First Data Merch. Servs. Corp. v. SecurityMetrics, Inc.
| Decision Date | 13 November 2013 |
| Docket Number | Civil Action No. RDB-12-2568 |
| Parties | FIRST DATA MERCHANT SERVICES CORPORATION, et al., Plaintiffs, v. SECURITYMETRICS, INC., Defendant. |
| Court | U.S. District Court — District of Maryland |
This action arises out of a continuing dispute between the parties following the settlement of litigation in the United States District Court for the District of Utah. In this action, Plaintiff First Data Merchant Services Corporation ("FDMS") and First Data Corporation ("FDC") (collectively "First Data") assert claims against Defendant Security-Metrics, Inc. ("SecurityMetrics") relating to SecurityMetrics' alleged post-settlement misconduct.1 Subsequently, SecurityMetrics answered the Complaint and asserted fifteen counterclaims sounding in various doctrines of contract, trademark, and antitrust law. Currently pending before this Court is Plaintiffs' Motion to Dismiss Certain of Defendant'sCounterclaims (ECF No. 163). The Motion is fully briefed. The parties' submissions have been reviewed and no hearing is necessary. See Local Rule 105.6 (D. Md. 2011). For the reasons that follow, the Morion of First Data Merchant Services Corp. and First Data Corporation to Dismiss Certain of Defendant's Counterclaims (ECF No. 163) is DENIED IN PART and GRANTED IN PART. Specifically, the Motion is denied in all respects except for Counts Eleven and Thirteen in so far as those counts allege monopolization in violation of § 2 of the Sherman Antitrust Act, 15 U.S.C. § 2, and § 11-204(a)(2) of the Commercial Law Article of the Maryland Code, Md. Code, Com. Law § 11-204(a)(2).
This Court accepts as true the facts alleged in the Security-Metrics' counterclaims. See v. Alcolac, Inc., 658 F.3d 388, 390 (4th Cir. 2011). As this Court has already issued a number of written opinions and letter orders in this case, and because the pending motion only addresses certain of SecurityMetrics' counterclaims, the Court includes only a short summary of the relevant allegations here.
In the payment card industry, there are a few main types of service providers. An "issuer" issues a payment card to a consumer and bills and collects amounts due from the consumer. Def.'s Countercls. ¶ 14. The other main sendee is provided on the merchant side; "once a consumer initiates a payment card transaction by offering a card to pay a merchant for goods or services," an "acquirer" obtains authorization for the transaction from the consumer's issuer and then clears and settles the transaction so that the merchant gets paid and the consumer's account gets charged, Id. ¶ 15. In addition, some paymentcard brands or associations operate in open networks that allow separate entities or banks to operate as issuers and acquirers; in such open networks, "processors" help to facilitate the communication and setdement of payment, Id. ¶¶ 16, 17. FDMS is an acquirer, id. ¶ 19, while FDC is the payment processor for FDMS's transactions. Id. ¶ 20.
The term "PCI" was originally as an acronym for "Payment Card Industry." Id. ¶ 21. Now, however, the term is also used to refer to the PCI Security Standards Council (PCI Council") and the PCI Data Security Standard ("PCI Standard") managed by the PCI Council. Id.
American Express, Discover, JCB, MasterCard, and Visa (collectively, "Card Brands") formed the PCI Council in 2006. Id. ¶ 22. The PCI Council developed the PCI Standard. The Card Brands agreed to adopt the PCI Council's PCI Standard as their data security compliance requirement for all merchants. Id. ¶¶ 22, 28. Thus, the Card Brands enforce compliance with the PCI Standard and determine the penalties for non-compliance. Id. ¶ 23.
While the PCI standard is universal, the various Card Brands have different requirements for demonstrating or validating compliance with the standard. Id. ¶ 28. The category at issue in this case are "Level 4 merchants"2—those merchants with the lowest transaction volume. Id. ¶ 30. Level 4 merchants are more numerous than higher-volume merchants and, as such, have the most collective transactions. Id. For these lower-volumemerchants, the PCI Council provides the Self-Assessment Questionnaire ("SAQ"). Id. ¶ 26. The SAQ is a validation tool intended to assist merchants in self-evaluating their compliance with the PCI Standard. Id. ¶ 26.
Within the payment card industry, there are a number of different types of PCI compliance service vendors, including: Approved Scanning Vendors ("ASVs"), Qualified Security Assessors ("QSAs"), Payment Application Qualified Security Assessors ("PA-QSAs"), PCI Forensic Investigators ("PFIs"), and Point-to-Point Encryption assessors ("P2PEs"). The Card Brands recognize each of those certifications. Id. ¶ 24. The PCI Council also certifies these vendors. Id. SecurityMetrics is certified by the PCI Council as an ASV, QSA, PA-QSA, PFI, and P2PE. Id. ¶ 25. First Data has none of those certifications. Id. ¶ 25.
First Data is a global payment processor engaged in the business of processing credit and debit card transactions for merchants and independent sales organizations ("ISOs") who use First Data's card processing services. See Def.'s Answer ¶ 15. SecurityMetrics provided compliance services to some merchants for whom First Data provides processing services. Def.'s Countercls. ¶ 50.
For several years, the parties worked together pursuant to a series of contracts. Def.'s Countercls. ¶¶ 51-55. Under those agreements, Id. ¶ 55. The agreement was last renewed on January 3, 2012. Id. ¶ 57. SecurityMetrics alleges, however, that First Data materially breached the agreement in April 2012 and then unilaterally and prematurely terminated it in May 2012. Id. ¶ 57. Since that point, SecurityMetrics ceased SMART reporting and began to send emails containing links to PDF reports of compliance. Id. ¶ 58.
SecurityMetrics alleges that in June 2012 First Data began offering a service called "PCI Rapid Comply," which competes with the services offered by SecurityMetrics. Id. ¶ 59. First Data imposes billing minimums on ISOs, and SecurityMetrics alleges that, when calculating these minimums, First Data counts fees for PCI Rapid Comply towards the required minimums, but refuses to count costs or fees paid to vendors of other PCI compliance services. Id. ¶ 143. In addition, SecurityMetrics asserts that First Data represented that merchants who used compliance verification vendors other than PCI Rapid Comply would have to pay for those services in addition to the cost of PCI Rapid Comply. W.¶112.
In May of 2012, FDMS filed suit in First Data Merchant Services Corporation v. SecurityMetrics, Inc., Case No. 2:12-cv-495 ("Utah Action") in the United States District Court for the District of Utah ("Utah Court") and moved for a temporary restraining order and preliminary injunction requiring SecurityMetrics to resume START reporting. Id. ¶¶ 60-61. The Utah Court denied the motion, id. ¶ 61, and the parties entered mediation, which resulted in the signing of Terms of Setdement ("Setdcment Terms") by both parties.3 Id. ¶62.
In the wake of the settlement, First Data filed the presently pending action before this Court on August 27, 2012. See PL's Compl., ECF No. 1. Following a stay of this action pending final disposition of the Utah Action and the subsequent denial of FDMS's Preliminary Injunction Motion filed before this Court, FDMS was permitted to amend its Complaint (ECF No. 91). As a result, First Data filed the Amended Complaint (ECF No. 92) on March 8, 2013. SecurityMetrics answered the Complaint on August 26, 2013 and asserted fifteen counterclaims of its own against First Data. See ECF No. 157. SecurityMetrics' Counterclaims include claims for Specific Performance of the First Settlement Term (Count I), declaratory judgment with respect to third and fifth Settlement Terms (Counts 11 & III), injurious falsehoods (Count IV), federal false advertising (Count V), federal false endorsement (Count VI), cancellation of registration (Count VII), Utah Deceptive Trade Practices violations (Count VIII), tortious interference (Count IX), restraintof trade under federal and Maryland law (Counts X & XII), monopolization and attempted monopolization under federal and Maryland law (Counts XI & XIII), Man-land predator)' pricing (Count XIV), and Maryland tying (Count XV). First Data's Motion to Dismiss Certain of Defendant's Counterclaims (ECF No. 163), filed on September 19, 2013, targets only a few of these counts. Specifically, First Data seeks to dismiss the first, fifth, part of the sixth, seventh, tenth, eleventh, twelfth, thirteenth, fourteenth, and fifteenth counterclaims.
First Data moves to dismiss SecurityMetrics' counterclaims pursuant to Rule 12(b)(6) of the Federal Rules of Civil Procedure. This Court applies the same standard of review that would be applied to a Rule 12(b)(6) motion to dismiss a complaint. Shoregood Water Co. v. U.S. Bottling Co., No. RDB-08-2470, 2010 WL 1923992, at *1-*2 (D. Md. May 11, 2010) (Bennett, J.) (); see also Fisher v. Virginia Blec. and Power Co., 258 F. Supp. 2d 445, 447 (E.D. Va. 2003).
Under Rule 8(a)(2) of the Federal Rules of Civil Procedure, a pleading must contain a "short and plain statement of the claim showing that the pleader is entitled to relief." FED. R. CIV. P. 8(a)(2). Rule 12(b)(6) of the Federal Rules of Civil Procedure authorizes the dismissal of a pleading if it...
To continue reading
Request your trial