Payment of remuneration for work in case of fraudulent alteration of bank account details – Decision of the Regional Court of Koblenz
Companies and private individuals are repeatedly affected by so-called “CEO fraud” or “fake president” cases, in which unknown third parties use fake emails or other manipulative means of communication to have payments redirected to different, fraudulently used bank accounts. The legal consequences of such scenarios were again sharply highlighted by the judgment of the Regional Court of Koblenz, Ref.: 8 O 271/22, of February 29, 2024. The judicial decision makes clear the considerable risks faced by principals who fall victim to manipulated payment instructions.
Facts of the case and central issue
In the specific case, a principal commissioned a company to carry out work. In the course of subsequent communication, as yet unknown third parties managed to intervene in the email correspondence and falsely present a change in the bank details. As a result, the principal transferred the agreed remuneration not to the contractor as contractually agreed, but to the fraudsters’ account. The manipulation was only discovered later. Consequently, the contractor did not receive the agreed payment and rightfully demanded payment.
The Regional Court of Koblenz had to consider the essential question of whether such a misdirected payment to an account named by the fraudster can fulfill the claim for remuneration, or whether the principal remains obliged to pay again.
Legal situation in case of a mistaken transfer without fault
Effect of performance according to § 362 BGB
In contract law for work and services, it is decisive whether payment of a monetary claim is actually made to the entitled creditor. According to § 362 of the German Civil Code (BGB), an obligation is extinguished only if the owed performance is rendered to the creditor or to a third party authorized to receive it. If the debtor instead pays to an unauthorized third party – for example, as a result of deception through “social engineering” – the payment generally loses its liberating effect with respect to the original creditor.
The Regional Court of Koblenz confirmed these principles and clarified: transfer to a fraudulently manipulated account is insufficient to fulfill contractual obligations, because the actual creditor receives no access to the funds. The principal remains obliged to pay the contractor, regardless of whether the fraudulent manipulation can be attributed to them. Contractual risk allocation assigns the risk of erroneous transfers to the debtor at least in cases where there are no differing arrangements—such as an alternative recipient authorization or unauthorized agency—in place.
Principle of attribution of performance and apparent authority
Only in cases where the creditor has authorized a third party to receive payment or has created a representative situation attributable to the debtor could a different result apply. In the case at hand, however, such conduct could not be established. In the opinion of the court, the use of a deceptive email was therefore not sufficient to establish a payment with effect of performance towards the contractor.
Risks and need for prevention in corporate practice
The decision illustrates the considerable risks involved in the processing of payments in electronic commerce. Companies and private individuals are obliged to secure their communication processes as best as possible. Inadequate verification mechanisms or uncritical acceptance of changes in payment details can lead to the situation where a payment already made has no liberating effect. In these cases, the debtor must pay the outstanding amount a second time to the actual creditor, usually without promising prospects of recourse against the fraudster.
Civil law and practical implications
The judgment of the Regional Court of Koblenz raises a series of practical follow-up questions. In particular, this affects the internal organization of payment processes, the implementation of control mechanisms in case of changes to bank accounts, and the interconnection of criminal investigations in business fraud with civil law repayment obligations. From a civil law perspective, the risk of successful manipulation by fraudulent alteration of account data generally lies with the debtor. Possibilities for recourse against the perpetrator often remain purely theoretical, as the fraudsters are typically unreachable.
Ongoing proceedings and legal classification
It should be noted that criminal investigations against unknown persons were not yet completed at the time of the decision. The names of the parties involved are anonymized for data protection and privacy reasons. Additionally, other possible case scenarios must always be examined individually and can lead to different results.
Readers who are confronted with similar issues in the context of payment processing, contract law for work and services, or deception in electronic commerce can discreetly contact the Rechtsanwalt at MTR Legal to assess their individual legal situation.
