Searching over 5,500,000 cases.

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

First Data Merchant Services Corporation v. Securitymetrics, Inc.

United States District Court, Fourth Circuit

November 12, 2013



RICHARD D. BENNETT, District Judge.

This action arises out of a continuing dispute between the parties following the settlement of litigation in the United States District Court for the District of Utah. In this action, Plaintiff First Data Merchant Services Corporation ("FDMS") and First Data Corporation ("FDC") (collectively "First Data") assert claims against Defendant SecurityMetrics, Inc. ("SecurityMetrics") relating to SecurityMetrics' alleged post-settlement misconduct.[1] Subsequently, SecurityMetrics answered the Complaint and asserted fifteen counterclaims sounding in various doctrines of contract, trademark, and antitrust law. Currently pending before this Court is Plaintiffs' Motion to Dismiss Certain of Defendant's Counterclaims (ECF No. 163). The Motion is fully briefed. The parties' submissions have been reviewed and no hearing is necessary. See Local Rule 105.6 (D. Md. 2011). For the reasons that follow, the Motion of First Data Merchant Services Corp. and First Data Corporation to Dismiss Certain of Defendant's Counterclaims (ECF No. 163) is DENIED IN PART and GRANTED IN PART. Specifically, the Motion is denied in all respects except for Counts Eleven and Thirteen in so far as those counts allege monopolization in violation of § 2 of the Sherman Antitrust Act, 15 U.S.C. § 2, and § 11-204(a)(2) of the Commercial Law Article of the Maryland Code, Md. Code, Com. Law § 11-204(a)(2).


This Court accepts as true the facts alleged in the SecurityMetrics' counterclaims. See Aziz v. Alcolac, Inc., 658 F.3d 388, 390 (4th Cir. 2011). As this Court has already issued a number of written opinions and letter orders in this case, and because the pending motion only addresses certain of SecurityMetrics' counterclaims, the Court includes only a short summary of the relevant allegations here.

A. The Payment Card Industry

In the payment card industry, there are a few main types of service providers. An "issuer" issues a payment card to a consumer and bills and collects amounts due from the consumer. Def.'s Countercls. ¶ 14. The other main service is provided on the merchant side; "once a consumer initiates a payment card transaction by offering a card to pay a merchant for goods or services, " an "acquirer" obtains authorization for the transaction from the consumer's issuer and then clears and settles the transaction so that the merchant gets paid and the consumer's account gets charged. Id. ¶ 15. In addition, some payment card brands or associations operate in open networks that allow separate entities or banks to operate as issuers and acquirers; in such open networks, "processors" help to facilitate the communication and settlement of payment. Id. ¶¶ 16, 17. FDMS is an acquirer, id. ¶ 19, while FDC is the payment processor for FDMS's transactions. Id. ¶ 20.

The term "PCI" was originally as an acronym for "Payment Card Industry." Id. ¶ 21. Now, however, the term is also used to refer to the PCI Security Standards Council ("PCI Council") and the PCI Data Security Standard ("PCI Standard") managed by the PCI Council. Id.

American Express, Discover, JCB, MasterCard, and Visa (collectively, "Card Brands") formed the PCI Council in 2006. Id. ¶ 22. The PCI Council developed the PCI Standard. The Card Brands agreed to adopt the PCI Council's PCI Standard as their data security compliance requirement for all merchants. Id. ¶¶ 22, 28. Thus, the Card Brands enforce compliance with the PCI Standard and determine the penalties for non-compliance. Id. ¶ 23.

While the PCI standard is universal, the various Card Brands have different requirements for demonstrating or validating compliance with the standard. Id. ¶ 28. The category at issue in this case are "Level 4 merchants"[2]-those merchants with the lowest transaction volume. Id. ¶ 30. Level 4 merchants are more numerous than higher-volume merchants and, as such, have the most collective transactions. Id. For these lower-volume merchants, the PCI Council provides the Self-Assessment Questionnaire ("SAQ"). Id. ¶ 26. The SAQ is a validation tool intended to assist merchants in self-evaluating their compliance with the PCI Standard. Id. ¶ 26.

Within the payment card industry, there are a number of different types of PCI compliance service vendors, including: Approved Scanning Vendors ("ASVs"), Qualified Security Assessors ("QSAs"), Payment Application Qualified Security Assessors ("PA-QSAs"), PCI Forensic Investigators ("PFIs"), and Point-to-Point Encryption assessors ("P2PEs"). The Card Brands recognize each of those certifications. Id. ¶ 24. The PCI Council also certifies these vendors. Id. SecurityMetrics is certified by the PCI Council as an ASV, QSA, PA-QSA, PFI, and P2PE. Id. ¶ 25. First Data has none of those certifications. Id. ¶ 25.

B. The Relationship of the Parties

First Data is a global payment processor engaged in the business of processing credit and debit card transactions for merchants and independent sales organizations ("ISOs") who use First Data's card processing services. See Def.'s Answer ¶ 15. SecurityMetrics provided compliance services to some merchants for whom First Data provides processing services. Def.'s Countercls. ¶ 50.

For several years, the parties worked together pursuant to a series of contracts. Def.'s Countercls. ¶¶ 51-55. Under those agreements, "First Data promoted SecurityMetrics to its Level 4 merchant customers as its preferred vendor for services relating to validation of compliance with PCI Standards, and SecurityMetrics developed and utilized a protocol for reporting validation of compliance through what is known as the "START" system. START is not an industry standard and it is not prescribed by the PCI Council." Id. ¶ 55. The agreement was last renewed on January 3, 2012. Id. ¶ 57. SecurityMetrics alleges, however, that First Data materially breached the agreement in April 2012 and then unilaterally and prematurely terminated it in May 2012. Id. ¶ 57. Since that point, SecurityMetrics ceased SMART reporting and began to send emails containing links to PDF reports of compliance. Id. ¶ 58.

SecurityMetrics alleges that in June 2012 First Data began offering a service called "PCI Rapid Comply, " which competes with the services offered by SecurityMetrics. Id. ¶ 59. First Data imposes billing minimums on ISOs, and SecurityMetrics alleges that, when calculating these minimums, First Data counts fees for PCI Rapid Comply towards the required minimums, but refuses to count costs or fees paid to vendors of other PCI compliance services. Id. ¶ 143. In addition, SecurityMetrics asserts that First Data represented that merchants who used compliance verification vendors other than PCI Rapid Comply would have to pay for those services in addition to the cost of PCI Rapid Comply. Id. ¶ 112.

In May of 2012, FDMS filed suit in First Data Merchant Services Corporation v. SecurityMetrics, Inc., Case No. 2:12-cv-495 ("Utah Action") in the United States District Court for the District of Utah ("Utah Court") and moved for a temporary restraining order and preliminary injunction requiring SecurityMetrics to resume START reporting. Id. ¶¶ 60-61. The Utah Court denied the motion, id. ¶ 61, and the parties entered mediation, which resulted in the signing of Terms of Settlement ("Settlement Terms") by both parties.[3] Id. ¶ 62.

C. The Presently Pending Action

In the wake of the settlement, First Data filed the presently pending action before this Court on August 27, 2012. See Pl.'s Compl., ECF No. 1. Following a stay of this action pending final disposition of the Utah Action and the subsequent denial of FDMS's Preliminary Injunction Motion filed before this Court, FDMS was permitted to amend its Complaint (ECF No. 91). As a result, First Data filed the Amended Complaint (ECF No. 92) on March 8, 2013. SecurityMetrics answered the Complaint on August 26, 2013 and asserted fifteen counterclaims of its own against First Data. See ECF No. 157. SecurityMetrics' Counterclaims include claims for Specific Performance of the First Settlement Term (Count I), declaratory judgment with respect to third and fifth Settlement Terms (Counts II & III), injurious falsehoods (Count IV), federal false advertising (Count

First Data Merchant Services ("FD") and SecurityMetrics, Inc. ("SM") agree to the following essential terms of settlement:
• The parties shall incorporate these terms of settlement in a final settlement agreement, in a form and with content mutually acceptable to both parties, which shall be executed in advance of the $5, 000, 000 payment set forth in these Terms of Settlement.
• FD will pay SM $5, 000, 000 by June 8, 2012. FD shall not owe any additional amounts to SM, regardless of whether there are existing or future invoices.
• The parties shall keep confidential the terms of this settlement and those facts and circumstances forming the basis of or that relate to allegations that were asserted by both parties in connection with this dispute, and shall include mutual confidentiality provisions in a final settlement agreement.
• The parties shall agree to mutual non-disparagement provisions, consistent with the relationship of competitors in a free market place, in a final settlement agreement. SM may make any use of Merchant Data for the purpose of selling its products and
• services, but may not sell any such data to a third-party (other than the sale of SM to a third party).
• FD shall dismiss with prejudice the lawsuit it filed in Federal Court, and the parties hereby mutually release each other from any and all obligations and claims, known or unknown.

Def.'s Countcl. Ex. F, ECF No. 157-6. V), federal false endorsement (Count VI), cancellation of registration (Count VII), Utah Deceptive Trade Practices violations (Count VIII), tortious interference (Count IX), restraint of trade under federal and Maryland law (Counts X & XII), monopolization and attempted monopolization under federal and Maryland law (Counts XI & XIII), Maryland predatory pricing (Count XIV), and Maryland tying (Count XV). First Data's Motion to Dismiss Certain of Defendant's Counterclaims (ECF No. 163), filed on September 19, 2013, targets only a few of these counts. Specifically, First Data seeks to dismiss the first, fifth, part of the sixth, seventh, tenth, eleventh, twelfth, thirteenth, fourteenth, and fifteenth counterclaims.


First Data moves to dismiss SecurityMetrics' counterclaims pursuant to Rule 12(b)(6) of the Federal Rules of Civil Procedure. This Court applies the same standard of review that would be applied to a Rule 12(b)(6) motion to dismiss a complaint. Shoregood Water Co. v. U.S. Bottling Co., No. RDB-08-2470, 2010 WL 1923992, at *1-*2 (D. Md. May 11, 2010) (Bennett, J.) (applying normal 12(b)(6) standard of review to a motion to dismiss counterclaims); see also Fisher v. Virginia Elec. and Power Co., 258 F.Supp.2d 445, 447 (E.D. Va. 2003).

Under Rule 8(a)(2) of the Federal Rules of Civil Procedure, a pleading must contain a "short and plain statement of the claim showing that the pleader is entitled to relief." FED. R. CIV. P. 8(a)(2). Rule 12(b)(6) of the Federal Rules of Civil Procedure authorizes the dismissal of a pleading if it fails to state a claim upon which relief can be granted. The purpose of Rule 12(b)(6) is "to test the sufficiency of [the pleading] and not to resolve contests surrounding the facts, the ...

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.