of Intengo Imoto (Pty) Ltd v Zoutpansberg Motor Wholesalers CC2025 JDR 2671 (SCA).  This case offers a welcome clarification of the legal position regarding internet banking, particularly on where liability lies when a third party introduces fraud or cybercrime into a transaction.

The facts of the case were relatively straightforward. The terms of the written agreement, in which Intengo sold two vehicles to Hyuandai, contained the vehicle particulars, purchase price and, crucially, Intengo’s banking details. Both parties had agreed that Hyundai would make payment via Electronic Fund Transfer (EFT), upon receiving invoices by email, which would contain Intengos banking details. Once payment was received, Hyundai could accept delivery of the vehicles.

On the same day that the contract was concluded, Intengo emailed the invoices to Hyundai.  The bank account number reflected in these invoices ended with the digit 3.

A day later, Hyundai’s representative emailed proof of payment for the first vehicle. Intengo then delivered the vehicle. However, the proof of payment reflected an account number ending in 9, not 3.

This exact process repeated itself with regard to the second vehicle.  Once again, proof of payment reflected the incorrect account, but nevertheless, the vehicle was delivered by Intengo.

A week later, Intengo realized that they had not received either payment. Upon investigation, it became clear that the funds had been fraudulently transferred to an incorrect bank account.  Intengo subsequently demanded payment from Hyundai, who in turn insisted they had paid, and that delivery was made in accordance with the receipt of proof of such payments.

Litigation in the Regional and High Court

Intengo instituted legal action in the Regional Court. That Court held that it was evident that Intengo had never received payment, and Hyundai was therefore still liable to pay.

Hyundai then appealed to the High Court. There, the Court found that the Regional Court had erred in finding that the Hyundai bore the onus to prove that payment was made to the correct bank account.   Intengo based its claim on contract law but failed to properly prove the contractual term it alleged had been breached.  Instead, it based its claim on negligent payment to the wrong account, which didn’t fit into Intengo’s case as pleaded.  The High Court thus dismissed Intengo’s claim.

The matter was taken to the SCA, which provided much-needed clarity.

The SCA’s findings were manifold:

It found that Intengo did indeed send invoices containing the correct banking details. However, somewhere after leaving Intengo’s email server, the invoices were intercepted by cybercriminals. The banking details were fraudulently altered and Hyundai, unaware of the tampering, paid the funds into an account not belonging to Intengo, but as correctly referenced in the altered invoice received by Hyundai.

The SCA confirmed that for payment to occur the payee must acquire the unrestricted right to the immediate use of the funds, which must register in the payee’s account.

The SCA held that, even though Hyundai had not acted fraudulently or for personal gain, the legal duty remains with the debtor (i.e., Hyundai) to ensure payment is made to the correct account.  This obligation is not extinguished simply because an EFT was made.  The risk in EFT transactions lies therefore with the payer, not the recipient.

The court referenced the well-known judgment of Edward Nathan Sonnenberg Inc v Judith Mary Hawarden 2025 (5) SA 9 (SCA), which had overturned the previous position that the creditor bore a legal duty to protect debtors from cybercrime. The SCA reiterated that it is now settled law, and consumers must take note: a responsible debtor must verify bank details, whether by phoning the recipient or through other means, before transferring funds. A failure to do so, even where cybercrime is involved, will not absolve the debtor of liability.

Written by: Frances Barrow – Candidate Attorney

If you have further questions, please get in touch with our litigation team via Savanna Kanzler on skanzler@bissets.com

Switchboard: 021-441 9800

Bissets Whatsapp:  072 370 0416 – our Client Liaison, Tracy, will put you in contact with the relevant professional.

This article is a general information sheet and should not be used or relied on as legal or other professional advice. No liability can be accepted for any errors or omissions nor for any loss or damage arising from reliance upon any information herein. Always contact your legal adviser for specific and detailed advice. Errors and omissions excepted (E & OE).