Invoice fraud: who is liable?
Date: June 21, 2021
Modified November 14, 2023
Written by: Reinier Pijls
Reading time: +/- 2 minutes
Date: June 21, 2021
Modified November 14, 2023
Written by: Reinier Pijls
Reading time: +/- 2 minutes
Invoice fraud is a significant and very current problem. In my practice, I see it come up regularly. In invoice fraud, a criminal intercepts an invoice and changes the account number on it, causing the debtor to pay to the wrong account number (belonging to the fraudster) instead of to his creditor.
It also regularly happens that the fraudster pretends to be the creditor through a hack or through a fake e-mail address and thus requests the debtor to pay on a different account number.
Numerous questions then arise, such as what to do if you are confronted with fraud - I wrote an article about this earlier with concrete tips and who bears the loss if the money cannot be (fully) recovered from the fraudster. The latter is unfortunately often the case because the fraud is often committed by criminal gangs from (far) abroad.
In my earlier article on invoice fraud:
Two recent rulings - one from the Central Netherlands District Court and one from the Supreme Court - illustrate that it depends on the facts and circumstances of the case as to who bears the loss below the line if the money cannot be recovered from the fraudster.
In this article, I will first outline the general legal framework with respect to the question of who bears the damages (and thus whether to pay again). I will then discuss the two judgments mentioned above. I will conclude with a brief summary.
Main rule - especially in Business-to-Business situations - is that the debtor (i.e., the one who pays on the wrong account number - bears the loss.
This is because a monetary debt is a bring debt. This means that the debtor must ensure that the payment actually reaches his creditor and that otherwise, in principle, the payment is not considered to be discharged. In concrete terms, this means that, as a rule, the debtor will have to pay the invoice again in the event of invoice fraud.
Under special circumstances, this may be unreasonable and a different outcome is possible. This may be the case, for example, if it is clear that within the creditor's organization there is a rogue employee who falsified the invoice. A different distribution is also sometimes used with consumers.
Moreover, if there has been a hack or a false e-mail address, the creditor may in principle argue against the debtor that the statement to pay on another account number did not come from him. In concrete terms, this means that even then the debtor must, in principle, pay again.
Again, the special circumstances of the case may make it imputable to the creditor that the debtor held the fraudster's statement to be genuine and was entitled to hold it to be genuine.
This may be the case, for example, if the creditor cooperated in the fraud or, by failing to take precautions, allowed a fraudster to gain the opportunity to commit the fraud and impersonate the creditor.
This will ideally be the case if the creditor did not have its ICT security in order, although even then it will have to be considered whether the debtor had reason to doubt the accuracy of the fraudster's statement.
In a recent ruling by the Central Netherlands District Court, as a result of a hack at household products supplier Brabantia, web store Bol.com paid several invoices amounting to approximately €750,000.00 to a fraudster instead of Brabantia.
Brabantia claims payment of €750,000.00 in these proceedings for products supplied by it now that they were never paid to it due to the fraud.
The court rules that Bol.com must pay (again) to Brabantia, even though it is established that Brabantia's mailbox was hacked.
The court considered (on the basis of article 6:34 paragraph 1 BW) that the main rule is that the payment from Bol.com to the fraudster is not considered to be discharged (vis-à-vis Brabantia), but that special circumstances can make this different.
There are no such special circumstances in the court's view because - very briefly - information Bol.com had should have given rise to doubt and thus further investigation.
Decisively, the court considers that:
According to the court, Bol.com's arguments that Brabantia had been negligent due to a lack of security against hacks do not alter this (or at least do not make an exception to the main rule). Bol.com must therefore pay again.
I wonder whether this judgment will hold up on appeal. Not so much because of the consideration made, but more because the court applies article 6:34 paragraph 1 BW, while a month ago the Supreme Court rendered a judgment from which it follows that the question of whether once again payment must be made in invoice fraud cases should not be tested against article 6:34 paragraph 1 BW, but against other articles (3:35 BW, 3:36 BW, 3:61 paragraph 2 BW and 6:147 BW).
In this Supreme Court case, as a result of fraud, trading company Hascor paid an amount of €363,394.13 to a fraudster instead of supplier Devante (subsidiary of Yildrim Holding with which Hascor had been doing business for years).
In these proceedings, Devante claims payment of €363,394.13 for products supplied by it as they were never paid to it due to the fraud.
The court grants Devante's claim requiring Hascor to pay (again). Hascor appeals.
On appeal, the court dismissed the claim because, according to the court, there are special circumstances that make it imputable to Devante that Hascor mistook the e-mail containing the forged invoice as genuine and could reasonably have believed it to be genuine.
To this end, the court considers the following circumstances (among others) decisive:
What is striking compared to the District Court of Midden-Nederland is that the Court of Appeal does not test against Article 6:34 (1) of the Dutch Civil Code - as the District Court did in the Bol.com case - but against but against Articles 3:35, 3:36 and 3:61 (2) of the Dutch Civil Code and 6:147 of the Dutch Civil Code.
The Supreme Court upholds the court's ruling that there are special circumstances that prevent Hascor from having to pay (again).
Moreover, the Supreme Court confirms that in invoice fraud cases, the test should not be based on Article 6:34 BW, but on Articles 3:35 BW, 3:36 BW and 3:61 paragraph 2 BW and 6:147 BW.
Here there seems to be room for a very weighted judgment, in the sense that the damage can be partly for the account of the creditor and partly for the account of the debtor (thus depending on the circumstances of the case). In the case of the District Court of Midden-Nederland a black-and-white judgment was still assumed (i.e. either to pay or not to pay).
The main rule in cases of invoice fraud is (and remains) that the creditor may rely against the debtor that that statement did not come from him, but from a fraudster, even if the debtor has assumed and could reasonably assume that the statement came from the creditor. In that case, therefore, the debtor must pay (again).
Under special circumstances, this may be different and the debtor does not have to pay again.
These circumstances, however, must be such that they justify imputing to the creditor, in whole or in part, that the debtor believed the fraudster's statement to be genuine and could reasonably have believed it.
This may include the extent to which parties have taken adequate precautions to prevent the fraudster from being able to impersonate the creditor. ICT security plays an important role here.
Either way, prevention is better than cure. So make sure the chances of this happening to you are as small as possible. For specific tips, see my earlier article.
If you do unexpectedly face invoice fraud, take immediate action and hire a lawyer. Then you will have the best chance of recovering (some of) the amount paid.
As attorneys for business owners , we understand the importance of staying ahead. Together with us, you will have all the opportunities and risks in sight. Feel free to contact us and get personalized information about our services.