E–Shops Corp. v. U.S. Bank Nat'l Ass'n

• Decision Date: 18 May 2012
• Docket Number: No. 11–2474.,11–2474.
• Citation: 678 F.3d 659
• Parties: E–SHOPS CORP., an Arizona Corporation, individually and on behalf of all those similarly situated, doing business as Paintball Punks, Plaintiff–Appellant, v. U.S. BANK NATIONAL ASSOCIATION, Defendant–Appellee.
• Court: U.S. Court of Appeals — Eighth Circuit

678 F.3d 659

E–SHOPS CORP., an Arizona Corporation, individually and on behalf of all those similarly situated, doing business as Paintball Punks, Plaintiff–Appellant,

v.U.S. BANK NATIONAL ASSOCIATION, Defendant–Appellee.

No. 11–2474.

United States Court of Appeals,

Eighth Circuit.

Submitted: March 15, 2012.

Filed: May 18, 2012.

James Robert Noblin, argued, Long Beach, CA, David Michael Cialkowski, John Gordon Rudd, Jr., Minneapolis, MN, Robert S. Green, San Francisco, CA, on the brief, for appellant.

Peter William Carter, argued, Brian Vander Pol, on the brief, Minneapolis, MN, for appellee.

Before MURPHY, BRIGHT, and GRUENDER, Circuit Judges.

BRIGHT, Circuit Judge.

After receiving a number of chargebacks resulting from fraudulent use of U.S. Bank National Association (“U.S. Bank”) credit cards, E–Shops Corp. (“E–Shops”) filed a class action complaint alleging U.S. Bank knowingly allowed itself to be an instrument of the fraud, thereby making E–Shops's performance under its contract with its merchant bank more expensive. The district court ¹ dismissed E–Shops's complaint when it granted U.S. Bank's motion for failure to state a claim under Federal Rule of Civil Procedure 12(b)(6). E–Shops appeals the district court's dismissal. Because E–Shops fails to satisfy the required pleading standards, we affirm.

BACKGROUND

E–Shops is an online merchant that sells paintball equipment. According to E–Shops, a typical online transaction occurs as follows: a cardholder orders goods through an online form, the merchant processes the transaction and ships the goods, the merchant's processor provides the information to the cardholder's bank, which sends funds to the merchant's bank, which in turn deposits the funds into the merchant's account. When the cardholder receives a bill describing transactions they did not authorize, they can object. The cardholder's bank then initiates a chargeback to the merchant's bank, causing it to transfer back to the cardholder's bank any funds received for the transaction.

Between August and December of 2009, E–Shops received nine fraudulent orders made with U.S. Bank credit cards. These nine orders totaled $11,259.91 in merchandise. When the cardholders disputed the charges, U.S. Bank initiated chargebacks which caused HSBC bank, E–Shops's merchant bank, to send back the $11,259.91 to U.S. Bank.

Believing the chargebacks resulted from an alleged breach in U.S. Bank's data security system, E–Shops filed a complaint ² against U.S. Bank alleging four counts: (1) aiding and abetting fraudulent transactions; (2) intentional interference with contractual relations; (3) violations of the Minnesota Uniform Deceptive Trade Practices Act (MUDTPA) § 325F.69, subd. 1, and the Minnesota Consumer Fraud Act (MCFA) § 325D.44, subd. 1(13); and (4) unjust enrichment. In its nineteen-page complaint, E–Shops acknowledges the chargebacks are part of standard credit card network rules, but alleges in this instance they were “unusual” and “the most likely explanation ... is that the fraudulent activity resulted from a data breach at U.S. Bank.”

To avoid fraudulent transactions, E–Shops runs through a number of security checks to avoid fraudulent transactions made through its website. These include performing an “AVS” check to compare a “customer's address and ZIP code provided in the order form with the address and ZIP code on file for the cardholder at U.S. Bank” and a “CVC2” check, “which requires the customer to provide the three-digit code written at the end of the card number on top of the card's signature strip.” E–Shops “will only ship the requested products to the address that is on file at U.S. Bank” and requires the customer's signature on the receipt to complete delivery.

E–Shops further alleges that two U.S. Bank employees “admitted that the bank's system had been compromised” and that “U.S. Bank was well aware of the problem and that it had been going on for a while.” According to the employees, “U.S. Bank knows when fraudulent orders come through the system, because the cardholder typically has processed a change of address shortly before placing a large volume of orders on several different websites.” Noting the frequency of data breaches in the credit card industry in recent years, E–Shops acknowledges that “[s]ometimes the breach occurs at the merchant ... [i]n other cases ... the breach occurs at the processor; in that case, a thief would gain access to information about customers patronizing merchants that use that particular processor.”

Alleging that “the most likely explanation” for the fraud is a data breach with U.S. Bank's security system, E–Shops states that U.S. Bank “could have corrected the data breach at several points ... [and] notified all of the affected cardholders at once and cancelled their cards.” But E–Shops believes U.S. Bank had “strong incentives to cover up the data breach” as “it would stroke the fears and concerns of credit card fraud among its cardholders” and “seriously damage [its] position.”

Responding to E–Shops's complaint, U.S. Bank filed a motion to dismiss under Rule 12(b)(6) for failure to state a claim, which the district court granted. E–Shops now appeals the dismissal.

DISCUSSION

This court reviews de novo the grant of a motion to dismiss, taking all facts alleged in the complaint as true, and makes reasonable inferences in favor of the nonmoving party. Cent. Platte Natural Res. Dist. v. U.S. Dep't of Agric., 643 F.3d 1142, 1148 (8th Cir.2011). To withstand a Rule 12(b)(6) motion, a complaint must contain sufficient factual allegations to “state a claim to relief that is plausible on its face.” Bell Atl. Corp. v. Twombly, 550 U.S. 544, 547, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007). “[T]hreadbare recitals of the elements of a cause of action, supported by mere conclusory statements, do not suffice.” Ashcroft v. Iqbal, 556 U.S. 662, 678, 129 S.Ct. 1937, 173 L.Ed.2d 868 (2009) (citing Twombly, 550 U.S. at 555, 127 S.Ct. 1955). Further, in reviewing a dismissal under Rule 12(b)(6), this court is not limited to the allegations in the complaint, but may also consider “materials that do not contradict the complaint, or materials that are necessarily embraced by the pleadings.” Noble Sys. Corp. v. Alorica Cent., LLC, 543 F.3d 978, 982 (8th Cir.2008) (quotation omitted).

A. Aiding and Abetting Fraud

E–Shops alleges that U.S. Bank, in failing to correct the alleged data breach, aided and abetted unknown parties in obtaining credit card information from its cardholders to make the fraudulent transactions. A plaintiff who makes allegations based on fraud must state with particularity the circumstances constituting the fraud; although malice, intent, knowledge, and other conditions of a person's mind may be alleged generally. Fed.R.Civ.P. 9(b); Summerhill v. Terminix, Inc., 637 F.3d 877, 880 (8th Cir.2011). Rule 9(b)'s particularity requirement for fraud applies equally to a claim for aiding and abetting. Am. United Life Ins. Co. v. Martinez, 480 F.3d 1043, 1064–65 (11th Cir.2007). The level of particularity required depends on the nature of a case. BJC Health Sys. v. Columbia Cas. Co., 478 F.3d 908, 917 (8th Cir.2007). However, “[c]onclusory allegations that a defendant's conduct was fraudulent and deceptive are not sufficient to satisfy the rule.” Id. (citation omitted). Instead, the complaint must set forth the “who, what, when, where, and how” surrounding the alleged fraud. United States ex rel. Joshi v. St. Luke's Hosp., Inc., 441 F.3d 552, 556 (8th Cir.2006).

We apply Minnesota law—the forum state's substantive law—because jurisdiction is based on diversity. Blankenship v. USA Truck, Inc., 601 F.3d 852, 856 (8th Cir.2010). Minnesota law requires that E–Shops show: (1) a primary actor committed fraud that caused its injury; (2) U.S. Bank knew that the primary actor's conduct constituted fraud; and (3) U.S. Bank substantially assisted or encouraged the primary actor in committing the fraud. See Witzman v. Lehrman, Lehrman & Flom, 601 N.W.2d 179, 187 (Minn.1999) (beneficiary's allegations were insufficient to state a claim against accountants for aiding and abetting trustee's breach of trust).

Detrimental to the sufficiency of E–Shops's aiding and abetting claim is its failure to plead with particularity how U.S. Bank knowingly and substantially assisted the underlying fraud. An aider and abettor's knowledge of the wrongful purpose is a “crucial element in aiding or abetting” cases. Fed. Deposit Ins. Corp. v. First Interstate Bank of Des Moines, N.A., 885 F.2d 423, 431 (8th Cir.1989). To show U.S. Bank knew the unknown parties' conduct constituted fraud, E–Shops alleges the supposed admission of two U.S. Bank employees stating, “the bank's system had been compromised” and “U.S. Bank was well aware of the problem and that it had been going on for a while.” E–Shops does not, however, identify the employees, state their positions with U.S. Bank, state how they acquired such information, or whether the employees were authorized to speak on behalf of U.S. Bank. See Cornelia I. Crowell GST Trust v. Possis Med., Inc., 519 F.3d 778 (8th Cir.2008) (plaintiff must allege facts which demonstrate how the anonymous employees gained access to information that defendant made false statements of material fact).

E–Shops simply contends that the employees' statements confirmed a pattern of fraudulent activity—that “U.S. Bank knows when fraudulent orders come through the system, because the cardholder typically has processed a change of address shortly before placing a large volume of orders on several different websites.” The single suggestion that a change of address after a number of large orders signals identity theft is attenuated when, in the ordinary course of banking business, cardholders change their address for various unspecified reasons. There are no factual allegations that U.S. Bank knew the information it processed from the cardholders were false at the...