In a June 2025 Supreme Court of Appeal decision, the court confirmed that when paying by EFT, a debtor is responsible for ensuring that payment is made into the correct bank account and will bear the risk of any misdirected EFT payments resulting from cybercrime.
The case involved a contract between two motor vehicle dealerships for the sale of two motor vehicles. The written portion of the contract consisted of one invoice created in respect of each vehicle which included the seller’s banking details.
The seller sent the invoices to the buyer via email. Although the exact nature of the crime was not determined, it appears that cybercriminals intercepted the emails and changed the banking details to show an account number controlled by the criminals. The buyer subsequently paid the purchase price into the account listed on the altered invoices, instead of the seller’s actual account. A proof of payment was sent to the seller, but neither party noticed the incorrect banking details, and the vehicles were released to the buyer.
When the seller requested payment, the buyer claimed it had already paid. The seller then took legal action to recover the purchase price, which the buyer contested, leading to a trial.
The court emphasised that, for EFT payments, payment is only considered made when the funds are actually received in the seller’s bank account. It reiterated that buyers must ensure the bank account details on invoices are correct and verified, and that payment is made to the seller, not an unknown third party. If payment is made to the wrong account, the buyer’s obligation to pay the debt remains.
The seller demonstrated that it had sent invoices with the correct banking details to the buyer, and there was no interception of the email before it left the seller’s server, implying any interception occurred on the buyer’s side.
The court confirmed that making payment to an account not authorised by the seller, without verifying the banking details, does not release the buyer from its payment obligations.
This case highlights the importance of buyers verifying banking details before making payments. As a best practice, both parties should communicate and confirm banking information through secure channels, rather than relying solely on emails, which are vulnerable to interception.