Computers are involved at some point in almost every business transaction—that is the reality of life in the digital age. The implications of that fact are still being worked out with respect to the interpretation of insurance contract computer fraud provisions. This month, a judge in the Northern District of Georgia issued a narrow reading, handing the insurance company an important victory.
InComm is a debit card processing company that allows consumers to purchase credits, referred to as “chits,” which can be loaded onto a debit card. From November 2013 through May 2014, a system vulnerability allowed consumers to redeem a single chit multiple times, thereby receiving more than the value they had purchased. In total, InComm processed more than 25,000 unauthorized redemptions, mistakenly transmitting more than $11 million to various debit card issuers.
Once InComm discovered the losses, it sought coverage from its insurer, Great American Insurance Company (“GAIC”). Citing to the policy’s computer fraud provision, GAIC denied and InComm responded by filing suit for breach of contract and bad faith and seeking a declaration of coverage.
The relevant computer fraud provision stated: “[GAIC] will pay for loss of, and loss from damage to, money, securities, and other property resulting directly from the use of any computer to fraudulently cause a transfer of that property from inside the premises or banking premises: (a) to a person (other than a messenger) outside those premises; or (b) to a place outside those premises.”
In the case of InComm, the company’s redemption program allowed cardholders to conduct debit card activity by dialing in by phone and using either voice or touchtone commands to claim chits. Therefore, the unauthorized transactions at issue (conducted by sophisticated identity theft perpetrators) were accomplished using a phone, not a computer.
In granting summary judgment to GAIC, the court found that the computer fraud provision did not apply because the actual fraud was committed using a phone. The court explained that simply because “a computer was somehow involved in a loss does not establish that the wrongdoer ‘used’ a computer to cause the loss.” Finding to the contrary would “unreasonably expand the scope” of the computer fraud provision, which was intended to limit coverage to computer fraud. Finally, the judge concluded, to accept “lawyerly arguments” that coverage should be expanded to include losses “involving a computer engaged at any point in the causal chain” would “strain the ordinary understanding of computer fraud.”
The case is InComm Holdings Inc. v. Great American Insurance Co., No. 1:15-cv-2671 (N.D. Ga. Mar. 16, 2017).