How Do Transacting Parties Bear Losses After Cross-Brade Trade Remittance Fraud?
How Do Transacting Parties Bear Losses After Cross-Brade Trade Remittance Fraud?
In cross-border trade, fraudsters often carry out remittance fraud by hacking email accounts, cloning email addresses, and tampering with payment information. Due to the difficulty of cross-border asset recovery, losses must be allocated among the transacting parties. When determining liability, courts apply strict liability as the primary principle under the Civil Code, supplemented by fault liability. The core of liability allocation lies in examining whether each party has fulfilled its "duty of reasonable care," comprehensively considering whether the payer and its agent have fulfilled the obligation to verify abnormal payment information through multiple channels, whether the payee has properly maintained email security, and whether obvious red flags of fraud were ignored. Ultimately, losses are allocated based on each party's degree of fault.
Cross-border trade sounds sophisticated, but the methods of fraud may not be. In cross-border trade, which heavily relies on email for business communications, fraudsters may use hacking techniques to breach email accounts, track transactions, and impersonate the payee to obtain payment. This type of fraud is not uncommon. However, in the context of cross-border transactions with varying banking regulations and practices across different jurisdictions, it provides a unique breeding ground for international remittance fraud.
So, how should losses from such payment fraud be allocated among the transacting parties? What principles and reasons do courts use to determine liability? This article attempts to analyze these issues.
I. How Does Remittance Fraud Occur in Cross-Border Trade?
With the development of technology, email has replaced traditional communication methods such as telephone and fax, becoming the most important means of communication between parties in cross-border trade. However, such methods of contact and communication, lacking direct audio or visual interaction, combined with ever-evolving hacking techniques, provide opportunities for cross-border trade fraud. Fraud through email in cross-border trade can be generally summarized in the following five steps:
Intrusion
Fraudsters use hacking techniques to breach the email account of the intended target. Through the emails in the account, they learn about the transaction content, process, payment timing, and other information of the transacting parties, in order to seize the critical moment to execute the fraud.
Lying in Wait
The fraudsters track the ongoing transaction, lying in wait for the critical moment to execute the fraud.
Email Cloning
The fraudsters clone an email address that closely resembles the payee’s address, so they can use this address to send fraudulent information at the critical moment.
Interception and Tampering
Once a payment plan emerges, the hackers act. They use hacking techniques to intercept the payment information provided by the payee, including bank account details, and send emails to the payer through the cloned similar email address, with tampered bank account and transaction documents. During this process, they also block email communication between the payer and the payee, impersonating the payee to communicate with the payer.
Fraud Accomplished
After the fraudsters complete the above four steps, if the payer is not careful enough and fails to verify through telephone, WeChat, or other means of communication again, they may fall into the fraudsters’ trap and remit the payment to the wrong account.
If you have lived in China for a long time, you may find it unimaginable that commercial banks would credit payments based solely on the payee’s account number. The practice of only verifying the payee’s account number overturns the understanding of Chinese payers regarding bank remittances, even if they find it hard to believe after being defrauded. However, some European and American commercial banks do exactly this, which undoubtedly increases the concealment of international remittance fraud. When tampering with payment information, fraudsters only need to modify the payee’s account number and receiving bank, while keeping the payee’s name and address unchanged, making the modified information seem insignificant and thus lulling the counterparty into a false sense of security.
Once the fraud succeeds, due to the difficulty of international criminal investigation, recovery of the payment is far off. Ultimately, the loss can only be allocated among the buyer, seller, or other transaction participants.
II. Principle of Imputation: Strict Liability as the Primary Principle, Fault Liability as Supplementary
The principle of imputation refers to the principles and methods to be followed when assessing liability.
There are three scholarly views on the principle of imputation in China’s contract law: First, the principle of strict liability (also known as the principle of no-fault liability); second, fault liability as the principle with strict liability as the exception; third, strict liability as the primary principle with fault liability as supplementary.
In the aforementioned international remittance fraud scenario, based on the trade contract, does the payer’s mistaken remittance due to fraud constitute a failure to perform contractual obligations as agreed under Article 577 of the Civil Code (民法典)?
Should the payer therefore bear liability for breach of contract, such as continuing performance, taking remedial measures, or compensating for losses?
In particular, can the obvious external factor of fraud serve as a reason to reduce or exempt the payer’s liability?
Article 593 of the Civil Code seems to exclude the defense of exemption based on external factors, leaving liability to be allocated only among the contract parties.
Going further, Article 592, Paragraph 2 of the Civil Code stipulates that contributory fault can reduce liability for compensation.
Going even further, Article 929 of the Civil Code stipulates:
“For a compensated mandate contract, if the mandatary’s fault causes losses to the mandator, the mandator may claim compensation for the losses from the mandatary.”
“For an uncompensated mandate contract, if the mandatary’s intent or gross negligence causes losses to the mandator, the mandator may claim compensation for the losses from the mandatary.”
From this perspective, the third view seems more consistent with legal provisions. Although the principle is no-fault liability in principle, in scenarios involving contributory fault or mandate contracts, liability is still determined based on fault.
So, how do we find fault among the transacting parties in international remittance fraud cases from the蛛丝马迹 (clues)?
III. How to Determine Each Party’s Fault: The Duty of Reasonable Care
In the case (2021) Su 0114 Min Chu No. 6225, Quan Company entrusted Shun Company as its import agent to import goods from Sheng Company.
When making the payment as agent, Shun Company was unfortunately defrauded of RMB 1.27 million in the manner described in this article.
The trial court held that the受托人 (mandatary) Shun Company failed to pay the involved货款 to the fixed account of the third party Sheng Company as instructed by the mandator. Without the mandator’s consent, Shun Company unilaterally changed the payment account instructed by the mandator, resulting in the third party not actually receiving the RMB 1.27 million involved, causing losses to the mandator Quan Company.
Therefore, the court found that Shun Company, as the受托人 (mandatary), was at fault and constituted breach of contract.
Ultimately, the court ruled that Shun Company, as the受托人, bore all the货款 losses.
In this case, we represented Taiwan Sheng Company as a third party in the litigation.
This case appears to be a dispute between the mandator Quan Company and the受托人 Shun Company, requiring only the determination of corresponding compensation liability based on Shun Company’s fault.
However, this is not the case. The amount of liability borne by Shun Company is necessarily related to Sheng Company. If the loss cannot be fully allocated between Quan Company and Shun Company, Sheng Company would bear the risk of the loss.
Therefore, to prove that Sheng Company had not actually received the payment, we submitted to the court the email correspondence between the transacting parties. We conducted detailed comparisons of email details, such as changes in email account addresses, changes in attachment content and format, and comparisons of sending times, to prove the fact of hacking.
At the same time, we retrieved and submitted extensive practical materials showing that European and American banks credit payments based solely on the bank account number.
In the judgment, the court assigned the burden of proof to Shun Company regarding whether the hacker’s cloned similar email account belonged to the third party Sheng Company and whether the RMB 1.27 million was actually paid to Sheng Company’s account.
In other words, under the no-fault liability of Article 577 of the Civil Code for non-conforming performance of contractual obligations, Shun Company had to prove that it had performed its contractual obligations in accordance with the contract.
Shun Company failed to meet its burden of proof, so it was presumed to have私自 changed the mandate instructions, establishing fault, and thus bore compensation liability.
In the case (2016) Min Zhong No. 663, the court found that the payer was at fault for failing to verify the changed payee account through telephone or other means of confirmation when remitting the payment to the wrong account, thus failing to exercise the duty of careful review.
At the same time, the court considered that the payee’s customer contact email had been illegally侵入, and the payee failed to maintain and inspect it in a timely manner, also constituting corresponding fault.
Ultimately, based on the parties’ agreement on loss sharing, the court ruled that each party bore 50% of the loss liability.
In fact, looking deeper into the details of the case, there are still many traces of fraud that should have drawn the payer’s attention.
For example, in the case we handled (2021) Su 0114 Min Chu No. 6225, the fraudster first provided a completely unfamiliar account number, and the second time provided a payee account whose receiving bank and address were located in the UK, far away from the regions of the transacting parties (Taiwan, China, and Mainland China, respectively), with no connection whatsoever.
The provided INVOICE and payment documents were in JPG format, while the payee consistently used PDF format, etc.
These are precisely the reasonable doubts that would indicate possible fraud. An experienced remittance bank or agent should be able to use such details to remind customers to beware of fraud and suggest verifying information through other channels.
Summarizing the above cases, it seems that courts generally assess liability based on the no-fault liability principle under Article 577 of the Civil Code, supplemented by the ‘standard of reasonable care’ to measure the allocation of responsibility among the parties in the transaction. For example, whether the payer carefully verified changes in email addresses, changes in payee account numbers, etc.
At the same time, whose email was hacked and whether that email system was carefully maintained and inspected may also become reasons for determining fault.
THE END
Authors
Long An Shanghai Attorney He Defeng
Long An Shanghai Attorney Lin Zhengnan