In Pestmaster Services, Inc. v. Travelers Casualty and Surety Company of America, the U.S. District Court for the Central District of California granted partial summary judgment in favour of Travelers on a claim advanced under its Computer Fraud and Funds Transfer Fraud coverages.  The decision provides valuable guidance regarding the scope of these coverages.

The Facts

Pestmaster, a pest control business, was insured under a Travelers Wrap+ policy.  In 2009, Pestmaster hired a payroll company, Priority, to handle its payroll and payroll tax obligations.  Pestmaster executed an ACH authorization which authorized Priority to obtain payment of Priority’s approved invoices by initiating ACH transfers of funds from Pestmaster’s bank account to Priority’s bank account.  These amounts included both payroll and payroll taxes, the latter of which Priority was supposed to remit to the IRS.

In 2011, Pestmaster discovered that Priority had failed to remit $373,000 in payroll taxes, and had instead diverted these funds to its own uses.  Pestmaster sought indemnity from Travelers under its Funds Transfer Fraud coverage or, alternatively, its Computer Fraud coverage.

Funds Transfer Fraud

The Funds Transfer Fraud coverage indemnified Pestmaster for direct loss of money or securities, contained in its transfer account on deposit at a financial institution, directly caused by Funds Transfer Fraud.  Funds Transfer Fraud was, in turn, defined as (in relevant part):

an electronic, telegraphic, cable, teletype or telephone instruction fraudulently transmitted to a Financial Institution directing such institution to debit your Transfer Account and to transfer, pay or deliver Money or Securities from your Transfer Account which instruction purports to have been transmitted by you, but was in fact fraudulently transmitted by someone other than you without your knowledge or consent;

Pestmaster contended that Priority’s transferring funds from Pestmaster’s bank account to its own bank account, in furtherance of Priority’s fraudulent scheme, constituted a fraudulent instruction to Pestmaster’s bank.

The Court rejected Pestmaster’s contention, holding that the insuring agreement does not cover authorized or valid transactions, such as the authorized ACH transfers in this case, even where such transactions are associated with an underlying fraudulent scheme.  The Court found that there was no evidence that Priority had gained unauthorized access to Pestmaster’s bank’s electronic fund transfer system or had otherwise provided any fraudulent or altered instructions to the bank in order to divert funds from the rightful recipient.  As Priority wrongfully converted the funds only after they had been transferred to Priority, pursuant to Pestmaster’s express authorization, the elements of the Funds Transfer Fraud coverage were not made out.

The Court accepted Travelers’ position that the intention of the coverage is to protect the insured or its bank from someone breaking into the electronic funds transfer system and pretending to be an authorized representative, or altering electronic instructions to divert funds from the rightful recipient.

Computer Fraud Coverage

The Computer Fraud coverage indemnified Pestmaster for direct loss of money, securities or other property directly caused by Computer Fraud, i.e., the use of a computer to cause a transfer of money, securities or other property from inside the insured’s premises or the insured’s bank’s premises.

Pestmaster contended that Priority’s use of a computer to transfer funds from Pestmaster’s bank account to Priority’s bank account, in furtherance of Priority’s fraudulent scheme, met the requirements of the coverage.

The Court rejected this contention as well, accepting Travelers’ position that the Computer Fraud coverage is engaged when someone “hacks” or obtains unauthorized access or entry to a computer in order to make an unauthorized transfer of funds.  The Court relied on Universal American, a 2013 New York decision in which a computer was used to submit fraudulent health insurance claims.  The Universal American court had concluded that Computer Fraud coverage did not apply “where an authorized user utilized the system as intended, i.e., to submit [health insurance] claims, but where the claims themselves were fraudulent.”

The Court concluded that Priority had acted pursuant to Pestmaster’s ACH authorization, and could not in any sense be considered a “hacker” or unauthorized user.  Priority’s fraudulent conduct occurred only after the authorized transfer had been completed and the funds had already been transferred into Priority’s account.

No Direct Loss

The Court also held, as alternative bases for denying coverage, that Priority’s use of its computer was merely incidental to, and not directly related to, Pestmaster’s losses, and that Pestmaster had not satisfied the “direct loss” requirement in either of the coverages.  Rather, Pestmaster’s loss was “entirely contingent on a series of events and decisions, including Priority 1’s decision to divert the funds in its account to pay its own obligations instead of using them for their agreed upon purpose of paying Pestmaster’s federal payroll taxes.

The Pestmaster decision is helpful in explaining (and endorsing) fidelity insurers’ intentions as to the proper scope of the Computer Fraud and Funds Transfer Fraud coverages, confirming that the coverage is intended to be limited to unauthorized access and “hacking” situations.  The decision is also helpful in rebutting arguments which attempt to create coverage by reliance on the merely-incidental involvement of a computer, or an electronic transfer, in the loss scenario.

Pestmaster Services, Inc. v. Travelers Casualty and Surety Company of America, 2014 WL 3844627 (C.D. Cal.)