In Star Title Partners of Palm Harbor LLC v. Illinois Union Insurance Co.the Eleventh Circuit Court of Appeals upheld the insurer’s judgment and ruled that coverage did not exist in the plain language of the cybercrime endorsement of a cybersecurity policy for a Florida title company who was fraudulently enticed to wire funds to the account of a fraudster posing as a mortgage lender.
In the summer of 2019, Star Title was hired by a homeowner to facilitate the sale of his home. The owner has identified Capital Mortgage Services of Texas as its mortgage lender and lien holder. Shortly after, Star Title’s appointed processor for the sale received an email from an unknown actor claiming to be a Capital Mortgage representative named “Kaitlyn Holt” with a copy of the requested payment statement and instructions on how to transfer of payment funds. Star Title also received a second copy of the payment statement by fax, which matched the email statement. Without any suspicion of fraud, the designated processor initiated the payment on what she believed to be a genuine payment statement. Another employee approved the payment under Star Title’s two-person authentication protocol, and Star Title subsequently transferred approximately $181,000 to the fraudster’s account.
After being notified that Capital Mortgage had not received payment, Star Title discovered that the information received by email and fax was incorrect and submitted a claim to Illinois Union Insurance Co. under the endorsement on cybercrime of its policy, which provides, in the relevant part:
We will pay for your loss of funds as a direct result of you transferring, paying or delivering funds from your account as a direct result of your employee’s intentional deception, through misrepresentation of a material fact ( “deceptive transfer”) which is:
- invoked by an employee, and
- sent via phone call, email, text message, instant message, social media-related communication, or other electronic instruction, including phishing, phishing, social engineering, pretexting, hijacking, or another trust system, and,
- sent by someone claiming to be an employee, customer, customer or supplier; and,
- the authenticity of this transfer request is verified in accordance with Your internal procedures.
In response to Star Title’s claim, Illinois National denied coverage because the claim failed to satisfy the last two elements: (1) Capital Mortgage was not an employee, customer, customer, or supplier of Star Title ; and (2) Star Title has not attempted to verify the authenticity of the transfer request in accordance with its internal procedures.
The Eleventh Circuit interpreted the language of the policy according to its ordinary meaning in the absence of policy definitions for “employee”, “customer”, “customer”, and “vendor”. According to the court, because the fraudster identified herself as a representative of Capital Mortgage, which is a mortgage lender, she could not be an employee, client, client or salesperson of Star Title. The Eleventh Circuit noted that Star Title did not “control [Capital Mortgage’s] performance at work”, “sell [Capital Mortgage] a particular product” or “to provide him with a particular service”. Although Star Title asserted that it provided a service to Capital Mortgage by holding and delivering the redemption funds and that Capital Mortgage also provided a service to Star Title by applying the funds to the seller’s account, the court is not persuaded . On the contrary, the Eleventh Circuit found that even though Capital Mortgage and Star Title shared a customer, i.e., the seller of the residence, such a relationship did not create a customer-seller relationship between the two. As a result, the court upheld the summary judgment because the wording of the policy did not provide coverage for this case of fraudulent conveyance.