Man in violation of privacy law

Breaking news and expert analysis on legal and compliance issues

[Back To Home][Back To Archives]

From Antitrust Law Daily, November 13, 2013

Compliance service’s federal and Maryland antitrust, Lanham Act claims proceed against payment processor

By Tobias J. Gillett, J.D., LL.M.

A compliance services provider sufficiently alleged Sherman Act tying and attempted monopolization, but not monopolization, as well as Maryland tying and predatory pricing, claims against a payment processor over the provider’s billing practices that allegedly counted fees paid for the processor’s compliance service toward billing minimums, but not fees paid for services provided by other compliance vendors, the federal district court in Baltimore has ruled (First Data Merchant Services Corp. v. SecurityMetrics, Inc., November 12, 2013, Bennett, R.).

The compliance services provider also stated a Lanham Act false advertising claim against the processor over its statement that merchants would have to pay for its compliance service as well as those of other vendors if they used the other vendors’ services, and a false endorsement claim over the processor’s use of a name for its compliance service that included an acronym also incorporated into the trademarks of a compliance standard-setting body.

First Data Corporation is a global payment processor that processes credit and debit card transactions for merchants and independent sales organizations (ISOs). SecurityMetrics, Inc. provided security standard compliance services to some merchants for whom First Data provides processing services. Under an agreement between First Data and SecurityMetrics, First Data promoted SecurityMetrics to its merchants as its preferred vendor for compliance validation services, and SecurityMetrics developed a protocol for reporting validation of compliance through a system called START.

According to SecurityMetrics, in April 2012 First Data breached the agreement, and terminated it in May 2012, at which point SecurityMetrics ceased START reporting. In June 2012, First Data allegedly began offering a service called PCI Rapid Comply that competed with SecurityMetrics’ services. First Data would purportedly count fees for PCI Rapid Comply in calculating the billing minimums it imposed on ISOs, but not fees paid to other compliance vendors. SecurityMetrics alleged that First Data represented that merchants who used compliance vendors other than PCI Rapid Comply would have to pay for those services in addition to the cost of PCI Rapid Comply.

First Data filed suit in the U. S. District Court for the District of Utah, and moved for an injunction requiring SecurityMetrics to resume START reporting. The motion was denied, and the dispute went to mediation, which resulted in a Terms of Settlement. In the wake of the settlement, First Data filed suit again, alleging post-settlement misconduct by SecurityMetrics. SecurityMetrics responded with a range of counterclaims, and First Data moved to dismiss the counterclaims for federal false advertising, federal false endorsement, federal and Maryland restraint of trade, federal and Maryland monopolization and attempted monopolization, Maryland predatory pricing, and Maryland tying, among other claims.

False advertising. SecurityMetrics alleged that First Data violated the Lanham Act’s prohibition on false advertising by falsely claiming that merchants who used services other than PCI Rapid Comply would have to pay for those services in addition to paying for PCI Rapid Comply, because First Data would refund on request amounts paid by merchants to third party vendors. The court found that SecurityMetrics’ counterclaim could be “articulable as an affirmative misstatement—i.e., that merchants will pay for the service but that some do not because of the refund,” and therefore that SecurityMetrics had stated a plausible Lanham Act claim.

False endorsement. SecurityMetrics alleged that First Data’s use of the term “PCI” in the name of its PCI Rapid Comply service was likely to cause merchants and others to believe that the service was approved by the PCI Council, the developer of the data security compliance standard that American Express, Discover, JCB, MasterCard, and Visa had agreed to adopt.

The court rejected First Data’s argument that SecurityMetrics lacked standing to assert the false endorsement counterclaim because SecurityMetrics did not own any mark confusingly similar to the PCI Rapid Comply mark. The court noted that the Second Circuit, in Famous Horse Inc. v. 5th Avenue Photo Inc., 624 F.3d 106 (2010), had “held that a retailer had standing to sue another retailer selling counterfeit designer jeans even though the designer—not the plaintiff retailer—owned the mark.” The court found the decision to be “persuasive,” and consistent with Section 43(a)’s statement that a plaintiff can be “any person who believes that he or she is or is likely to be damaged by such act.” SecurityMetrics had alleged damage to its commercial interests and its ability to remain competitive, and thus stated a Lanham Act false endorsement claim, according to the court.

Restraint of trade. SecurityMetrics alleged that First Data had violated Section 1 of the Sherman Act and the Maryland Antitrust Act by tying the cost of processing services to use of its PCI Rapid Comply program, and by incentivizing the use of the PCI Rapid Comply service.

The court found that SecurityMetrics adequately alleged that First Data’s billing structure tied its processing and compliance services by alleging that First Data requires ISOs to count fees paid for PCI Rapid Comply (but not fees for services provided by other compliance services) toward the ISO billing minimums. SecurityMetrics also sufficiently alleged a relevant product market of processing and compliance services, a relevant geographic market of Maryland and of interstate and international commerce, and that First Data had “market power in the payment card transaction market.”

Moreover, SecurityMetrics alleged an agreement to restrain trade by asserting “that First Data’s billing practices create a combination between First Data and ISOs, thereby causing merchants to pay for First Data’s PCI Rapid Comply service.” SecurityMetrics’ assertion of claims against both First Data Merchant Services Corporation (FDMS) and its parent, First Data Corporation (FDC), was not inappropriate because SecurityMetrics’ claims involved both FDMS in its role as acquirer of authorization for a transaction and FDC in its role as processor. Finally, SecurityMetrics alleged an injury to competition “by alleging actions that restrain trade and discourage the use of competing products.”

Monopolization and attempted monopolization. The court found that SecurityMetrics failed to sufficiently allege market power for purposes of a monopolization claim. In the Fourth Circuit, a monopolization claim required a plaintiff to allege that “(1) numerous barriers to entry into the market existed; (2) the alleged monopolist had long dominated the market; and (3) the alleged monopolist controlled over 70% of the market.”

However, SecurityMetrics sufficiently alleged the anticompetitive conduct, specific intent, and dangerous probability of success required for an attempted monopolization claim. First Data’s alleged tying and predatory pricing served as specific acts in furtherance of monopolization, and SecurityMetrics also alleged that First Data had “willfully acquired and willfully maintained its market power.” Finally, SecurityMetrics alleged anticompetitive acts and other exclusionary conduct that adequately alleged a dangerous probability of success, “albeit the failure to allege market share weakens the claim considerably.”

Maryland tying and predatory pricing. SecurityMetrics also stated claims for tying and predatory pricing under the Maryland Antitrust Act because First Data only argued that its reasons for dismissal of the federal claim also applied to the Maryland claims, and the court had already found those arguments to be insufficient to support dismissal.

The case is Civil Action No. RDB-12-2568.

Attorneys: Charles Neilson Curlett, Jr (Levin and Curlett LLC) for First Data Merchant Services Corp. J. Stephen Simms (Simms Showers LLP) for SecurityMetrics, Inc.

Companies: First Data Merchant Services Corp.; First Data Corp.; SecurityMetrics, Inc.

MainStory: TopStory Antitrust Advertising MarylandNews

Antitrust Law Daily

Introducing Wolters Kluwer Antitrust Law Daily — a daily reporting service created by attorneys, for attorneys — providing same-day coverage of breaking news, court decisions, legislation, and regulatory activity.


A complete daily report of the news that affects your world

  • View full summaries of federal and state court decisions.
  • Access full text of legislative and regulatory developments.
  • Customize your daily email by topic and/or jurisdiction.
  • Search archives for stories of interest.

Not just news — the right news

  • Get expert analysis written by subject matter specialists—created by attorneys for attorneys.
  • Track law firms and organizations in the headlines with our new “Who’s in the News” feature.
  • Promote your firm with our new reprint policy.

24/7 access for a 24/7 world

  • Forward information with special copyright permissions, encouraging collaboration between counsel and colleagues.
  • Save time with mobile apps for your BlackBerry, iPhone, iPad, Android, or Kindle.
  • Access all links from any mobile device without being prompted for user name and password.