Searching over 5,500,000 cases.

Buy This Entire Record For $7.95

Official citation and/or docket number and footnotes (if any) for this case available with purchase.

Learn more about what you receive with purchase of this case.

First Data Merchant Services Corp. v. Securitymetrics, Inc.

United States District Court, D. Maryland

December 3, 2014



RICHARD D. BENNETT, District Judge.

This origins of this contentious case lie in a soured business relationship and the settlement of earlier litigation in the United States District Court for the District of Utah. In this action, Plaintiffs First Data Merchant Services Corporation ("FDMS") and First Data Corporation ("FDC") (collectively "First Data") assert claims against Defendant SecurityMetrics, Inc. ("SecurityMetrics") relating to SecurityMetrics' alleged post-settlement misconduct. [1] SecurityMetrics subsequently asserted fifteen counterclaims sounding in various doctrines of contract, trademark, and antitrust law. Currently pending before this Court are six motions in limine filed by Plaintiff and Counterdefendant First Data.[2] The first five motions address SecurityMetrics' expert witnesses and seek to exclude their reports, opinions, and testimony in their entirety. The first Motion[3] (ECF No. 253) pertains to Dr. Michael Belch, a marketing professor who conducted a market survey of consumer perceptions of the term "PCI Rapid Comply." The second Motion[4] (ECF No. 254) targets the opinions and testimony of Robert Philbin, a former high-level employee of both First Data and a competitor and a consultant in the payment card industry. The third Motion[5] (ECF No. 256) addresses Dr. Christopher Pleatsikas, an economist who assessed the effects of First Data's alleged conduct. The fourth Motion[6] (ECF No. 259) pertains to Adam Atlas, an attorney who represents various independent sales organizations ("ISOs") who operate within the payment card industry. The fifth Motion[7] (ECF No. 260) relates to Clarke Nelson, an accountant who compiled an assessment of First Data's PCI compliance-related revenue and SecurityMetrics' lost profits. The sixth and final Motion[8] (ECF No. 262) relates to various attachments to Nelson's report, including a declaration by SecurityMetrics' inhouse counsel Brandon Bastian, a chart listing recorded telephone calls between SecurityMetrics and various merchants and ISOs, and "Schedule 16, " a table similar to the chart that contained some additional information about the callers. All six of the Motions are fully briefed, and this Court has reviewed the parties' submissions. Additionally, this Court held a hearing on the Motions on November 6, 2014. For the reasons that follow, First Data's Motion in Limine to Exclude the Expert Report, Opinions, and Testimony of Michael Belch, Ph.D. (ECF No. 253), Motion in Limine to Exclude the Expert Report, Opinions, and Testimony of Adam N. Atlas, Esq. (ECF No. 259), and First Data's Motion in Limine to Exclude the Declaration and Testimony of Attorney Brandon L. Bastian and Certain Other Related Documents (ECF No. 262) are GRANTED. Additionally, First Data's Motion in Limine to Exclude the Expert Report, Opinions, and Testimony of Robert J. Philbin (ECF No. 254) is GRANTED IN PART and DENIED IN PART; specifically, the motion is granted with respect to his third opinion that "the objectives of the PCI Data Security Standard" are disserved when a processor provides both transaction processing and PCI compliance services and the motion is denied with respect to Philbin's opinions about market concentration, barriers to entry, and frequency of movement between processors. Finally, First Data's Motion in Limine to Exclude the Expert Report, Opinions, and Testimony of Christopher Pleatsikas, Ph.D. (ECF No. 256) and Motion in Limine to Exclude the Expert Report, Opinions, and Testimony of Clarke B. Nelson (ECF No. 260) are DENIED.


As this Court has already issued a number of written opinions and letter orders in this case, and because the pending motions relate to evidence supporting SecurityMetrics' counterclaims, the Court includes only a short summary of the relevant allegations here.

A. The Payment Card Industry

The term "PCI" is as an acronym for "Payment Card Industry." The PCI Security Standards Council ("PCI Council") was formed in 2006 by the major credit card brands. The PCI Council developed the PCI Data Security Standard ("PCI Standard" or "PCI DSS"), which has been adopted by the major credit card brands as their data security compliance requirement for all merchants. Thus, the card brands enforce compliance with the PCI Standard and determine the penalties for non-compliance. While the PCI Standard's requirements vary based upon the size of a merchant, the category of merchants at issue in this case are "Level 4 merchants"[9]-those merchants with the lowest transaction volume. Level 4 merchants are more numerous than higher-volume merchants and, as such, have the highest number of transactions collectively.

Within the payment card industry, there are a number of different types of certified PCI standard compliance service vendors.[10] The Card Brands recognize each of those certifications. SecurityMetrics has a number of these PCI Council certifications while First Data allegedly does not.

B. The Relationship of the Parties

First Data is a global payment processor engaged in the business of processing credit and debit card transactions for merchants and independent sales organizations ("ISOs") who use First Data's card processing services. SecurityMetrics provided PCI compliance services to some merchants for whom First Data provides processing services.

For several years, the parties worked together pursuant to a series of contracts. The agreement was last renewed on January 3, 2012. SecurityMetrics alleges, however, that First Data materially breached the agreement in April 2012 and then unilaterally and prematurely terminated it in May 2012.

Additionally, SecurityMetrics alleges that in June 2012 First Data began offering a service called "PCI Rapid Comply, " which competes with the services offered by SecurityMetrics. SecurityMetrics alleges that, when calculating its billing minimums for ISOs, First Data counts fees for PCI Rapid Comply towards the required minimums, but refuses to count costs or fees paid to vendors of other PCI compliance services. In addition, SecurityMetrics asserts that First Data told merchants that they would have to pay for PCI Rapid Comply even if they used a different security compliance vendor.

In May of 2012, FDMS filed suit in First Data Merchant Services Corporation v. SecurityMetrics, Inc., Case No. 2:12-cv-495 ("Utah Action") in the United States District Court for the District of Utah ("Utah Court") and moved for a temporary restraining order and preliminary injunction.[11] The Utah Court denied the motion, and the parties entered mediation, which resulted in the signing of Terms of Settlement ("Settlement Terms") by both parties on May 31, 2012.[12]

C. The Presently Pending Action

Nevertheless, less than three months after that settlement, First Data filed the presently pending action before this Court on August 27, 2012. Following a stay of this action pending final disposition of the Utah Action and the subsequent denial of FDMS's Preliminary Injunction Motion filed before this Court, FDMS was permitted to file an Amended Complaint (ECF No. 92). SecurityMetrics answered the Complaint and asserted fifteen counterclaims of its own against First Data. See ECF No. 157. SecurityMetrics' Counterclaims include claims for Specific Performance of the First Settlement Term (Count I), declaratory judgment with respect to third and fifth Settlement Terms (Counts II & III), injurious falsehoods (Count IV), federal false advertising (Count V), federal false endorsement (Count VI), cancellation of registration (Count VII), Utah Deceptive Trade Practices violations (Count VIII), tortious interference (Count IX), restraint of trade under federal and Maryland law (Counts X & XII), monopolization and attempted monopolization under federal and Maryland law (Counts XI & XIII), Maryland predatory pricing (Count XIV), and Maryland tying (Count XV). First Data's currently pending Motions in Limine target the evidence that SecurityMetrics seeks to proffer in support of these claims.


Rule 702 of the Federal Rules of Evidence provides that an expert witness may testify in the form of an opinion or otherwise if "(a) the expert's scientific, technical, or other specialized knowledge will help the trier of fact to understand the evidence or to determine a fact in issue; (b) the testimony is based on sufficient facts or data; (c) the testimony is the product of reliable principles and methods; and (d) the expert has reliably applied the principles and methods to the facts of the case. FED. R. EVID. 702. A court's role in applying Rule 702 is to act as a gatekeeper, excluding unreliable expert testimony. Daubert v. Merrell Dow Pharm., Inc., 509 U.S. 579 (1993); see also Kumho Tire Co. v. Carmichael, 526 U.S. 137 (1999) (holding that Daubert 's gatekeeping obligation, applies not only to scientific testimony but to all expert testimony).

In determining whether proffered expert testimony is reliable, the district court has broad discretion to consider whatever factors bearing on validity that the court finds to be useful; the particular factors will depend upon the unique circumstances of the expert testimony involved, and no single factor is necessarily dispositive. See Kumho Tire, 526 U.S. at 152-53. "The court, however, should be conscious of two guiding, and sometimes competing, principles: (1) that Rule 702 was intended to liberalize the introduction of relevant expert evidence'; and (2) that due to the difficulty of evaluating their testimony, expert witnesses have the potential to be both powerful and quite misleading.'" United States v. Hammoud, 381 F.3d 316, 337 (4th Cir. 2004) (quoting Westberry v. Gislaved Gummi AB, 178 F.3d 257, 261 (4th Cir. 1999)).

The proponent of expert testimony bears the burden of production to come forward with evidence to support its contention that an expert's testimony would be both reliable and helpful. See Bourjaily v. United States, 483 U.S. 171 (1987). The Court in Daubert reminded district courts, however, that "[v]igorous cross-examination, presentation of contrary evidence, and careful instruction on the burden of proof are the traditional and appropriate means of attacking shaky but admissible evidence." 509 U.S. at 595. Moreover, the U.S. Court of Appeals for the Fourth Circuit has held that "[a] court need not determine that the expert testimony a litigant seeks to offer into evidence is irrefutable or certainly correct." Westberry, 178 F.3d at 261.


1. First Data's Motion in Limine #1 - Expert Michael Belch

First Data's first Motion in Limine pertains to the expert report, opinions, and testimony of Dr. Michael Belch ("Dr. Belch"), a marketing professor at San Diego State University. Dr. Belch performed a market survey relating to customers' perceptions of the name "PCI Rapid Comply." The specific scope and purpose of the survey is the subject of some dispute by the parties. Based on the survey, Dr. Belch opined that, "if PCI Rapid Comply is not approved or certified by the PCI Council, the consumer (merchant) is being deceived and harmed by the creation of a false sense of security, and the fact that they are paying for a service they are not receiving." Belch Report ¶ 23, MIL #1 Ex. A, ECF No. 253-2.

First Data specifically attacks the methodology used by Dr. Belch in his study. First Data points out that Dr. Belch's report states that he was engaged in order "to opine on whether [First Data's]... use of PCI" in its PCI Rapid Comply' solution... has misled relevant consumers (Level 4 merchants) into believing that the company is affiliated with, connected to, sponsored by or approved by the... [PCI Council]." Belch Report ¶ 8; see also Reply Mot. in Limine #15, ECF No. 282. First Data asserts that, in light of this focus, Dr. Belch should have employed a control because his survey tested for causation-i.e., whether the name PCI Rapid Comply created confusion among merchants. See Mem. Supp. MIL #1, at 7. First Data suggests that the confusion could have been attributed to "demand effects, noise' or prior information known by consumers." Mem. Supp. MIL #1, at 10. SecurityMetrics, however, asserts that Dr. Belch's survey was "designed to gauge Level 4 Merchants' perceptions about the name PCI Rapid Comply.'" Resp. MIL #1, at 6, ECF No. 269.

Despite SecurityMetrics' characterization of the purpose of Dr. Belch's survey, this Court is concerned by the survey's lack of control in this situation. While Dr. Belch purports to test consumer perceptions, his report contains a clear conclusion that consumers are confused-and, in fact, deceived-and attributes that confusion to the use of the term "PCI" in the name "PCI Rapid Comply." See Belch Report ¶ 16 ("Should this list [of approved PCI compliance companies and providers on the PCI Council's website] constitute the complete listing of approved companies, then it is my opinion that use of PCI Rapid Comply misleads merchants. Further, users of PCI Rapid Comply are being misinformed by these false endorsements and believe they are using a product that is endorsed, approved or authorized by the PCI Council."). SecurityMetrics has not adequately explained how Dr. Belch came to his conclusions on consumer confusion as is its burden on Rule 702.[13] While Dr. Belch's results tend to show some confusion on the part of merchants, there is no basis for Dr. Belch's conclusions regarding the cause of that confusion. Nor has SecurityMetrics identified any case where a comparable survey was admitted into evidence.[14] Accordingly, this Court finds the lack of a control to be a significant flaw under the circumstances presented here.

Moreover, even if a control was not necessary, there are several other troubling aspects to Dr. Belch's survey. For example, the survey tested consumer perceptions based upon the name of the product alone and divorced the name from any of the typical marketing materials that consumers would encounter. Moreover, the original, online version of the survey was not preserved and was never turned over to First Data. Additionally, the survey questions repeatedly mentioned the name "PCI Rapid Comply, " creating bias concerns that have not been addressed due to the failure to include a control. Thus, even if Dr. Belch's opinions are limited to consumers' "perceptions, " this Court finds that those opinions could confuse a jury and lead jurors to conclude that the name "PCI Rapid Comply"-rather than any other factor-has caused consumer confusion. Indeed, in light of numerous other problems with Dr. Belch's survey, such an inference is likely to be erroneous. Accordingly, Dr. Belch's report, opinions, and testimony will be excluded.

2. First Data's Motion in Limine #2 - Expert Robert Philbin

First Data's second Motion in Limine addresses the opinions, testimony, and report of Robert J. Philbin. Philbin worked for First Data for 16 years (until 1998) and for Total System Services, Inc. ("TSYS"), a competitor of First Data, for 6 years (until 2010). After he stopped working for TSYS in 2010, Philbin has worked as an advisor and consultant to venture capitalists. Philbin is proffered as an experiential witness who will offer the following opinions: (1) "[t]he processing segment of the payment card industry is highly concentrated, with substantial barriers to entry"; (2) "[t]he nature of the acquirer-processor relationship discourages movement or migrations of merchants (and even [independent sales organizations]) from one processor to another"; and (3) "[a] processor providing both transaction processing and PCI security services... disserves the objectives of the PCI Data Security Standard ("PCI DSS")." Philbin Report, MIL #2 Ex. A, ECF No. 254-2.

In general, experiential witnesses require slightly different considerations than other expert witnesses. As recently summarized by Judge Grimm of this Court in Casey v. Geek Squad Subsidiary Best Buy Stores, 823 F.Supp.2d 334 (D. Md. 2011):

The Fourth Circuit "permits not only scientific expert testimony but also experiential expert testimony.'" Touchcon, Inc. v. Berreskin & Parr, No. 1:07cv114 (JCC), 2010 WL 4393282, at *3 (E.D. Va. Oct. 29, 2010) (quoting United States v. Wilson, 484 F.3d 267, 274 (4th Cir. 2007)). Experiential testimony need not "rely on anything like the scientific method." Wilson, 484 F.3d at 274. Instead, for experiential testimony to be reliable under Rule 702, the expert must "explain how [his] experience leads to the conclusion reached, why [his] experience is a sufficient basis for the opinion, and how [his] experience is reliably applied to the facts" of the case. Id.

Casey v. Geek Squad Subsidiary Best Buy Stores, 823 F.Supp.2d 334, 345 n.9 (D. Md. 2011).

First Data asserts that Philbin and SecurityMetrics have failed to adequately connect his experience in the industry to his various opinions. With respect to Philbin's market concentration and barriers to entry opinion, First Data argues that such subjects are economic and data-driven conclusions that are more properly addressed by economists. However, First Data glosses over Philbin's extensive experience in the industry. Moreover, SecurityMetrics has, in fact, explained how Philbin's specific experiences have led to his opinions: with respect to market concentration, SecurityMetrics explained Philbin's role in a major First Data merger:[15]

As Mr. Philbin testified during deposition, his "experience with concentration goes back to" the [Card Establishment Services ("CES")] merger that... "jump started First Data's successful program of establishing joint-venture... businesses" and thus cemented First Data's role as "a dominant presence within the acquiring industry." (Depo. at 112:24-25.) In connection with the CES merger, Mr. Philbin-on behalf of First Data, by which he was then employed-"worked with an economist that was supplied by American Express, " ( id. at 113:7-8), "preparing documents to demonstrate that there wasn't a monopoly-type issue, " ( id. at 113:2-3). Mr. Philbin witnessed the "massive consolidation" fueled by the CES merger, and he has seen it persist in the decades since it was accomplished.

Resp. MIL #2 at 17-18, ECF No. 265. Similarly, with respect to barriers to entry, SecurityMetrics stated:

Mr. Philbin's understanding and knowledge of what it takes to break into various segments of the industry is such that First Data relied on it "during [its] expansion into the merchant acquiring side of the business and sharing... the risk in the revenue, " TSYS relied on it when moving "from being a pure processor into the risk and revenue that's related to that, " and "Global Cash Access" and [venture capitalists] still seek him out for his advice. ( See Depo. at 101:23-102:14.)

Resp. MIL #2 at 18-19, ECF No. 265. In light of the fact that SecurityMetrics has explained how specific aspects of Philbin's experience has provided him with an understanding of the issues of market concentration and barriers to entry, Philbin will be allowed to testify on those matters.[16]

First Data's protests concerning Philbin's second opinion-pertaining to the infrequency of movement between industry players-lack merit as well. SecurityMetrics explained that Philbin's opinion arose out of his work for TSYS, when Philbin worked to acquire additional portfolios for processing. See Resp. MIL #2, at 20-21 (noting that TSYS targeted portfolios with which TSYS already had a relationship; that some conversions took several years to complete; and that TSYS lost only one ISO to a competitor and did not sign any new ones during Philbin's six year tenure).

Philbin's final opinion-that the PCI DSS is disserved when a processor also supplies compliance services-presents a somewhat different question. While SecurityMetrics claims that Philbin "had operational responsibility' for data security at TSYS" and spent a significant amount of time working on PCI DSS-related issues, there has been no explanation of how that experience led to his conclusion on incentives. Indeed, unlike his other opinions, which are factual assertions based upon his industry experience, Philbin's third opinion is a value-based, subjective judgment.[17]

In addition to attacking Philbin's "methodology, " First Data also attacks Philbin's reliability, arguing that various passages from Philbin's report were lifted from various publications without any citation. While this Court does not, of course, condone unattributed copying in expert reports, the circumstances of this case do no merit the total exclusion of Philbin's report and testimony. First Data has only identified a few such passages, and those passages generally address background issues.[18] Accordingly, this Court does not find these passages totally discredit Philbin as a reliable expert witness.[19]

Finally, First Data attacks Philbin's testimony under Rule 403 of the Federal Rules of Evidence, which permits the exclusion of evidence where "the probative value is substantially outweighed" by "unfair, prejudice, confusing the issues, [or] misleading the jury." FED. R. EVID. 403. In essence, First Data reiterates its earlier arguments and expresses vague concerns about jury confusion. See Mem. Supp. MIL #2, at 20. In light of this Court's conclusions on First Data's other arguments, this Court does not find that exclusion under Rule 403 is necessary or proper.

Thus, in summary, this Court finds that Philbin will be permitted to opine about the issues of market concentration, barriers to entry, and frequency of movement between processors. Philbin is prohibited, however, from offering his subjective opinion concerning the incentive structure arising when a processor also supplies security compliance services.

3. First Data's Motion in Limine #3 - Expert Christopher Pleatsikas

Dr. Christopher Pleatsikas, an economist, is the Director of the Berkeley Research Group and a lecturer at the University of California, Santa Cruz. SecurityMetrics engaged Dr. Pleatsikas to assess the anticompetitive effect of four types of "Challenged Conduct": "Specified Minimum" conduct, "Discount" conduct, "Billing Costs" conduct, and "Double Billing and Rebate" conduct. SecurityMetrics explains the challenged conduct as follows:

The Specified Minimum and Discount conduct were first testified to by Victor Gerber of Diversified Acquirer's Group ("DAG"), an ISO, on January 10, 2013. First, Mr. Gerber explained, fees paid for First Data's PCI Rapid Comply count toward contractual "minimums" that DAG must meet, while fees paid to SecurityMetrics do not. (Gerber Depo. at 29:3-5, 32:1-6.) That is the "Specified Minimum" conduct. Second, Mr. Gerber testified that the more revenue DAG generates in excess of its minimums-including PCI Rapid Comply fees but not fees paid to a third-party PCI compliance provider, such as SecurityMetrics-the better the pricing it gets on products other than PCI compliance (such as processing). (Id. at 35:8-12, 35:22-36:4.) That is the "Discount" conduct.
The third form of ISO-related Challenged Conduct relates to the billing services that First Data provides to ISOs. First Data will handle an ISO's billing of PCI Rapid Comply fees to its merchants at no cost to the ISO. But to handle the billing of fees paid to third-party (i.e., non-PCI Rapid Comply) PCI compliance providers, "[a]n ISO is required to pay between $5, 000 and$15, 000 per year depending on the size of the ISO plus 50 cents per merchant per month." (Report at ¶ 63, p. 21.) That is "Billing Costs" conduct. In a related vein, "noncompliance fees appear to have been applied differentially depending on whether ISOs used PCI Rapid Comply or decided to use a third party PCI Compliance, " with opt-out ISOs being assessed higher fees for merchants who did not validate their PCI compliance than opt-in ISOs. (Report at ¶ 68, p. 23.) And "it appears that First Data required ISOs using a third party provider of PCI Compliance services to report directly (instead of through the PCI Compliance provider) to First Data, " which is an "additional administrative burden... cited by some ISOs [as] reasons for using First Data over SecurityMetrics." (Id. at ¶ 69, pp. 23-24.)
That leaves "Double Billing and Rebate" conduct, which has two components. First, "First Data has stated that merchants that use the services of another vendor instead of PCI Rapid Comply will have to pay for those services in addition to paying full cost for PCI Rapid Comply." (Report at ¶ 70, p. 24.) "However, the evidence appears mixed as to whether First Data in practice was providing some level of refunds for Level 4 Merchants that paid to use an alternative provider for PCI Compliance." (Id. at ¶ 73, p. 25.) "To the extent the rebates were provided it appears that these rebates were provided in an amount not equal to the amount charged for Rapid Comply, but instead in an amount equal to the amount paid for the competing PCI Compliance product." (Id. at ¶ 75, p. 26.)

SecurityMetrics' Resp., at 4-5, ECF No. 266.

Dr. Pleatsikas' opinion stated that: "the Challenged Conduct has made it difficult or impossible for rival providers of PCI Compliance services to compete for the supply of these services to some ISOs and/or their merchants. Moreover, the Challenged Conduct would, if allowed to continue and, if applied to a significant fraction of ISOs and/or their merchants, likely make it difficult or impossible for rival providers of PCI Compliance services to compete in the supply of these services." Pleatsikas Report ¶ 14, Mem. Supp. MIL #3 Ex. C, ECF No. 256-4.

First Data's main attack on Dr. Pleatsikas' opinions and testimony is that Dr. Pleatsikas offered no opinion on "antitrust injury" and that, therefore, Dr. Pleatsikas diverged from his own previous statements that an antitrust injury-i.e., harm to competition rather than simply to a competitor-is necessary to prove an antitrust claim. See Mem. Supp. MIL #3, at 4-8, 17-18, ECF No. 256-1. First Data asserts that Dr. Pleatsikas testimony should be excluded on this basis because, in First Data's view, it must have been prepared solely for litigation purposes. Id. at 18.

As First Data points out, Dr. Pleatsikas withheld an opinion on antitrust injury; instead, he opined that "[i]f the challenged conduct was widespread, then an economic tie was created between First Data's processing services and its PCI Compliance services." Pleatsikas Report ¶ 90, MIL #3 Ex C, ECF No. 256-4. Thus, the question of the frequency of First Data's conduct has not been determined. SecurityMetrics argues that this issue is a factual question to be submitted to the jury. See Resp. MIL #3, at 10-11, ECF No. 266. This Court finds, however, that the adequacy and/or sufficiency of Pleatsikas' opinion as to satisfying its burden of proof is not an issue properly resolved in isolation on a motion in limine; instead, these issues are more properly evaluated in the context of a summary judgment motion. Accordingly, this issue will be addressed at the hearing on December 12, 2014.[20]

First Data next criticizes Dr. Pleatsikas' conclusions with respect to market definitions. Dr. Pleatsikas defined the relevant geographical market as the United States, and the relevant product markets as "processor services" and "PCI compliance, validation, and reporting services for Level 4 Merchants using First Data as a processor." First Data asserts that Dr. Pleatsikas came to those conclusions without any reliable methodology and specifically alleges that Dr. Pleatsikas failed to properly apply the "Hypothetical Monopolist Test." However, First Data's argument ignores Dr. Pleatsikas' explanation of the Hypothetical Monopolist Test, and his prolonged analysis of the relevant markets at issue. See Pleatsikas Report, at ¶¶ 34-55. This Court does not find that Dr. Pleatsikas' market definitions to be unsound.

Additionally, First Data protests that the Pleatsikas report relies upon information- specifically, telephone call transcripts-that were not produced during discovery. [21] However, First Data does not dispute that these transcripts have now, in fact, been produced. Moreover, First Data acknowledges that this discovery omission, standing alone, does not "rise to the level of complete exclusion, " see Reply MIL #3, at 23, ECF No. 283, and this Court agrees with First Data's candid acknowledgement.[22]

Again, First Data alternatively presses for exclusion under Rule 403. And again, First Data merely reiterates it other substantive arguments as reason for exclusion. See Mem. Supp. MIL #3, at 23 ("First Data has demonstrated that Dr. Pleatsikas has so failed to ensure a reliable methodology in suggesting antitrust injury and assuming relevant markets, and offers testimony so attenuated from the facts of this case, that his expert report, opinions, and testimony have no probative value."). Because there is no fatal fault in Dr. Pleatsikas' methodology and because his testimony is clearly relevant, this Court finds no basis for exclusion under Rule 403.

4. First Data's Motion in Limine #4 - Expert Adam Atlas, Esq.

Mr. Adam Atlas is an attorney who practices law in Canada and New York and who has represented a number of independent sales organizations. In his report, he offers the following opinions: "(1) Small merchants' selection of services, including processor and PCI compliance services, is so heavily influenced by ISOs as to be virtually dictated by them; (2) An interrelated set of business and legal relationships strongly bonds ISOs, processors, and merchants to each other; (3) ISOs prefer to make an independent selection of PCI compliance vendors for their portfolios, rather than having that selection controlled or influenced by processors; (4) Where a processor performs PCI compliance services, rather than outsourcing them, each merchant's likelihood of getting or staying compliant declines." Resp. MIL #4, at 6, ECF No. 268 (citing Atlas Report at 3-5, MIL #4 Ex. A., ECF No. 259-2).

First Data seeks to exclude Atlas' opinions and testimony because, in First Data's view, Atlas used the attorney client privilege to prevent any inquiry into his methodology. See Mem. Supp. MIL #4, at 5-8, ECF No. 259-1. SecurityMetrics argues, however, that Atlas asserted the attorney-client privilege only with respect to the identities of his independent sales organization clients and their third-party processors. See Resp. MIL #4, at 21, ECF No. 268. SecurityMetrics also points to a number of cases where experienced attorneys were permitted to provide expert testimony. See id. at 16 (citing Hanson v. Mutual of Omaha Ins. Co., Civ. 01-4238-KES, 2003 WL 26093254, *7 (D.S.D. Apr. 29, 2003) ("Attorneys may testify as experts with respect to insurance industry standards. Present or former employees of the insurance industry are not the only persons qualified to render expert opinions about its operations." (quoting Klein v. State Farm Mut. Ins. Co., 948 P.2d 43, 50 (Colo. Ct. App. 1997)); Berckeley Inv. Group, Ltd. v. Colkitt, 455 F.3d 195, 218 (3rd Cir. 2006) ("[E]xperienced former counsel for the SEC" permitted to testify about "customs and business practices in the securities industry" but barred from opining on party's compliance "with legal duties that arose under the federal securities laws")).

While Atlas' status as an attorney does not generally bar him from offering expert testimony, the circumstances of this particular case warrant Atlas' exclusion. Atlas does not seek to offer any testimony about industry standards. Instead, he seeks to testify about business considerations of independent sales organizations and the market pressures that influence their decisions. In essence, his testimony would reflect those concerns and considerations that his clients have expressed to him during his representation. While SecurityMetrics has identified certain situations where attorneys provide expert testimony, it has failed to identify any case where an attorney provided testimony like that which Atlas seeks to provide. Cf. Hanson, 2003 WL 26093254, at *6 ("Opinions based on what [an attorney] thinks are good practices rather than on industry standard amount to speculation and guesswork. Such opinions are neither reliable nor admissible."). Moreover, Atlas' assertion of attorney-client privilege and client confidentiality has prevented First Data from fully investigating the basis of Atlas' knowledge and expertise.[23] Accordingly, Atlas' opinions, expert report, and testimony will be excluded.

5. First Data's Motion in Limine #5 - Expert Clarke Nelson

Clarke Nelson is a CPA, CGMA, and CFF with an MBA from the Wharton School of the University of Pennsylvania. Nelson has opined on the amount of damages in this case; specifically, he concluded that (1) First Data generated $190, 951, 243 in "PCI-related revenues" since June, 2012, which SecurityMetrics seeks to disgorge under its two Lanham Act claims; and (2) SecurityMetrics suffered $25, 374, 704 in lost profits due to First Data's alleged anti-competitive actions.

First Data launches a multitude of assaults on Nelson's opinion. Again, First Data leads off with an argument pertaining to causation, asserting that Nelson has failed to offer any testimony that First Data's alleged actions caused the damages. Like First Data's argument with respect to Dr. Pleatsikas, this is an argument concerning the sufficiency of SecurityMetrics' evidence as a whole. Thus, this Court reserves a ruling on this issue until the summary judgment stage.

First Data next launches several attacks on Nelson's methodology, arguing that he made several errors in his calculations. First Data first addresses Nelson's calculation of "PCI compliance-related revenue, " which included revenue from ISOs (wholesale and retail), RSA/Direct (wholesale and retail) and non-validation fees. First Data suggests that Nelson simply added up the columns without any understanding or analysis of the data. In addition, First Data suggests that Nelson did not review the deposition transcript of First Data's Rule 30(b)(6) witness on the issues of fees, costs, and charges[24] before finalizing his expert report.[25] Specifically, First Data argues that, had Nelson reviewed the transcript, he would have realized that the "wholesale" and "retail" revenue columns represented different figures which should not have both been included in Nelson's PCI compliance-related revenue calculation.[26] Finally, First Data protests that non-validation fees should not have been included in the calculation of PCI compliance-related revenue.

After review of the parties' submissions, this Court is not convinced that exclusion of Nelson's testimony on these grounds is necessary or appropriate. Although First Data couches its complaint as one of faulty methodology, First Data's argument essentially attacks Nelson's conclusions on the basis that it believes Nelson miscalculated and came to an incorrect conclusion. Of course, this is not a reason to exclude expert testimony. See Westberry v. Gislaved Gummi AB, 178 F.3d 257, 261 (4th Cir. 1999). Moreover, it is notable that First Data complains about Nelson's use of a chart that First Data itself produced-and which is not a particular example of clarity. To the extent that First Data believes that Nelson's calculations were over-inclusive, it will be able to attempt to demonstrate as much on cross-examination and through rebuttal witnesses.

First Data also asserts that Nelson "double-counted" First Data's alleged illegal profits and SecurityMetrics' alleged lost profits and argues that, as a matter of law, SecurityMetrics cannot recover both measures of damages if it were to prevail on both the Lanham Act and antitrust claims. In opposition, SecurityMetrics points to Nintendo of America, Inc. v. Dragon Pacific Int'l, 40 F.3d 1007 (9th Cir. 1994), where the United States Court of Appeals for the Ninth Circuit affirmed an award of damages for both trademark and copyright infringement in a case where the defendant had falsely marketed video game cartridges (which contained some, but not only, games copyrighted by Nintendo) as a Nintendo product. Id. at 1009. While the Ninth Circuit did not find the district court's award constituted a "double recovery" in that particular case, see id. at 1010, other cases have barred recovery of some portion of damages on such a basis. See, e.g., Manufacturers Technologies, Inc. v. Cams, Inc., 728 F.Supp. 75 (D. Conn. 1989). This Court does not see the need to resolve this issue at this time, as the double-counting issue is a legal question of damages. Thus, the issue will not arise until SecurityMetrics perseveres on one or more of its counterclaims. Nor does it appear to the Court, at least at this time, that Nelson's opinions and report risk confusing the jury because Nelson clearly distinguished between his analysis of First Data's profits with respect to the Lanham Act and SecurityMetrics' lost profits with respect to the antitrust claims.[27]

First Data also attacks Nelson's opinions and report based upon his failure to consider alternative reasons, see Mem. Supp. MIL #5, at 13; in its Reply brief, First Data also suggests that Nelson did not apply a proper "before and after" analysis to assess lost profits, see Reply MIL #5, at 4-9. Nelson's report, however, reflects a complex analysis that included calculation and consideration of SecurityMetrics' natural attrition and penetration rates and a variety of other factors. See Nelson Report 31-45. Nelson's calculations were not as simplistic as First Data would have this Court believe, and any errors or omitted factors are of course potential topics for cross-examination. Quite simply, Nelson's calculations are not so methodologically flawed to warrant their total exclusion.[28]

6. First Data's Motion in Limine #6 - Declaration of Brandon Bastion, Esq., Chart of Phone Calls, and Schedule 16

First Data's sixth and final Motion in Limine relates to various attachments to

Nelson's report. Specifically, the Nelson report that was produced on July 31, 2014 included several attachments, among which were (1) the declaration of attorney Brandon Bastian (inhouse counsel for SecurityMetrics) and (2) a chart listing a number of telephone call recordings of conversations between SecurityMetrics employees and various merchants and ISOs. On September 17, 2014, Nelson also produced "Schedule 16, " which listed the same calls identified in the chart but reorganized the calls based upon their content. Additionally, Schedule 16 contained information regarding the callers' status as a SecurityMetrics customer.

First Data seeks to exclude these documents because, in its view, those documents- or at least the information contained therein-should have been disclosed earlier. Specifically, First Data asserts that SecurityMetrics failed to identify Bastian as a potential witness. Additionally, First Data asserts that the calls identified in the chart and Schedule 16 should have been identified in SecurityMetrics' responses to First Data's interrogatories and document requests. First Data also contends that SecurityMetrics' Rule 30(b)(6) deponent on damages, SecurityMetrics' CEO Bradley Caldwell, should have provided the information during his deposition.[29] First Data suggests that SecurityMetrics has "sandbagged" by refusing to identify the specific calls and/or merchants during fact discovery and has instead only revealed the information as part of an expert report. First Data suggests that it has been prejudiced because it cannot possibly investigate the calls before trial (scheduled to begin January 12, 2015).

In opposition, SecurityMetrics asserts that the chart was not made until late July 2014 and was timely disclosed soon after its creation. Accordingly, SecurityMetrics argues that it complied with Rule 26 because it provided timely supplementation of its earlier responses. Moreover, SecurityMetrics characterizes the chart as summary table subject to Rule 1006 and argues that, because the actual recordings were previously disclosed, it had no obligation to also disclose the chart and Schedule 16.

Even if this Court takes SecurityMetrics at its word, however, SecurityMetrics' position is problematic. Rule 30(b)(6) imposes affirmative obligations upon corporations and their designated deponents. Specifically, "the duty to present and prepare a Rule 30(b)(6) designee goes beyond matters personally known to that designee or to matters in which that designee was personally involved." Int'l Ass'n of Machinists & Aerospace Workers v. Werner-Masuda, 390 F.Supp.2d 479, 487 (D. Md. 2005) (quoting United States v. Taylor, 166 F.R.D. 356, 361 (M.D. N.C. 1996)). Indeed, the rule requires affirmative action on the part of the corporation to educate its designee on issues outside of that particular individual's personal knowledge. See Int'l Ass'n of Machinists & Aerospace Workers v. Werner-Masuda, 390 F.Supp.2d at 487 ("If the persons designated by the corporation do not possess personal knowledge of the matters set out in the deposition notice, the corporation is obligated to prepare the designees so that they may give knowledgeable and binding answers for the corporation." (quoting Taylor, 166 F.R.D. at 361)); see id. (noting that the rule "implicitly requires [Rule 30(b)(6) deponents] to review all matters known or reasonably available to it in preparation for the Rule 30(b)(6) deposition" (quoting Taylor, 166 F.R.D. at 362)); Coryn Grp. II, LLC v. O.C. Seacrets, Inc., 265 F.R.D. 235, 238 (D. Md. 2010) ("[T]he corporation is expected to create a witness or witnesses with responsive knowledge, and in doing so must make a good faith effort to find out the relevant facts-to collect information, review documents, and interview employees with personal knowledge." (internal quotation marks omitted)). As recognized by this Court and many others, this interpretation of the rule "is necessary in order to make the deposition a meaningful one and to prevent the sandbagging' of an opponent by conducting a half-hearted inquiry before the deposition but a thorough and vigorous one before the trial." Int'l Ass'n of Machinists & Aerospace Workers v. Werner-Masuda, 390 F.Supp.2d at 487 (quoting Taylor, 166 F.R.D. at 362).

In this case, SecurityMetrics designated Bradley Caldwell as its Rule 30(b)(6) deponent on the issue of damages. One of the documents that Caldwell brought with him was Exhibit 355, which is a half-page document titled "Lost Unique Merchants." The document contained the following text:

About 100 calls with merchants and ISOs discussing FD PCI compliance fees - Lizzie's Nest Bed and Breakfast in Fairbanks, Alaska
About 100 calls from merchants stating PCI Rapid Comply is free - Flying Pig Saloon
About 100 calls with false statements from FD - McGuire Group LLC (March 26 hearing)
About 50 calls from FD implying SM has no right to the merchant data - Wima Networks (March 26 hearing)

Mem. Supp. MIL #6 Ex. L, ECF No. 263-5. Each category pertains to alleged wrongful conduct by First Data, and the information after the dash in each line reflects an example of a specific merchant who allegedly raised that issue during a call with SecurityMetrics. Caldwell was unable to identify additional recordings beyond those examples. The following exchange from his deposition is illustrative of Caldwell's knowledge of the recordings:

Q. [First Data's Counsel]: Is there a list of these 100 calls anywhere?
A. [Caldwell]: I believe there is, yes. I think they were all produced for you already.
Q. When you say there were all produced, are they produced, to your knowledge, segregated so that these hundred - approximately 100 calls are separate and apart from other calls?
A. I don't know the answer to that.
Q. Have you ever seen a list of these approximately 100 calls?
A. I haven't.
Q. Who provided this information to you to enable you to prepare Exhibit 355?
A. Brandon Bastian.
Q. For each of the approximately 100 calls referenced in the portion that we're reading there discussing First Data PCI compliance fees, at the time of the call, was each merchant - and I'm just referring to merchants, not ISOs - was each merchant then a current paying customer of First Data - of SecurityMetrics?
A. I don't know the answer to that.
Q. On each of these 100 calls, did the merchant say that they were not going to use SecurityMetrics' services?
A. I don't believe so. I think they were confused and asking us about the compliance fees.
Q. Of these approximately 100 merchants and ISOs, how many of them are currently customers of SecurityMetrics?
A. I don't know the answer to that.
Q. Is there any way that you know of that SecurityMetrics can determine, of those approximately 100 calls, how many merchants are currently customers of SecurityMetrics?
A. Yes.
Q. How would SecurityMetrics do that?
A. We would listen to each of the calls, obtain the merchant information, and look them up to see if they have left or not.
Q. Has SecurityMetrics done that?
A. We may have. I'm not sure.

Caldwell July 16, 2014 Depo. 10:6 - 13:13, Resp. MIL #6, ECF No. 279-1. Elsewhere, First Data's counsel inquired about customers lost due to alleged false and misleading statements:

Q. Can you - can SecurityMetrics identify the name of even one merchant who left as a result of any false and misleading statement listed under that heading on Exhibit 356?
A. Yes, McGuire Group LLC.
Q. Any others?
A. I don't' have any others here in front of me. I don't memorize these lists.
Q. Well, did you try to make a list in preparation for your deposition today?
A. Of examples of each merchant? I didn't try to bring a list of every merchant - what I tried to do was bring a list of each merchant who left so you had a complete list.
I didn't try to break it out into these different classifications, no.

Id. at 39:8-23.

As these passages indicate, SecurityMetrics-through its Rule 30(b)(6) deponent Bradley Caldwell-was unable to specifically identify merchant customers that it lost due to First Data's various alleged "bad acts." Both the chart and Schedule 16 reflect an attempt to identify specific affected merchants and categorize the calls based upon the various alleged "bad acts." Even if these categorizations were not created until after the Caldwell deposition, as SecurityMetrics contends, that delay would constitute a violation of Rule 30(b)(6)'s requirement of educating its representative in advance of the deposition. Whether intentional or not, SecurityMetrics has effected an end-run around Rule 30(b)(6) and now seeks to supplement its testimony on the issue of damages and avoid binding itself to the few specific incidents identified by Caldwell during his Rule 30(b)(6) deposition. Thus, as noted in this Court's November 10, 2014 letter order (ECF No. 292), SecurityMetrics will be bound by its Rule 30(b)(6) testimony.[30] To the extent that SecurityMetrics seeks damages, it must tie its claim to specific testimony from the deposition transcript (or evidence contained in other exhibits from that deposition), [31] and First Data's Motion in Limine to Exclude the Bastian Declaration, the chart, and Schedule 16 will be granted.


For the reasons stated above, First Data's Motion in Limine to Exclude the Expert Report, Opinions, and Testimony of Michael Belch, Ph.D. (ECF No. 253), Motion in Limine to Exclude the Expert Report, Opinions, and Testimony of Adam N. Atlas, Esq. (ECF No. 259), and First Data's Motion in Limine to Exclude the Declaration and Testimony of Attorney Brandon L. Bastian and Certain Other Related Documents (ECF No. 262) are GRANTED. Additionally, First Data's Motion in Limine to Exclude the Expert Report, Opinions, and Testimony of Robert J. Philbin (ECF No. 254) is GRANTED IN PART and DENIED IN PART; specifically, the motion is granted with respect to his third opinion that "the objectives of the PCI Data Security Standard" are disserved when a processor provides both transaction processing and PCI compliance services and the motion is denied with respect to Philbin's opinions about market concentration, barriers to entry, and frequency of movement between processors. Finally, First Data's Motion in Limine to Exclude the Expert Report, Opinions, and Testimony of Christopher Pleatsikas, Ph.D. (ECF No. 256) and Motion in Limine to Exclude the Expert Report, Opinions, and Testimony of Clarke B. Nelson (ECF No. 260) are DENIED.

A separate Order follows.

Buy This Entire Record For $7.95

Official citation and/or docket number and footnotes (if any) for this case available with purchase.

Learn more about what you receive with purchase of this case.