First Data Merchant Services Corporation v. SecurityMetrics, Inc., No. 1:2012cv02568 - Document 381 (D. Md. 2015)
Court Description: MEMORANDUM OPINION. Signed by Judge Richard D Bennett on 1/22/2015. (nd2s, Deputy Clerk)
Download PDF
<![CDATA[
First Data Merchant Services Corporation v. SecurityMetrics, Inc. Doc. 381 IN THE UNITED STATES DISTRICT COURT FOR THE DISTRICT OF MARYLAND * FIRST DATA MERCHANT SERVICES CORPORATION, et al., * Plaintiffs, * v. * SECURITYMETRICS, INC., * Defendant. * * * Civil Action No. RDB-12-2568 * * * * * * * * * * * MEMORANDUM OPINION After working together for a number of years pursuant to a contractual relationship, the parties in this case engaged in and subsequently settled litigation in the United States District Court for the District of Utah. After extensive motions practice, numerous rulings of this Court, and the settlement of a number of the various claims and counterclaims, the only issue remaining for trial is the interpretation of one provision of the parties’ earlier settlement agreement (the “Terms of Settlement”). Specifically, the parties seek to determine the meaning of the “Merchant Data” provision of the Terms of Settlement. In First Data’s view, the provision provides SecurityMetrics with the right to contact and solicit only merchants who had previously enrolled in SecurityMetrics’ services. SecurityMetrics contends, however, that the “Merchant Data” provision extended its solicitation rights to encompass both enrolled and unenrolled merchants. The parties’ positions rely upon the 1 Dockets.Justia.com definition of the terms “Merchant Data” and “Merchant” as they were defined in the parties’ previous contracts. Pursuant to the parties’ stipulation, this Court held a two-day bench trial on January 12 and 13, 2015. The only witness called by either party was SecurityMetrics’ CEO Bradley Caldwell. No witness representing First Data testified. This Court has carefully considered the exhibits introduced into evidence, the testimony of Mr. Caldwell, the written submissions of the parties, and the oral arguments of counsel.1 The following constitutes this Court’s findings of fact and conclusions of law pursuant to Rule 52(a) of the Federal Rules of Civil Procedure with respect to the bench trial. For the reasons explained below, this Court finds that the term “Merchant Data,” as used in the “Merchant Data” provision of the Terms of Settlement, includes information and data relating to so-called Unenrolled Merchants. Accordingly, JUDGEMENT will be ENTERED in favor of Defendant and Counterclaimant SecurityMetrics, Inc. against Plaintiffs and Counter-defendants First Data Merchant Services Corp. and First Data Corp. (collectively, “First Data” or the “First Data Plaintiffs”). 1 In advance of the trial and in accordance with this Court’s Scheduling Order (ECF No. 13), Plaintiffs’ filed a Motion for Permanent Injunction (ECF No. 26) and Defendants filed a Motion for Summary Judgment (ECF No. 28). Both motions are still pending on the docket, but in light of the fact that this Court has already conducted a bench trial, they are moot. Moreover, both motions would have required this Court to make factual determinations regarding the reasonableness of Plaintiffs’ requested accommodation and, as such, pre-trial resolution would have been inappropriate. Nevertheless, this Court has reviewed the legal arguments made therein and has considered them as well. 2 I. FACTUAL AND PROCEDURAL BACKGROUND This Court has previously summarized the background facts pertaining to the payment card industry and the various security compliance requirements for merchants who accept credit and debit cards as a form of payment. See ECF Nos. 342, 187. Suffice it to say, the First Data Plaintiffs are in the business of processing credit and debit card transactions, while Defendant SecurityMetrics, Inc. provides data security services to merchants who accept payment cards. As discussed more fully below in this Court’s findings of fact, the parties previously had a contractual relationship. After the business relationship deteriorated, First Data initiated litigation against SecurityMetrics in the United States District Court for the District of Utah, which ultimately resulted in First Data not only failing to prevail on its claims but also paying $5 million to SecurityMetrics in settlement. Specifically, the parties submitted their dispute to mediation, and they entered into a settlement agreement known as the Terms of Settlement, which provided for payment by First Data. A. The Presently Pending Action On August 27, 2012—less than three months after the signing of the Terms of Settlement—First Data filed the presently pending action before this Court. Following a stay of this action pending final disposition of the Utah Action and the subsequent denial of FDMS’s Preliminary Injunction Motion filed before this Court, FDMS was permitted to amend its Complaint (ECF No. 91). As a result, First Data filed its nine count Amended 3 Complaint (ECF No. 92) on March 8, 2013.2 SecurityMetrics answered the Complaint on August 26, 2013 and asserted fifteen counterclaims of its own against First Data.3 After a contentious discovery period, the parties submitted a number of motions for partial summary judgment. See ECF Nos. 272, 275, 277, & 294. After a hearing on the motions, this Court issued a written opinion and order granting summary judgment to First 2 Specifically, First Data asserted the following claims: 1) Declaratory relief (Count 1) 2) Breach of contract (Count 2) 3) Common Law Unfair Competition (Count 3) 4) Tortious Interference with Existing and Prospective Contractual and Business Relationships (Count 4) 5) Injurious Falsehoods (Count 5) 6) False Endorsement/Association, Lanham Act 15 U.S.C. § 1125(a)(1)(A) (Count 6) 7) Trademark/Service Mark/Trade Name Infringement, Lanham Act, 15 U.S.C. §§ 1114(1), 1125(a)(1)(A) (Count 7) 8) False Advertising, Lanham Act, 15 U.S.C. 1125(a)(1)(B) (Count 8) 9) Declaratory Relief (Count 9) 3 SecurityMetrics’ counterclaims included counts for: 1) Specific performance of the first paragraph of the Terms of Settlement (Obligation to Enter Long-Form Settlement) (Count 1) 2) Declaratory judgment with respect to third paragraph of the Terms of Settlement (Merchant Data provision) (Count 2) 3) Declaratory judgment with respect to fifth paragraph of the Terms of Settlement (Unenforceability of Confidentiality Term) (Count 3) 4) Injurious falsehoods (Count 4), 5) Federal false advertising (Count 5), 6) Federal false endorsement (Count 6), 7) Cancellation of registration (Count 7), 8) Utah Deceptive Trade Practices violations (Count 8), 9) Tortious interference (Count 9), 10) Federal restraint of trade (Count 10), 11) Federal monopolization and attempted monopolization (Count 11), 12) Maryland Restraint of Trade (Count 12) 13) Maryland monopolization and attempted monopolization (Count 13) 14) Maryland predatory pricing (Count 14), and 15) Maryland tying (Count 15). 4 Data on several of SecurityMetrics’ counterclaims. See ECF Nos. 342 & 343. Several of First Data’s claims were resolved by consent order. At the point, only a few claims remained for trial.4 At 4:00 p.m. on Friday, January 9, 2015, the last business day before a jury trial was scheduled to begin on Monday, January 12, 2015, the parties notified chambers of an imminent resolution of all but the competing declaratory judgment counts—both of which addressed the extent of SecurityMetrics’ rights to use data about merchants that had been provided by First Data. Additionally, the parties indicated that they intended to stipulate to a bench trial on those claims. Upon arriving at the courthouse on the day of trial, the parties confirmed that the tort and breach of contract claims had been resolved, and those claims were subsequently voluntarily dismissed. Accordingly, this Court conducted a bench trial on only Count I of First Data’s Amended Complaint and part of Count II of SecurityMetrics’ Counterclaims. As previously noted, SecurityMetrics’ CEO Bradley Caldwell was the only witness to testify. II. FINDINGS OF FACT A. The Relationship of the Parties For several years, the parties worked together pursuant to a series of contracts. The relevant documents in this case include: (1) a Master Services Agreement (“MSA”), entered 4 With respect to First Data’s claims, the following counts remained: declaratory relief (Counts 1 & 9), breach of contract (Count 2), and tortious interference (Count 4). With respect to SecurityMetrics’ counterclaims, the following counts remained: declaratory judgment with respect to the third paragraph of the Terms of Settlement (Count 2), and declaratory judgment with respect to the fifth paragraph of the Terms of Settlement (Count 3). 5 on or about January 3, 2008 (Plaintiff’s Trial Exhibit (“Pls.’ Ex.”) 1); (2) a Statement of Work Referral Agreement (“SOW”), entered on or about February 8, 2008 (Pls.’ Ex. 2); (3) a Renewal Agreement and Amendment (“Renewal”), entered on or about August 5, 2009 (Pls.’ Ex. 3); and (4) an Amendment to the Master Services Agreement (“2011 Amendment”), entered on or about February 14, 2011 (Pls.’ Ex. 4). Relevant portions of the various documents are included below. 1. Master Services Agreement The MSA included the following definitions: “Merchants” means FDMS’ payment processing merchants or vendors for which SecurityMetrics will provide security services as outlined in any Statement of Work. “Merchant Data” means information and data relating to Merchants and their computer and security systems. MSA §§ 2.1 & 2.2, Pls.’ Ex 1. Mr. Caldwell testified that he did not recall any negotiations about the definitions in the MSA.5 Other provisions from the MSA include: 3.5 Deletion of Merchant Data. . . . SecurityMetrics reserves the right to remove and delete Merchant Data from its system after a period of two (2) years from the initial collection of such data. . . . 8.1 “Confidential Information” means . . . (iii) Merchant Data (which shall be . . . Confidential Information of FDMS and the respective Merchant) . . . (v) any other information that the disclosing party (“Discloser”) desires to protect against 5 This testimony contrasts to Mr. Caldwell’s other specific testimony that, during the settlement negotiations of the Utah litigation, a reduction of financial compensation to SecurityMetrics correlated to the addition of a provision permitting SecurityMetrics to use “Merchant Data”—a provision that did not include any non-solicitation prevision. 6 unrestricted disclosure by the receiving party (“Recipient”) and that (a) if disclosed in tangible or electronic form, is marked in writing as “confidential” or (b) if disclosed orally or visually, is designated or treated at the time of disclosure as confidential. 8.2 Exclusions. . . . Merchants who have enrolled with SecurityMetrics prior to the date of termination are also deemed customers of SecurityMetrics, and SecurityMetrics may retain and use any new data supplied directly to SecurityMetrics by such Merchants in accordance with its normal practices for customer information. Additionally, SecurityMetrics may disclose Merchant Data . . . in connection with any legal proceedings where disclosure of such Merchant Data has been requested or required. 10.1 LIABILITY. THE PARTIES ACKNOWLEDGE THAT THE RATE OF CONTACTING MERCHANTS AND BRINGING THEM INTO COMPLIANCE WITH PCI STANDARDS IS DEPENDENT UPON MULTIPLE VARIABLES, INCLUDING THE LEVEL OF COOPERATION BY FDMS AND THE MERCHANT. . . . 11.3.1 Effect of Termination. . . . Merchants . . . enrolled with SecurityMetrics prior to the date of termination are deemed customers of SecurityMetrics, and data regarding such Merchants that was supplied by such Merchants to SecurityMetrics is the property of SecurityMetrics and may be utilized by SecurityMetrics in accordance with its normal practices for customer information. SecurityMetrics may remove and delete Merchant data from its system at any time after thirty (30) days from the date of termination. . . Pls.’ Ex. 1. SecurityMetrics’ outside counsel drafted the MSA. 2. Statement of Work The 2008 Statement of Work provides: l. The scope of Merchants for which the Acquirer’s PCI compliance communications are intended is approximately 189,085 level four (4) Merchant accounts and approximately 7 175,000 unique Merchant organizations and other merchant groups as mutually agreed. 2. The SecurityMetrics Site Certification services will be offered to the Acquirer’s Merchants. . . . 9.2. Any data provided from a Merchant to SecurityMetrics or obtained through research performed by SecurityMetrics is the property of SecurityMetrics. 12. The Acquirer agrees that any Acquirer Merchant who contacts SecurityMetrics to discuss PCI compliance and does not wish to use SecurityMetrics Site Certification services, will be included in a file to the Acquirer (to the contact specified by the Acquirer) for any subsequent PCI validation requests of the Acquirer. These Merchants will be marked in the SM MCC as “refused” or other appropriate designation available within the SM MCC by SecurityMetrics personnel. 14. The Acquirer will provide to SecurityMetrics the Acquirer’s selected Merchant Data in delimited data files on or before 10/29/07. The data must conform to the SM MCC Data Base Schema (available upon request from SecurityMetrics). SecurityMetrics will then import this data into the SM MCC. 14.1. Regular (i.e. quarterly) updates to the Acquirer’s Merchant Data can also be provided to SecurityMetrics and will be imported as mutually agreed by SecurityMetrics and the Acquirer. 16. The Acquirer will allow a minimum of 100 emails per day to be sent by SecurityMetrics encouraging Acquirer’s Merchants to enroll in SecurityMetrics Site Certification services beginning on January 17, 2008. The Acquirer will allow the weekly email communications to continue to any Merchant who receives emails from the SM MCC, for a minimum of 10 consecutive weeks or until the Merchant responds. 17. The Acquirer agrees that SecurityMetrics may contact the Merchants by other means (telephone, fax, etc) in order to 8 obtain email address information and to educate the Merchants regarding the PCI DSS. Pls.’ Ex. 2. 3. 2011 Amendment to Master Services Agreement In the 2011 Amendment to the MSA, the parties redefined the term “Merchant” accordingly: “Merchants” means payment processing merchants or vendors whose contact information has been loaded into the FDIS or FDMS merchant compliance console for which SecurityMetrics will provide security services as outlined in any Statement of Work. Pls.’ Ex. 4. Mr. Caldwell did not recall any conversations with First Data representatives concerning the term “Merchant Data” specifically during the negotiations of the amendment. Additionally, the 2011 Amendment included the following language: 1. . . . The Agreement is hereby amended by the addition of the following definitions: “Refused” means [a] Merchant that has refused the Services after having been contacted by SecurityMetrics. “Enrolled” means a Merchant that is currently enrolled to receive SecurityMetrics’ Services. “Expired” means a Merchant that pays SecurityMetrics directly for the Services and that has not re-enrolled for the Services and allowed their enrollment to expire. “No Response” means a Merchant that, after repeated attempts by SecurityMetrics to contact, has not responded to any such communication efforts. 2. . . . Until . . . otherwise instructed . . . all registered Merchant profiles regardless of status are to remain available for enrollment or re-enrollment on the SecurityMetrics portal during the term of the Agreement. . . . 9 8. Section 11.3.1 of the Master Agreement is hereby deleted in its entirety and replaced with the following: . . . Upon the expiration or termination of any SOW, if there are Merchants enrolled to receive the Services (“Remaining Merchants”), the parties shall commence a wind down period. During the wind down period: . . . (ii) no new Merchants may enroll for Services under such SOW . . . . SecurityMetrics may remove and delete Merchant data from its system at any time after thirty (30) days from the date of wind down completion. . . . Notwithstanding anything to contrary, upon the completion of the above mentioned wind down, SecurityMetrics shall promptly return to FDMS or certify destruction of any Confidential Information remaining in SecurityMetrics’ possession at such time. 11. Notwithstanding anything to the contrary in the Agreement, at no time may SecurityMetrics use any Merchant Data for purposes other than the provision of Services to the applicable Merchant unless such other purposes have been approved in writing (including consent given by electronic means) by FDMS or the applicable Merchant. Pls.’ Ex. 4. During the negotiations of this amendment, SecurityMetrics was represented by counsel. B. Nature of the Parties’ Relationship While working together, First Data would provide contact information for its Level 4 merchants6 to SecurityMetrics. This information was loaded into SecurityMetrics’ Merchant Compliance Console. SecurityMetrics would then use that information to solicit some of 6 Within the payment card industry, merchants are categorized based upon the volume of their transactions. Level 4 merchants have the lowest transaction volume and are the category of merchants at issue in this case. 10 those merchants to register or enroll those merchants into the PCI compliance program that SecurityMetrics operated on behalf of First Data. A number of those merchants for whom SecurityMetrics received information prior to May 31, 2012 never enrolled in SecurityMetrics’ services during the contract period. Since May 31, 2012, however, SecurityMetrics has enrolled roughly 28,000 previously unenrolled merchants. C. Termination of the Contractual Relationship and the Utah Litigation The parties’ relationship ended in May 2012. On May 21, 2012, Plaintiff First Data Merchant Services initiated litigation in the United States District Court for the District of Utah (the “Utah court”) and moved for a temporary restraining order and preliminary injunction against SecurityMetrics.7 The Utah court held a hearing and denied the motion; subsequently, the Utah court issued a Memorandum Decision and Order8 that memorialized its ruling and stating that: First Data’s Complaint asserts causes of action for breach of contract, breach of the covenant of good faith and fair dealing, intentional interference with contractual relations, conversion, accounting, and declaratory judgment. In its Motion, First Data focuses on its claim for breach of contract and the Court will do the same. . . . On the first issue, performance by First Data, there is evidence that First Data, not SecurityMetrics, was the first party to breach the agreements between them. 7 The lawsuit was titled First Data Merchant Services Corporation v. SecurityMetrics, Inc., Case No. 2:12-cv495, and First Data sought to obtain an order requiring SecurityMetrics to resume START reporting. 8 This Court is not according res judicata effect to any prior ruling of the Utah court. This Court’s consideration is only in the context of the procedural history of this case. 11 Subsequently, the parties submitted their dispute to mediation. At the time, SecurityMetrics was owed over $2 million to $2.4 million in fees already due, and the evidence at trial established that SecurityMetrics regularly earned $1 million to $1.5 million in fees per month with respect to their First Data contract.9 Despite SecurityMetrics’ claim to this significant amount under the contract, the Terms of Settlement (Pls.’ Ex. 5) entered into by the parties—the one page document that was the product of the parties’ mediation—ultimately stipulated to a payment of $5 million by First Data to SecurityMetrics. However, the Terms of Settlement contained other provisions as well. The most pertinent for this matter is the “Merchant Data Provision,” which states that “SM may make any use of Merchant Data for the purpose of selling its products and services, but may not sell any such data to a thirdparty (other than the sale of SM to a third party).” The parties agree that the term “Merchant Data” in the Terms of Settlement has the same meaning as in its prior written agreements. The other relevant provision of the Terms of Settlement was the clause that stipulated that First Data would “dismiss with prejudice the lawsuit it filed in Federal Court,” and that the parties “mutually release[d] each other from any and all obligations and claims, known or unknown.” During the course of the mediation, the parties met in separate rooms and did not communicate directly about the meaning of the term “Merchant Data.” However, Mr. 9 SecurityMetrics contends that it was owed the over $2 million in fees already due plus the value of the contract for the remaining seven months of the contractual period. 12 Caldwell testified that during the mediation SecurityMetrics reduced its monetary demands, which were originally much higher than $5 million, but requested that the mediator solicit an offer involving merchant data rights. The initial offer from First Data restricted the extent of merchant data rights offered, but SecurityMetrics rejected that offer due to its plans to expand its offering of services. The parties ultimately agreed to a provision that included only an express restriction on the sale of data to third parties and that incorporated the term “Merchant Data.” This Court finds Mr. Caldwell’s testimony on these points to be credible. Moreover, Mr. Caldwell’s testimony was corroborated by an email from Timothy Horton, a First Data employee, to other employees that stated that “non-solicitation was not part” of the Terms of Settlement. See Def.’s Ex. 185. III. CONCLUSIONS OF LAW The parties agree that Utah law governs the interpretation issues involved in this dispute. The Utah Supreme Court has articulated the following principles for courts to apply in interpreting contractual language: In interpreting a contract, the intentions of the parties are controlling. Dixon v. Pro Image, Inc., 1999 UT 89, ¶ 13, 987 P.2d 48 (quotation omitted). “[W]e first look to the four corners of the agreement to determine the intentions of the parties. Ron Case Roofing & Asphalt v. Blomquist, 773 P.2d 1382, 1385 (Utah 1989); see also Reed v. Davis Co. Sch. Dist., 892 P.2d 1063, 1064–1065 (Utah Ct. App. 1995). If the language within the four corners of the contract is unambiguous, the parties’ intentions are determined from the plain meaning of the contractual language, and the contract may be interpreted as a matter of law. Dixon, 1999 UT 89 at ¶ 14, 987 P.2d 48 (citing Willard Pease Oil & Gas Co. v. Pioneer Oil & Gas Co., 899 P.2d 766, 770 (Utah 1995)). If the language within the four corners of the contract is ambiguous, however, extrinsic evidence must be looked to in order to determine the intentions of the parties. Id. In evaluating whether the plain 13 language is ambiguous, we attempt to harmonize all of the contract’s provisions and all of its terms. Id.; see also Buehner Block Co. v. UWC Assocs., 752 P.2d 892, 895 (Utah 1988). “An ambiguity exists where the language ‘is reasonably capable of being understood in more than one sense.’ ” Dixon, 1999 UT 89 at ¶ 14, 987 P.2d 48 (quoting R & R Energies v. Mother Earth Indus., Inc., 936 P.2d 1068, 1074 (Utah 1997) (further quotation omitted)). Central Fla. Invs. v. Parkwest Assocs., 2002 UT 3, ¶ 12, 40 P.3d 599. If “the language of the agreement is reasonably susceptible to [either parties’] contended interpretation, . . . [the agreement] is ambiguous, and any evidence relevant to prove its meaning is admissible.” Ward v. Intermountain Farmers Ass’n, 907 P.2d 264, 269 (Utah 1995) (citation omitted). In Utah, it is “the rule of law that where two or more instruments are executed by the same parties . . . in the course of the same transaction, and concern the same subject matter, they will be read and construed together so far as determining the respective rights and interests of the parties.” Bullfrog Marina, Inc. v. Lentz, 501 P.2d 266, 271 (Utah 1972). The basic starting point for the Court’s analysis is the definition of the terms “Merchant Data” and “Merchant.” The term “Merchant Data” incorporates the definition of “Merchant,” and the term “Merchant” is limited to those “for which SecurityMetrics will provide services.” This phrase is capable of an interpretation that is either limited to only Enrolled Merchants or one that encompasses both Enrolled and Unenrolled Merchants. The variations in interpretation hinge on the language “will provide.” First Data argues that those words limit the term “Merchants” to only those merchants that SecurityMetrics enrolled in its services. SecurityMetrics contends that the phrase simply means “make 14 services available”; additionally, SecurityMetrics argues that it nevertheless provided services (in the form of information verification and education) before merchants were enrolled.10 Both parties point to other provisions in the contract to support their respective readings of the “Merchant” definition. The parties’ primary arguments are summarized in their Proposed Findings of Fact and Conclusions of Law: First Data’s Proposed Findings of Fact and Conclusions of Law 18. The parties used the term “merchant” with a lower-case “m” and upper-case “M” inconsistently in the Prior Contract; while SecurityMetrics has pointed to various instances where the capitalized term “Merchant” was used in a manner that would appear to be inconsistent with First Data’s definition of “Merchant,” there are also inconsistencies that cut against SecurityMetrics’ proffered definition. 19. For example, the first sentence of the second paragraph of the Introduction to the SOW references “Merchants” to whom SecurityMetrics provides site certification services. Pl’s Exh. 2 at p. 3. Including unenrolled merchants in “Merchants” here, as SecurityMetrics’ argues, makes no sense because, according to Caldwell, only enrolled merchants received SecurityMetrics’ services. 1/13 Tr., 11:7-23. The last sentence of the same paragraph states that SecurityMetrics’ service would be “paid for by the Merchants.” Because only enrolled merchants “pay” for services, it makes no sense to include unenrolled merchants in this use of “Merchants.” The last sentence of the Introduction also does not support reading “Merchants” to include unenrolled merchants because, again, only enrolled merchants 10 Specifically, in its Proposed Findings of Fact and Conclusions of Law, SecurityMetrics explained: [T]he definition of “Merchants” includes that phrase because when the MSA was entered into, the entire project was prospective. Additionally, Mr. Caldwell testified that it was necessary for SecurityMetrics to provide pre-enrollment services to merchants, including verifying data, educating merchants, and following up with merchants until they enrolled. Def.’s Prop. Findings Fact & Concl. Law ¶ 23, ECF No. 379. 15 received SecurityMetrics’ site certification services. This same inconsistency appears in the 2011 Amendment at Paragraph 11, which prohibited SecurityMetrics from using “Merchant Data” other than for services to a “Merchant.” Pl’s Exh. 4 at 5. Again, the use of Merchant to include unenrolled merchants here makes no sense; only enrolled merchants received services from SecurityMetrics. SecurityMetrics drafted the SOW. See Pl’s Exh. 2 (on SecurityMetrics’ form). 20. First Data also effectively countered assertions by SecurityMetrics that First Data’s definition of “Merchant” would render certain provisions nonsensical. For example, the 2011 Amendment includes a series of definitions of subcategories of “Merchants” such as a “No Response” and “Refused.” Pl’s Exh. 4 at p. 1-2. SecurityMetrics stated in opening that the evidence would show these categories included only unenrolled merchants. See January 12, 2015 Trial Transcript (“1/12 Tr.”) at 45:12-46:18. Caldwell acknowledged, however, that the “No Response,” “Refused,” etc., categories of “Merchants” could include enrolled merchants (who may have fallen out of enrollment), and a review of the 2011 Amendment readily discloses it was concerned with renewing Merchants, i.e., Merchants who had been enrolled at some point, not unenrolled. 1/13 Tr., 20:4-21:20; Pl’s Exh. 4. 21. SecurityMetrics also focused on Section 8.1 of the MSA, which uses the phrase “Merchant Data” in delineating “Confidential Information,” arguing that, under First Data’s definition of “Merchant,” this usage did not make sense because it would mean that only information for enrolled merchants was confidential, while information for unenrolled merchants was not. 1/12 Tr., 38:13-39:2. But that provision also includes additional categories of confidential information that could encompass data for unenrolled merchants. Pl’s Exh. 1 at p. 3. ECF No. 380. 16 SecurityMetrics’ Proposed Findings of Fact and Conclusions of Law 16. First Data’s interpretation of “Merchant Data” is untenable as that interpretation would render language that appears in the prior contract documents and is quoted above surplusage: MSA Sections 8.2 and 11.3.1 reference “Merchants who have enrolled,” Section 1 of the 2011 Amendment defines “Enrolled” as “a Merchant that is currently enrolled,” and Section 8 of the 2011 Amendment references “Merchants enrolled to receive the Services.” 17. The SOW(cover pages and §§ 1, 16, & 17, quoted above) and 2011 Amendment (§ 2, quoted above) use the capitalized word “Merchant” to refer to merchants who, the context makes clear, are not yet enrolled to use SecurityMetrics’ services. 18. The SOW(§ 12, quoted above) and 2011 Amendment (§§ 1 & 8, quoted above) use the capitalized word “Merchant” to refer to merchants who never enroll to use SecurityMetrics’ services, at least during the term of the contract. 19. The definition of “Expired” in Section 1 of the 2011 Amendment, quoted above, uses the capitalized word “Merchant” to refer to merchants not presently enrolled. 20. The SOW(§§ 14 & 14.1, quoted above) provides for First Data’s transmission of “Merchant Data” to SecurityMetrics in order for SecurityMetrics to use that data for its initial solicitation of merchants—who could not (yet) have been enrolled. 21. Under First Data’s interpretation, the contract provisions governing SecurityMetrics’ removal or deletion of data (MSA § 3.5; and MSA § 11.3.1, both originally and as revised by 2011 Amendment § 8) would not have governed data for unenrolled merchants. So SecurityMetrics either would have been free to remove or delete that data at any time, or would never have been able to remove or delete that data. Neither is a sensible reading of the contract. 17 22. Section 8.2 of the MSA (quoted above) allowed SecurityMetrics to “disclose Merchant Data . . . in connection with . . . legal proceedings.” Under First Data’s interpretation, that authorization would not extend to data for unenrolled merchants. A reading of the contract under which SecurityMetrics could not comply with court orders is unreasonable. ECF No. 379. At the summary judgment stage—at which time neither party had stipulated to a bench trial—this Court noted that the various contractual provisions “identified by SecurityMetrics—particularly those touching upon SecurityMetrics’ data rights—were insufficient to purge the ambiguity contained within the definition of one of the main terms of the contract.” In light of this ambiguity,11 this Court permitted the competing claims to proceed to what was originally planned as a jury trial to determine the intent of the parties. 11 In fact, this Court initially ruled that the Terms of Settlement were ambiguous with respect to the Merchant Data provision at the motion to dismiss stage. Specifically, this Court ruled that: According to First Data, the phrase “for which SecurityMetrics will provide services as outlined in any Statement of Work” signifies that “SecurityMetrics is precluded post-termination from using data about Unenrolled Merchants that it previously received from FDMS to market PCI compliance services to those merchants.” Pls.’ Opp. to Def.’s Mot. to Dismiss at 10, ECF No. 115. On its end, SecurityMetrics argues that “provide” means “to supply or make available.” Def.’s Reply to Pls.’ Opp. at 7, ECF No. 122. Specifically, SecurityMetrics contends that while it supplied services to Enrolled Merchants, it made its services available to Unenrolled Merchants. Id. As stated above, when “the language of the agreement is reasonably susceptible to [either parties’] contended interpretation, . . . [the agreement] is ambiguous, and any evidence relevant to prove its meaning is admissible.” Ward, 907 P.2d at 269. In this case, as “the contrary positions of the parties [are] each . . . tenable,” Uintah Basin Med. Ctr., 2005 UT App. 92 at ¶ 13, the provision relating to SecurityMetrics’ use of Merchant Data in the Terms of Settlement is ambiguous. As such, “extrinsic evidence 18 At trial, the only witness called by either party was SecurityMetrics’ CEO Bradley Caldwell. As noted above, Mr. Caldwell testified that he could not recall any communications between SecurityMetrics and First Data regarding the definitions of the terms “Merchant” or “Merchant Data” as to the original MSA. Additionally, Mr. Caldwell testified that, during the mediation in the Utah action, the parties met in separate rooms and did not have face-to-face negotiations. The testimony also established, however, that SecurityMetrics’ demand was originally much higher than $5 million, and that the reduction of financial compensation correlated to the request for (and First Data’s subsequent offer of) a provision providing for SecurityMetrics’ use of “Merchant Data.” SecurityMetrics also offered an email between various First Data employees suggesting that “[n]on-solicitation was not part of the agreement.” must be looked to in order to determine the intentions of the parties.” Dixon v. Pro Image Inc., 1999 UT 89, ¶ 14, 987 P.2d 48. Extrinsic evidence regarding the meaning of “Merchant” is not presently before the Court. Moreover, it is well established that “the construction of ambiguous provisions is a factual determination that precludes dismissal on a motion for failure to state a claim.” Martin Marietta Corp. v. Int’l Telecomm. Satellite Org., 991 F.2d 94, 97 (4th Cir. 1992); see also Kreisler & Kreisler, LLC v. Nat’l City Bank, 657 F.3d 729, 731 (8th Cir. 2011) (“If the language is susceptible to more than one meaning, then resolution of the ambiguity as to the parties’ intent is a question of fact and the court should not grant a motion to dismiss.”); Eternity Global Master Fund Ltd. v. Morgan Guar. Trust Co. of N.Y., 375 F.3d 168, 178 (2d Cir. 2004) (“[A] claim predicated on a materially ambiguous contract term is not dismissible on the pleadings.”); Dawson v. Gen. Motors Corp., 977 F.2d 369, 373 (7th Cir. 1992) (same proposition). Accordingly, Defendant SecurityMetrics’ Motion to Dismiss Counts I and II of Plaintiffs’ Amended Complaint is DENIED. Mem. Op. Mot. Dismiss Am. Compl. 11-12, ECF No. 152. 19 Relying upon the fact that the mediation was conducted without face-to-face interaction, First Data contends that the evidence in this case consists simply of the “silent ‘belief’” of Caldwell and SecurityMetrics and, therefore, “lack[s] any evidentiary value as to the mutual intent of the parties.” Prop. Findings Fact & Concls. Law ¶ 27. This position, of course, ignores the manner in which the evidence (summarized above) fits together. While there was no testimony from the mediator, Mr. Caldwell testified that SecurityMetrics rejected First Data’s initial offers and specifically requested that the mediator solicit offers involving merchant data rights. First Data subsequently made offers that contained versions of the Merchant Data provision. Moreover, the internal First Data email confirms that, in First Data’s view, the Terms of Settlement did not limit SecurityMetrics’ solicitation rights.12 Notably, that email does not distinguish between enrolled and unenrolled merchants, and the email refers to “our merchants and iso’s”; of course, First Data’s merchants would include both enrolled and unenrolled merchants with respect to SecurityMetrics. Furthermore, First Data tellingly did not call any of its own employees, representatives, or agents to offer testimony or evidence in support of its interpretation of the Terms of Settlement.13 In light of these circumstances, 12 Notably, that email does not distinguish between enrolled and unenrolled merchants, and the email refers to “our merchants and iso’s.” Of course, First Data’s merchants would include both enrolled and unenrolled merchants with respect to SecurityMetrics. 13 At trial, First Data objected to the admission of the First Data email (Def.’s Ex. 185), which had been produced by First Data as part of its document productions in discovery. First Data argued that the document was not properly disclosed as part of the pretrial order/pretrial documents in accordance with the Local Rules; First Data asserted that, due to the late disclosure, First Data was unable to obtain the presence of the email’s author, Timothy Horton, at trial. Upon the Court’s 20 taken as a whole, there is no basis to conclude that SecurityMetrics’ belief was a “silent belief”; the evidence demonstrates that both parties were aware that the Terms of Settlement contemplated an arrangement under which SecurityMetrics would have the right to solicit both enrolled and unenrolled merchants. First Data also offers several other legal arguments in an effort to avoid the inevitable conclusion arising from the evidence at trial. For example, First Data seeks to negate SecurityMetrics’ argument that it reduced its settlement offer in exchange for expanded merchant data rights by resorting to the release contained in the Terms of Settlement. Specifically, in its Proposed Findings of Facts and Conclusions of Law, First Data asserts: 31. One aspect of Caldwell’s unexpressed – and therefore inadmissible and irrelevant – intent was his “objective” of obtaining value in the TOS above the $5 million payment. 1/13 Tr., 63:11-23. There is no dispute that the TOS effected a mutual release of obligations and claims, including any rights under the Prior Contract, and thus including any right of SecurityMetrics to use any data about merchants. Pl’s Exh. 5, last bullet point. Accordingly, First Data’s agreement in the TOS to allow SecurityMetrics to use data about enrolled merchants (i.e., “Merchant Data”) provided significant, additional value to SecurityMetrics above and beyond the monetary amount paid by First Data. 32. There is also, at least, no dispute that SecurityMetrics would not have had rights to data of unenrolled merchants if the Prior Contract ended according to its termination provisions. 1/13 Tr., 66:22-67:2. Because there was no evidence of a mutual intent for SecurityMetrics to have broader rights following the suggestion that Mr. Horton could be flown in the next day, counsel for First Data suggested that he was “not sure he was available.” The Court overruled the objection but left First Data with the option of flying in Mr. Horton if it so desired. 21 TOS, First Data’s definition of “Merchant Data” better aligns with the parties’ shared intent. Pls.’ Prop. Findings Fact & Concls. Law ¶¶ 31-32. While this Court has found the release provision of the Terms of Settlement to bar some arguments in this action,14 it has no relevance to the question of contract formation. At the time of the negotiations relating to the “Merchant Data” provision, SecurityMetrics obviously had not signed the Terms of Settlement; therefore, SecurityMetrics had not relinquished its rights under the prior contract. Under these circumstances, First Data’s position makes little sense. First Data next argues that, under Utah law, an ambiguous contract must be interpreted against its drafter when extrinsic evidence cannot resolve the ambiguity.15 See Pls.’ Prop. Findings Fact & Concls. Law ¶ 34 (citing Express Recovery Servs. Inc. v. Rice, 2005 UT App 495, ¶ 3 n. 1, 125 P.3d 108). This Court has already found that the extrinsic evidence in this case is relevant to the issues and supports SecurityMetrics’ reading of the Terms of Settlement. However, even if this Court were to reject all of the extrinsic evidence in this case, First Data’s argument is unpersuasive. While the evidence demonstrates that the 2008 Master Services Agreement and Statement of Work were drafted by SecurityMetrics, the 2011 Amendment—which revised the definition of “Merchant” to the operative language—was proposed and authored by First Data. Notably, the “will provide” language 14 For example, this Court found that the release prevented SecurityMetrics from relying on the prior contracts and/or the Utah court’s ruling to defend against First Data’s tortious interference claim that pertained to SecurityMetrics’ post-settlement actions. See Mem. Op. 24-25, ECF No. 342. 15 This argument relies upon First Data’s argument that none of Mr. Caldwell’s testimony is relevant because it speaks merely to a secret belief. As noted above, this Court has already rejected this position. 22 made sense at the time of the signing of the Master Services Agreement because the agreement was prospective—the relationship was just beginning and no data had been exchanged; at the time of the Amendment, however, the parties were already operating under the Statement of Work and the future tense of the “will provide” is less clear. Under these circumstances, the Utah rule of contract interpretation directs this Court to construe the provision against First Data, not SecurityMetrics.16 Finally, First Data argues that the relief sought by SecurityMetrics would violate “public policy.” First Data articulates this theory—which has not previously been proffered to the Court—as follows: Public policy and equitable considerations also weigh in favor of First Data’s position that “Merchants” as used in the TOS are enrolled merchants. Unenrolled merchants as of May 31, 2012 were never customers of SecurityMetrics. 1/13 Tr., 72:12-73:21. These third parties who, for one reason or another, never enrolled with SecurityMetrics during the 4 ½ year period under the Prior Contract, have an interest in being free from repeated, unsolicited, and potentially confusing emails, faxes, and phone calls from a vendor with whom they never had a business relationship. As an equitable matter, since May 31, 2012, SecurityMetrics has registered approximately 28,000 previously unenrolled merchants, and thus received great financial benefit as a result.3 1/13 Tr., 31:15-22. It is a reasonable inference that any other unenrolled merchants who have not elected to register for SecurityMetrics’ compliance services in the 7-year period since the MSA commenced (January, 2008) will likely never so elect, do not represent additional value to SecurityMetrics, and have an interest in being free from unwarranted and potentially confusing solicitations. 16 Indeed, in light of the fact that First Data’s Amendment introduced a defined term of “Enrolled Merchant” into the contract, there is significant reason to doubt First Data’s contention that the term “Merchant” never encompassed anything more than enrolled merchants. 23 Pls.’ Prop. Findings Fact & Concls. Law ¶ 36. First Data offered no evidence to support its assertions, and this Court finds First Data’s argument to be meritless and purely speculative. CONCLUSION For the reasons stated above, JUDGEMENT will be ENTERED in favor of Defendant and Counterclaimant SecurityMetrics, Inc. against Plaintiffs and CounterDefendants First Data Merchant Services Corp. and First Data Corp., and this Court hereby declares that the term “Merchant Data,” as used in the Merchant Data Provision of the Terms of Settlement, includes information and data relating to so-called Unenrolled Merchants. A separate Order follows. Dated: January 22, 2015 /s/ Richard D. Bennett United States District Judge 24
]]>
Some case metadata and case summaries were written with the help of AI, which can produce inaccuracies. You
should read the full case before relying on it for legal research purposes.
This site is protected by reCAPTCHA and the Google
Privacy Policy and
Terms of Service apply.
