Computer Fraud Policy Covers Computer Fraud Only

Posted on by

A Georgia court recently ruled that a computer fraud provision in an insurance policy did not provide coverage in an $11.4 million fraudulent debit card redemptions made over the phone and processed by computers.

 In InComm Holdings, Inc. v. Great American Insurance Company, InComm provided a service enabling consumers to load funds onto prepaid bank issued debit cards.  Cardholders could purchase “chits” from retailers to add additional funds onto their cards. The retailers sent InComm the payment made for the chit, which the cardholder could redeem by calling InComm.  InComm then transferred the funds to the issuing bank for the cardholder to draw on.  When the cardholder called InComm, their call was processed by the interactive voice response (“IVR”) system.  The IVR used computers that allowed a debit cardholder, using telephone voice commands or telephone touch-tone codes, to monitor and request transactions on their debit card account.

The loss in question resulted from a coding error in InComm’s system that allowed cardholders to redeem their chits more than once, which resulted in more than $11.4 million in unauthorized charges to InComm. InComm made a claim on its insurance policy that provided coverage for “computer fraud,” specifically, a “loss of . . . money . . . resulting directly from the use of any computer to fraudulently cause a transfer of that [money] from inside the premises or banking premises” to a person or place “outside those premises.”  InComm believed it was entitled to coverage because the IVR system was the “computer” that was “used” when the chits were redeemed, and thus that the Policy’s “use of any computer” requirement is satisfied.  The insurer denied coverage on the grounds that the redemptions were made over the phone and not by computer.  The court agreed, using dictionary definitions of “phone” and “computer” to reach its conclusion that the cardholders used telephones to provide information to InComm’s IVR system, which then processed the information incorrectly, resulting in multiple redemptions of a single chit.

As technology advances and the interdependency between telephones and computers increases, it is comforting to know that courts are taking a straightforward approach to defining terms in an insurance policy to determine the scope of coverage. For now, a phone is a phone and computer is a computer, and a computer fraud provision in an insurance policy only covers computer fraud.

Thanks to Hillary Ladov and Chris Sovorow for their contributions to this post.