Opinion
CASE NO. 22-22838-CV-WILLIAMS
2023-07-18
Alba HERRERA, Plaintiff, v. TD BANK, N.A., Defendant.
Jonathan Marc Streisfeld, Jeffrey Miles Ostrow, Kopelowitz Ostrow PA, Fort Lauderdale, FL, Lynn A. Toops, Pro Hac Vice, Amina A. Thomas, Pro Hac Vice, Lisa M. La Fornara, Pro Hac Vice, Cohen & Malad LLP, Indianapolis, IN, for Plaintiff. Peter W. Homer, Homer Bonner Jacobs, P.A., Miami, FL, Alexandra Hiatt, Pro Hac Vice, Noah Levine, Pro Hac Vice, WilmerHale, New York, NY, for Defendant.
Jonathan Marc Streisfeld, Jeffrey Miles Ostrow, Kopelowitz Ostrow PA, Fort Lauderdale, FL, Lynn A. Toops, Pro Hac Vice, Amina A. Thomas, Pro Hac Vice, Lisa M. La Fornara, Pro Hac Vice, Cohen & Malad LLP, Indianapolis, IN, for Plaintiff. Peter W. Homer, Homer Bonner Jacobs, P.A., Miami, FL, Alexandra Hiatt, Pro Hac Vice, Noah Levine, Pro Hac Vice, WilmerHale, New York, NY, for Defendant. ORDER KATHLEEN M. WILLIAMS, UNITED STATES DISTRICT JUDGE
THIS MATTER is before the Court on TD Bank, N.A.'s (" Defendant " or " T.D. Bank ") Motion to Dismiss (DE 39) (" Mo tion ") Plaintiff Alba Herrera's (" Plain tiff ") Amended Class Action Complaint (DE 37) (" Amended Complaint "). Plaintiff filed a Response in Opposition to the Motion (DE 40) (" Response "), to which Defendant filed a Reply (DE 44) (" Reply "). For the reasons set forth below, TD Bank's Motion (DE 39) is GRANTED.
I. BACKGROUND
Defendant T.D. Bank is one of the ten largest banks in the United States. (DE 37 at 4.) Defendant's online banking platform allows consumers to open a checking account online in minutes. (Id. at 6.) Because Defendant does not affirmatively reach out to an individual to confirm his or her identity before opening a new account in his or her name, Plaintiff alleges that "consumers and cybercriminals can open a checking account with only a social security number, a picture of a government-issued ID, and an individual's personal information." (Id.) In 2016 and 2017, the Office of the Comptroller of the Currency found that Defendant was "one of a handful of retail financial institutions that had systemic problems in its account opening . . . process[ ]." (Id. at 10.)
In July 2022, Defendant allowed an unidentified third party to open a checking account and a savings account in Plaintiff's name. (Id. at 11.) The third party accomplished this by using an expired phone number, expired ID, and an address that was no longer current. (Id.) Plaintiff was not aware that an application had been made to open these accounts, or that the accounts had, in fact, been opened. Indeed, Plaintiff did not authorize the opening of the accounts. (Id.) Plaintiff only became aware of the accounts when she received an email from Defendant thanking her for opening them. (Id. at 10.) Plaintiff then took steps to close the unauthorized accounts, including (1) calling and reporting the unauthorized account opening to Defendant's fraud hotline and (2) taking time off work to go to Defendant's nearest branch to close the unauthorized accounts. (Id. at 11-12.)
Unfortunately, this is not an isolated incident. In February 2022, over 1,000 residents of the Sandhills area in North Carolina began receiving checks, debit cards, statements, and welcome letters from Defendant. (Id. at 8-9.) Local authorities investigated and discovered that unidentified cybercriminals had used the residents' identities to fraudulently open multiple checking and savings accounts with Defendant. (Id.)
Plaintiff filed the instant class action on behalf of herself and all individuals who had a checking or savings account opened under their identity by Defendant without their authorization via Defendant's online banking platform. (Id. at 16.) The Amended Complaint contains two counts, alleging (1) negligence and (2) violations of the Electronic Funds Transfer Act (" EFTA "), 15 U.S.C. § 1693 et seq. (Id. at 21-27.) Defendant moves to dismiss the Amended Complaint for failure to state a claim. (DE 39.)
II. LEGAL STANDARD
To survive a motion to dismiss, a complaint must plead sufficient facts to state a claim that is "plausible on its face." Ashcroft v. Iqbal, 556 U.S. 662, 678, 129 S.Ct. 1937, 173 L.Ed.2d 868 (2009) (quoting Bell Atlantic Corp. v. Twombly, 550 U.S. 544, 570, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007)). The court must accept factual allegations as true and draw reasonable inferences in the plaintiff's favor. Speaker v. U.S. Dept. of Health and Human Servs. Ctrs. for Disease Control and Prevention, 623 F.3d 1371, 1379 (11th Cir. 2010). While "detailed factual allegations" are unnecessary, the allegations must consist of more than "labels and conclusions." Twombly, 550 U.S. at 555, 127 S.Ct. 1955 (internal citations, quotations omitted). All in all, "the factual allegations must be enough to raise a right of relief above the speculative level." Watts v. Fla. Int'l Univ., 495 F.3d 1289, 1295 (11th Cir. 2007) (quoting Twombly, 550 U.S. at 555, 127 S.Ct. 1955). "[O]nly a complaint that states a plausible claim for relief survives a motion to dismiss." Iqbal, 556 U.S. at 679, 129 S.Ct. 1937.
III. DISCUSSION
A. Plaintiff fails to state a negligence claim
To successfully plead negligence under Florida law, Plaintiff must plausibly allege (1) the defendant owed a duty to the plaintiff; (2) the defendant breached that duty; and (3) the breach caused the plaintiff damages. Chang v. JPMorgan Chase Bank, N.A., 845 F.3d 1087, 1094 (11th Cir. 2017) (citing Fla. Dep't. of Corr. v. Abril, 969 So. 2d 201, 204 (Fla. 2007)). Plaintiff alleges Defendant breached its duty by opening the accounts, specifically through (1) its failure to take steps to prevent the unauthorized opening and (2) its failure to comply with industry standards for safekeeping and authenticating personal identifiable information. (DE 37 at 23.) Defendant counters that it owed no duty to Plaintiff at the time of the alleged breach since she was not a customer, and banks generally do not owe a duty of care to non-customers. (DE 39 at 9.)
It is important to discern whether and when Plaintiff became a customer. Under Florida law, a customer is "a person having an account with a bank or for whom a bank has agreed to collect items[.]" Fla. Stat. § 674.104(1)(e). Interpreting this language, courts in this jurisdiction have held a customer is "the account holder[,]" namely "the person in whose name the account is opened[.]" Megaval Enters., Ltd. v. Bank of Am., N.A., 2014 WL 12609318, at *4 (S.D. Fla. Oct. 8, 2014) (citing Journeys Acad., Inc. v. PNC Bank, 2013 WL 3772483 at *2 (M.D. Fla. July 16, 2013)); see also 533 Harbor Ct., LLC v. Colonial Bancgroup, Inc., 2009 WL 455434, at *2 (S.D. Fla. Feb. 23, 2009); Seacoast Constr., Inc. v. JPMorgan Chase Bank, N.A., 2020 WL 5547871, at *3 (S.D. Fla. Mar. 31, 2020). Here, Plaintiff became Defendant's customer after it opened accounts in her name. Thus, Defendant argues, and the Court agrees, that the alleged breach—the actual opening of the accounts—occurred when Plaintiff was a non-customer. (DE 39 at 9.)
Accordingly, Defendant did not owe Plaintiff a duty at the time of the alleged breach. After all, "Florida, like other jurisdictions, recognizes that as a general matter, 'a bank does not owe a duty of care to a noncustomer with whom the bank has no direct relationship.' " Chang, 845 F.3d at 1094 (quoting Sroka v. Compass Bank, 2006 WL 2535656, at *1 (Fla. Cir. Ct. Aug. 31, 2006)). This includes a duty regarding the "opening and maintenance of [the bank's] accounts." Sroka, 2006 WL 2535656, at *1. Attendant to that principle, it is understood that banks generally do not owe non-customers a duty to protect them from fraud. Wiand v. Wells Fargo Bank, N.A., 86 F. Supp. 3d 1316, 1324 (M.D. Fla. 2015), aff'd, 677 F. App'x 573 (11th Cir. 2017).
Plaintiff disputes Sroka's applicability on the theory that it is not a valid source for ascertaining Florida law. (DE 40 at 6.) In deter mining Florida law, federal district courts should "look to both [Florida's] Supreme Court and, where necessary, its District Courts of Appeal." Coral Springs St. Sys. v. City of Sunrise, 371 F.3d 1320, 1333 (11th Cir. 2004). Plaintiff is correct to point out that Sroka was not decided at either of those levels. Nonetheless, Sroka is regarded by the Eleventh Circuit as a source of Florida state law on a bank's duty regarding non-customers. See Chang, 845 F.3d at 1094. Even if that were not the case, federal district courts should "presume that the [Florida] court would adopt the prevailing rule" in absence of evidence to the contrary. Wammock v. Celotex Corp., 835 F.2d 818, 820 (11th Cir. 1988). The rule that "banks do not owe a . . . duty of care to third-party non-customers" is "almost universal[.]" VIP Mortg. Corp. v. Bank of Am., N.A., 769 F. Supp. 2d 20, 27 (D. Mass. 2011).
In her Reply, Plaintiff argues that Defendant still owed her a duty as a non-customer by virtue of the foreseeable zone of risk test. (DE 40 at 4-7.) Specifically, Plaintiff reasons that Defendant's inadequate account opening process created a foreseeable zone of identity theft risk, such that Defendant owed non-customers in the zone—including Plaintiff—a duty to lessen the risk. (DE 37 at 23; DE 40 at 4, 6 (citing McCain v. Fla. Power Corp., 593 So. 2d 500, 502 (Fla. 1992))). However, Plaintiff "cite[s] no case imposing a duty on a bank to prevent harm to non-customers under the 'foreseeable zone of risk test.' " Kerruish v. Essex Holdings, Inc., 2017 WL 10457076, at *4 (S.D. Fla. Aug. 9, 2017).
Plaintiff also argues that Defendant owed her a duty as a non-customer by virtue of the "undertaker's doctrine." (DE 40 at 7-8.) Specifically, Plaintiff reasons that because Defendant's website states it is "committed to providing you with a secure online experience that protects . . . Online Banking," it undertook to provide a secure online experience and assumed a duty to exercise reasonable care in doing so. (Id.) Again, like the preceding argument, Plaintiff cites no case imposing a duty on a bank to prevent harm to non-customers by virtue of the undertaker's doctrine. Thus, the Court finds that Plaintiff fails, as a matter of law, to allege a breach at a time where Defendant owed her a duty and Count I of the Amended Complaint is dismissed.
Under Florida law, the undertaker's doctrine refers to a situation wherein one party "undertakes to provide a service to others, . . . . gratuitously or by contract," and "thereby assumes a duty to act carefully and to not put others at an undue risk of harm" through its provision of that service. Clay Elec. Co-op., Inc. v. Johnson, 873 So. 2d 1182, 1186 (Fla. 2003).
B. Plaintiff fails to state an EFTA claim
EFTA provides a "basic framework establishing the rights, liabilities, and responsibilities of participants in electronic fund and remittance transfer systems." 15 U.S.C. § 1693(b). "An individual may bring a civil action against a financial institution for violating [ ] EFTA." Katz v. JPMorgan Chase, N.A., 2014 WL 6997625, at *2 (S.D. Fla. Oct. 7, 2014). Under Section 1693i of EFTA, "no person may issue to a consumer any . . . means of access to such consumer's account . . . other than in response to a request or application therefor[.]" 15 U.S.C. § 1693i (emphasis added).
Plaintiff brings her EFTA claim on the theory that the account number for the unauthorized account was a "means of access," and that Defendant issued this means of access to her without a request for it. (DE 37 at 25-26.) In its Response, Defendant argues Plaintiff's EFTA claim fails because a claim under Section 1693i requires Plaintiff to have an account for which an agreement for electronic fund transfer ("EFT") services has been entered into. (DE 39 at 4-5.) Plaintiff counters that a claim under Section 1693i does not require her to have entered into an actual agreement with Defendant. (DE 40 at 12.)
Courts have yet to address the precise question of whether an agreement for an account is required for a claim under Section 1693i. But courts addressing the question under comparable sections of EFTA have consistently held that language such as "consumer's account" indicates that an account is a requirement for relief under the section. See Kashanchi v. Texas Com. Med. Bank, N.A., 703 F.2d 936, 939 (5th Cir. 1983) (explaining that when Congress used language such as "from a consumer's account" in a provision of EFTA, it was clarifying that it wanted to limit recourse under such a provision to an account holder, as opposed to the default of a consumer); Dorsey v. U.S. Bank Nat'l Ass'n, 2012 WL 13001917, at *5 (M.D. La. Apr. 2, 2012) ("The specific reference to 'consumer account' and 'person other than the consumer without authority' in the unauthorized EFT provision, as opposed to the unqualified term 'consumer,' restricts the scope of this EFTA provision from the general class of natural persons applicable in its other provisions."). Because Section 1693i contains the "consumer's account" language, recourse is restricted to account holders. Accordingly, a claim under Section 1693i requires an agreement for an account.
Plaintiff argues this requirement can still be satisfied by a fraudulent account. (DE 40 at 12-13.) However, courts have consistently held that an agreement for an account requires assent. See Marquess v. Pa. State Emps. Credit Union, 427 F. App'x 188, 189 (3d Cir. 2011) (holding that a fraudulently opened account for an unwitting third party did not constitute an agreement); Dorsey, 2012 WL 13001917, at *5 (discussing that an account created without the owner's knowledge or consent does not constitute an agreement). Plaintiff disputes this requirement by citing Johnson v. Green Dot Corporation, which permitted an EFTA claim for a fraudulent account. 2021 WL 2945533, at *5 (C.D. Cal. July 8, 2021). The Johnson matter is factually distinguishable from the instant case. As the Johnson court noted, that case—unlike Marquess, Dorsey, and the instant case—involved prepaid accounts, which have a different set of requirements under EFTA and the attendant CFPB regulations. See id. ("[T]he CFPB included a different requirement for prepaid accounts; specifically, completion of the 'consumer identification and verification process.' "). Here, since Plaintiff did not assent to the creation of the account, (DE 37 at 1), Plaintiff did not have an agreement for an account and, therefore, does not meet the requirement for a claim under Section 1693i. Therefore, Court finds that Plaintiff has failed to plead a legally sufficient EFTA claim and Count II of the Amended Complaint is dismissed with prejudice.
It is important to note the limited nature of this conclusion. Defendant argues that an agreement for EFT services is a specific requirement for a claim under Section 1693i. (DE 39 at 4.) However, although the Court finds the above-mentioned cases persuasive on the questions of (1) whether an account is required for a Section 1693i claim and (2) whether that account must be assented to, the Court does not go so far as to import the requirement of an agreement for EFT services into the language of Section 1693i. Instead, the Court only holds that an agreement for an account is a requirement to bring a claim under Section 1693i. Through its distinction between validated and unvalidated means of access, Section 1693i aims to regulate the entry of consumers into EFT systems. See generally Karla Fox, Another Step toward the Cashless Society: The 1978 Federal Electronic Fund Transfer Act, 18 AM. BUS. L.J. 209, 212 (1980). Thus, Section 1693i contemplates claims being brought based on unwilling entry into an EFT system; it would be illogical that assent to an agreement for EFT services would be a requirement for this claim. Again, the Court only holds that an agreement for an account is required for a claim under Section 1693i.
Federal Rule of Civil Procedure 15(a) ("Rule 15(a)") provides that a court should freely grant leave to amend when justice so requires. Fed. R. Civ. P. 15(a). This Court may deny leave to amend under Rule 15(a) when the amendment would be futile. Foman v. Davis, 371 U.S. 178, 182, 83 S.Ct. 227, 9 L.Ed.2d 222 (1962); Hall v. United Ins. Co. of Am., 367 F.3d 1255, 1263 (11th Cir. 2004) ("[D]enial of leave to amend is justified by futility when the complaint as amended is still subject to dismissal."). For the reasons discussed in this Order, leave to amend as to Count II would be futile. Accordingly, the Court dismisses this Count with prejudice.
IV. CONCLUSION
Accordingly, it is ORDERED AND ADJUDGED that:
1. TD Bank's Motion to Dismiss (DE 39) is GRANTED.
a. Count I of the Amended Complaint is DISMISSED WITHOUT PREJUDICE.
b. Count II of the Amended Complaint is DISMISSED WITH PREJUDICE.
2. If Plaintiff wishes to replead her negligence claim against Defendant or properly set forth any claims not dismissed with prejudice against Defendant, Plaintiff must file an amended complaint within FOURTEEN (14) DAYS of the date of this Order.
DONE AND ORDERED in Chambers in Miami, Florida, this 18th day of July, 2023.