Opinion
22-CV-03186 (NSR)
09-20-2023
OPINION & ORDER
NELSON S. ROMAN, United States District Judge.
Plaintiff Wawa, Inc. (“Plaintiff” or “Wawa”) brings this action against Mastercard International, Inc. (“Defendant” or “Mastercard”) for breach of contract, breach of implied covenant of good faith and fair dealing, money had and received/restitution/unjust enrichment, and violations of New York Gen. Bus. Law § 349 and North Carolina Gen. Stat. § 75-1.1 in connection with a data breach suffered by the Plaintiff that, after an investigation into said breach by Defendant, indirectly resulted in Plaintiff bearing a $10.7 million assessment imposed by the Defendant. Before the Court is Defendants' motion to partially dismiss Plaintiff's Complaint pursuant to Federal Rule of Civil Procedure Rule 12(b)(6).
For the following reasons, Defendants' motion to dismiss is GRANTED in its entirety.
BACKGROUND
The following facts are drawn from Plaintiff's Complaint (“Compl.,” ECF No. 1) and are assumed as true for purposes of this motion. See Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009).
I. Factual Background
a. The Parties
Plaintiff Wawa is a New Jersey corporation with its principal place of business in Pennsylvania. (Compl. at ¶ 6). Defendant Mastercard is a Delaware corporation with its principal place of business in New York. (Id. at ¶ 7).
Mastercard operates a payment card network and contracts with financial institutions to provide consumers and merchants access to that network. (Id. at ¶ 10). An “Issuer” financial institution grants access to the network by issuing Mastercard-branded card to consumers; an “Acquirer” financial institution authorizes merchants to accept Mastercard-branded cards from consumers as payment for transactions. (Id.).
Pertinent here are the relationships Bank of America, N.A. (“BANA”) maintains with Wawa and Mastercard, respectively. BANA contracted with Mastercard to serve as both an Issuer and Acquirer. (Id. at ¶ 29). Wawa, in turn, entered into an agreement by which BANA serves as an Acquirer, granting Wawa the ability to accept payments from consumers with Mastercard-branded cards. (Id. at ¶ 30).
b. Mastercard's Standards
Mastercard's agreements with Issuers and Acquirers, including BANA's, are governed by a set of “Standards”, a collection of manuals including, among others, the Mastercard Rules (the “Rules”), Mastercard Security Rules and Procedures (the “Security Rules”), the Account Data Compromise User Guide (“ADC User Guide”) and the Chargeback Guide. (Id. at ¶ 11). Among other things, the Standards establish guidelines by which a data security incident is investigated and the liability, if any, that is assessed against an Acquiror (“ADC Liability”). (Id. at ¶ 17). Based on the results of the investigation, the Standards provide a mechanism to determine whether the security incident gives rise to ADC Liability against the Acquirer and the means of calculating the ADC Liability. (Id. at ¶ 22). The Standards lay out certain threshold criteria a data security incident must cross before liability attaches. (Id. at ¶ 23).
c. The Incident
On or about December 7, 2019, Wawa discovered a data security incident resulting in unauthorized access to its cardholder data environment and informed BANA of the incident on December 8, 2021 (the “Incident”); BANA, in turn, informed Mastercard the same day. (Id. at ¶ 32) Wawa subsequently discovered malware designed to access card information on its network on December 10, 2019. (Id.) As required by the Standards, Wawa engaged a specialized forensic investigator, selected from a list provided by Mastercard, to perform an investigation and produce a report subject to the guidelines of, and in a form prescribed by, the Standards. (Id. at ¶¶ 20-22) That investigator submitted a final report to Mastercard in January 2021. (Id. at ¶ 35).
Based partially on that report, Mastercard issued alerts to 5,076,322 unique customer accounts and determined that each of those accounts gave rise to ADC Liability (the “Assessed Accounts”). (Id. at ¶¶ 42-43). As a result, Mastercard issued a preliminary $17,885,353.56 assessment against BANA for ADC Operational Reimbursement under the Standards in August 2021. (Id. at ¶ 43). In November 2021, BANA appealed this assessment, claiming that the assessment was invalid and unlawful and requested Mastercard exercise its discretion under the Standards to reduce the amount of the assessment. (Id. at ¶ 44). In response, Mastercard denied that the assessment was invalid or unlawful and declined to address a number of legal claims BANA included in its appeal, but nonetheless reduced the assessment by $7,154,141.42 to $10,731,212.14. (the “ADC Liability Assessment”) (Id. at ¶ 45).
Pursuant to its agreement with Wawa, BANA then sought indemnification and reimbursement for the ADC Liability Assessment, which Wawa disputed. (Id. at ¶ 46). Subsequently and effective December 14, 2021, Wawa and BANA entered into an agreement for the purpose of preserving and assigning to Wawa the right to contest the ADC Liability Assessment with Mastercard, with BANA debiting the ADC Liability Amount from Wawa's deposit account. (Id. at ¶¶ 47-48).
Alternatively, Wawa claims it is a subrogee of BANA. See, Compl. at ¶ 2.
PROCEDURAL HISTORY
On April 18, 2022, Wawa commenced this action against Mastercard. (ECF No. 1.) On September 23, 2022, Mastercard filed a partial motion to dismiss the complaint. (“Def. Partial M. to Dismiss”, ECF No. 20.) Wawa opposed the motion. (“Pl. Opp.”, ECF No. 25.) Mastercard filed a reply memorandum in further support of their motion. (“Def. Reply”, ECF No. 24.) On February 24, 2023, Mastercard filed a Notice of Supplementary Authority, notifying the Court of the Fifth Circuit's affirmation of the resolution of a motion to dismiss in a similar case, Paymentech, LLC v Landry's, Inc., 60 F.4th 918 (5th Cir. 2023). (ECF No. 28.) On March 6, 2023, Wawa filed a response to Mastercard's Notice of Supplemental Authority. (ECF No. 29.)
LEGAL STANDARD
Under Federal Rule of Civil Procedure 12(b)(6), dismissal is proper unless the complaint “contain[s] sufficient factual matter, accepted as true, to ‘state a claim to relief that is plausible on its face.'” Iqbal, 556 U.S. at 678 (quoting Bell Atl. Corp. v. Twombly, 550 U.S. 544, 570 (2007)). When there are well-pled factual allegations in the complaint, “a court should assume their veracity and then determine whether they plausibly give rise to an entitlement to relief.” Id. at 679. While the Court must take all material factual allegations as true and draw reasonable inferences in the non-moving party's favor, the Court is “not bound to accept as true a legal conclusion couched as a factual allegation,” or to credit “mere conclusory statements” or “[t]hreadbare recitals of the elements of a cause of action.” Id. at 662, 678 (quoting Twombly, 550 U.S. at 555). The critical inquiry is whether the plaintiff has pled sufficient facts to nudge the claims “across the line from conceivable to plausible.” Twombly, 550 U.S. at 570.
Moreover, in addition to the facts alleged in the complaint, the Court may consider “documents attached to the complaint as exhibits, and documents incorporated by reference in the complaint.” United States ex rel. Foreman v. AECOM, 19 F.4th 85, 106 (2d Cir. 2021) (citing DiFolco v. MSNBC Cable L.L.C., 622 F.3d 104, 111 (2d Cir. 2010) (internal quotations omitted). The Court may also consider documents not incorporated by reference when the complaint nevertheless “relies heavily upon [their] terms and effect, thereby rendering the document integral to the complaint.” Id. (internal quotations omitted) To be integral, the plaintiff must “rely on the terms and effect of a document in drafting the complaint . . . mere notice or possession . . .” is insufficient. Id. (citing Chambers v. Time Warner, Inc., 282 F.3d 147, 153 (2d Cir. 2022).
DISCUSSION
Wawa brings the following causes of action (“CoAs”) against Mastercard, with CoA I through V as BANA's assignee or subrogee and CoA VI and VII directly: (I) breach of contract as to the amount of the ADC Liability Assessment; (II) breach of implied covenant of good faith and fair dealing; (III) money had and received/restitution/unjust enrichment; (IV) deceptive acts or practices in violation of N.Y. Gen. Bus. Law § 349 (“GBL § 349”); (V) violation of N.C. Gen. Stat. § 75-1.1 (“NCGS § 75-1.1”); (VI) money had and received/restitution/unjust enrichment; and (VII) deceptive acts or practices in violation of N.Y. Gen. Bus. Law § 349 (See Compl. at ¶¶ 86-177) Mastercard seek to dismiss CoA I in part and CoAs II to VII entirely pursuant to Federal Rule of Civil Procedure 12(b)(6). (See id.)
I. Cause of Action I - Breach of Contract
Wawa's claim that Mastercard's imposition of the ADC Liability Assessment constitutes a breach of contract is premised on two bases: (1) the ADC Liability Assessment constitutes an unenforceable penalty as a matter of law (Id. at ¶ 93) and (2) that the ADC Liability Assessment was not authorized by the Standards. (Id. at ¶ 92).
a. Wawa's Claim That the ADC Liability Assessment Constitutes an Unenforceable Penalty
Wawa argues the ADC Liability assessment constitutes an unenforceable penalty because it does not reflect actual damages suffered by either Mastercard itself or its issuers. (Id. at ¶¶ 8384). Under New York law, “a contractual provision fixing damages in the event of breach constitutes an unenforceable penalty where the amount fixed is plainly or grossly disproportionate to the probable loss.” NML Capital v. Republic of Argentina, 621 F.3d 230, 236 (2d Cir. 2010 (citing Truck Rent-A-Ctr. V. Puritan Farms 2nd, 41 N.Y.2d 420, 425 (N.Y. 1977) (internal quotations omitted). See also, CVS Pharmacy, Inc. v. Press America, Inc., 377 F.Supp.3d 359, 376-75 (S.D.N.Y. 2019).
First, Wawa asserts that a breach is not necessary for a contractual provision to be invalidated for functioning as a penalty. (Pl. Opp. at p.7). Both of the cases Wawa relies on, however, arose in the context of law firm partners leaving their firm and being penalized for taking clients with them. See, Peroff v. Liddy, Sullivan, Galway, Begler & Peroff, P.C., 852 F.Supp. 239, 241-42 (S.D.N.Y. 1994); Karas v. Katten Muchin Zavis Rosenman, 2006 WL 20507, at *7 (Jan. 3, 2006). In both instances, the courts relied not on the penalty doctrine, but rather the public policy concerns that arise when a lawyer is contractually prohibited from practicing law. Id. As such, these cases are inapt for the facts at hand.
Therefore, for the ADC Liability Assessment to constitute a penalty, BANA must have breached its agreement with Mastercard. Nowhere in the Complaint does Wawa contend Mastercard imposed the ADC Liability Assessment because of a purported breach by BANA. Wawa does attempt to rely on CVS Pharmacy, Inc. for the proposition that a provision designed to “spark compliance with [contractual] goals” is sufficient to make out a penalty. (Pl. Opp. at p. 7) (citing CVS Pharmacy, Inc., 377 F.Supp. at 375). The court in CVS Pharmacy, Inc. merely relied on that provision's intention to “spark compliance” to “reinforce[]” its conclusion that the provision was a penalty and further noted that the penalty was triggered “not merely by a breach of contract” but also a failure to comply with that provision's goals. CVS Pharmacy, Inc., 377 F.Supp. at 376 (emphasis added).
Accordingly, Wawa's claim that the imposition of the ADC Liability Assessment constitutes an unenforceable penalty is dismissed without prejudice.
b. Wawa's Claims That the ADC Liability Assessment Is Invalid Under the Standards
Wawa provides the following factual bases that the ADC Liability Assessment is invalid under the Standards: (1) no “ADC Event”, as defined in the Security Rules, occurred that would trigger the ADC Liability Assessment (Compl. at ¶¶ 51-54); (2) there is no basis to conclude that BANA is “responsible” for any ADC Events (Id. at ¶¶ 55-60); (3) there is no basis to conclude that a threshold amount of 30,000 Assessed Accounts qualify for ADC Liability triggering the ADC Liability Assessment (Id. at ¶¶ 61-64); (4) the ADC Liability Assessment is not based on losses actually incurred by Mastercard or its issuers (Id. at ¶¶ 65-75); and (5) pursuant to Section 10.2.5.4of the Security Rules, Mastercard's ability to impose the ADC Liability Assessment was obviated by Wawa's payment terminals meeting certain technical security thresholds (Id. at ¶¶ 75-80). In its initial motion to dismiss, Mastercard sought dismissal of all claims under this CoA excepting the “contractual claim that the [ADC Liability Assessment] was not calculated in accordance with the Standards.” (Def. Partial Mot. to Dismiss at p.2). In Def. Reply, Mastercard refines its position stating that, regarding Wawa's theories that the ADC Liability Assessment is invalid under the Standards, it seeks only to dismiss the claim “that Mastercard breached [Section 10.2.5.4] of the [Security Rules]. (Def. Reply at p.1). As such, the Court takes Mastercard's pleadings to mean that Wawa's first four theories that the ADC Liability Assessment is invalid under the Standards to be unopposed, with Mastercard only moving to dismiss the claim that the ADC Liability Assessment was improper pursuant to Section 10.2.5.4 of the Security Rules.
The Court notes that the Complaint and other filings reference the pertinent provisions with section numbers from a more recent draft of the Security Rules than the excerpt provided to the Court. The parties state that only the numbering, and not the substance, of the pertinent provisions have been changed. Given that both parties have submitted to the Court apparently out-of-date excerpts of the Security Rules (see, Declaration in Support re: Motion to Dismiss, Ex. 2 at ECF No. 22; Declaration in Opposition re: Motion to Dismiss, Ex. B at ECF No. 26), the Court will reference the section numbers contained in those drafts provided.
i. The Propriety of Mastercard's Partial Motion to Dismiss
As a threshold matter, however, Wawa argues that Mastercard's motion to partially dismiss CoA I is procedurally improper because Mastercard only challenges Wawa's contention that Mastercard did not abide by Section 10.2.5.4 of the Security Standards in imposing the ADC Liability Assessment, rather than each of Wawa's theories that the Standards have been violated. (Pl. Opp. at pp.4-6).
“[A] claim is a set of facts giving rise to one or more legal rights ....” Schwartz v. Eaton, 264 F.2d 195, 196 (2d Cir. 1959). The “multiplicity of claims” turns on “whether the underlying factual bases for recovery state a number of different claims that could be separately enforced.” Rieser v. Baltimore & Ohio R.R. Co., 224 F.2d 198, 199 (2d Cir. 1955). In Rieser, the Second Circuit provided an example of a single claim: “an action to enforce a series of overdue interest payments on matured bonds.” More recently, the Eastern District, in the antitrust context, rebuffed a defendant's attempt to dismiss three of four separate, alternative factual bases for a “relevant market”, an element necessary to sustain each of the plaintiff's three separate causes of action. In re American Express Anti-Steering Rules Antitrust Litigation, 343 F.Supp.3d 94, 99-101 (E.D.N.Y. 2018) (hereinafter, “Amex Antitrust Litigation”).
Here, Wawa has provided five separate factual bases under its breach of contract cause of action that Mastercard violated the Standards (Pl. Opp. ¶¶ 51-80), and Mastercard only seeks to dismiss one: that's premised on an alleged breach of Section 10.2.5.4 of the Security Rules. (Def. Reply at p. 1). The bond interest payments cited by the Second Circuit in Rieser and the theories underpinning the “relevant market” element in Amex Antitrust Litigation share a crucial characteristic: interchangeability. Should one bond payment be shown to have been made, the underlying theory remains that for an interest payment; should one “relevant market” theory fail, another is tested. That is, should a misfire occur, the revolver turns and the plaintiff receives another shot.
Wawa's five bases for a violation of the Standards fatally lack this interchangeability. Most pertinently, Wawa's argument that its payment terminals met certain technical security thresholds set out in Section 10.2.5.4 of the Security Rules would be irrelevant to its arguments that no ADC Event ever occurred, that BANA was not responsible for any ADC Event, that the required number of Assessed Accounts has been met to impose the ADC Liability Assessment, and that the ADC Liability was not based on losses actually incurred by Mastercard or its issuers. Similarly, the question of BANA's responsibility would have little bearing on whether an ADC Event occurred, whether the requisite number of Assessed Accounts has been met to impose the ADC Liability assessment, etc. That is, each “could be separately enforced.” Rieser, 224 F.2d at199 (2d Cir. 1955).
Therefore, each of Wawa's factual bases “give rise to [a] legal right[] . . .”-that is, each amounts to a separate breach of contract claim. Schwartz, 264 F.2d at 196. Because they are of the same type of claim, however, does not make them the same claim. The Court notes with approval the Eastern District's statements that “a plaintiff bringing multiple claims under one legal cause of action cannot simply collapse all of his distinct claims in one central ‘count', thereby proofing his complaint from a partial motion to dismiss . . . “ and “a defendant may not simply seek adjudication of facts in a complaint that are not dispositive of any of the pleas for legal redress.” Amex Antitrust Litigation, 343 F.Supp. at 100.
As such, the Court holds that Mastercard's partial motion to dismiss is procedurally proper and turns to the sufficiency of Wawa's claim under Section 10.2.5.4 of the Security Rules.
ii. Wawa's Claim Under Section 10.2.5.4 of the Security Rules
At the outset, the Court considers whether the excerpts of the Standards, and, in particular, the Security Rules, are “incorporated by reference in the Complaint . . .” and may be properly considering by the Court in this context. AECOM, 19 F.4th at 106 (internal quotations omitted). Given that the Complaint cites specific provisions of the Standards, see, e.g., Compl. at ¶¶ 45, 75, 78, the Court considers the Standards incorporated by reference. Moreover, given that this claim turns on the application of Section 10.2.5.4 of the Security Rules' terms, the Complaint must be considered to at least “rel[y] heavily upon [the] terms and effect [of the Security Rules], thereby rendering the [Security Rules] integral to the complaint . . .” and thus may be properly considered by the Court. AECOM, 19 F.4th at 106 (internal quotations omitted).
Section 10.2.5.4 provides that the ADC Liability Assessment would not have been imposed if: “(i) at least ninety-five percent (95%) of [Wawa's] annual total Transaction count was acquired through Hybrid POS Terminals; and (ii) at least ninety-five percent (95%) of the Transactions deemed by Mastercard to be within the scope of the ADC Event were acquired through Hybrid POS Terminals; and (iii) the Merchant has not been identified by Mastercard as having experienced a different ADC Event during the twelve (12) months prior to the date of publication of the earliest ADC Alert for the subject ADC Event; and (iv) Mastercard determines that the Merchant was not storing Sensitive Card Authentication Data.” Wawa asserts that it had not experienced any other ADC Events during the year prior to the Incident and that it was not storing Sensitive Authentication Data. (Compl. at ¶ 76).
A “Hybrid POS Terminal” is defined in the Standards as a point-of-sale terminal capable of processing ‘“EMV” contact chip and magnetic stripe transactions. (Compl. at ¶ 77, fn. 1). By 2018, Wawa had successfully installed EMV-capable terminals in all of its stores. (Compl. at ¶ 77). At its automated fuel dispenses (“AFDs”), however, Wawa only completed installing EMV-capable terminals in March 2020 due to technological constraints “beyond Wawa's control .... (Id.). Wawa asserts that Mastercard “recognized the impracticability of implementing EMV technology at AFDs . . .” and asks the Court to therefore exclude transactions made at AFDs from those used to determine whether Wawa meets the 95% threshold for all transactions to have occurred at Hybrid POS Terminals. (Compl. at ¶ 78). Wawa asserts further that, with AFD transactions excluded, that at least 95% of: (1) all transactions and (2) those transactions Mastercard deemed in scope of the ADC Event were processed through Hybrid POS Terminals. (Id.).
In essence, Wawa asks the Court to rewrite Section 10.2.5.4 to exclude transactions made at AFDs because, Wawa asserts, Mastercard acknowledged difficulty with installing EMV-capable terminals at AFDs. The Court may not “rewrite, under the guise of interpretation, a term of the contract when the term is clear and unambiguous . . .” Terwilliger v. Terwilliger, 206 F.3d 240, at 245 (citing Fiore v. Fiore, 46 N.Y.2d 971, 973 (N.Y. 1979), “nor redraft a contract with its instinct for the dispensation of equity upon the facts of a given case.” Id. (citing DeVanzo v. Newark Ins. Co., 44 A.D.2d 39, 43 (2d Dep't 1974). The Court cannot ignore the plain, unambiguous text of Section 10.2.5.4 that all “Transactions” must be made through Hybrid POS Terminals. Wawa admits by implication that, when transactions made at AFDs are included, the number of transactions made at Hybrid POS Terminals falls short of Section 10.2.5.4's threshold of 95%. (Compl. at ¶ 78).
Accordingly, Wawa's claim that the imposition of the ADC Liability Assessment was made in contravention of Section 10.2.5.4 of the Security Rules is dismissed without prejudice.
II. Cause of Action II - Breach of the Implied Covenant of Good Faith and Fair Dealing
Wawa alleges that Mastercard violated the implied covenant of good faith and fair Dealing by abusing its discretion to calculate the amount of the ADC Liability Assessment and then collecting the ADC Liability Assessment from BANA. (Compl. at ¶ 108).
Contracts governed by New York law all contain the implied covenant of good faith and fair dealing. DBT Gmbh v. J.L. Mining Co., 544 F.Supp.2d 364, 384 (S.D.N.Y. 2008) (internal quotations omitted). The Second Circuit has explained that the covenant prevents the parties “from doing anything which has the effect of destroying or injuring the right of the other party to receive the fruits of the contract . . .” but that it only applies “where an implied promise is so interwoven into the contract as to be necessary for the effectuation of the purposes of the contract.” Thyroff v. Nationwide Mut. Ins. Co., 460 F.3d 400, 407 (2d Cir. 2006) (citations and internal quotations omitted). Therefore, the covenant is breached when a party “directly violates an obligation that may be presumed to have been intended by the parties.” Id. at 407-08 (citations and internal quotations omitted). The covenant is not so expansive, however, as to “undermine a party's general right to act on its own interests in a way that may incidentally lessen the other party's anticipated fruits from the contract.” Id. at 408 (citations and internal quotations omitted); see also Fishoff v. Coty Inc., 634 F.3d 647, 653 (2d Cir. 2011) (“‘This covenant embraces a pledge that neither party shall do anything which will have the effect of destroying or injuring the right of the other party to receive the fruits of the contract.'” (quoting 511 W. 232nd Owners Corp. v. Jennifer Realty Co., 98 N.Y.2d 144, 746 N.Y.S.2d 131, 773 N.E.2d 496, 500 (2002))). “The implied covenant can only impose an obligation consistent with other mutually agreed upon terms in the contract. It does not add to the contract a substantive provision not included by the parties.” Broder v. Cablevision Sys. Corp., 418 F.3d 187, 198-99 (2d Cir. 2005) (citation, alteration, and internal quotation marks omitted). A plaintiff asserting a breach of the implied covenant of good faith and fair dealing bears a “heavy burden” and must prove “not merely that it would have been better or more sensible to include such a covenant, but . . . that the particular unexpressed promise sought to be enforced is in fact implicit in the agreement viewed as a whole.” DBT, 544 F.Supp.2d at 384 (quoting Rowe v. Great Atl. & Pac. Tea Co., 46 N.Y.2d 62, 69 (1978)).
With respect to the implied covenant of good faith and fair dealing, Wawa only makes the conclusory claim that “Mastercard acted unfairly and without good faith by the manner in which it exercised [its] discretion in calculating the ADC Liability Assessment and collecting the ADC Liability assessment, [thus] depriving BANA of the benefits of its contract with Mastercard”. (Compl. at ¶ 108). Moreover, BANA has not been denied the benefits of its contract with Mastercard; BANA still collects a fee for transactions in its capacity as both an Acquirer and Issuer under its agreement with Mastercard. (See, Id. at ¶¶ 12, 29). Nor does Wawa demonstrate that Mastercard's imposition of the ADC Liability Assessment breached any implied agreement between the parties, again only asserting that Mastercard “acted unfairly and without good faith . . . .” (Id. at ¶ 108). Accordingly, Wawa's claim of a breach of the implied covenant of good faith and fair dealing is dismissed without prejudice.
III. Causes of Action III and VI - Money Had and Received / Restitution / Unjust Enrichment
The Court will consider both of Wawa's money had and received/restitution/unjust enrichment claims, CoAs III and VI, which it asserts as an assignee and subrogee of BANA and directly, respectively, in this section.
Under New York law, an unjust enrichment claim requires “(1) that the defendant benefitted; (2) at the plaintiff's expense; and (3) that equity and good conscience require restitution.” Kaye v. Grossman, 202 F.3d 611, 616 (2d. Cir. 2000) (internal quotation marks omitted). However, “unjust enrichment is not a catchall cause of action to be used when others fail.” Corsello v. Verizon N.Y., Inc., 18 N.Y.3d 777, 790 (2012). “An unjust enrichment claim is not available where it simply duplicates, or replaces, a conventional contract or tort claim.” Izquierdo v. Mondelez Int'l, Inc., No. 16-CV-04697 (CM), 2016 WL 6459832, at *10 (S.D.N.Y. Oct. 26, 2016) (quoting Corsello, 18 N.Y.3d at 790-1) (internal quotation marks omitted). In other words, “the existence of a valid contract governing the subject matter generally precludes recovery in quasi contract for events arising out of the same subject matter.” EBC I, Inc. v. Goldman, Sachs & Co., 5 N.Y.3d 11, 23 (2005).
To support these claims, Wawa again asserts that Mastercard had “no contractual or lawful basis for . . .” imposing the ADC Liability Assessment. (See Compl. at ¶¶ 117, 155). That is, these claims “duplicate [the] conventional contract [claims] . . .” contained in CoA I that Mastercard violated the Standards and that the ADC Liability Assessment constituted an unenforceable penalty. Izquierdo, WL 6459832, at *10. It therefore follows that a “valid contract governing the subject matter . . .” of this CoA exists, thus precluding recovery under a claim for unjust enrichment. EBC I, Inc., 5 N.Y.3d at 12.
Accordingly, Wawa's claims of money had and received/restitution/unjust enrichment with respect to both CoAs III and VI are dismissed without prejudice.
IV. Causes of Action IV and VII - Deceptive Acts or Practices in Violation of N.Y. GBL § 349.
The Court will consider both of Wawa's claims in CoAs IV and VII that Mastercard engaged in deceptive acts or practices violation N.Y. GBL § 349, which it asserts as an assignee and subrogee of BANA and directly, respectively, in this section.
GBL § 349 prohibits “deceptive acts or practices in the conduct of any business, trade or commerce or in the furnishing of any service in th[e] state.” N.Y. Gen. Bus. L. § 349(a). To sustain a claim under GBL § 349, a plaintiff must show: (1) that the defendant's acts were consumer oriented; (3) that the acts or practices are “deceptive or misleading in a material way”; and (3) the plaintiff has been injured as a result. Goldemberg v. Johnson & Johnson Consumer Companies, Inc., 8 F.Supp.3d, 467, 478 (S.D.N.Y. 2014) (citing Oswego Laborers' Local 214 Pension Fund v. Marine Midland Bank, N.A., 85 N.Y.2d 20, 25 (1995)). As a threshold, the plaintiff must charge “conduct that is consumer oriented . . . and defendant's acts or practices must have a broad impact on consumers at large; private contract disputes unique to the parties . . . would not fall within the ambit of the statute.” N.Y. Univ. v. Cont'l Ins. Co., 87 N.Y.2d 308, 320 (N.Y. 1995) (citations and internal quotations omitted). While the consumer-oriented prong does not prohibit the application of GBL § 349 to “disputes between businesses[,] it does severely limit it.” Exxonmobil Inter-America, Inc. v. Advanced Info. Eng'g Servs., Inc., 328 F.Supp.2d 443, 449 (S.D.N.Y 2004) (citation and internal quotations omitted). A dispute between businesses will not satisfy the consumer-oriented prong under GBL § 349 if the transaction “does not have ramifications for the public at large.” Id. (citing Canario v. Gunn, 751 N.Y.S.2d 310, 310 (2d Dep't 2002). Finally, “allegedly deceptive acts that occur between relatively sophisticated entities with equal bargaining power do not give rise to [GBL] § 349 liability [because such] businesses are not the small-time individual consumers [GBL] § 349 was intended to protect.” Id.
Here, Wawa again only states its conclusion that the ADC Liability Assessment was invalid under the Standards and the law. (Compl. at ¶ 134). Wawa does also note “billions of . . . consumers . . .” utilize Mastercard's network and argues that as such, Mastercard has the ability to “abuse its discretion [and] unliterally determine the rights [those consumers.]” (Id. at ¶136). Wawa does not, however, sufficiently show that the agreement “has ramifications for the public at large.” Exxonmobil Inter-America, Inc., 328 F.Supp.2d at 449. The ADC Liability Assessment was imposed against BANA, which was subsequently indemnified by Wawa. The consumer is only peripherally associated with the relevant facts here. Indeed, to the extent a consumer is affected, it would most likely because their data was accessed as a result of the Incident, not the imposition of the ADC Liability Assessment.
Even assuming the ADC Liability Assessment is sufficiently consumer-oriented, Wawa's claims also fail because this alleged unfettered discretion arise from a contract “between relatively sophisticated entities with equal bargaining power ” Exxonmobil Inter-America, Inc., 328 F. Supp. at 449. That is, BANA is not a “small-time individual [GBL] § 349 [is] intended to protect.” Id.
Accordingly, Wawa's claims on CoA's IV and VII that Mastercard violated GBL § 349 are dismissed without prejudice.
V. Causes of Action IV and VII - Violation of N.C. Gen. Stat. § 75-1.1.
Finally, Wawa contends that Mastercard violated North Carolina General States § 75-1.1 (Compl. at ¶142), which prohibits the “unfair or deceptive acts or practices in or affected commerce ” Wawa asserts its claim as an assignee and subrogee of BANA. North Carolina courts have consistently held that claims under NCGS §75-1.1 are not assignable. Horton v. New. S. Ins. Co., 468 S.E.2d 856, 858 (N.C. Ct. App. 1996) (citing Investors Title Ins. Co. v. Herzig, 413 S.E.2d 268, 271 (1992); see also, Skyline Restoration, Inc. v. Church Mut. Ins. Co., 20 F4th 825, 834 (4th Cir. 2021); Gilbert v. Residential Funding LLC, 678 F.3d 271, 280 (4th Cir. 2012).
Wawa attempts to circumvent this bar by claiming that although “[NCGS § 75-1.1] claims cannot be assigned . . . common law subrogation is available ....” (Pl. Opp. at p. 24 (citing Allianz Glob. Risks U.S. Ins. Co. v. Travelers Prop Cas. Co. of Am., 2022 WL 2835426 at *2)). Wawa misrepresents that court; in actuality, the Western District of North Carolina held that “subrogation is available to an insurer to recover any monies paid, while the aggrieved party can maintain an action for fraud or unfair practices . . .” and that the subrogee “may not . . . maintain an action under [NCGS § 75-1.1].” Allianz Glob. Risks U.S. Ins. Co., WL 6459832, at *2 (emphasis added) (citations and internal quotations omitted).
Accordingly, Wawa's claims under CoA V are dismissed with prejudice.
CONCLUSION
For the foregoing reasons, Defendants' motion to partially dismiss the Complaint is GRANTED. Plaintiff's claims for breach of the implied covenant of good faith and fair dealing (Cause of Action II), money had and received/restitution/unjust enrichment (Causes of Action III and VI); deceptive acts or practices in violation of N.Y. Gen. Bus. Law § 349 (Causes of Action IV and VII) are dismissed without prejudice. Plaintiff's claims for breach of contract (Cause of Action I) are dismissed without prejudice to the extent they are premised on theories of unlawful penalty or violation of Section 10.2.5.4 of the Security Rules. Plaintiffs claim for violation of N.C. Gen. Stat. § 75-1.1 (Cause of Action V) is dismissed with prejudice.
Plaintiff is granted leave to file an Amended Complaint as to any claims that have not been dismissed with prejudice. If Plaintiff chooses to do so, Plaintiff will have until October 23, 2023 to file an Amended Complaint. Defendants are then directed to answer or otherwise respond by November 23, 2023. If Plaintiff fails to file an Amended Complaint within the time allowed, and it cannot show good cause to excuse such failure, any claims dismissed without prejudice by this order will be deemed dismissed with prejudice. If no Amended Complaint is timely filed, the parties are directed to complete and file a Case Management Plan and Scheduling order by October 31, 2023. The Clerk of Court is respectfully directed to terminate the motion at ECF No. 20.
SO ORDERED.