Crime Protection Insurance Policy

Fort Worth insurance lawyers will not see this situation very often. But it does happen. This is a case from the U. S District Court, Houston Division. The style of the case is Apache Corporation v. Great American Insurance Company.
Apache purchased a Crime Protection Policy from Great American. The Policy was an insurance policy meant to insure against several types of risk. One such category of risks the policy covered was “computer fraud.” The Computer Fraud section, or Section B.5 of the Policy read as follows:
5. Computer Fraud
We will pay for loss of, and loss from damage to, money, securities and other property resulting directly from the use of any computer to fraudulently cause a transfer of that property from inside the premises or banking premises:
a) to a person (other than a messenger) outside those premises; or
b) to a place outside those premises.

Steph Fraser, an Apache North Seas accounts payable employee, received a call from an individual claiming to be Emily Hebditch. Ms. Hebditch was an employee of Petrofac Facilities Management Limited (“Petrofac”), a vendor who did work for Apache. The caller, allegedly Ms. Hebditch, requested that Petrofac be allowed to change its account information where payment is sent for services rendered.
Ms. Fraser informed “Ms. Hebditch” that such a request must come on Petrofac letterhead. So the caller hung up and thereafter, on or about April 2, 2013, Apache Accounts Payable received an email with an attachment on Petrofrac letterhead requesting the change in account information. The submission was routed to Muriel Kelman, an Apache employee, to verify the request. Ms. Kelman called the number on the letterhead to verify the information in the aforementioned email. As soon as this information had been verified, Ms. Kelman entered the change request on Apache’s Sharepoint site where it was approved by Susan Grieg, the Apache North Sea Financial Accounting Manager. Thereafter payments began to the “new” Petrofac account.
In total, $2.4 million were wrongly directed to the fraudulent account. Several months after the change, Apache was contacted by Petrofac about several delinquent bills as it had not received any recent payments. This inquiry ultimately lead to an investigation that discovered the fraudulent activity. Apache filed a claim under the Policy seeking $1.4 million in damages, the total loss minus the $1 million deductible.
The inquiry for this Court was whether the fraudulent activity outlined above was covered by the Policy Apache purchased from Great American, specifically, did the loss to Apache result directly from computer fraud? Great American filed a motion for summary judgment arguing there was no coverage.
The present case turns on the meaning ofthe phrase “loss … resulting directly from [computer fraud].”
A Court’s primary concern when construing an insurance contract is to give effect to the intentions of the parties as expressed by the policy language. The terms used in the policy are given their plain, ordinary meaning unless the policy itself shows that the parties intended the terms to have a different, technical meaning. Further, under Texas law, the maxims of contract interpretation regarding insurance policies operate squarely in favor of the insured.
In the present case, Apache argued that the fraudulent email sent by the fraudsters in this case was computer fraud and directly caused the fraudulent transfer of funds. Apache argued that despite the intervening steps – the confirmation phone call and supervisor clearance – that took place after receiving the email, the fraudulent email was still a “substantial factor” in bringing about the injury. This Court agreed. These potentially intervening acts do not remove the loss from the protection afforded by the computer fraud coverage of the Policy. That is to say, despite the human involvement that followed the fraud, the loss still resulted directly from computer fraud, i.e. the email directing Apache to disburse payments to a fraudulent account.
As to the “human factor” steps that followed, one Northern District Court of Texas has reasoned, corporations can act “only through its human officers and employees.” Just because there is human involvement between the fraud and the loss does not necessarily mean the loss did not occur as a direct result of the fraud.
The question is one of the quality or severity of the intervening acts. In the present case, it is this Court’s determination that the intervening steps of the confirmation phone call and supervisory approval do not rise to the level of negating the email as being a “substantial factor” in bringing about the loss.