On 20 June 2025, in the matter of Intengo Imoto (Pty) Ltd t/a Northcliff Nissan v Zoutpansberg Motor Wholesalers CC t/a Hyundai Louis Trichardt (474/2024) [2025] ZASCA 93 (20 June 2025), the Supreme Court of Appeal (SCA) upheld the findings of the Limpopo Division of the High Court, and provided clarity on the risks involved with electronic fund transfer (EFT) payments in the context of cybercrime. The SCA reaffirmed the principle that payment is only complete when it reaches the correct bank account of the creditor, even where fraudsters intercept communications and alter banking details.
In an era of increasing cybercrime, this decision is of significant importance when it comes to the mitigation of risk when making EFT payments.
In October 2018, Intengo Imoto concluded a partly oral partly written agreement with Hyundai Louis Trichardt in terms of which Intengo would sell to Hyundai two Nissan NP200 motor vehicles R145,000 each. Once payment of the purchase price had been effected by EFT into the bank account of Intengo, Hyundai could take delivery of the two motor vehicles. The invoices issued by Intengo identified its banking details for payment however, the email system was compromised by cybercriminals who altered the bank account details on the invoices.
Unaware of the fraud, Hyundai made the payments into the fraudulent bank account per the invoices and provided Intengo with the proof of payments. A few days later, after the money had not reflected in its bank account, Intengo demanded payment. Hyundai relying on the proofs of payments, contended that it had discharged its payment obligations by paying into the account reflected on the invoices notwithstanding that the account details had been altered when the emails were intercepted by fraudsters.
The Regional Court found in favour of Intengo and held that Hyundai had been negligent in verifying the payment details and ordered it to pay R290,000 to Intengo with interest and costs.
On appeal from the Regional Court, the Limpopo High Court overturned the decision, finding that the risk associated with EFT payments must be assumed by Intengo (i.e. the payee). Hyundai had discharged its payment obligations by following the invoice details provided, irrespective of the fraud. Intengo then appealed to the SCA.
The SCA in its judgment found that payment by EFT is only complete when the payee actually receives the funds. The fact that Hyundai paid into an incorrect account did not discharge its obligation to Intengo. Relying on its decision in Edward Nathan Sonnenberg Inc. v Judith Mary Hawarden [2024] ZASCA 90, the SCA asserted that it is untenable for a creditor to bear a legal duty to protect debtors from the possibility of cybercrime especially in circumstances where the debtor could have taken steps to mitigate its own risk but failed to do so.
The SCA held that “a payment into a different account, not authorised by Intengo, and without verifying Intengo’s banking details, did not release itself from the payment obligation to Intego.” Accordingly, Hyundai is to pay to Intengo the purchase price for a ‘second time’.
This decision is a crucial reminder in today’s digital world that the payee has the responsibility to ensure that the funds reach the correct beneficiary and bears the risk in doing so. Vigilance, independent verification, and clearly negotiated payment terms are no longer optional but are essential safeguards to be employed by payees.
Failure to heed to warnings against cybercrime will cause you to ‘pay the price’.
