Payments Docket, June 2022

JUNE 2022 | 3 NEW LAWSUITS New Class Actions Allege That Payments Network Has Not Protected Users from Fraud Stock v. Wells Fargo & Co, et al. , No. 8:22-cv-00763 (C.D. Cal.). Arant v. Early Warning Services LLC , No. CV2022-005057 (Sup. C. Maricopa Cnty., Ariz.). Wilkins v. Navy Federal Credit Union , No. 2:22-cv-02916 (D.N.J.). Over the past few months, there has been a spate of putative class actions accusing banks and related companies of not doing enough to protect their customers from scams aimed at users of Zelle. So far, these suits have been filed in California, Arizona, and New Jersey and allege violations of the federal Electronic Fund Transfer Act and various state consumer protection statutes. Inthe Stock case, forexample, theplaintiffalleges that shewas trickedbyacaller impersonating a Wells Fargo customer representative into signing up for Zelle, and then sharing a Zelle verification code that had been sent to her via text. The plaintiff alleges that the scammer used the verification code to steal $1,000 from her Wells Fargo account and that the bank refused to credit the plaintiff’s account after investigating the transaction. The Stock complaint asserts claims under the Electronic Fund Transfer Act, violations of California’s Unfair Competition Law, and negligence. The plaintiff seeks to represent a nationwide class of individuals whose accounts were debited via Zelle and not fully credited within 45 days of disputing the transaction with their bank. The complaint also seeks certification of a similarly defined California subclass. Another case has been filed in Arizona making similar allegations against Early Warning Services LLC, the entity that owns and operates Zelle. There, the plaintiff seeks to certify a class of all Zelle users who incurred unreimbursed losses to due to fraud and further seeks to certify a Washington State subclass. The complaint asserts claims for alleged violations of Arizona’s Consumer Fraud Act andWashington’s Consumer Protection Act. More recently, plaintiffs targeted Navy Federal Credit Union with a similar suit in New Jersey. There, the named plaintiff alleges that she was tricked into making a payment via Zelle to what she thought was her electric utility, but in fact was a fraudster impersonating the utility. The plaintiff alleges that Navy Federal failed todisclose the risks of usingZelle, which allegedly include that funds transferred by mistake or due to fraud are essentially unrecoverable. Retailer Seeks to Recover $10.7 Million in Penalties Arising from Data Breach Wawa Inc. v. Mastercard International Inc ., No. 7:22-cv-03186 (S.D.N.Y.). Wawa has sued Mastercard to recover an allegedly unlawful $10.7 million penalty it paid after a data security incident that Mastercard says was caused by Wawa’s violation of the Payment Card Industry Data Security Standard (PCI DSS). The case arose after Wawa discovered a data security incident in 2019 that resulted in unauthorized access to its cardholder data environment. Wawa notified its payment processor of the data incident. The processor, in turn, had contractual obligations to notify Mastercard of the potential exposure of its cardholders’ data. The processor’s contract with Mastercard also exposed it to potential liability for merchants’ noncompliance with various card network rules, including the PCI DSS. Wawa asserts that, after an investigation, Mastercard decided to impose an over $17million assessment onWawa’s processor because of the data breach. Though the processor appealed, and Mastercard exercised its discretion to reduce the assessment to approximately $10.7 million, the processor nevertheless sought indemnification and reimbursement from Wawa per the parties’ payment processing contract. Wawa agreed to pay the full amount of Mastercard’s assessment on its processor and, in exchange, the processor assigned Wawa its rights and claims against Mastercard related to the assessment. That assignment is what allowedWawa to file suit against Mastercard. Wawa, as assignee, claims that Mastercard breached its contract withWawa’s processor because Mastercard incorrectly determined that the security incident violated Mastercard’s standards and that violations of the PCI DSS caused the incident. Wawa further claims that Mastercard’s assessment was not based on losses actually incurred by Mastercard as a result of the incident; therefore, the assessment was a violation of the implied duty of good faith and fair dealing. Finally,Wawa asserts claims, bothdirectly and as assignee for its processor, for unjust enrichment and for violations of NewYork’s and North Carolina’s deceptive trade practices statutes. Plaintiff Files Amended Complaint Against Cellular Provider After Alleged Theft of Cryptocurrency Li, et al. v. AT&T Mobility LLC , No. 5:22-cv-00431 (C.D. Cal.). Amwear USA and its employee, Scott Li, using a novel theory in the rapidly evolving cryptocurrency universe, have filed an amended complaint against AT&T Mobility LLC after the employee’s corporate cellular phone number was used in connection with the alleged theft of approximately half amilliondollars in cryptocurrency. The plaintiffs allege that AT&T transferred the employee’s phone number to another cellular service provider without the employee’s authorization, in violation of the underlying cellular service contract. According to the plaintiffs, the phone number was then used to pilfer approximately $500,000 of cryptocurrency from unnamed software applications. The plaintiffs originally asserted claims for breach of contract and breach of the duty of good faith and fair dealing. They also sought to recover the value of the allegedly stolen cryptocurrency, plus interest, attorneys’ fees, and costs.