Searching over 5,500,000 cases.

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.

First Data Merchant Services Corp. v. Securitymetrics, Inc.

United States District Court, D. Maryland

December 3, 2014



RICHARD D. BENNETT, District Judge.

This origins of this contentious case lie in a soured business relationship and the settlement of earlier litigation in the United States District Court for the District of Utah. In this action, Plaintiffs First Data Merchant Services Corporation ("FDMS") and First Data Corporation ("FDC") (collectively "First Data") assert claims against Defendant SecurityMetrics, Inc. ("SecurityMetrics") relating to SecurityMetrics' alleged post-settlement misconduct. [1] SecurityMetrics subsequently asserted fifteen counterclaims sounding in various doctrines of contract, trademark, and antitrust law. Currently pending before this Court are six motions in limine filed by Plaintiff and Counterdefendant First Data.[2] The first five motions address SecurityMetrics' expert witnesses and seek to exclude their reports, opinions, and testimony in their entirety. The first Motion[3] (ECF No. 253) pertains to Dr. Michael Belch, a marketing professor who conducted a market survey of consumer perceptions of the term "PCI Rapid Comply." The second Motion[4] (ECF No. 254) targets the opinions and testimony of Robert Philbin, a former high-level employee of both First Data and a competitor and a consultant in the payment card industry. The third Motion[5] (ECF No. 256) addresses Dr. Christopher Pleatsikas, an economist who assessed the effects of First Data's alleged conduct. The fourth Motion[6] (ECF No. 259) pertains to Adam Atlas, an attorney who represents various independent sales organizations ("ISOs") who operate within the payment card industry. The fifth Motion[7] (ECF No. 260) relates to Clarke Nelson, an accountant who compiled an assessment of First Data's PCI compliance-related revenue and SecurityMetrics' lost profits. The sixth and final Motion[8] (ECF No. 262) relates to various attachments to Nelson's report, including a declaration by SecurityMetrics' inhouse counsel Brandon Bastian, a chart listing recorded telephone calls between SecurityMetrics and various merchants and ISOs, and "Schedule 16, " a table similar to the chart that contained some additional information about the callers. All six of the Motions are fully briefed, and this Court has reviewed the parties' submissions. Additionally, this Court held a hearing on the Motions on November 6, 2014. For the reasons that follow, First Data's Motion in Limine to Exclude the Expert Report, Opinions, and Testimony of Michael Belch, Ph.D. (ECF No. 253), Motion in Limine to Exclude the Expert Report, Opinions, and Testimony of Adam N. Atlas, Esq. (ECF No. 259), and First Data's Motion in Limine to Exclude the Declaration and Testimony of Attorney Brandon L. Bastian and Certain Other Related Documents (ECF No. 262) are GRANTED. Additionally, First Data's Motion in Limine to Exclude the Expert Report, Opinions, and Testimony of Robert J. Philbin (ECF No. 254) is GRANTED IN PART and DENIED IN PART; specifically, the motion is granted with respect to his third opinion that "the objectives of the PCI Data Security Standard" are disserved when a processor provides both transaction processing and PCI compliance services and the motion is denied with respect to Philbin's opinions about market concentration, barriers to entry, and frequency of movement between processors. Finally, First Data's Motion in Limine to Exclude the Expert Report, Opinions, and Testimony of Christopher Pleatsikas, Ph.D. (ECF No. 256) and Motion in Limine to Exclude the Expert Report, Opinions, and Testimony of Clarke B. Nelson (ECF No. 260) are DENIED.


As this Court has already issued a number of written opinions and letter orders in this case, and because the pending motions relate to evidence supporting SecurityMetrics' counterclaims, the Court includes only a short summary of the relevant allegations here.

A. The Payment Card Industry

The term "PCI" is as an acronym for "Payment Card Industry." The PCI Security Standards Council ("PCI Council") was formed in 2006 by the major credit card brands. The PCI Council developed the PCI Data Security Standard ("PCI Standard" or "PCI DSS"), which has been adopted by the major credit card brands as their data security compliance requirement for all merchants. Thus, the card brands enforce compliance with the PCI Standard and determine the penalties for non-compliance. While the PCI Standard's requirements vary based upon the size of a merchant, the category of merchants at issue in this case are "Level 4 merchants"[9]-those merchants with the lowest transaction volume. Level 4 merchants are more numerous than higher-volume merchants and, as such, have the highest number of transactions collectively.

Within the payment card industry, there are a number of different types of certified PCI standard compliance service vendors.[10] The Card Brands recognize each of those certifications. SecurityMetrics has a number of these PCI Council certifications while First Data allegedly does not.

B. The Relationship of the Parties

First Data is a global payment processor engaged in the business of processing credit and debit card transactions for merchants and independent sales organizations ("ISOs") who use First Data's card processing services. SecurityMetrics provided PCI compliance services to some merchants for whom First Data provides processing services.

For several years, the parties worked together pursuant to a series of contracts. The agreement was last renewed on January 3, 2012. SecurityMetrics alleges, however, that First Data materially breached the agreement in April 2012 and then unilaterally and prematurely terminated it in May 2012.

Additionally, SecurityMetrics alleges that in June 2012 First Data began offering a service called "PCI Rapid Comply, " which competes with the services offered by SecurityMetrics. SecurityMetrics alleges that, when calculating its billing minimums for ISOs, First Data counts fees for PCI Rapid Comply towards the required minimums, but refuses to count costs or fees paid to vendors of other PCI compliance services. In addition, SecurityMetrics asserts that First Data told merchants that they would have to pay for PCI Rapid Comply even if they used a different security compliance vendor.

In May of 2012, FDMS filed suit in First Data Merchant Services Corporation v. SecurityMetrics, Inc., Case No. 2:12-cv-495 ("Utah Action") in the United States District Court for the District of Utah ("Utah Court") and moved for a temporary restraining order and preliminary injunction.[11] The Utah Court denied the motion, and the parties entered mediation, which resulted in the signing of Terms of Settlement ("Settlement Terms") by both parties on May 31, 2012.[12]

C. The Presently Pending Action

Nevertheless, less than three months after that settlement, First Data filed the presently pending action before this Court on August 27, 2012. Following a stay of this action pending final disposition of the Utah Action and the subsequent denial of FDMS's Preliminary Injunction Motion filed before this Court, FDMS was permitted to file an Amended Complaint (ECF No. 92). SecurityMetrics answered the Complaint and asserted fifteen counterclaims of its own against First Data. See ECF No. 157. SecurityMetrics' Counterclaims include claims for Specific Performance of the First Settlement Term (Count I), declaratory judgment with respect to third and fifth Settlement Terms (Counts II & III), injurious falsehoods (Count IV), federal false advertising (Count V), federal false endorsement (Count VI), cancellation of registration (Count VII), Utah Deceptive Trade Practices violations (Count VIII), tortious interference (Count IX), restraint of trade under federal and Maryland law (Counts X & XII), monopolization and attempted monopolization under federal and Maryland law (Counts XI & XIII), Maryland predatory pricing (Count XIV), and Maryland tying (Count XV). First Data's currently pending Motions in Limine target the evidence that SecurityMetrics seeks to proffer in support of these claims.


Rule 702 of the Federal Rules of Evidence provides that an expert witness may testify in the form of an opinion or otherwise if "(a) the expert's scientific, technical, or other specialized knowledge will help the trier of fact to understand the evidence or to determine a fact in issue; (b) the testimony is based on sufficient facts or data; (c) the testimony is the product of reliable principles and methods; and (d) the expert has reliably applied the principles and methods to the facts of the case. FED. R. EVID. 702. A court's role in applying Rule 702 is to act as a gatekeeper, excluding unreliable expert testimony. Daubert v. Merrell Dow Pharm., Inc., 509 U.S. 579 (1993); see also Kumho Tire Co. v. Carmichael, 526 U.S. 137 (1999) (holding that Daubert 's gatekeeping obligation, applies not only to scientific testimony but to all expert testimony).

In determining whether proffered expert testimony is reliable, the district court has broad discretion to consider whatever factors bearing on validity that the court finds to be useful; the particular factors will depend upon the unique circumstances of the expert testimony involved, and no single factor is necessarily dispositive. See Kumho Tire, 526 U.S. at 152-53. "The court, however, should be conscious of two guiding, and sometimes competing, principles: (1) that Rule 702 was intended to liberalize the introduction of relevant expert evidence'; and (2) that due to the difficulty of evaluating their testimony, expert witnesses have the potential to be both powerful and quite misleading.'" United States v. Hammoud, 381 F.3d 316, 337 (4th Cir. 2004) (quoting Westberry v. Gislaved Gummi AB, 178 F.3d 257, 261 (4th Cir. 1999)).

The proponent of expert testimony bears the burden of production to come forward with evidence to support its contention that an expert's testimony would be both reliable and helpful. See Bourjaily v. United States, 483 U.S. 171 (1987). The Court in Daubert reminded district courts, however, that "[v]igorous cross-examination, presentation of contrary evidence, and careful instruction on the burden of proof are the traditional and appropriate means of attacking shaky but admissible evidence." 509 U.S. at 595. Moreover, the U.S. Court of Appeals for the Fourth Circuit has held that "[a] court need not determine that the expert testimony a litigant seeks to offer into evidence is irrefutable or certainly correct." Westberry, 178 F.3d at 261.


1. First Data's Motion in Limine #1 - Expert Michael Belch

First Data's first Motion in Limine pertains to the expert report, opinions, and testimony of Dr. Michael Belch ("Dr. Belch"), a marketing professor at San Diego State University. Dr. Belch performed a market survey relating to customers' perceptions of the name "PCI Rapid Comply." The specific scope and purpose of the survey is the subject of some dispute by the parties. Based on the survey, Dr. Belch opined that, "if PCI Rapid Comply is not approved or certified by the PCI Council, the consumer (merchant) is being deceived and harmed by the creation of a false sense of security, and the fact that they are paying for a service they are not receiving." Belch Report ¶ 23, MIL #1 Ex. A, ECF No. 253-2.

First Data specifically attacks the methodology used by Dr. Belch in his study. First Data points out that Dr. Belch's report states that he was engaged in order "to opine on whether [First Data's]... use of PCI" in its PCI Rapid Comply' solution... has misled relevant consumers (Level 4 merchants) into believing that the company is affiliated with, connected to, sponsored by or approved by the... [PCI Council]." Belch Report ¶ 8; see also Reply Mot. in Limine #15, ECF No. 282. First Data asserts that, in light of this focus, Dr. Belch should have employed a control because his survey tested for causation-i.e., whether the name PCI Rapid Comply created confusion among merchants. See Mem. Supp. MIL #1, at 7. First Data suggests that the confusion could have been attributed to "demand effects, noise' or prior information known by consumers." Mem. Supp. MIL #1, at 10. SecurityMetrics, however, asserts that Dr. Belch's survey was "designed to gauge Level 4 Merchants' perceptions about the name PCI Rapid Comply.'" Resp. MIL #1, at 6, ECF No. 269.

Despite SecurityMetrics' characterization of the purpose of Dr. Belch's survey, this Court is concerned by the survey's lack of control in this situation. While Dr. Belch purports to test consumer perceptions, his report contains a clear conclusion that consumers are confused-and, in fact, deceived-and attributes that confusion to the use of the term "PCI" in the name "PCI Rapid Comply." See Belch Report ¶ 16 ("Should this list [of approved PCI compliance companies and providers on the PCI Council's website] constitute the complete listing of approved companies, then it is my opinion that use of PCI Rapid Comply misleads merchants. Further, users of PCI Rapid Comply are being misinformed by these false endorsements and believe they are using a product that is endorsed, approved or authorized by the PCI Council."). SecurityMetrics has not adequately explained how Dr. Belch came to his conclusions on consumer confusion as is its burden on Rule 702.[13] While Dr. Belch's results tend to show some confusion on the part of merchants, there is no basis for Dr. Belch's conclusions regarding the cause of that confusion. Nor has SecurityMetrics identified any case where a comparable survey was admitted into evidence.[14] Accordingly, this Court finds the lack of a control to be a significant flaw under the circumstances presented here.

Moreover, even if a control was not necessary, there are several other troubling aspects to Dr. Belch's survey. For example, the survey tested consumer perceptions based upon the name of the product alone and divorced the name from any of the typical marketing materials that consumers would encounter. Moreover, the original, online version of the survey was not preserved and was never turned over to First Data. Additionally, the survey questions repeatedly mentioned the name "PCI Rapid Comply, " creating bias concerns that have not been addressed due to the failure to include a control. Thus, even if Dr. Belch's opinions are limited to consumers' "perceptions, " this Court finds that those opinions could confuse a jury and lead jurors to conclude that the name "PCI Rapid Comply"-rather than any other factor-has caused consumer confusion. Indeed, in light of numerous other problems with Dr. Belch's survey, such an inference is likely to be erroneous. Accordingly, Dr. Belch's report, opinions, and testimony will be excluded.

2. First Data's Motion in Limine #2 - Expert Robert Philbin

First Data's second Motion in Limine addresses the opinions, testimony, and report of Robert J. Philbin. Philbin worked for First Data for 16 years (until 1998) and for Total System Services, Inc. ("TSYS"), a competitor of First Data, for 6 years (until 2010). After he stopped working for TSYS in 2010, Philbin has worked as an advisor and consultant to venture capitalists. Philbin is proffered as an experiential witness who will offer the following opinions: (1) "[t]he processing segment of the payment card industry is highly concentrated, with substantial barriers to entry"; (2) "[t]he nature of the acquirer-processor relationship discourages movement or migrations of merchants (and even [independent sales organizations]) from one processor to another"; and (3) "[a] processor providing both transaction processing and PCI security services... disserves the objectives of the PCI Data Security Standard ("PCI DSS")." Philbin Report, MIL #2 Ex. A, ECF No. 254-2.

In general, experiential witnesses require slightly different considerations than other expert witnesses. As recently summarized by Judge Grimm of this Court in Casey v. Geek Squad Subsidiary Best Buy Stores, 823 F.Supp.2d 334 (D. Md. 2011):

The Fourth Circuit "permits not only scientific expert testimony but also experiential expert testimony.'" Touchcon, Inc. v. Berreskin & Parr, No. 1:07cv114 (JCC), 2010 WL 4393282, at *3 (E.D. Va. Oct. 29, 2010) (quoting United States v. Wilson, 484 F.3d 267, 274 (4th Cir. 2007)). Experiential testimony need not "rely on anything like the scientific method." Wilson, 484 F.3d at 274. Instead, for experiential testimony to be reliable under Rule 702, the expert must "explain how [his] experience leads to the conclusion reached, why [his] experience is a sufficient basis for the opinion, and how [his] experience is reliably applied to the facts" of the case. Id.

Casey v. Geek Squad Subsidiary Best Buy Stores, 823 F.Supp.2d 334, 345 n.9 (D. Md. 2011).

First Data asserts that Philbin and SecurityMetrics have failed to adequately connect his experience in the industry to his various opinions. With respect to Philbin's market concentration and barriers to entry opinion, First Data argues that such subjects are economic and data-driven conclusions that are more properly addressed by economists. However, First Data glosses over Philbin's extensive experience in the industry. Moreover, SecurityMetrics has, in fact, explained how Philbin's specific experiences have led to his opinions: with respect to market concentration, SecurityMetrics explained Philbin's role in a major First Data merger:[15]

As Mr. Philbin testified during deposition, his "experience with concentration goes back to" the [Card Establishment Services ("CES")] merger that... "jump started First Data's successful program of establishing joint-venture... businesses" and thus cemented First Data's role as "a dominant presence within the acquiring industry." (Depo. at 112:24-25.) In connection with the CES merger, Mr. Philbin-on behalf of First Data, by which he was then employed-"worked with an economist that was supplied by American Express, " ( id. at 113:7-8), "preparing documents to demonstrate that there wasn't a monopoly-type issue, " ( id. ...

Buy This Entire Record For $7.95

Download the entire decision to receive the complete text, official citation,
docket number, dissents and concurrences, and footnotes for this case.

Learn more about what you receive with purchase of this case.