Searching over 5,500,000 cases.

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

First Data Merchant Services Corporation v. Securitymetrics, Inc.

United States District Court, Fourth Circuit

November 12, 2013



Richard D. Bennett United States District Judge

This action arises out of a continuing dispute between the parties following the settlement of litigation in the United States District Court for the District of Utah. In this action, Plaintiff First Data Merchant Services Corporation (“FDMS”) and First Data Corporation (“FDC”) (collectively “First Data”) assert claims against Defendant SecurityMetrics, Inc. (“SecurityMetrics”) relating to SecurityMetrics’ alleged post-settlement misconduct.[1] Subsequently, SecurityMetrics answered the Complaint and asserted fifteen counterclaims sounding in various doctrines of contract, trademark, and antitrust law. Currently pending before this Court is Plaintiffs’ Motion to Dismiss Certain of Defendant’s Counterclaims (ECF No. 163). The Motion is fully briefed. The parties’ submissions have been reviewed and no hearing is necessary. See Local Rule 105.6 (D. Md. 2011). For the reasons that follow, the Motion of First Data Merchant Services Corp. and First Data Corporation to Dismiss Certain of Defendant’s Counterclaims (ECF No. 163) is DENIED IN PART and GRANTED IN PART. Specifically, the Motion is denied in all respects except for Counts Eleven and Thirteen in so far as those counts allege monopolization in violation of § 2 of the Sherman Antitrust Act, 15 U.S.C. § 2, and § 11-204(a)(2) of the Commercial Law Article of the Maryland Code, Md. Code, Com. Law § 11-204(a)(2).


This Court accepts as true the facts alleged in the SecurityMetrics’ counterclaims. See Aziz v. Alcolac, Inc., 658 F.3d 388, 390 (4th Cir. 2011). As this Court has already issued a number of written opinions and letter orders in this case, and because the pending motion only addresses certain of SecurityMetrics’ counterclaims, the Court includes only a short summary of the relevant allegations here.

A. The Payment Card Industry

In the payment card industry, there are a few main types of service providers. An “issuer” issues a payment card to a consumer and bills and collects amounts due from the consumer. Def.’s Countercls. ¶ 14. The other main service is provided on the merchant side; “once a consumer initiates a payment card transaction by offering a card to pay a merchant for goods or services, ” an “acquirer” obtains authorization for the transaction from the consumer’s issuer and then clears and settles the transaction so that the merchant gets paid and the consumer’s account gets charged. Id. ¶ 15. In addition, some payment card brands or associations operate in open networks that allow separate entities or banks to operate as issuers and acquirers; in such open networks, “processors” help to facilitate the communication and settlement of payment. Id. ¶¶ 16, 17. FDMS is an acquirer, id. ¶ 19, while FDC is the payment processor for FDMS’s transactions. Id. ¶ 20.

The term “PCI” was originally as an acronym for “Payment Card Industry.” Id. ¶ 21. Now, however, the term is also used to refer to the PCI Security Standards Council (“PCI Council”) and the PCI Data Security Standard (“PCI Standard”) managed by the PCI Council. Id.

American Express, Discover, JCB, MasterCard, and Visa (collectively, “Card Brands”) formed the PCI Council in 2006. Id. ¶ 22. The PCI Council developed the PCI Standard. The Card Brands agreed to adopt the PCI Council’s PCI Standard as their data security compliance requirement for all merchants. Id. ¶¶ 22, 28. Thus, the Card Brands enforce compliance with the PCI Standard and determine the penalties for non-compliance. Id. ¶ 23.

While the PCI standard is universal, the various Card Brands have different requirements for demonstrating or validating compliance with the standard. Id. ¶ 28. The category at issue in this case are “Level 4 merchants”[2]—those merchants with the lowest transaction volume. Id. ¶ 30. Level 4 merchants are more numerous than higher-volume merchants and, as such, have the most collective transactions. Id. For these lower-volume merchants, the PCI Council provides the Self-Assessment Questionnaire (“SAQ”). Id. ¶ 26. The SAQ is a validation tool intended to assist merchants in self-evaluating their compliance with the PCI Standard. Id. ¶ 26.

Within the payment card industry, there are a number of different types of PCI compliance service vendors, including: Approved Scanning Vendors (“ASVs”), Qualified Security Assessors (“QSAs”), Payment Application Qualified Security Assessors (“PA-QSAs”), PCI Forensic Investigators (“PFIs”), and Point-to-Point Encryption assessors (“P2PEs”). The Card Brands recognize each of those certifications. Id. ¶ 24. The PCI Council also certifies these vendors. Id. SecurityMetrics is certified by the PCI Council as an ASV, QSA, PA-QSA, PFI, and P2PE. Id. ¶ 25. First Data has none of those certifications. Id. ¶ 25.

B. The Relationship of the Parties

First Data is a global payment processor engaged in the business of processing credit and debit card transactions for merchants and independent sales organizations (“ISOs”) who use First Data’s card processing services. See Def.’s Answer ¶ 15. SecurityMetrics provided compliance services to some merchants for whom First Data provides processing services. Def.’s Countercls. ¶ 50.

For several years, the parties worked together pursuant to a series of contracts. Def.’s Countercls. ¶¶ 51-55. Under those agreements, “First Data promoted SecurityMetrics to its Level 4 merchant customers as its preferred vendor for services relating to validation of compliance with PCI Standards, and SecurityMetrics developed and utilized a protocol for reporting validation of compliance through what is known as the “START” system. START is not an industry standard and it is not prescribed by the PCI Council.” Id. ¶ 55. The agreement was last renewed on January 3, 2012. Id. ¶ 57. SecurityMetrics alleges, however, that First Data materially breached the agreement in April 2012 and then unilaterally and prematurely terminated it in May 2012. Id. ¶ 57. Since that point, SecurityMetrics ceased SMART reporting and began to send emails containing links to PDF reports of compliance. Id. ¶ 58.

SecurityMetrics alleges that in June 2012 First Data began offering a service called “PCI Rapid Comply, ” which competes with the services offered by SecurityMetrics. Id. ¶ 59. First Data imposes billing minimums on ISOs, and SecurityMetrics alleges that, when calculating these minimums, First Data counts fees for PCI Rapid Comply towards the required minimums, but refuses to count costs or fees paid to vendors of other PCI compliance services. Id. ¶ 143. In addition, SecurityMetrics asserts that First Data represented that merchants who used compliance verification vendors other than PCI Rapid Comply would have to pay for those services in addition to the cost of PCI Rapid Comply. Id. ¶ 112.

In May of 2012, FDMS filed suit in First Data Merchant Services Corporation v. SecurityMetrics, Inc., Case No. 2:12-cv-495 (“Utah Action”) in the United States District Court for the District of Utah (“Utah Court”) and moved for a temporary restraining order and preliminary injunction requiring SecurityMetrics to resume START reporting. Id. ¶¶ 60-61. The Utah Court denied the motion, id. ¶ 61, and the parties entered mediation, which resulted in the signing of Terms of Settlement (“Settlement Terms”) by both parties.[3] Id.

C. The Presently Pending Action

In the wake of the settlement, First Data filed the presently pending action before this Court on August 27, 2012. See Pl.’s Compl., ECF No. 1. Following a stay of this action pending final disposition of the Utah Action and the subsequent denial of FDMS’s Preliminary Injunction Motion filed before this Court, FDMS was permitted to amend its Complaint (ECF No. 91). As a result, First Data filed the Amended Complaint (ECF No. 92) on March 8, 2013. SecurityMetrics answered the Complaint on August 26, 2013 and asserted fifteen counterclaims of its own against First Data. See ECF No. 157. SecurityMetrics’ Counterclaims include claims for Specific Performance of the First Settlement Term (Count I), declaratory judgment with respect to third and fifth Settlement Terms (Counts II & III), injurious falsehoods (Count IV), federal false advertising (Count V), federal false endorsement (Count VI), cancellation of registration (Count VII), Utah Deceptive Trade Practices violations (Count VIII), tortious interference (Count IX), restraint of trade under federal and Maryland law (Counts X & XII), monopolization and attempted monopolization under federal and Maryland law (Counts XI & XIII), Maryland predatory pricing (Count XIV), and Maryland tying (Count XV). First Data’s Motion to Dismiss Certain of Defendant’s Counterclaims (ECF No. 163), filed on September 19, 2013, targets only a few of these counts. Specifically, First Data seeks to dismiss the first, fifth, part of the sixth, seventh, tenth, eleventh, twelfth, thirteenth, fourteenth, and fifteenth counterclaims.


First Data moves to dismiss SecurityMetrics’ counterclaims pursuant to Rule 12(b)(6) of the Federal Rules of Civil Procedure. This Court applies the same standard of review that would be applied to a Rule 12(b)(6) motion to dismiss a complaint. Shoregood Water Co. v. U.S. Bottling Co., No. RDB-08-2470, 2010 WL 1923992, at *1-*2 (D. Md. May 11, 2010) (Bennett, J.) (applying normal 12(b)(6) standard of review to a motion to dismiss counterclaims); see also Fisher v. Virginia Elec. and Power Co., 258 F.Supp.2d 445, 447 (E.D. Va. 2003).

Under Rule 8(a)(2) of the Federal Rules of Civil Procedure, a pleading must contain a “short and plain statement of the claim showing that the pleader is entitled to relief.” Fed.R.Civ.P. 8(a)(2). Rule 12(b)(6) of the Federal Rules of Civil Procedure authorizes the dismissal of a pleading if it fails to state a claim upon which relief can be granted. The purpose of Rule 12(b)(6) is “to test the sufficiency of [the pleading] and not to resolve contests surrounding the facts, the merits of a claim, or the applicability of defenses.” Presley v. City of Charlottesville, 464 F.3d 480, 483 (4th Cir. 2006).

The Supreme Court’s recent opinions in Bell Atlantic Corp. v. Twombly, 550 U.S. 544 (2007), and Ashcroft v. Iqbal, 556 U.S. 662 (2009), “require that [claims] in civil actions be alleged with greater specificity than previously was required.” Walters v. McMahen, 684 F.3d 435, 439 (4th Cir. 2012) (citation omitted). The Supreme Court’s decision in Twombly articulated “[t]wo working principles” that courts must employ when ruling on Rule 12(b)(6) motions to dismiss. Iqbal, 556 U.S. at 678. First, while a court must accept as true all the factual allegations contained in the pleading, legal conclusions drawn from those facts are not afforded such deference. Id. (stating that “[t]hreadbare recitals of the elements of a cause of action, supported by mere conclusory statements, do not suffice” to plead a claim).

Second, a pleading must be dismissed if it does not allege “a plausible claim for relief.” Id. at 679. Under the plausibility standard, a pleading must contain “more than labels and conclusions” or a “formulaic recitation of the elements of a cause of action.” Twombly, 550 U.S. at 555. Although the plausibility requirement does not impose a “probability requirement, ” id. at 556, “[a] claim has facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Iqbal, 556 U.S. at 678; see also Robertson v. Sea Pines Real Estate Cos., 679 F.3d 278, 291 (4th Cir. 2012) (“A complaint need not make a case against a defendant or forecast evidence sufficient to prove an element of the claim. It need only allege facts sufficient to state elements of the claim.” (emphasis in original) (internal quotation marks and citation omitted)). In making this assessment, a court must “draw on its judicial experience and common sense” to determine whether the pleader has stated a plausible claim for relief. Iqbal, 556 U.S. at 679. “At bottom, a plaintiff must nudge [its] claims across the line from conceivable to plausible to resist dismissal.” Wag More Dogs, LLC v. Cozart, 680 F.3d 359, 365 (4th Cir. 2012) (internal quotation marks omitted).


A. First Counterclaim – Specific Performance of the First of the Terms of Settlement

SecurityMetrics seeks specific performance of the first of the Terms of Settlements signed by First Data on May 31, 2012, which states the parties will negotiate a final agreement with “content mutually acceptable to both parties.” SecurityMetrics alleges that First Data proposed a draft settlement agreement on June 11, 2012 that was “represented as acceptable to [First Data], with form and content acceptable to SecurityMetrics.” Def.’s Countercls. ¶ 67. SecurityMetrics alleges that First Data’s refusal to execute an agreement in the form of the June 11, 2012 draft is a breach of the first of the Settlement Terms.

In its Motion to Dismiss, First Data argues that SecurityMetrics itself rejected the draft and, therefore, the draft was not “mutually acceptable.” In addition, First Data asserts that Judge Shelby of the U.S. District Court for the District of Utah specifically found that the draft that was not mutually acceptable to the parties. See Pls.’ Mem. Supp. Mot. Dismiss Certain Countercls. (hereinafter, “Pls.’ Mot. Dismiss”), ECF No. 163, at 6. According to First Data, Judge Shelby’s findings are the “law of the case” or appropriate for judicial notice. Id. In opposition, SecurityMetrics argues that First Data attempts to impermissibly introduce factual assertions inappropriate for this stage of the proceeding.

It is axiomatic that a court, when considering a motion to dismiss, may not go beyond the complaint and any documents attached or incorporated therein. E.I. Du Pont de Nemours v. Kolon Inds., Inc., 637 F.3d 433 (4th Cir. 2011). First Data raises factual issues not alleged in SecurityMetrics’ Counterclaims. Accordingly, First Data’s argument fails. Nor do the doctrines of “law of the case” or “judicial notice” support First Data, as those doctrines do not apply to factual matters outside the complaint. See Arizona v. California, 460 U.S. 605, 618 (1983) (noting that the rule of the case doctrine applies to rules of law); Lee v. City of Los Angeles, 250 F.3d 668, 690 (9th Cir. 2001) (“On a Rule 12(b)(6) motion to dismiss, when a court takes judicial notice of another court’s ...

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.