Summary
affirming this conclusion
Summary of this case from Flatiron Acquisition Vehicle, LLC v. CSE Mortg. LLCOpinion
Case No. 17-5884 Case No. 17-5950
06-07-2019
NOT RECOMMENDED FOR FULL-TEXT PUBLICATION
File Name: 19a0294n.06 ON APPEAL FROM THE UNITED STATES DISTRICT COURT FOR THE WESTERN DISTRICT OF TENNESSEE BEFORE: BATCHELDER, COOK, and KETHLEDGE, Circuit Judges.
COOK, Circuit Judge. Two attacks on Spec's Family Partners' payment card system led to millions of dollars in damage-control costs, which the major credit card brands and their associated bank passed on to First Data, the company processing payments for Spec's. First Data footed the bill and began withholding routine payments to Spec's to make up the difference. Spec's sued. Interpreting the contract between the parties, the district court awarded judgment to Spec's. First Data appeals and Spec's cross-appeals its interest awards. We AFFIRM in full.
I.
Spec's Family Partners operates dozens of liquor stores across Texas. Like nearly all retailers in today's economy, Spec's allows customers to purchase goods using payment cards backed by companies like Visa and Mastercard. This situates Spec's at the end of a string of contractual relationships supporting the payment card system. The card brands contract with both "issuing banks," who issue cards, and "acquiring banks," who sponsor merchants into the system and process their transactions. Intermediary companies, like First Data, often contract with acquiring banks to facilitate the processing of transactions from merchants.
In 2012 and 2013, Spec's fell victim to attacks on its payment card network—the attackers installed malware and accessed customer data. A later investigation revealed that Spec's failed to comply with the Payment Card Industry Data Security Standard ("PCI DSS") prior to the attacks, leaving it vulnerable to the breaches. The attacks sparked a cost-shifting reaction down the payment card chain. After the issuing banks reimbursed defrauded cardholders and replaced cards, Visa and Mastercard issued assessments on the acquiring bank, Citicorp Payment Services Inc., to cover costs. Citicorp then demanded payment from First Data, which, in turn, sought reimbursement from Spec's.
First Data simultaneously began withholding the proceeds of routine payment card transactions from Spec's, placing them in a reserve account. But Spec's ultimately refused to pay First Data, relying on the consequential damages waiver in the "Merchant Agreement," the contract between the parties. When Spec's filed suit, First Data had withheld approximately $2.2 million (the total would eventually reach $6.2 million).
In denying the parties' Rule 12 motions, the district court made two findings favorable to Spec's. See Fed. R. Civ. P. 12(b)(6), 12(c). First, it held that the card brand assessments constituted consequential damages, thus barring liability for Spec's under the Merchant Agreement's limitation clause. Second, it refused to treat the assessments as "third-party fees and charges," for which Spec's retains liability under § 5 of the Merchant Agreement. The district court later granted summary judgment in favor of Spec's, holding that First Data materially breached the Merchant Agreement when it diverted funds to reimburse itself for the card brand assessments.
Spec's moved for entry of judgment and the district court ruled in its favor. It awarded prejudgment interest at Tennessee's statutory formula rate and postjudgment interest at 6.25%. Later, however, the court granted First Data's Rule 59(e) motion to amend and reduced the postjudgment interest rate to 1.79%, reflecting a calculation under federal law, 28 U.S.C. § 1961, rather than Tennessee's statutory rate. First Data appeals the district court's grant of summary judgment in favor of Spec's. For its part, Spec's cross-appeals the court's interest rate awards.
II.
We review de novo a grant of summary judgment. Upshaw v. Ford Motor Co., 576 F.3d 576, 584 (6th Cir. 2009). We also review a district court's interpretation of a contract with fresh eyes. See Ferro Corp. v. Garrison Indus., 142 F.3d 926, 931 (6th Cir. 1998). "The grant or denial of a Rule 59(e) motion is within the informed discretion of the district court, reversible only for abuse." Huff v. Metro. Life Ins., Co., 675 F.2d 119, 122 (6th Cir. 1982). Tennessee contract law governs the Merchant Agreement, R. 1-3, PageID 19, and thus the contract dispute here, see Certified Restoration Dry Cleaning Network, L.L.C. v. Tenke Corp., 511 F.3d 535, 541 (6th Cir. 2007) ("When interpreting contracts in a diversity action, we generally enforce the parties' contractual choice of forum and governing law.").
A. Liability Under the Merchant Agreement
In a contract dispute, the court's "task is to ascertain the intention of the parties based upon the usual, natural, and ordinary meaning of the contractual language." Planters Gin Co. v. Fed. Compress & Warehouse Co., 78 S.W.3d 885, 889-90 (Tenn. 2002). "If the contract is unambiguous, then the court should not go beyond its four corners to ascertain the parties' intention," Adkins v. Bluegrass Estates, Inc., 360 S.W.3d 404, 412 (Tenn. Ct. App. 2011), because the "literal meaning controls the outcome of the dispute," Allstate Ins. Co. v. Watson, 195 S.W.3d 609, 611 (Tenn. 2006). "'Only if ambiguity remains after the court applies the pertinent rules of construction does the legal meaning of the contract become a question of fact' appropriate for a jury." Planters Gin, 78 S.W.3d at 890 (quoting Smith v. Seaboard Coast Line R.R. Co., 639 F.2d 1235, 1239 (5th Cir. 1981)).
First Data asserts, contrary to the district court's findings, that the Merchant Agreement makes Spec's liable for the card brand assessments. It first argues that Spec's retains liability for the assessments under the contract's indemnification clause, despite the agreement's limitation on that clause. It further contends that the assessments constitute "third-party fees and charges" under § 5 of the agreement. We find both arguments unpersuasive.
The indemnification and limitation clauses. First Data emphasizes the obligations that the contract's indemnification clause, § 15, assigns Spec's. Section 15(b) states, in relevant part, that Spec's must indemnify First Data, Visa, and Mastercard, and hold them harmless from and against:
any and all claims, demands, losses, costs, liabilities, damages, judgments, or expenses arising out of or relating to (i) any material breach by [Spec's] of its representations, warranties, or agreements under this Agreement; [or] (ii) any act or omission by [Spec's] that violates . . . any operating rules or regulations of Visa or Mastercard . . . .R. 1-3, PageID 20. Two subsections later, however, on the same page, § 15(d) announces a conspicuous limitation:
IN NO EVENT SHALL EITHER PARTY'S LIABILITY OF ANY KIND TO THE OTHER HEREUNDER INCLUDE ANY SPECIAL, INDIRECT, INCIDENTAL, OR CONSEQUENTIAL LOSSES OR DAMAGES, EVEN IF SUCH PARTY SHALL HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH POTENTIAL LOSS OR DAMAGE.Id.
The dispute between the parties boils down to whether the card brand assessments passed down to First Data constituted consequential damages, thus exempting Spec's from liability. The district court held that they did, and we agree.
General and consequential damages "are constituent elements of compensatory damages which are awarded to make [the non-breaching party] whole or to compensate him for the loss he has sustained because of . . . wrongful conduct." Inland Container Corp. v. March, 529 S.W.2d 43, 44 (Tenn. 1975), abrogated on other grounds by Hodges v. S.C. Toof & Co., 833 S.W.2d 896 (Tenn. 1992). Consequential damages, which Tennessee courts also refer to as "special damages," see, e.g., Turner v. Benson, 672 S.W.2d 752, 754-55 (Tenn. 1984), "are such as are the natural consequences of the act complained of, though not the necessary results," Burson v. Cox, 65 Tenn. 360, 362 (1873) (emphasis added), cited with approval in Burris v. State, No. 88-272-II, 1988 WL 129763, at *3 (Tenn. Ct. App. Dec. 7, 1988); see also Mitchell v. Mitchell, 876 S.W.2d 830, 831 (Tenn. 1994) (quoting Lance Prods., Inc. v. Commerce Union Bank, 764 S.W.2d 207, 213 (Tenn. Ct. App. 1988)) ("Where damages, though the natural results of the act complained of, are not the necessary result of it, they are termed 'special damages.'").
Here, the assessments fit comfortably within Tennessee's classic consequential, or "special," damages formulation. The data breaches, resulting reimbursement to cardholders, and levying of assessments, though natural results of Spec's Family's PCI DSS non-compliance, did not necessarily follow from it. As Spec's points out, a non-compliant merchant might never suffer a data security breach. Moreover, the card brands exercise discretion in issuing assessments, failing to levy them in every situation and never for PCI DSS non-compliance alone. See R. 121-4, PageID 2588-89; R. 120-21, PageID 2211-12; Appellant's Br. at 29-30. Though certainly a foreseeable consequence of weak data security, the issuance of assessments nevertheless constitutes consequential damages because it did not necessarily follow from Spec's Family's non-compliance. Thus, First Data retains liability for the assessments under § 15(d) of the Merchant Agreement.
First Data contests this conclusion with several arguments. For example, it maintains that an "unbroken line" connects Spec's Family's data-security non-compliance and liability for the assessments. But this argument critically fails to establish that the assessments necessarily followed from PCI DSS non-compliance. Indeed, First Data's arguments about why the card brands issue assessments only bolster the conclusion that the brands exercise considerable discretion in imposing assessments following a breach. For instance, Mastercard reduces and waives assessments in some cases. And both Mastercard and Visa consider a slew of factors before issuing assessments.
First Data also argues that because Spec's paid a separate $10,000 Visa fine for PCI DSS non-compliance, it concedes that intermediate contractual relationships cannot constitute "steps removed" from direct damages. But Visa issued that fine solely for non-compliance and regardless of the criminal attack, thus distinguishing it from the assessments. And even if we assume the suspect premise that intermediate contractual relationships do not contribute to the consequential nature of these damages, First Data still faces the problem that both the data breach and the imposition of assessments do not necessarily follow from Spec's Family's actions.
Finally, First Data contends that we should consider the parties' conduct when interpreting the Merchant Agreement, citing the "rule of practical construction." See Hamblen Cty. v. City of Morristown, 656 S.W.2d 331, 335 (Tenn. 1983). But Tennessee cases since Hamblen County have reiterated the long-held principle that courts consider conduct only if ambiguity remains after reviewing the contract's plain language. See, e.g., Allstate Ins. Co., 195 S.W.3d at 611-12; Planters Gin, 78 S.W.3d at 890. Moreover, Hamblen County itself qualified its use of extrinsic evidence, cautioning against using conduct "for the purpose of modifying or enlarging or curtailing [the contract's] terms." 656 S.W.2d at 334 (quoting the Restatement of Contracts § 235(d) and comment); see also Individual Healthcare Specialists, Inc. v. BlueCross BlueShield of Tenn., Inc., 566 S.W.3d 671, 693 (Tenn. 2019). Satisfied that the Merchant Agreement adequately represents the parties' intent, we find it unnecessary to look beyond the plain language of the contract. See Individual Healthcare Specialists, 566 S.W.3d at 676 ("[W]ritten words are the lodestar of contract interpretation, and Tennessee courts have rejected firmly any notion that courts may disregard the written text and make a new contract for parties under the guise of interpretation."). First Data retains liability for the assessments under § 15(d) of the Merchant Agreement.
Liability under Section 5 of the Merchant Agreement. First Data further argues that § 5 of the Merchant Agreement assigns liability to Spec's as "third-party fees and charges." The district court rejected this argument, holding that "third-party fees and charges" in the contract refer to routine charges associated with card processing services rather than liability for a data breach. We agree.
Section 5 states, in relevant part, that Spec's shall pay:
any and all third-party fees and charges associated with the use of [First Data's] services, as modified from time to time, including without limitation all telecommunications costs (except for toll charges relating to dial-up transactions) and all Network fees and charges. [First Data] will debit Merchant's designated settlement account daily in the amount of the interchange fees owed a Credit Card Issuer or other Networks.R. 1-3, PageID 18. The Merchant Agreement fails to define the term "third-party fees and charges," so the district court turned to the dictionary for the "usual, natural, and ordinary" meaning of the terms. Adkins, 360 S.W.3d at 411. Thus, "third-party fees and charges" refer to "an amount of money demanded by a third party in association with the use of [First Data's] processing services," not unique liability costs like the assessments. R. 64, PageID 750.
First Data's attempts to broaden the scope of "third-party fees and charges" to include the assessments fail in the wider context of the Merchant Agreement. For example, "third-party fees and charges" directly precedes "associated with the use of [First Data's] services" in § 5. R. 1-3, PageID 18. As the district court observed, the assessments are not associated with First Data's processing services, but rather relate to reimbursement for liabilities passed down the payment card chain. Section 5 also describes "third-party fees and charges . . . as modified from time to time." R. 1-3, PageID 18. Unlike the examples of modifiable fees listed in § 5—telecommunications costs and Network fees—the assessments constitute unique, one-off liabilities that the parties do not "modif[y] from time to time." Finally, the assessments do not fall within any of the enumerated fees set out in the Merchant Data Sheet, which § 5 incorporates. See id., PageID 22. The Data Sheet lists routine transaction costs like a "Monthly Maintenance/Support" fee and fees for "Adjustments/Chargebacks." Id. Although the Data Sheet does reference "issue[r] reimbursements fees"—a phrase that, on its face, could conceivably include the assessments—the Mastercard operating regulations reveal that the phrase refers to "excessive chargebacks," or fees imposed by the card brands when they reverse a transaction and recoup funds from a merchant, not assessments arising from a data breach. See R. 120-5, PageID 1668-70; see also Schnuck Markets, Inc. v. First Data Mech. Servs. Corp., 852 F.3d 732, 738 n.4 (8th Cir. 2017).
Indeed, the reasoning of the only other federal appeals court to address this precise issue cements our conclusion. Interpreting a similar section in a First Data contract, the Eighth Circuit in Schnuck Markets construed third-party "fees and charges" as "payments for services," which excluded assessments following a data breach "because [the assessments] are imposed to compensate issuing banks for losses they sustained as a result of [the breach]." Id. at 738. It also examined fees like those on the Merchant Data Sheet and noted that the list—including an "issuer reimbursement fees" entry—excluded the assessments. Id.
Section 5 of the Merchant Agreement fails to assign Spec's liability for the assessments.
B. First Material Breach
Because the contract bars First Data from recouping the assessments from Spec's, the district court held that First Data materially breached § 5 of the Merchant Agreement by withholding routine settlement funds in the reserve account. To reach that conclusion, it first held that Spec's Family's PCI DSS non-compliance constituted an immaterial breach, which it found the company cured by taking steps to become compliant. First Data argues that Spec's first materially breached the contract. We disagree. The district court correctly held that First Data committed the first material breach of the Merchant Agreement by withholding payments due to Spec's.
"A breach is 'material' if a party fails to perform a substantial part of the contract or one or more of its essential terms or conditions, the breach substantially defeats the contract's purpose, or the breach is such that upon a reasonable interpretation of the contract, the parties considered the breach as vital to the existence of the contract." 23 Williston on Contracts § 63:3 (4th ed.) ("Williston"); see, e.g., Dick Broad. Co. of Tenn. v. Oak Ridge FM, Inc., 395 S.W.3d 653, 661-62 (Tenn. 2013) (turning to Williston Chapter 63 for guidance). When determining the materiality of a breach, Tennessee courts consider the following factors:
(a) the extent to which the injured party will be deprived of the benefit which he reasonably expected;
(b) the extent to which the injured party can be adequately compensated for the part of that benefit of which he will be deprived;
(c) the extent to which the party failing to perform or to offer to perform will suffer forfeiture;
(d) the likelihood that the party failing to perform or to offer to perform will cure his failure, taking account of all the circumstances including any reasonable assurances;United Brake Sys., Inc. v. Am. Envtl. Prot., Inc., 963 S.W.2d 749, 756 (Tenn. Ct. App. 1997) (quoting the Restatement (Second) of Contracts § 241 (1979)).
(e) the extent to which the behavior of the party failing to perform or to offer to perform comports with standards of good faith and fair dealing.
Applying these principles, Spec's did not materially breach the Merchant Agreement. While First Data reasonably expected Spec's Family's PCI DSS compliance under Schedule B of the contract, see R. 1-3, PageID 26, Spec's Family's non-compliance falls short of "substantially defeat[ing] the contract's purpose," see Williston § 63:3. Indeed, that the parties continued to perform after the attacks highlighted Spec's Family's compliance problems shows that First Data did not consider the problems "vital to the existence of the contract." See id. PCI DSS compliance served as a promise peripheral to the central benefit First Data expected—payment for its processing services. Moreover, following the attacks, Spec's investigated the breaches and took several steps to achieve full PCI DSS compliance, including segmenting off its payment card server and upping the account data encryption level. See Restatement (Second) of Contracts § 241(d) (1979). Spec's Family's data-security non-compliance constituted an immaterial breach of the Merchant Agreement.
First Data's withholding of settlement funds in the reserve account, on the other hand, materially breached § 5 of the Merchant Agreement. That section constitutes an essential term of performance, stating that a Spec's account "shall be credited and debited in connection with the services referenced in this Agreement." R. 1-3, PageID 17; see Williston § 63:3. Thus, when First Data unilaterally diverted funds from the settlement account to reimburse itself for the assessments, it deprived Spec's of its principal expected benefit under the contract—First Data's faithful execution of processing services. See Restatement (Second) of Contracts § 241(a) (1979). First Data's actions materially breached the contract.
C. Interest Amounts
Spec's cross-appeals the prejudgment and postjudgment interest rates that the district court applied to the principal amount of the withheld funds. Agreeing with the district court's analysis, we affirm both interest rates.
Prejudgment interest. Section 5 of the Merchant Agreement states that "[a]ny payments which are delinquent shall bear interest at the rate of eighteen percent (18%) per annum or the highest rate allowed by law, whichever is lower." R. 1-3, PageID 17. The district court held that First Data owed Spec's the "the highest rate allowed" by Tennessee law, the lower of the two options provided in the contract. Interpreting § 5 according to its ordinary meaning, see Planters Gin, 78 S.W.3d at 889-90, the district court held that the Merchant Agreement's reference to "interest" resulting from "delinquent" payments fit within the Tennessee commercial code's definition for that term—"compensation for the use or detention of . . . money over a period of time." Tenn. Code Ann. § 47-14-102(8). It therefore set the prejudgment interest rate at the "applicable formula rate" effective when First Data withheld the payments, or 7.25%. See id. § 47-14-103(2).
Spec's argues that the Merchant Agreement entitles it to the 18% rate because § 5 provides for a "penalty." It argues that the parties intended that the language in § 5 ensure prompt payment and compensate for damages, rendering Tenn. Code Ann. § 47-14-103(2) inapplicable here. But the unambiguous language of § 5 tells a different story. See Adkins, 360 S.W.3d at 412. Section 5 uses the word "interest" and omits any reference to a penalty. And, as the district court noted, Tennessee's statutory definition of "interest" encompasses "compensation for the use or detention of . . . money over a period of time." Tenn. Code Ann. § 47-14-102(8) (emphasis added). It comes as no surprise, then, that Spec's itself referred to this amount as "prejudgment interest" in its initial brief on the topic. The contract fails to clearly provide for a penalty and thus the district court correctly set the prejudgment interest rate at 7.25%.
Postjudgment interest. In its original judgment order, the district court set the postjudgment interest rate at 6.25%, noting Spec's Family's unopposed argument for that amount. See Tenn. Code Ann. §§ 47-14-121 to -122. Following First Data's motion to alter or amend the judgment, however, it reduced the postjudgment rate to 1.79%, as provided for in 28 U.S.C. § 1961. Spec's argues that the district court improperly reduced the rate. We disagree.
The decision to grant or deny a Rule 59(e) motion "is within the informed discretion of the district court." Huff, 675 F.2d at 122; see also Perez v. Aetna Life Ins. Co., 150 F.3d 550, 554 (6th Cir. 1998) (reviewing a denial of a Rule 59(e) motion). "Under Rule 59, a court may alter the judgment based on" several factors, including "a clear error of law." Leisure Caviar, LLC v. U.S. Fish & Wildlife Serv., 616 F.3d 612, 615 (6th Cir. 2010) (quotation omitted). "Interest shall be allowed on any money judgment in a civil case recovered in a district court" and "shall be calculated from the date of the entry of the judgment, at a rate equal to the weekly average 1-year constant maturity Treasury yield." 28 U.S.C. § 1961(a). In diversity cases like this one, "federal law controls postjudgment interest." Estate of Riddle ex rel. Riddle v. S. Farm Bureau Life Ins. Co., 421 F.3d 400, 409 (6th Cir. 2005) (quoting F.D.I.C. v. First Heights Bank, FSB, 229 F.3d 528, 542 (6th Cir. 2000)).
The district court granted First Data's Rule 59(e) motion because it acknowledged that its original postjudgment interest award constituted "a clear error of law." It found our mandate that federal law decide postjudgment interest awards in diversity actions controlling and deemed First Data's failure to object to its original award "understandable in light of 28 U.S.C. § 1961's mandatory language." The district court acted within its discretion in so holding. See Huff, 675 F.2d at 122. We therefore affirm the 1.79% postjudgment rate.
III.
We AFFIRM in full.