Opinion
21-CV-1092
06-17-2024
LUDMILA NELIPA, ALLISON ARCHER, VERDENIA EDWARDS, on behalf of themselves and all others similarly situated, Plaintiffs, v. TD BANK, N.A., Defendant.
DeArcy Hall, J.
REPORT AND RECOMMENDATION
JOSEPH A. MARUTOLLO, United States Magistrate Judge
Plaintiffs Ludmila Nelipa, Allison Archer, and Verdenia Edwards (collectively, “Plaintiffs”) bring this action, on behalf of themselves and all other persons similarly situated, against Defendant TD Bank, N.A. (“TD Bank”) for alleged violations of the Electronic Fund Transfer Act (“EFTA”), 15 U.S.C. §§ 1693, et seq., and for breach of TD Bank's Personal Deposit Account Agreement. See generally Dkt. No. 12. Plaintiffs contend that unknown perpetrators impersonated TD Bank employees to trick them into providing access to their bank accounts, which the perpetrators then used to conduct unauthorized transactions. See id. ¶¶ 1-2. After falling victim to these “imposter scams,” Plaintiffs reported the transactions to TD Bank, but TD Bank refused to treat the transactions as “unauthorized” and denied their fraud claims. Id. ¶¶ 1-2, 3536. Plaintiffs contend that these denials are consistent with TD Bank's “policy and practice” of denying claims of unauthorized transfers in circumstances where the accountholder is defrauded into approving the transactions or providing access to their account. Id. ¶¶ 43, 56, 137; see also Dkt. No. 44, at 5. Plaintiffs' primary contention is that this policy violates the EFTA and the promises set forth in TD Bank's Personal Deposit Account Agreement. Dkt. No. 12 ¶¶ 137, 15763, 165-67.
Currently pending before this Court, on a referral from the Honorable LaShann DeArcy Hall, United States District Judge, is Plaintiffs' motion for class certification pursuant to Fed.R.Civ.P. 23. See Dkt. No. 23; see also February 7, 2024 Referral Order. Plaintiffs request that the Court certify two classes of TD Bank customers who were victims of the same or similar fraudulent schemes and whose unauthorized transfer claims were also denied by TD Bank. See generally Dkt. No. 44.
For the reasons set forth below, this Court respectfully recommends that Plaintiffs' motion be granted.
I. Background
A. Relevant Factual Background
These facts are taken from the Amended Complaint (Dkt. No. 12) and evidence submitted by both parties in connection with this motion. See Shelter Realty Corp. v. Allied Maint. Corp., 574 F.2d 656, 661 n.15 (2d Cir. 1978) (The Court “accept[s] the complaint allegations as true in a class certification motion.”); Westchester Indep. Living Ctr., Inc. v. SUNY Purchase, 331 F.R.D. 279, 284 n.1 (S.D.N.Y. 2019) (“When considering a motion for class certification, courts accept the allegations in the complaint as true. And a court may consider material outside the pleadings in determining the appropriateness of class certification.” (quotation marks omitted)). “Although plaintiffs have the burden of establishing compliance with each of the requirements of Rule 23, see In re U.S. Foodservice Inc. Pricing Litig., 729 F.3d 108, 117 (2d Cir. 2013), in analyzing the issue of certification, the court accepts as true the allegations in the complaint regarding the merits of the claim[,] [s]ee D'Alauro v. GC Servs. Ltd. P'ship, 168 F.R.D. 451, 454 (E.D.N.Y. 1996) (citation omitted).” Chen v. XpresSpa at Terminal 4 JFK LLC, No. 15-CV-1347 (CLP), 2021 WL 4487835, at *3 (E.D.N.Y. Oct. 1, 2021).
1. Plaintiffs and the Proposed Class
a. Ludmila Nelipa
On October 22, 2020, Nelipa, a Staten Island resident, received a text message from what appeared to be TD Bank's Fraud Protection Department inquiring about a $450 charge to her personal checking account that was made at a Walmart in Atlanta, Georgia. Dkt. No. 12 ¶¶ 10, 16; Dkt. No. 45-1, at 2; Dkt. No. 45-2, at 5. At the time, Nelipa had a TD Convenience Checking account with TD Bank. Dkt. No. 12 ¶ 14. A few minutes later, Nelipa received a phone call from a different number that matched the customer service number provided in the TD Bank Personal Deposit Account Agreement that applies to her account. Id. ¶ 17; Dkt. No. 45-2, at 5; see also Dkt. No. 45-3. The caller, who described themselves as a TD Bank representative, told Nelipa that the purpose of the call was to inquire about the $450 Walmart charge and to initiate a “fraud prevention process” that would help reverse the transaction. Dkt. No. 12 ¶ 18; Dkt. No. 45-2, at 5. Unbeknownst to Nelipa, the caller was not from TD Bank; instead, the caller had “spoofed”the number so that it appeared as if TD Bank was calling. Dkt. No. 12 ¶ 20; Dkt. No. 45-2, at 5.
For the parties' respective memoranda of law, citations refer to the page numbers inserted by the parties. Other citations refer to the ECF-stamped pages on the docket.
As noted in the Amended Complaint, “[s]poofing is when a caller deliberately falsifies the information transmitted to [the recipient caller's] ID display to disguise their identity.” Dkt. No. 12 ¶ 20.
The caller instructed Nelipa to provide the “reversal code” furnished in the text message that she received and to transfer money to another bank account-called “Rev Code”-using Zelle. Dkt. No. 12 ¶ 28; Dkt. No. 45-2, at 5. Under the guise of this purported “fraud prevention process” (which, of course, was anything but), the caller nefariously convinced Nelipa to send $2,500 in a series of small Zelle transactions, which is the maximum daily amount allowed by Zelle. Dkt. No. 12 ¶ 34; Dkt. No. 45-1, at 3-11; Dkt. No. 45-2, at 3, 5-6; Dkt. No. 45-5, at 3. Throughout this process, Nelipa believed that she was confirming TD Bank's reversal of the unauthorized Walmart charge. Dkt. No. 12 ¶ 33; Dkt. No. 45-2, at 5. Before the call ended, the caller told Nelipa that her bank account would be frozen and that she would receive a new debit card in the mail in a few days. Dkt. No. 12 ¶ 35; Dkt. No. 45-2, at 5.
“Zelle is a service that enables a person to electronically transfer money from his or her bank account to another registered user's bank account using a mobile device or the website of a participating banking institution. Dkt. No. 12 ¶ 24.
When the new debit card failed to arrive, Nelipa contacted TD Bank and learned that the bank had not been in contact with her and that she was a victim of an imposter scam. Dkt. No. 12 ¶ 36; Dkt. No. 45-2, at 4. The TD Bank employee who Nelipa spoke with informed her that the bank was “aware of the ‘spoofing' scam whereby fraudsters purporting to be from TD Bank's Fraud Department contact TD Bank customers while replicating TD Bank's phone number on the call recipient's caller ID and obtain customers' account information under the guise of ‘preventing' fraud.” Dkt. No. 45-2, at 4. Based on the information provided by Nelipa, TD Bank's Fraud Department initiated an investigation into the charges. See id. Nelipa also filed a police report about the charges. See Dkt. No. 45-6.
TD Bank ultimately denied Nelipa's fraud claim. See Dkt. No. 45-7, at 2. By letter dated November 25, 2020, TD Bank informed Nelipa that her claim was denied because the bank had “determined that an error did not occur.” Id. Though not stated in the denial letter, TD Bank made this determination based on “evidence show[ing] that an SMS [prompt] was received and approved by [Nelipa's phone number],” and that “[t]he transactions were processed based off [Nelipa's] response to approve the transaction.” Dkt. No. 45-28, at 18:3-7, 176:2-10; see also Dkt. No. 12 ¶ 42; Dkt. 45-2, at 4; Dkt. No. 45-28, at 192:3-11. As a result of this determination, TD Bank declined to credit Nelipa's account for the subject transactions. See Dkt. No. 12 ¶¶ 42; Dkt. No. 45-2, at 3.
According to TD Bank's Financial Crimes and Fraud Management Group, the Secure Message Systems (SMS) is a “communication method utilized to send request[s] for confirmation of activity to the account holder.” Dkt. No. 52-3, at 4.
All citations to deposition transcripts refer to the page numbers affixed to the transcripts.
b. Allison Archer
On January 28, 2021, Archer, a Staten Island resident, received a call from a person claiming to be a TD Bank representative who was inquiring about fraudulent charges made from her account in Florida and Georgia. Dkt. No. 12 ¶¶ 10, 59-60. At the time, Archer had a TD Convenience Checking account with TD Bank. Id. ¶ 57. While Archer was “[i]nitially skeptical” of the call, she “conducted a reverse search online of the phone number appearing on her cell phone as the caller's number, and confirmed that it was associated with TD Bank.” Id. ¶ 62. Similar to the caller who had victimized Nelipa, the caller who contacted Archer had spoofed TD Bank's number. Dkt. No. 45-10, at 7; see also Dkt. No. 45-9, at 4 (phone records).
The caller offered to help Archer create a new online bank account to prevent further unauthorized charges. Dkt. No. 44, at 3 (citing Dkt. No. 12 ¶ 64). Believing that she was speaking with a TD Bank representative, Archer provided the caller with the login credentials to her online bank account. Id. The caller then proceeded to initiate a series of transactions from Archer's account. Id. at 4 (citing Dkt. No. 45-11). When Archer received a text message from TD Bank inquiring about the transactions, she replied that they were authorized. See Dkt. No. 45-28, at 192:3-7; Dkt. No. 61-5, at 242:12-18. The next day when Archer reviewed her account, she discovered 31 unauthorized charges at Whole Foods stores in Alpharetta, Georgia and Atlanta, Georgia totaling $1,522.28. Dkt. No. 45-10, at 7; Dkt. No. 45-11, at 2-4.
Archer immediately called TD Bank to dispute the charges and to initiate a fraud investigation. Dkt. No. 12 ¶ 68; Dkt. No. 45-10, at 3. TD Bank applied a provisional credit to Archer's account pending the final determination of her fraud claim. See Dkt. No. 45-10, at 4. Archer also reported the charges to the police department in Alpharetta, Georgia and filed a police report with her local NYPD precinct. See Dkt. No. 45-10, at 6; Dkt. No. 45-12.
TD Bank ultimately denied Archer's fraud claim. Dkt. No. 12 ¶ 69; Dkt. No. 45-10, at 4. By letter dated February 2, 2021, TD Bank informed Archer that “[b]ased on our investigation, we have determined that fraud did not occur.” Dkt. No. 45-13, at 2. Though not explained in the letter, TD Bank denied Archer's fraud claim because she confirmed that the transactions were valid in response to “fraud verification” text messages that she had received from TD Bank. See Dkt. No. 45-28, at 192:3-7; Dkt. No. 61-5, at 242:12-18. TD Bank had also gathered evidence in its investigation that the caller had used Archer's pin for the purchases and did not attempt to use the card after it was closed. Dkt. No. 45-28, at 186:9-14.
TD Bank sent Archer a second denial letter, dated February 15, 2021, which informed her that the provisional credit applied to her account would be reversed the next day. See Dkt. No. 12 ¶ 73; Dkt. No. 45-10, at 4; Dkt. No. 45-14, at 2. As a result, Archer withdrew the funds from her account “to prevent TD Bank from wrongfully taking them.” Dkt. No. 12 ¶ 75.
On March 14, 2021, Archer submitted a dispute with the Consumer Financial Protection Bureau (“CFPB”) about the ongoing issue that she was having with TD Bank. Id. ¶ 85. Then, on March 19, 2021, TD Bank sent Archer another letter stating that her fraud claim was denied. Id. ¶ 86. According to Archer, this letter appeared to acknowledge that she was the victim of a crime, and stated that “TD Bank is willing to assist you in the prosecution of a suspect. As you have already filed a police report, the recommendation is to follow up with the detective assigned to your case. Should you have any information or documentation pertaining to your case, please provide it to the authorities.” Id. ¶ 88. Nevertheless, TD Bank continues to demand that Archer deposit $1,557.28 to replace the provisional credit that was applied to her account. Dkt. No. 12 ¶ 89; Dkt. No. 45-16, at 2.
The Amended Complaint lists two dates for this letter - March 15, 2021 and March 19, 2021. See Dkt. No. 12 ¶¶ 86-88.
c. Verdenia Edwards
On August 20, 2020, Edwards, a Bronx resident, received a call from a person posing as an Amazon representative. Dkt. No. 12 ¶¶ 11, 94; Dkt. No. 45-17, at 6. At the time, Edwards had a TD Convenience Checking account with TD Bank. Dkt. No. 12 ¶ 91. Edwards received the call while in an Access-a-Ride van on the way to a doctor's appointment. Id. ¶ 105. The caller claimed that someone had purchased an iPhone with Edwards's bank account information and that Amazon was trying to refund her account for the charges. Id. ¶ 95; Dkt. No. 45-17, at 6. Edwards believed the caller because “she had not purchased a new iPhone because she could not afford to do so and because she is an Android user.” Dkt. No. 45-17, at 6.
The caller told Edwards in order to process the refund, they needed to confirm her identity and purported to add a “TD Bank employee” to the line to do so. Dkt. No. 12 ¶¶ 96-97; Dkt. No. 45-17, at 6. Edwards now believes that this “TD Bank employee” was a second imposter in cahoots with the original caller. See Dkt. No. 12 ¶ 97. The fraudsters remotely accessed Edwards's phone and signed into her TD Bank account. Id. ¶¶ 99-100; Dkt. No. 45-17, at 6; Dkt. No. 45-19, at 3. The fraudsters “transferred $799 to a stranger named ‘Eugene Wright' and transferred $800 from [Edwards's] savings account to her checking account”; they then “initiated a transfer of $806 via Western Union to someone named ‘Steve Williams' located in India.” Dkt. No. 45-17, at 6. In total, the fraudsters transferred $1,605 from Edwards's account. Id.
When TD Bank sent Edwards a text message inquiring about whether these transfers were authorized, the callers were able to respond “Yes” from her phone and approve the transfers. Dkt. No. 12 ¶ 104; Dkt. No. 45-17, at 6-7. Edwards contends that “the fraudsters were controlling her phone because she saw the actions they performed on her screen, including entering authorization codes [she] received via text message, then deleting the texts.” Dkt. No. 45-17, at 6-7. She claims that she was “unable to respond ‘No' to the authorization texts she received regarding the Zelle transfer because the fraudsters responded ‘Yes' while they were remotely controlling her phone.” Dkt. No. 45-17, at 6-7.
Edwards also claims that “the fraudsters were able to disconnect a phone call [Edwards] received from her doctor while they had control of her phone.” Id. at 7.
On or about August 21, 2020, Edwards disputed the transfers at a local TD Bank branch. Dkt. No. 12 ¶ 109; Dkt. No. 45-17, at 3-4. She also followed TD Bank's instructions and promptly filed a police report with her local NYPD precinct. Dkt. No. 12 ¶ 109; Dkt. No. 45-17, at 4-5; Dkt. No. 45-20.
On September 18, 2020 October 13, 2020, and November 6, 2020, TD Bank sent Edwards letters stating that her fraud claim was denied because the bank had “determined that an error did not occur.” Dkt. No. 45-21, at 2; Dkt. No. 45-22, at 2; Dkt. No. 45-23, at 2. TD Bank made this determination based on evidence that Edwards had “provided access or authorization to a third-party” and “authorized the transaction” through an SMS text message. Dkt. No. 45-28, at 199:1324; see also Dkt. No. 12 ¶ 116.
2. TD Bank's Investigation into Whether Transactions are Unauthorized
Plaintiffs allege that TD Bank has a “policy and practice” of denying claims of unauthorized transfers in circumstances where the accountholder is defrauded into approving the transactions or providing access to their account. See Dkt. No. 12 ¶¶ 43, 56, 137; see also Dkt. No. 44, at 5. Plaintiffs contend that this policy is reflected in the “standardized procedures” that TD Bank's fraud agents follow when conducting fraud investigations and the “Decision Matrix” that fraud agents use in determining whether to approve or deny claims. See Dkt. No. 44, at 6-9.
TD Bank's investigation into claims for unauthorized transfers begins with the accountholder contacting the bank, either by phone or in person at a branch, to report an unauthorized transaction or an error on their account. Dkt. No. 44, at 5; Dkt. No. 58, at 5. The TD Bank customer service representative takes the information provided by the accountholder and inputs it into the Claims Initiation Manager (“CIM”) - TD Bank's internal database used to store information regarding digital claims, which includes Zelle transactions, and debit card claims. See Dkt. No. 45-28, at 24:3-25; Dkt. No. 45-29, at 17. The CIM contains information relating to the investigations of all reported claims, including the amount disputed, the disposition and reasons for such disposition, and the amount refunded/credited back to the accountholder, if any. See Dkt. No. 45-28, at 24:3-25; Dkt. No. 45-29, at 17.
The CIM system was used for debit card claims until TD Bank developed the “CRL” system, which TD Bank now uses for debit card claims. See Dkt. No. 45-28, at 183:22-184:4.
After receiving the initial information provided by the accountholder and inputting it into CIM, the TD Bank customer service representative classifies the claim as either “fraud” or “nonfraud” for internal routing purposes. Dkt. No. 58, at 5; Dkt. No. 61-1, at 33:21-34:4. According to TD Bank, “[i]f a customer claims that ‘the customer never authorized the transaction, never participated in the transaction, and did not agree to having that transaction post to their account,' the claim is classified as a ‘fraud' claim for internal routing purposes.” Dkt. No. 58, at 6 (citing Dkt. No. 45-28, at 23:7-11). “A ‘non-fraud' claim, which is investigated on a separate track by similarly qualified agents, involves an apparently authorized transaction with some flaw, such as a wrong amount or wrong recipient of funds, or where the customer did not receive the ‘goods or services that they were expecting to receive from that transaction.'” Id. (citing Dkt. No. 45-28, at 23:12-22; Dkt. No. 61-3, at 89:11-21; Dkt. No. 61-4, at 60:21-61:13). These initial classifications are preliminary, and TD Bank's fraud agents can re-designate a claim based on information gathered during their investigation. Dkt. No. 58, at 6; Dkt. No. 61-2, at 61:17-25.
Certain exhibits filed with the parties' motions are under seal. Upon review of the entire motion for class certification, however, portions of the information contained in these exhibits are referenced elsewhere, unredacted, on the docket. “That is at odds with the principles of public access and transparency.” Lyons v. New York Life Ins. Co., No. 20-CV-3120 (PAE), 2022 WL 837202, at *27 (S.D.N.Y. Mar. 21, 2022), appeal dismissed (Oct. 21, 2022) (“on its review of the summary judgment record, the Court found documents that were improperly filed under seal or redacted.”); see also AngioDynamics, Inc. v. C.R. Bard, Inc., No. 17-CV-598 (BKS) (CFH), 2022 WL 2643583, at *26 (N.D.N.Y. July 8, 2022) (“Portions of a number of the exhibits refer portions of many of these documents are quoted publicly elsewhere in the record, suggesting that maintaining these documents entirely under seal is not justified.”). Nonetheless, at this time and out of an abundance of caution, the Court is issuing this Report and Recommendation under seal with copies provided to the parties. The parties may submit a copy of this Report and Recommendation with proposed redactions by June 7, 2024. If the parties do not submit any proposed redactions by June 7, 2024, the Court will docket this Report and Recommendation, in its entirety, on the public docket.
Once the customer service representative classifies the claim as “fraud” or “non-fraud,” it is added to a queue for further processing by TD Bank's fraud department. Dkt. No. 44, at 6; Dkt. No. 45-32, at 22:4-6. TD Bank's fraud agents access new claims and their corresponding intake information in CIM and Case Log, another TD Bank internal database. Dkt. No. 45-35, at 46:2047:7, 79:11-23, 82:6-9, 85:20-23; Dkt. No. 45-32, at 72:21-73:3. This information is also included in excel spreadsheets, which are collectively referred to as the “Tracker.” Dkt. No. 45-28, at 100:21-101:10, 102:5-9. The Tracker spreadsheets provide a record of all digital claims that fraud agents have processed since at least 2017. Dkt. No. 45-28, at 149:17-150:2, 155:3-12, 156:10-21; Dkt. No. 45-32, at 78:15-79:2.
TD Bank's fraud agents use TD Bank's Account2Account (“A2A”) Claims Procedure to process claims involving Zelle transactions. Dkt. No. 45-28, at 21:21-22:16; Dkt. No. 45-32, at 22:22-23. This procedure provides “a flow of how to go through the claim and complete the[] investigation.” Dkt No. 45-28, at 48:17-49:4, 69:13-70:7; Dkt. No. 45-32, at 20:10-18, 31:1832:18, 33:24-34:9; Dkt. No. 45-35, at 24:2-15, 44:8-45:6, 46:4-17. The A2A Claims Procedure directs agents to consult various systems and documents to gain information about the accountholder's online account information and banking history. Dkt. No. 44, at 6; Dkt. No. 4528, at 49:4-16. It also includes instructions for how to access the various systems and descriptions of the types of information that can be obtained from these systems. See Dkt. No. 52-3, at 12-15. The TD Bank fraud agent can also contact the accountholder for additional information. Dkt. No. 45-28, at 52:19-54:24, 54:25-55:14, 62:9-64:16.
TD Bank's fraud agents follow a similar procedure for debit card claims, which include transactions where a debit card is used at a chip terminal or swiped or when the card number is used for an online purchase. Dkt. No. 45-28, at 17:6-11, 17:22-18:2, 96:12-97:3.
After collecting information from TD Bank's systems and the customer, TD Bank's fraud agents then consult TD Bank's “Decision Matrix” to “determine if they should pay or deny the claim.” Dkt. No. 45-32, at 32:2-6, 98:18-99:8; see also Dkt. No 52-9, at 2-6 (Decision Matrix). The Decision Matrix describes “the more common scenarios, whether it's a denial or a pay decision, based off of the type of fraud that [TD Bank is] seeing occur,” and lists different types of fraud with examples of “primary” and “secondary” reasons to deny claims. Dkt. No. 45-28, at 85:3-86:8, 95:14-96:22, 180:12-25; Dkt. No. 45-35, at 55:18-24, 57:9-13; Dkt. No 52-9, at 2-6. While the Decision Matrix does not dictate how agents should weigh the various factors considered in their analysis (Dkt. No. 59-1, at 38:6-9), it does provide that at least two “secondary denial reasons” must be present for the fraud agent to deny the claim (Dkt. No. 52-9). (Redacted)
Only one “primary denial reason” must be present for the fraud agent to deny the claim. Dkt. No. 52-9, at 2.
If the TD Bank fraud agent determines that the claim should be denied, the A2A Claims Procedure instructs them to attempt to call the customer, prepare and send the customer a form denial letter, and update information about the claim in CIM, Case Log, and the Tracker. Dkt. No. 45-28, at 78:10-80:19, 84:11-16; Dkt. No. 45-35, at 52:19-53:7. TD Bank's fraud agents copy the denial reasons directly from the Decision Matrix into the “Comment Note” field in CIM, Case Log, and the Tracker. Dkt. No. 45-32, at 58:3-60:11, 116:8-18.
At bottom, Plaintiffs contend that TD Bank has a “uniform policy” of denying unauthorized transfer claims when the accountholder is defrauded into approving the transaction or providing access to their account. See Dkt. No. 44, at 5; see also Dkt. No. 12 ¶¶ 43, 56, 137. Plaintiffs further contend that “[c]onsistent with this policy,” TD Bank denied Nelipa, Archer, and Edwards's claims because each had approved the transactions as valid in response to a text message received from TD Bank. Dkt. No. 44, at 9-10 (citing Dkt. No. 45-28, at 94:16-22, 146:3149:5, 175:4-176:20, 180:12-181:4, 186:4-21, 187:20-188:7, 195:16-196:3, 199:13-200:5, 205:12-206:13).
B. Procedural History
On March 1, 2021, Nelipa commenced this action against TD Bank, asserting causes of action for violations of the EFTA and breach of the Personal Deposit Account Agreement. See generally Dkt. No. 1. On June 4, 2021, Plaintiffs filed an amended class action complaint in which Archer and Edwards were added as plaintiffs. See generally Dkt. No. 12. The amended complaint asserts substantially similar claims as those asserted in the original complaint and seeks actual, statutory, and treble damages in addition to attorneys' fees and costs. See id.
Plaintiffs allege that “TD Bank violates the EFTA's limitation on consumers' liability for unauthorized electronic fund transfers to $50, or to $500 if the consumer waits more than two business days to notify her bank after becoming aware of the unauthorized transaction.” Dkt. No. 44, at 10 (quoting 15 U.S.C. § 1693g(a)). Plaintiffs also allege “that TD Bank's failure to limit its customers' liability for fraudulent transactions also breaches the Personal Deposit Account Agreement to which all customers who open a personal bank account with TD Bank must agree.” Dkt. No. 45-28, at 37:19-38:16, 39:2-10. Plaintiffs contend that the section of the Personal Deposit Account Agreement “titled ‘Unauthorized Transfers' applies to digital and debit card claims and mirrors the EFTA,” to wit:
If you notify us within two (2) Business Days after you learn of the loss or theft of your Card or PIN, you can lose no more than $50 if someone uses your Card or PIN without your permission. If you do not notify us within two (2) Business Days after you learn of the loss or theft of your Card or PIN, and we can prove we could have prevented someone from using your Card and/or PIN without your permission if you had told us, you could lose as much as $500 ($50 if you are a resident of Massachusetts and this Agreement is governed by Massachusetts law).Dkt. No. 44, at 11 (citing Dkt. No. 45-50; Dkt. No 45-28, at 40:13-41:13).
On June 18, 2021, TD Bank filed its answer to the amended complaint wherein it denied Plaintiffs' claims. See Dkt. No. 14. The parties proceeded to discovery, and on November 16, 2023, the parties informed the Court that discovery was complete. See Dkt. No. 42. Thereafter, the Court set a briefing schedule for Plaintiffs to file their motion for class certification. See Nov. 16, 2023 Dkt. Order.
On November 30, 2023, Plaintiffs filed their motion for class certification. See Dkt. Nos. 43-50. In their motion, Plaintiffs seek certification of two classes under Fed.R.Civ.P. 23(b)(3):
EFTA Excess Consumer Liability Class. All persons (a) who have or had an account with TD Bank; and (b) notified TD Bank that they had been induced by fraud to provide another person with their account access device leading to unauthorized charges; and (c) within one year prior to filing of this action, TD Bank determined that the transactions were authorized because the class member provided the access device to the fraud perpetrator; and (d) who notified TD Bank within two business days of the alleged loss or theft and who alleged a loss of more than $50, or who notified TD Bank at any time and who alleged a loss of more than $500.
Breach of Contract Class. All persons (a) who were parties to TD Bank's Personal Deposit Account Agreement; and (b) notified TD Bank that they had been
induced by fraud to provide another person with their account access device leading to unauthorized charges; and (c) within six years prior to filing of this action, TD Bank determined that the transactions were authorized because the class member provided the access device to the fraud perpetrator; and (d) for whom TD Bank did not determine that the account holder acted in concert with the perpetrator; and (e) who notified TD Bank within two business days of the alleged loss or theft and who alleged a loss of more than $50, or who notified TD Bank at any time and who alleged a loss of more than $500.Dkt. No. 44, at 12.
As noted in their motion, “Plaintiffs do not seek certification of the third proposed class (the EFTA Failure to Provide Notice Class) included in their First Amended Complaint (ECF No. 12).” Dkt. No. 44, at 12 n.2.
On January 16, 2024, TD Bank filed its opposition to Plaintiffs' motion. See Dkt. No. 61. On February 2, 2024, Plaintiffs filed a reply wherein they proposed the following revised class definitions:
EFTA Excess Consumer Liability Class. All persons (1) who have or had an account with TD Bank; and (2) notified TD Bank that they had been induced by fraud to provide another person with their account access device leading to unauthorized charges; and (3) within one year prior to filing of this action, TD Bank denied the consumer's Regulation E claim for reasons substantially the same as the following: (a) Evidence shows that an SMS was received and approved by the customer's phone number on file; (b) Customer has had no recent changes to the address, phone number, or OLB credentials in the last 90 days; (c) Customer indicated that they previously provided access/authorization to 3rd party; (d) Customer fell for a scam and gave online banking credentials to a 3rd party; or (e) Customer is a victim of TD imposter scam; and (4) who notified TD Bank within two business days of the alleged loss or theft and who alleged a loss of more than $50, or who notified TD Bank at any time and who alleged a loss of more than $500.
Breach of Contract Class. All persons (1) who have or had an account with TD Bank; and (2) notified TD Bank that they had been induced by fraud to provide another person with their account access device leading to unauthorized charges; and (3) within six years prior to filing of this action, TD Bank denied the consumer's Regulation E claim for reasons substantially the same as the following: (a) Evidence shows that an SMS was received and approved by the customer's phone number on file; (b) Customer has had no recent changes to the address, phone number, or OLB credentials in the last 90 days; (c) Customer indicated that they previously provided access/authorization to 3rd party; (d) Customer fell for a scam and gave online banking credentials to a 3rd party; or (e) Customer is a victim of TD imposter scam; and (4) who notified TD Bank within two business days of the
alleged loss or theft and who alleged a loss of more than $50, or who notified TD Bank at any time and who alleged a loss of more than $500.Dkt. No. 62, at 3-4. As set forth in the below chart. Plaintiffs' reply seeks to modify the proposed class definitions for both the EFTA Excess Consumer Liability Class and the Breach of Contract Class as follows (using strikeouts for deletions and bolded text for substantive insertions):
| Plaintiffs' Prior Proposed Class Definitions (Language from the First Amended Complaint (Dkt. No. 12 ¶¶ 129, 130) and Plaintiffs' Principal Class Certification Memorandum of Law (Dkt. No. 44, at 12)) | Plaintiffs' Current Proposed Class Definitions (Language from Plaintiffs' Reply (Dkt. No. 62, at 3-4)) |
| EFTA Excess Consumer Liability Class All persons (a) who have or had an account with TD Bank; and (b) notified TD Bank that they had been induced by fraud to provide another person with their account access device leading to unauthorized charges; and (c) within one year prior to filing of this action, TD Bank determined that the transactions were authorized because the class member provided the access device to the fraud perpetrator; and (d) who notified TD Bank within two business days of the alleged loss or theft and who alleged a loss of more than $50, or who | EFTA Excess Consumer Liability Class All persons (1) who have or had an account with TD Bank; and (2) notified TD Bank that they had been induced by fraud to provide another person with their account access device leading to unauthorized charges; and (3) within one year prior to filing of this action, TD Bank determined that the transactions were authorized because the class member provided the access device to the fraud perpetrator TD Bank denied the consumer's Regulation E claim for reasons substantially the same as the following: (a) Evidence shows that an SMS was received and approved by the customer's phone number on file; (b) Customer has had no recent changes to the address, phone number, or OLB credentials in the last 90 days; (c) Customer indicated that they previously provided access/authorization to 3rd party; (d) Customer fell for a scam and gave online banking credentials to a 3rd party; or (e) Customer is a victim of TD imposter scam; and (4) who notified TD Bank within two business days of the alleged loss or theft and who alleged a loss of more than $50. or who |
| Plaintiffs' Prior Proposed Class Definitions (Language from the First Amended Complaint (Dkt. No. 12 ¶¶ 129, 130) and Plaintiffs' Principal Class Certification Memorandum of Law (Dkt. No. 44, at 12)) | Plaintiffs' Current Proposed Class Definitions (Language from Plaintiffs' Reply (Dkt. No. 62, at 3-4)) |
| notified TD Bank at any time and who alleged a loss of more than $500. | notified TD Bank at any tune and who alleged a loss of more than $500. |
| Breach of Contract Class | Breach of Contract Class |
| All persons (a) who were parties to TD Bank's Personal Deposit Account Agreement: and | All persons (1) who have or had an account with TD Bank: and |
| (b) notified TD Bank that they had been induced by fraud to provide another person with their account access device leading to unauthorized charges; and | (2) notified TD Bank that they had been induced by fraud to provide another person with their account access device leading to unauthorized charges: and |
| (c) within six years prior to filing of this action, TD Bank determined that the transactions were authorized because the class member provided the access device to the fraud perpetrator; and | (3) within one year prior to filing of this action, TD Bank determined that the transactions were authorized because the class member provided the access device to the fraud perpetrator TD Bank denied the consumer's Regulation E claim for reasons substantially the same as the following: (a) Evidence show's that an SMS was received and approved by the customer's phone number on file; (b) Customer has had no recent changes to the address, phone number, or OLB credentials in the last 90 days; (c) Customer indicated that they previously provided access/authorization to 3rd party; (d) Customer fell for a scam and gave online banking credentials to a 3rd party; or (e) Customer is a victim of TD imposter scam; and |
| (d) for whom TD Bank did not determine that the account holder acted in concert with the perpetrator; and | (d) for whom TD Bank did not determine that the account holder acted in concert with the perpetrator; and |
| (e) who notified TD Bank within two business days of the alleged loss or theft and who alleged a loss of more than $50, or who notified TD Bank at any time and who alleged a loss of more than $500 | (4) who notified TD Bank within two business days of the alleged loss or theft and who alleged a loss of more than $50, or who notified TD Bank at any time and who alleged a loss of more than $500. |
Plaintiffs contend that “[t]hese modified class definitions use the denial reasons TD Bank's fraud agents copied and pasted from the bank's decision matrix into the Tracker and CIM systems.” Dkt. No. 62, at 3-4 (citations omitted) (noting that “Plaintiffs' potential class list consists of customers like Plaintiffs whose fraud claims TD denied for reasons that don't actually refute a finding of fraud. Each of these denial reasons frequently appears verbatim or with minor word variations in TD Bank's records.”).
In light of these revisions, TD Bank requested leave to file a sur-reply, which they attached as Exhibit A to their letter motion. See Dkt. No. 64. The Court granted TD Bank's motion on February 20, 2024 and deemed the sur-reply as filed. See Feb. 20, 2024 Dkt. Order.
TD Bank argues in its sur-reply that “[t]his Court should not countenance Plaintiffs waiting until after the conclusion of discovery and after TD Bank filed its opposition to class certification to offer these new definitions.” Dkt. 64-1, at 1. “Further, the untimely proposed amendments are futile because, as revised, they compound rather than cure the previous definitions' glaring deficiencies relating to typicality, commonality, adequacy, ascertainability, predominance, and superiority.” Id.
On April 27, 2024, the Court ordered the parties to provide “an overview of any federal cases that have addressed whether to certify a class that consists of consumers who contend that a bank erroneously denied their reimbursement claims relating to allegedly unauthorized transactions, in violation of the EFTA.” See Apr. 27, 2024 Dkt. Order. In response, both parties indicated that they were not aware of any such cases. See Dkt. Nos. 68, 69. Plaintiffs noted that “[t]he absence of comparable cases is not surprising” because “[a]lthough the EFTA was enacted in 1978, the type of fraud that generates these claims on a broad scale is a new phenomenon-and one that is escalating rapidly.” Dkt. No. 68, at 1-2 (describing recent developments in this area).
TD Bank indicated, however, that it was aware of two federal decisions denying class certification that “assessed the nearly identical inquiry of whether putative classes should be certified based on allegedly unauthorized transactions in breach of EFTA-derived contract terms” - Almon v. Conduent Business Services, LLC, No. 19-CV-01075 (XR), 2022 U.S. Dist. LEXIS 175734 (W.D. Tex. Sept. 28, 2022) and Nelson v. Conduent Business Services LLC, 18-CV-00669 (SDG), 2020 U.S. Dist. LEXIS 171583 (N.D.Ga. Sept. 18, 2020). See Dkt. No. 69, at 1-2. In both cases, TD Bank notes, the courts denied certification. See id. at 1.
The Court held oral argument on Plaintiffs' motion on May 2, 2024. See May 2, 2024 Minute Entry; see also Dkt. No. 70 (Oral Argument Transcript). The Court reserved decision following oral argument.
II. Legal Standards
A. Class Certification
Class actions are “an exception to the usual rule that litigation is conducted by and on behalf of the individual named parties only.” Wal-Mart Stores, Inc. v. Dukes, 564 U.S. 338, 348 (2011) (quoting Califano v. Yamasaki, 442 U.S. 682, 700-01 (1979)). To establish that this exception applies to a particular case, the plaintiff “must affirmatively demonstrate compliance with Rule 23” of the Federal Rules of Civil Procedure. Id. at 34. The plaintiff also “bears the burden of establishing by a preponderance of the evidence that each of Rule 23's requirements has been met.” Myers v. Hertz Corp., 624 F.3d 537, 547 (2d Cir. 2010); accord Nnebe v. Daus, No. 06-CV-4991 (RJS), 2022 WL 615039, at *5 (S.D.N.Y. Mar. 1, 2022) (Sullivan, J.).
Class certification under Rule 23 requires a two-step analysis. First, “the court must be persuaded, ‘after a rigorous analysis, that the prerequisites of Rule 23(a) have been satisfied.'” In re Vivendi Universal, S.A., 242 F.R.D. 76, 82-83 (S.D.N.Y. 2007) (quoting Gen. Tel. Co. of Sw. v. Falcon, 457 U.S. 147, 161 (1982)). These prerequisites are:
(1) the class is so numerous that joinder of all members is impracticable;
(2) there are questions of law or fact common to the class;
(3) the claims or defenses of the representative parties are typical of the claims or defenses of the class; and
(4) the representative parties will fairly and adequately protect the interests of the class.Fed. R. Civ. P. 23(a).
In addition to these four requirements, the United States Court of Appeals for the Second Circuit recognizes “an implied requirement of ascertainability,” which requires a class to be “sufficiently definite so that it is administratively feasible for the court to determine whether a particular individual is a member.” Brecher v. Republic of Argentina, 806 F.3d 22, 24 (2d Cir. 2015).
Once the court has determined that Rule 23(a)'s four requirements and the implied requirement of ascertainability have been met, “it must then decide whether the class is maintainable pursuant to one of the subsections of Rule 23(b), which govern, inter alia, the form of available relief and the rights of absent class members.” In re Vivendi Universal, S.A., 242 F.R.D. at 83.
Plaintiffs here seek class certification under Rule 23(b)(3). See generally Dkt. No. 12; Dkt. No. 44, at 11, 18. Plaintiffs must therefore meet the following two additional criteria: (1) “questions of law or fact common to class members predominate over any questions affecting only individual members,” and (2) “a class action is superior to other available methods for fairly and efficiently adjudicating the controversy.” Fed.R.Civ.P. 23(b)(3). “The requirement of ‘rigorous analysis' to ensure ‘actual, not presumed conformance' with Rule 23(a) applies with ‘equal force to all Rule 23 requirements, including those set forth in Rule 23(b)(3).'” In re Vivendi Universal, S.A., 242 F.R.D. at 83 (quoting In re Initial Pub. Offerings Sec. Litig., 471 F.3d 24, 33 (2d Cir. 2006)).
In deciding whether to certify a class, the Court must “resolve[] factual disputes relevant to each Rule 23 requirement.” In re Initial Pub. Offerings Sec. Litig., 471 F.3d at 41. While this analysis “frequently will entail some overlap with the merits of the plaintiff's underlying claim” and require the Court to resolve merits issues, the Court “should not assess any aspect of the merits unrelated to a Rule 23 requirement.” Id. “Courts in this Circuit and others have emphasized that ‘[a] court's decision on the merits . . . should ordinarily not occur before or simultaneous with a decision on class certification' because determining ‘[c]lass action status' will ‘clarify who will be bound by the decision.'” Wood v. Mike Bloomberg 2020, Inc., No. 20-CV-2489 (LTS) (GWG), 2024 WL 1717882, at *1 (S.D.N.Y. Apr. 22, 2024) (citations omitted).
The district court is afforded “broad discretion” on class certification questions because it is “often in the best position to assess the propriety of the class” and can “alter or modify the class, create subclasses, and decertify the class whenever warranted.” In re Sumitomo Copper Litig., 262 F.3d 134, 139 (2d Cir. 2001); see also Myers, 624 F.3d at 547 (explaining how class certification decisions are reviewed for an abuse of discretion, which means “that the district court is empowered to make a decision-of its choosing-that falls within a range of permissible decisions” (cleaned up)). Moreover, “[t]he Second Circuit has emphasized that Rule 23 should be given liberal rather than restrictive construction, and it seems beyond peradventure that the Second Circuit's general preference is for granting rather than denying class certification.” Allegra v. Luxottica Retail N. Am., 341 F.R.D. 373, 392 (E.D.N.Y. 2022) (quoting Hasemann v. Gerber Prods. Co., 331 F.R.D. 239, 254 (E.D.N.Y. 2019)).
B. The EFTA
The EFTA was enacted as part of the comprehensive Consumer Credit Protection Act, Pub. L. No. 95-630 § 2001, 92 Stat. 3641 (1978) (codified as amended at 15 U.S.C. § 1601 et seq.). “In enacting the EFTA, Congress found that:
the use of electronic systems to transfer funds provides the potential for substantial benefits to consumers. However, due to the unique characteristics of such systems, the application of existing consumer protection legislation is unclear, leaving the rights and liabilities of consumers, financial institutions, and intermediaries in electronic fund transfers undefined.15 U.S.C. § 1693(a).
Congress thus defined the purpose of the EFTA as providing “a basic framework establishing the rights, liabilities, and responsibilities of participants in” electronic fund transfer systems. Id. § 1693(b). “The primary objective of [the EFTA], however, is the provision of individual consumer rights.” Id. Indeed, “[a]s explained in the Senate Report that accompanied the creation of the Act, the Act was designed “to create rights for consumers in an era in which banking could be conducted almost exclusively through machines, the absence of personal contact being seen by Congress as a disadvantage making such an automated system much more vulnerable to fraud, embezzlement, and unauthorized use than traditional payment methods.” Nero v. Uphold HQ Inc., - F.Supp.3d -, No. 22-CV-1602 (DLC), 2023 WL 5426203, at *3 (S.D.N.Y. Aug. 23, 2023) (citation omitted). Congress thus “saw a need ‘to determine who should bear the loss for these unauthorized transfers.'” Id. (citation omitted).
The EFTA applies to “electronic fund transfers” or EFTs, which the statute defines as “any transfer of funds . . . which is initiated through an electronic terminal . . . so as to . . . authorize a financial institution to debit or credit an account.” 15 U.S.C. § 1693a(7).
The EFTA confers rule-making authority upon the CFPB to “prescribe regulations to carry out the purposes” of the statute. 15 U.S.C. § 1693b(a). The EFTA is implemented through Regulation E, codified at 12 C.F.R. § 1005 et seq., “which includes not only the regulations but also official staff interpretations of those regulations (‘Official Interpretations').” Nero, 2023 WL 5426203, at *3; see also 12 C.F.R. § 1005 et seq.
The EFTA initially conferred rulemaking authority upon the Board of Governors of the Federal Reserve System; however, this authority was later transferred to the CFPB by the Dodd-Frank Wall Street Reform and Consumer Financial Protection Act. See L.S. v. Webloyalty.com, Inc., 954 F.3d 110, 116 n.2 (2d Cir. 2020)
“Congress charged [the CFPB] with enforcing consumer financial protection laws to ensure ‘that all consumers have access to markets for consumer financial products and services and that markets for consumer financial products and services are fair, transparent, and competitive.'” See Consumer Fin. Prot. Bureau v. Cmty. Fin. Servs. Ass'n of Am., Ltd., 601 U.S. 416, 421 (2024) (quoting 12 U.S.C. § 5511(a)).
Among its consumer-protection provisions, the EFTA and Regulation E limit a consumer's liability for “account error[s],” including “unauthorized electronic fund transfer[s].” 15 U.S.C. § 1693f(f)(1); 12 C.F.R. § 1005.6. The term “unauthorized electronic fund transfer” is defined as “an electronic fund transfer from a consumer's account initiated by a person other than the consumer without actual authority to initiate such transfer and from which the consumer receives no benefit[.]” 15 U.S.C. § 1693a(12); see also 12 C.F.R. § 1005.2(m). This definition does not, however, include any electronic fund transfer:
(A) initiated by a person other than the consumer who was furnished with the card, code, or other means of access to such consumer's account by such consumer, unless the consumer has notified the financial institution involved that transfers by such other person are no longer authorized,
(B) initiated with fraudulent intent by the consumer or any person acting in concert with the consumer, or
(C) which constitutes an error committed by a financial institution.15 U.S.C. § 1693a(12); see also 12 C.F.R. § 1005.2(m).
CFPB's definition of “unauthorized electronic fund transfer” is substantially similar to the statutory definition. The only difference is that the regulation uses numbers, not letters, for the quoted subsections.
The CFPB has proffered an official interpretation of 12 C.F.R. § 1005.2(m), which states that “an unauthorized EFT includes a transfer initiated by a person who obtained the access device from the consumer through fraud or robbery.” 12 C.F.R § 1005, Supp. I at 2(m) (the “Official Interpretation”). The Official Interpretation is often referred to as the “fraud exception.” See Green v. Cap. One, N.A., 557 F.Supp.3d 441, 447 (S.D.N.Y. 2021).
The term “access device” refers to “a card, code, or other means of access to a consumer's account, or any combination thereof, that may be used by the consumer to initiate electronic fund transfers.” 12 C.F.R. § 1005.2(a)(1).
The CFPB has also issued an “Electronic Fund Transfers FAQs” Compliance Aid, which states:
Question 5: A third party fraudulently induces a consumer into sharing account access information that is used to initiate an EFT from the consumer's account. Does the transfer meet Regulation E's definition of an unauthorized EFT?
Answer (Updated 6/4/2021):
Yes....Regulation E defines an unauthorized EFT as an EFT from a consumer's account initiated by a person other than the consumer without actual authority to initiate the transfer and from which the consumer receives no benefit. 12 CFR 1005.2(m). Comment 1005.2(m)-3 explains further that an unauthorized EFT includes a transfer initiated by a person who obtained the access device from the consumer through fraud or robbery. Similarly, when a consumer is fraudulently induced into sharing account access information with a third party, and a third party uses that information to make an EFT from the consumer's account, the transfer is an unauthorized EFT under Regulation E.
For example, the [CFPB] is aware of the following situations where a third party has fraudulently obtained a consumer's account access information, and thus, are considered unauthorized EFTs under Regulation E: (1) a third-party calling the consumer and pretending to be a representative from the consumer's financial institution and then tricking the consumer into providing their account login information, texted account confirmation code, debit card number, or other information that could be used to initiate an EFT out of the consumer's account, and (2) a third party using phishing or other methods to gain access to a consumer's
computer and observe the consumer entering account login information. EFTs stemming from these situations meet the Regulation E definition of unauthorized EFTs.See CFPB, [EFT] FAQs, https://files.consumerfmance.gov/f/documents/cfbpelectromc-fund-transfers-faqs.pdf (last visited May 29, 2024).
“Unlike the [CFPB's] regulations and official interpretations, Compliance Aids are not ‘rules' under the Administrative Procedure Act.” CFPB, Policy Statement on Compliance Aids, 85 FR 4579 (Jan. 27, 2020). “Compliance Aids are designed to accurately summarize and illustrate the underlying rules and statutes,” but they are not binding on regulated entities. Id.
To qualify for liability protection for unauthorized electronic fund transfers, a consumer must follow the procedures outlined in the EFTA, which require the consumer to notify their bank, orally or in writing, of an “account error” within 60 days of receipt of a bank statement or other document detailing the alleged erroneous electronic fund transfer. 15 U.S.C. § 1693f(a). Once the bank is properly notified, it must investigate the “error[s],” “determine whether an error has occurred,” and then “correct the error” if one occurred. See generally 15 U.S.C. §§ 1693f, 1693g; 12 C.F.R. §§ 1005.6, 1005.11. The EFTA places the burden of proof on the bank to show that the transaction is authorized. See 15 U.S.C. § 1693g(b) (“In any action which involves a consumer's liability for an unauthorized electronic fund transfer, the burden of proof is upon the financial institution to show that the electronic fund transfer was authorized or, if the electronic fund transfer was unauthorized, then the burden of proof is upon the financial institution to establish that the conditions of liability set forth in subsection (a) have been met, and, if the transfer was initiated after the effective date of section 1693c of this title, that the disclosures required to be made to the consumer under section 1693c(a)(1) and (2) of this title were in fact made in accordance with such section.”).
Even without timely notice, “the Bank remains liable for unauthorized debits that occurred during the sixty-day period, provided the customer brings a claim within the statute of limitations.” Zarate v. Chase Bank, No. 22-CV-1178 (AMD) (LB), 2023 WL 5956334, at *3 (E.D.N.Y. Sept. 13, 2023).
A bank's failure to comply with these rules gives rise to civil liability under 15 U.S.C. § 1693m. See Zarate, 2023 WL 5956334, at *3 (“The EFTA includes a private right of action against a bank that ‘fails to comply with any provision' of the statute.”) (citing § 1693m(a)). The EFTA additionally provides for treble damages if the bank “knowingly and willfully concludes that the consumer's account was not in error when such conclusion could not reasonably have been drawn from the evidence available to the [bank] at the time of its investigation.” 15 U.S.C. § 1693f(e)(2).
III. Discussion
A. Standing
Before the Court can address the merits of Plaintiffs' arguments in support of class certification, it must first analyze Plaintiffs' standing. See Cassese v. Washington Mut., Inc., 262 F.R.D. 179, 183 (E.D.N.Y. 2009) (“Standing to sue is an essential threshold which must be crossed before any determination as to class representation under Rule 23 can be made. Without standing, one cannot represent a class.” (quotation marks and citation omitted)).
“The requirements of Article III standing are well established: A plaintiff must have (1) suffered an injury in fact, (2) that is fairly traceable to the challenged conduct of the defendant, and (3) that is likely to be redressed by a favorable judicial decision.'” Lacewell v. Off. Of Comptroller of Currency, 999 F.3d 130, 141 (2d Cir. 2021) (cleaned up). Importantly, “a plaintiff must demonstrate standing for each claim he seeks to press.” DaimlerChrysler Corp. v. Cuno, 547 U.S. 332, 352 (2006). This includes claims over which the court has supplemental jurisdiction, even where the plaintiff has standing to bring jurisdiction-invoking federal claims. See id. at 35152. If the plaintiff lacks Article III standing, the court has no subject matter jurisdiction to hear the claim. See Mahon v. Ticor Title Ins. Co., 683 F.3d 59, 62 (2d Cir. 2012).
Here, Plaintiffs assert that they have standing based on TD Bank's alleged violations of the EFTA and the Personal Deposit Agreement, which they claim caused them to suffer actual monetary damages. See Dkt. No. 70, at 15:18-22. TD Bank does not dispute Plaintiffs' standing. Id. at 15:23-16:4 (“We do not dispute standing.”).
Accordingly, this Court finds that Plaintiffs have standing to assert both their EFTA and breach of contract claims.
B. Class Action Requirements under Rule 23(a)
As explained above, Rule 23(a) requires Plaintiffs to satisfy the four elements of numerosity, commonality, typicality, and adequacy of representation. See Fed.R.Civ.P. 23(a). Plaintiffs must also satisfy the “implied requirement of ascertainability.” Brecher, 806 F.3d at 24.
TD Bank does not dispute that Plaintiffs have met their burden of establishing the numerosity requirement, nor does TD Bank dispute that Plaintiffs' counsel could adequately represent the proposed class. See Dkt. No. 70, at 16:5-15.
1. Numerosity
Rule 23(a)(1) requires Plaintiffs to establish that “the class is so numerous that joinder of all members is impracticable.” Fed.R.Civ.P. 23(a)(1). In this context, “[i]mpracticable does not mean impossible.” Robidoux v. Celani, 987 F.2d 931, 935 (2d Cir. 1993). Instead, the numerosity requirement mandates “only that the difficulty or inconvenience of joining all members of the class make use of the class action appropriate.” Cent. States Se. & Sw. Areas Health & Welfare Fund v. Merck-Medco Managed Care, L.L.C., 504 F.3d 229, 244-45 (2d Cir. 2007). A presumption of numerosity arises when there are forty or more members of the putative class. See Pa. Pub. Sch. Emps.' Ret. Sys. V. Morgan Stanley & Co., 772 F.3d 111, 120 (2d Cir. 2014) (“Numerosity is presumed for classes larger than forty members.”); accord Avila v. Ardian Corp., No. 18-CV-4795 (FB) (TAM), 2022 WL 3370024, at *2 (E.D.N.Y. Aug. 16, 2022). The plaintiff need not establish the precise number of class members so long as they show some evidence of, or reasonably estimate, the number of class members. Robidoux, 987 F.2d at 935.
Plaintiffs have established numerosity because they have identified more than 40 members of each proposed class. See Dkt. No. 44, at 13-15. To identify proposed class members, Plaintiffs analyzed the most complete set of data produced by TD Bank, including the Tracker file data and CIM records, and applied filters to bring in claims that TD Bank characterized as “Unauthorized Transactions” and claims that the records show involved a customer providing their banking credentials to a third party; downloading an app that allowed a third party to gain remote access to their device to initiate the transfer; following the directions of a third-party, impersonator, or imposter; confirming a transaction by text; and claims involving vishing. Dkt. No. 50 ¶¶ 2-6. Plaintiffs used other criteria to exclude claims that do not appear to involve fraud on the consumer. Id. ¶¶ 7-11. This data analysis shows that there are thousands of TD Bank accountholders who likely fall within each class definition. Id. For example, Plaintiffs' counsel identified 8,231 records in the Tracker data and 4,260 records in the CIM data that may qualify for inclusion in one or both of the classes. Id. ¶¶ 11-13, 17-19.
TD Bank defines “vishing” as situations in which the “[c]ustomer alludes to all call received from TD Bank requesting confidential information.” Dkt. No. 52-4, at 20; see also New Technologies Subject Cyberattacks-Telephone and SMS Malware and Scams, 1 Data Sec. & Privacy Law § 2:16 (2023-2024) (explaining that “vishing” is a voice or telephonic phishing scam).
Excerpts of these records were filed under seal at docket numbers 52-9 and 52-10. See Dkt. No. 50 ¶ 12, 19.
Therefore, this Court finds that Plaintiffs have satisfied the numerosity requirement of Rule 23(a).
2. Adequacy
The adequacy requirement of Rule 23(a) is satisfied if “(1) plaintiff's interests are [not] antagonistic to the interests of other members of the class and (2) plaintiff's attorneys are qualified, experienced and able to conduct the litigation.” Baffa v. Donaldson, Lufkin & Jenrette Sec. Corp., 222 F.3d 52, 60 (2d Cir. 2000). The first prong requires “that there is no conflict of interest between the named plaintiffs and other members of the plaintiff class.” Marisol A. v. Giuliani, 126 F.3d 372, 378 (2d Cir. 1997). Courts have found this prong satisfied where the named plaintiffs seek “broad based relief” and “possess the same interest [s] and suffer the same injur[ies] as the class members.” In re Literary Works in Elec. Databases Copyright Litig., 654 F.3d 242, 249-50 (2d Cir. 2011) (citations omitted).
Here, both prongs of the adequacy requirement are satisfied. As explained above, Plaintiffs seek damages for unauthorized transfers made from their accounts, which they contend TD Bank wrongly refuses to pay based on its policy and practice of denying imposter scam claims where the accountholder is defrauded into approving the transactions or providing access to their account. See Dkt. No. 12 ¶¶ 43, 56, 137; see also Dkt. No. 44, at 5. Plaintiffs and the putative class members share a common interest in proving that this policy violates the EFTA and the Personal Deposit Agreement. Moreover, Plaintiffs have affirmed that they are prepared to protect the interests of all class members and have demonstrated their commitment to the proposed class by participating in written discovery and by being deposed. See Dkt. Nos. 46-48; see also Shahriar v. Smith & Wollensky Rest. Grp., Inc., 659 F.3d 234, 253 (2d Cir. 2011) (finding adequacy requirement met where “class representatives are prepared to prosecute fully the action and have no known conflicts with any class member”). In addition, Plaintiffs' counsel has demonstrated experience in class action litigations involving consumer protection statutes. See Dkt. Nos. 45, 49.
Accordingly, this Court finds that the adequacy requirement of Rule 23(a) is satisfied.
3. Commonality and Typicality
Next, Plaintiffs must establish the commonality and typicality requirements of Rule 23(a)(2)-(3). These “requirements tend to merge into one another, so that similar considerations animate analysis of Rules 23(a)(2) and (3).” Marisol A., 126 F.3d at 376. “The crux of both requirements is to ensure that maintenance of a class action is economical and [that] the named plaintiff's claim and the class claims are so interrelated that the interests of the class members will be fairly and adequately protected in their absence.” Id. (quotation marks and citation omitted).
a. Commonality
Commonality “requires the plaintiff to demonstrate that the class members have suffered the same injury” and that there is “a common contention” among the class “that is capable of class wide resolution - which means that determination of its truth or falsity will resolve an issue that is central to the validity of each one of the claims in one stroke.” Wal-Mart Stores, Inc., 564 U.S. at 349-50. “What matters to class certification is not the raising of common ‘questions'-even in droves-but rather, the capacity of a class-wide proceeding to generate common answers apt to drive the resolution of the litigation.” Id. Plaintiffs must identify at least one issue common to all class members to satisfy the commonality requirement. Id. at 359 (noting that to satisfy the commonality requirement, “even a single common question will do”).
Here, Plaintiffs argue that TD Bank violated the EFTA and identical, or nearly identical, contractual terms to which all class members were beneficiaries. See Dkt. No. 44, at 10-11, 1516. Consequently, Plaintiffs identify two questions that are common among all class members' claims:
(1) “whether TD Bank violates the EFTA when it holds class members responsible for the full amount of transfers where TD
Bank determines that the consumer was induced by fraud to provide account access to the perpetrator”; and
(2) “did TD Bank breach its [Personal Deposit Account Agreement] with them when it failed to limit their liability for the unauthorized transfers to $50 or $500 (depending on when they notified TD Bank) in accordance with the ‘Unauthorized Transfers' provision of the [Personal Deposit Account Agreement]?”Id. at 15-16.
TD Bank argues that Plaintiffs' claims do not meet the commonality requirement for two reasons. First, TD Bank argues that Plaintiffs present no evidence that the bank “uniformly denies claims on the basis set forth in the class definitions, i.e., based on a customer providing an access device to a fraudster.” See Dkt. No. 58, at 17. To the contrary, TD Bank argues, that fraud agents decide claims based on a holistic examination of the facts and circumstances attendant to each claim. Id. Second, TD Bank argues that liability under the EFTA turns on whether the underlying transaction was actually authorized, and the availability of treble damages turns on whether the financial institution had a “reasonable basis” to deny a claim. Id. at 18 (citing 15 U.S.C. § 1693f(e)). Describing these inquiries as “necessarily fact-intensive,” TD Bank argues that they “will vary from one class member to another,” precluding a finding of commonality. Id.
But, contrary to TD Bank' characterization of the evidence, Plaintiffs have presented the Court with sufficient evidence to establish that TD Bank maintains a policy and procedure of denying claims where the accountholder approves the subject transactions or otherwise provides access to their account. See Dkt. No. 45-28, at 251:11-13 (“[O]ur procedure is to deny the claim if the customer says yes to the SMS and they authorize that transaction.”); See Dkt. No. 61-5, at 241:18-242:4 (“basically an SMS is an authorization of the transaction. And when thinking about a fraudulent transaction, our definition is that the customer did not authorize the transaction.... And when they say yes to that text message, that's telling us that they authorized the transaction.”). Plaintiffs' revised class definitions incorporate this “policy and procedure” and include “the denial reasons TD Bank's fraud agents copied and pasted from the bank's [D]ecision [M]atrix into the Tracker and CIM systems.” Dkt. No. 62, at 3-4. Among these denial reasons is “[e]vidence shows that an SMS was received and approved by the customer's phone number on file” (Id.) - the same reason that TD Bank used to deny Plaintiffs' claims, See Dkt. 61-5, at 242:12-18 (confirming that Nelipa, Acher, and Edwards's claims were denied because they approved the transactions through SMS text messages).
Next, Plaintiffs have presented evidence that they and the putative class members were subject to the same unitary course of conduct, which is sufficient to establish commonality. See, e.g., Collins v. Anthem, Inc., No. 20-CV-01969 (SIL), 2024 WL 1172697, at *10 (E.D.N.Y. Mar. 19, 2024) (finding commonality requirement satisfied because plaintiffs established that defendant denied their claims based on a “a unitary course of conduct”-the application of the challenged Guidelines”). Plaintiffs have presented sufficient evidence to establish that the denials at issue in this case were based on actions undertaken by fraud agents that are common to all claims that they investigate, including their adherence to the investigatory procedures outlined in TD Bank's policies and their application of the Decision Matrix to the facts of each claim. Dkt. No. 45-28, at 48:17-21 (TD Bank “treat[s] all of [its] claim the same way”), 231:4-11 (explaining how TD Bank completes its investigations in “the same way as we talked through the three plaintiffs' [claims] earlier today. We would utilize the tools that we have to understand the history of the transaction, history of the customer, and any exact decision. So nothing additional other besides what we have talked about today.”), 96:12-17 (explaining how fraud agents apply the Decision Matrix in a similar manner regardless of whether they are investigating a digital or debit card fraud claim).
Finally, the presence of individualized questions does not defeat the commonality requirement. See, e.g., Collins, 2024 WL 1172697, at *10 (“It is not necessary for each putative class member to demonstrate that the relevant Guideline was applied to his or her claim in an identical way to establish commonality, because each denial resulted from “a unitary course of conduct”-the application of the challenged Guidelines.”); Han v. Sterling Nat. Mortg. Co., No. 09-CV-5589 (JFB) (AKT), 2011 WL 4344235, at *3 (E.D.N.Y. Sept. 14, 2011) (Bianco, J.) (noting that some factual variation among individual class members' injuries will not defeat commonality (citation omitted)). Indeed, as the United States Supreme Court reiterated several times in WalMart, the key question for commonality is whether class litigation will generate singular answers, not just address singular questions. Wal-Mart Stores, Inc., 564 U.S. at 350, 352.
To that end, Plaintiffs have identified a common question of law that will generate a singular answer across all class members, to wit - whether TD Bank's policy of denying imposter scam claims where the accountholder provides access or otherwise approves the subject transactions violates the EFTA and the Personal Deposit Account Agreement. Dkt. No. 44, at 1516. Plaintiffs contend that this question of law must be answered in the affirmative based on the Official Interpretation. See Dkt. No. 62, at 8; Dkt. No. 70, at 3:6-9. Conversely, TD Bank contends that “the viability of [the Official Interpretation] has not been robustly tested in court” and argues that there is a question of whether “the text of the EFTA and the regulation” supports the Official Interpretation. Dkt. No. 70, at 3:16-4:11. Based on these conflicting views regarding the validity and scope of the Official Interpretation, it is clear that the Court's answer to the common question of law identified by Plaintiffs will generate singular answers across class members' claims.
Accordingly, this Court finds that Plaintiffs have established the commonality requirement.
b. Typicality
“Typicality requires that the claims or defenses of the class representatives be typical of the claims or defenses of the class members.” Fed.R.Civ.P. 23(a)(3). This requirement “is satisfied when each class member's claim arises from the same course of events and each class member makes similar legal arguments to prove the defendant's liability.” Robidoux, 987 F.2d at 936. “When it is alleged that the same unlawful conduct was directed at or affected both the named plaintiff and the class sought to be represented, the typicality requirement is usually met irrespective of minor variations in the fact patterns underlying individual claims.” Id. at 936-37.
The Second Circuit's decisions in Robidoux and Marisol A. illustrate the parameters of this requirement. Robidoux involved claims brought by a group of plaintiffs who alleged that their applications for public assistance were delayed unlawfully by the defendant, the Vermont Department of Social Welfare. Robidoux, 987 F.2d at 933. The plaintiffs sought to certify a class of persons whose applications were delayed with respect to three public assistance programs. Id. at 934. The district court found that the named plaintiffs' claims were not typical of a pattern of delay as to all three programs because none of the named plaintiffs had experienced a delay with one of the specified programs. Id. On appeal, the Second Circuit vacated the district court's decision, holding that the typicality requirement was satisfied notwithstanding the variations in the fact patterns underlying the plaintiffs' individual claims. Id at 937-38. The court explained how the plaintiffs had established, at least with respect to two of the three programs, that the defendant failed to act on applications within the required statutory deadlines, and that this problem “stem[med] from the same cause: an increase in the number of applications for public assistance.” Id. at 937-38. Thus, the court explained that “the district court should have certified a class consisting at least of persons who suffered delays with respect to their applications” for those two programs instead of denying class certification. Id. at 937.
Marisol A. involved claims brought by children involved in the New York City child welfare system who alleged various violations of state and federal law. Marisol A., 126 F.3d at 375. Each named plaintiff challenged a different aspect of the child welfare system-e.g., inadequate training and supervision of foster parents, failure to properly investigate reports of suspected neglect and abuse, unconscionable delay in removing children from abusive homes, and the inability to secure appropriate placements for adoption. Id. at 376-77. No single plaintiff (named or otherwise) was affected by each and every legal violation alleged in the complaint. Id. at 377.
Notwithstanding these factual variations, the district court found that the commonality and typicality requirements were satisfied and granted plaintiffs' motion for class certification. Id. The court identified as a common question of law “whether each child has a legal entitlement to the services of which that child is being deprived.” Id. The court also identified as a common question of fact “whether defendants systematically have failed to provide these legally mandated services.” Id. at 376.
On appeal, the Second Circuit affirmed this decision and held that the district court did not abuse its discretion in finding the commonality and typicality requirements satisfied. Id. While the court noted that “the district court's generalized characterization of the claims raised by the plaintiffs stretches the notions of commonality and typicality,” it “simply c[ould not] say that these claims are so unrelated that their aggregation necessarily violates Rule 23.” Id. The court explained how “[t]he plaintiffs allege[d] that their injuries derive[d from a unitary course of conduct by a single system,” and as a result, there was “no basis for finding that the district court abused its discretion in this regard.” Id.
Like the plaintiffs in Robidoux and Marisol A., Plaintiffs here have satisfied the typicality requirement because they allege that their injuries derive from a unitary course of conduct. As explained above, Plaintiffs presented evidence that they informed TD Bank that they were victims of an imposter scam and that TD Bank investigated these claims in accordance with its standardized procedures. Dkt. No. 45-28, at 48:17-21, 96:12-17, 231:4-11. TD Bank's corporate representative explained how fraud agents used the Decision Matrix to deny Plaintiffs' claims based upon the evidence they collected showing that Plaintiffs had approved the subject transactions via text message. Dkt. No. 61-5, at 242:12-18. 199:13-200:5, 186:4-14. This evidence is sufficient to establish typicality. See Marisol A., 126 F.3d at 376 (“[W]hen each class member's claim arises from the same course of events, and each class member makes similar legal arguments to prove the defendant's liability,” typicality is satisfied.”); see also Dial Corp. v. News Corp., 314 F.R.D. 108, 113 (S.D.N.Y. 2015) (holding that typicality is satisfied where the named plaintiffs' claims “share the same essential characteristics,” with those of the proposed members of each class). Indeed, by presenting evidence that they were subject to the same standard policies and procedures that purportedly violate the same federal law, Plaintiffs have established that their claims are more similar to the putative class members' claims than the named plaintiffs in Marisol A. See Marisol A., 126 F.3d at 375.
TD Bank's arguments to the contrary are unavailing. First, this Court rejects TD Bank's argument that Plaintiffs are not members of either proposed class. Parsing words, TD Bank argues that TD Bank did not deny Plaintiffs' claims “because the class member provided the access device to the fraud perpetrator,” but rather, TD Bank “denied their claims for other reasons, including Plaintiffs' text messages approving the transactions.” Dkt. No. 58, at 13. But as explained above, this distinction is without a difference in the face of Plaintiffs' revised class definitions (Dkt. No. 62, at 3-4) and their common allegations that they were subject to the same unlawful policy and suffered the same type of economic harm as the putative class members, Robidoux, 987 F.2d at 937-38.
This Court also rejects TD Bank's argument that the putative class members' claims do not arise from the same course of events as Plaintiffs' claims. See Dkt. No. 58 at 13. Again, Plaintiffs have presented evidence that they and the putative class members were all subject to TD Bank's standard procedures and policies, which they contend violate the EFTA and TD Bank's Personal Deposit Account Agreement. While there may be some differences in the investigations that were conducted into each claim, including differences in the types of information that fraud agents collected, the evidence in the record establishes that TD Bank's fraud agents are required to follow TD Bank's procedures and apply the Decision Matrix in reaching claim determinations. Dkt. No. 45-28, at 48:17-21, 96:12-17. As these procedures and the Decision Matrix are the heart of what Plaintiffs' challenge in this lawsuit, this Court finds that the typicality requirement has been satisfied.
4. Ascertainability
In the Second Circuit, the ascertainability requirement is satisfied where the proposed class “is defined using objective criteria that establish a membership with definite boundaries.'” Hill v. City of New York, No. 13-CV-6147 (PKC) (JO), 2019 WL 1900503, at *8 (E.D.N.Y. Apr. 29, 2019) (quoting In re Petrobras Sec., 862 F.3d 250, 257 (2d Cir. 2017)). “The party seeking certification is not ‘require[ed to make]' a showing of administrative feasibility at the class certification stage.” Id. (quoting In re Petrobras Sec., 862 F.3d at 257 (alteration in original)).
Here, both proposed classes are ascertainable because class membership can be determined based on objective criteria. Specifically, both classes consist of current and former TD Bank accountholders who were induced by fraud to provide another person with their account access device leading to unauthorized charges, timely reported these charges to TD Bank, and had their claim denied based on one of the reasons stated. See Dkt. No. 62, at 3-4. Based on these criteria, the Court can determine who belongs in each class without having to answer numerous individualized questions. In addition, class membership can be identified from TD Bank's records, as shown by the sample CIM datasets provided by Plaintiffs. See Dkt. Nos. 53-1 - 53-2; see also Dkt. No. 50 ¶¶ 2-19 (describing how sample dataset was created); Dkt. No. 45-28, at 114:23115:25 (describing how TD Bank can search and run reports in CIM of Zelle claims), 183:11-17 (describing how TD Bank can run reports of all debit card claims).
As explained in Section III(D) infra, this Court recommends adopting the proposed class definitions in Plaintiffs' reply brief with minor revisions.
Accordingly, this Court concludes that the ascertainability requirement is satisfied. See e.g., In re Petrobras Sec., 862 F.3d 250 at 269 (holding that the class was “clearly objective” and “sufficiently definite” where it included people who acquired specific securities during a specific period in “domestic transactions” because class was “identified by subject matter, timing, and location,” which made it “objectively possible” to ascertain members); In re Signet Jewelers Ltd. Sec. Litig., No. 16-CV-6728, 2019 WL 3001084 (CM) (RWL), at *9 (S.D.N.Y. July 10, 2019) (finding ascertainability requirement met where the class definition “clearly delineate[d] the [c]lass's boundaries” and was “administrable by reference to investor records”).
C. Class Action Requirements under Rule 23(b)(3)
1. Predominance
a. Legal Standard
The district court may only certify a class under Rule 23(b)(3) if “questions of law or fact common to class members predominate over any questions affecting only individual members.” Fed.R.Civ.P. 23(b)(3). The “predominance inquiry tests whether proposed classes are sufficiently cohesive to warrant adjudication by representation.” Amchem Products, Inc. v. Windsor, 521 U.S. 591, 623 (1997). “This calls upon courts to give careful scrutiny to the relation between common and individual questions in a case.” Tyson Foods, Inc. v. Bouaphakeo, 577 U.S. 442, 453 (2016).
As the Supreme Court explained in Tyson Foods:
An individual question is one where “members of a proposed class will need to present evidence that varies from member to member,” while a common question is one where “the same evidence will suffice for each member to make a prima facie showing or the issue is susceptible to generalized class-wide proof.”Id. (citation omitted).
In determining whether common questions of law or fact predominate, the court must evaluate the elements of the underlying cause of action and cannot exclude conceded issues from this determination. In re Nassau Cnty. Strip Search Cases, 461 F.3d 219, 228 (2d Cir. 2006); In re Namenda Indirect Purchaser Antitrust Litig., 338 F.R.D. 527, 550 (S.D.N.Y. 2021). “‘Predominance is satisfied if resolution of some of the legal or factual questions that qualify each class member's case as a genuine controversy can be achieved through generalized proof, and if these particular issues are more substantial than the issues subject only to individualized proof.'” Sjunde AP-Fonden v. Goldman Sachs Grp., Inc., No. 18-CV-12084 (VSB) (KHP), 2024 WL 1497110, at *6 (S.D.N.Y. Apr. 5, 2024) (quoting Waggoner v. Barclays PLC, 875 F.3d 79, 93 (2d Cir. 2017)). The Rule 23(b)(3) “analysis is more qualitative than quantitative” and “must account for the nature and significance of the material common and individual issues in the case.” In re Petrobras Sec., 862 F.3d at 271; see also Tyson Foods, Inc., 577 U.S. at 453 (“The predominance inquiry asks whether the common, aggregation-enabling, issues in the case are more prevalent or important than the non-common, aggregation-defeating, individual issues.” (citation omitted)).
While the commonality and predominance requirements may overlap in some respects, the “predominance criterion is far more demanding.” Amchem Products, Inc., 521 U.S. at 623. (“Even if Rule 23(a)'s commonality requirement may be satisfied . . ., the predominance criterion is far more demanding.”). “Like the commonality inquiry, a court examining predominance must assess (1) the elements of the claims and defenses to be litigated; and (2) whether generalized evidence could be offered to prove those elements on a class-wide basis or whether individualized proof will be needed to establish each class member's entitlement to relief.” Johnson v. Nextel Commc'ns Inc., 780 F.3d 128, 138 (2d Cir. 2015) (quotation marks and citation omitted). “Predominance requires a further inquiry, however, into whether the common issues can profitably be tried on a classwide basis, or whether they will be overwhelmed by individual issues.” Id. “Ultimately, the court must decide whether classwide resolution would substantially advance the case,” [] examining whether certification will “reduce the range of issues in dispute and promote judicial economy.” Id. (internal citations and quotation marks omitted).
b. Predominance in the Proposed EFTA Class
“‘To state a claim under the EFTA, plaintiff must allege that the accounts in question 1) were ‘demand deposit, savings deposit, or other asset account[s]'; 2) ‘established primarily for personal, family, or household purposes'; and 3) that the unauthorized ‘electronic fund transfer' was ‘initiated through an electronic terminal, telephone, computer, or magnetic tape for the purpose of ordering, instructing, or authorizing a financial institution to debit or credit a consumer's account.'” See Zaidi v. JP Morgan Chase Bank, N.A., No. 19-CV-1080 (DRH) (ARL), 2021 WL 848864, at *4 (E.D.N.Y. Mar. 5, 2021) (quoting 15 U.S.C. § 1693a(7) and Apostolidis v. JP Morgan Chase & Co., No. 11-CV-5664, 2012 WL 5378305, at *5 (E.D.N.Y. 2012) (Bianco, J.)). Where, as here, the EFTA violation is premised on a bank's alleged failure to comply with the statute's provision limiting consumers' liability for unauthorized transfers, the bank must establish the additional element of proving that the subject transfer was authorized. See 15 U.S.C. § 1693g(b).
The first three elements of an EFTA claim concern whether the EFTA governs the transaction at issue. Because these elements can be satisfied with TD Bank's documents related to Plaintiffs' accounts and the subject transactions, common evidence generally predominates over individualized evidence with regard to these elements. See In re Nassau Cnty. Strip Search Cases, 461 F.3d at 227 (“[A]n issue is common to the class when it is susceptible to generalized, classwide proof.”). While the parties may not dispute these elements, the Court must nonetheless consider them as part of the predominance analysis. See id. (“[W]e conclude that a concession does not eliminate a common issue from the predominance calculus, and that the District Court erred in holding otherwise.”); Nnebe, 2022 WL 615039, at *6 (“[E]ven though the constitutional issue in this case has already been resolved, Plaintiffs are correct that it is still relevant to the predominance analysis.”).
The final element concerns whether the subject transfer was authorized. This element is the central dispute between the parties. As this Court explained above in addressing the commonality requirement, Plaintiffs have identified at least one common question of law that is relevant to this element: whether TD Bank's policy of denying imposter scam claims where the accountholder provides access or otherwise approves the subject transactions violates the EFTA. To that end, Plaintiffs contend that their claims “all turn on TD Bank's standardized procedures for processing claims from customers [that] were induced by fraud to provide account information or confirm fraudulent transactions” plus “TD Bank's uniform denial of those claims.” Dkt. No. 44, at 24. Plaintiffs argue that “[w]hether that policy complies with federal law and regulations is the predominant issue in this case, and one that can be resolved for all class members in a single stroke, likely at summary judgment.” Id.
This predominant question raises several, related questions that will also need to be resolved, including: (1) whether CFPB's Official Interpretation is valid and should be afforded deference; and (2) whether the scope of the Official Interpretation applies to circumstances in which the accountholder approved the subject transactions via text message.
Besides a passing reference to the Official Interpretation in the legal standard section of its opposition brief (Dkt. No. 58, at 4-5), TD Bank does not address the Official Interpretation or its applicability to Plaintiffs' claims. When asked about the Official Interpretation at oral argument, TD Bank raised concerns about its viability because “the text of the EFTA and the regulation arguably does not support th[e] interpretation.” Dkt. No. 70, at 3:16-4:5. TD Bank argues that these concerns are underscored by two cases pending, as of the date of this Report and Recommendation, before the United States Supreme CourtLoper Bright Enterprises v. Raimondo and Relentless, Inc. v. Department of Commerce - which challenge the constitutionality of the Chevron framework, the legal doctrine that requires courts to defer to an executive agency's interpretation of an ambiguous statute that it administers so long as the agency's interpretation is reasonable. See id. at 12:4-9; see also Chevron, U.S.A., Inc. v. Nat. Res. Def. Council, Inc., 467 U.S. 837 (1984). According to TD Bank, the Supreme Court's decisions in these cases have the potential to overrule or limit the application of Chevrona ruling that could call into question the validity of the Official Interpretation. Dkt. No. 70, at 12:4-9, 49:16-23. Notwithstanding this contention, neither party seeks a stay of this action pending the Supreme Court's forthcoming decisions in these cases. Id. at 49:24-24.
These questions of law are undoubtedly central to the validity of Plaintiffs' EFTA claims. If the Official Interpretation is rendered invalid, then the resolution of the Official Interpretation's scope and its application to Plaintiffs' claims becomes obsolete. But if the Court determines that the Official Interpretation is valid and requires TD Bank to pay for imposter scams notwithstanding the accountholder's approval of the transactions, then that determination will, as Plaintiffs contend, resolve “in one stroke” Plaintiffs' central claim that TD Bank's policy runs afoul of the EFTA. Wal-Mart Stores, Inc., 564 U.S. at 350; see also Dial Corp. v. News Corp., 314 F.R.D. 108, 120 (S.D.N.Y. 2015) (“An issue central to the validity of each one of the claims in a class action, if it can be resolved in one stroke, can justify class treatment.” (cleaned up)).
Notwithstanding these questions of law, TD Bank argues that individualized questions will predominate because liability under the EFTA hinges on whether or not the transactions were actually “authorized,” which depends on whether Plaintiffs' “imposter scam” claims can be credited in the first place. See Dkt. No. 58,at 24; Dkt. No. 70, at 7:11-14.
TD Bank's arguments fail for three reasons. First, TD Bank overstates the significance of the individualized issues in this case. While TD Bank strenuously argues in its opposition that the fraud investigations it conducts are “holistic” and individualized, the testimony of its corporate representatives establishes that these investigations are conducted in accordance with the bank's standard policies and procedures. See Dkt. No. 45-28, at 17-21, 78:10-80:19, 84:11-16, 231:4-11; see also 45-32, at 33:24-34-9. While it is true that certain fraud claims require agents to consult different databases and information sources, these differences are not material to the question of law that predominates in this case-whether TD Bank's policy of treating text message approvals as dispositive proof of “authorization” is consistent with the EFTA and the Official Interpretation. See Dkt. No. 45-28, at 251:11-13 (“So our procedure is to deny the claim if the customer says yes to the SMS and they authorize that transaction.”). Moreover, while TD Bank characterizes the Decision Matrix as merely a guide, its corporate representative explained how fraud agents use the Decision Matrix to “determine if they should pay or deny the claim” and that they use the Decision Matrix in a similar manner regardless of whether they are investigating a digital or debit card claim. Dkt. No. 45-28, at 49:13-16, 96:12-17.
Second, Plaintiffs have established that common evidence, in the form of TD Bank's business records, can be used to resolve the question of whether the subject transactions were “authorized.” See Dkt. No. 45-28, at 78:10-80:19, 84:11-16; Dkt. No. 45-35, at 52:19-53:7. For example, TD Bank's corporate representative was able to testify about the reasons why Plaintiffs' claims were denied based on her review of TD Bank's business records. See, e.g., Dkt. No. 4528, at 43:2-8, 188:3-7. The corporate representative further testified about how fraud agents copy the claim denial reasons directly from the Decision Matrix into the “Comment Note” field in CIM, Case Log, and the Tracker. Id. at 58:3-60:11, 116:8-18. While TD Bank makes vague references to “individualized proof” that will be required to resolve Plaintiffs' claims, it does not specify what this proof consists of or explain why its business records are insufficient. For instance, TD Bank does not identify any specific forms of proof that it would need, beyond the information collected by its fraud agents, to credit or discredit Plaintiffs' imposter scam claims. “[T]he law is clear that a defendant must offer something more than speculation to defeat class certification.” Cox v. Spirit Airlines, Inc., No. 17-CV-5172 (EK) (VMS), 2023 WL 1994201, at *4 (E.D.N.Y. Feb. 14, 2023). Against this standard, TD Bank has not rebutted Plaintiffs' contention that class members' claims can be resolved with common proof in the form of TD Bank's business records.
Third, to the extent there are individual questions that can only be resolved with individual proof, those questions to do not foreclose class certification. See Rodriguez v. It's Just Lunch Int'l, No. 07-CV-9227 (SHS), 2018 WL 3733944, at *3 (S.D.N.Y. Aug. 6, 2018) (“Predominance does not require that every last element of a claim be susceptible of classwide proof.” (citing Amgen Inc. v. Connecticut Ret. Plans & Tr. Funds, 568 U.S. 455, 469 (2013)). Indeed, the case law is clear that Rule 23(b)(3) is satisfied so long as “issues in the class action subject to generalized proof . . . predominate over those issues that are subject to individualized proof.” See In re Visa Check/Mastermoney Antitrust Litig., 280 F.3d 124, 136 (2d Cir. 2001) (quotation marks and citation omitted).
The case law cited by TD Bank does not require a different outcome here. See Dkt. No. 58, at 2-3; Dkt. No. 69. Almon is distinguishable because the plaintiffs there did not argue that the defendant engaged in uniform conduct or had a policy of denying certain types of fraud claims in violation of the EFTA. Almon, 2022 U.S. Dist. LEXIS 175734, at *43. The plaintiffs in Almon also did not allege, like Plaintiffs do here, that a common question of law predominated over other issues in the case. See Id. Nelson is distinguishable for similar reasons. Like Almon, the Nelson court did not address the Official Interpretation, nor did the plaintiffs argue that a common question of law predominated over individual issues. See generally Nelson, 2020 U.S. Dist. LEXIS 171583. In addition, the Nelson court denied class certification for reasons that are not present in this case - namely, that the proposed class definition was overbroad, the contractual terms relied upon by the plaintiffs varied, and the defendant raised affirmative defenses that only applied to plaintiffs who resided in certain states. Id. at *16.
Ultimately, this Court finds that Plaintiffs have raised common questions of law and fact that are substantial and predominate over the individual questions for the EFTA class. To the extent there are individual issues that need to be resolved for the EFTA class, Plaintiffs have established that such issues can generally be resolved with common evidence. In light of the foregoing and this circuit's “general preference . . . for granting rather than denying class certification,” Allegra, 341 F.R.D. at 392, this Court finds that Plaintiffs have established the predominance requirement for the EFTA class.
c. Predominance in the Proposed Breach of Contract Class
Plaintiffs' breach of contract claims mirror their EFTA claims. The core of Plaintiffs' contract claims is that TD Bank failed to reimburse accountholders for unauthorized transactions in breach of the parties' Personal Deposit Account Agreement.
The parties do not identify the governing law for Plaintiffs' breach of contract claims; however, the Personal Deposit Account Agreement states that “[t]his Agreement shall be governed by the state laws that apply to [the user's] primary deposit account.” Dkt. No. 45-50, at 29. Notwithstanding this provision, “state contract law defines breach consistently such that the question will usually be the same in all jurisdictions.” In re U.S. Foodservice Inc. Pricing Litig., 729 F.3d at 127; see also Am. Airlines, Inc. v. Wolens, 513 U.S. 219, 233 n.8 (1995) (“[C]ontract law is not at its core diverse, nonuniform, and confusing ....” (quotation marks and citation omitted)). Under New York law (where each of the individual Plaintiffs reside), the elements for a breach of contract action are: (1) the existence of a contract; (2) performance of the contract by one party; (3) breach of the contract by one party; and (4) damages. See Van Brunt v. Rauschenberg, 799 F.Supp. 1467 (S.D.N.Y. 1992).
Here, Plaintiffs argue that “that TD Bank's failure to limit its customers' liability for fraudulent transactions also breaches the Personal Deposit Account Agreement to which all customers who open a personal bank account with TD Bank must agree.” Dkt. No. 44, at 11. Plaintiffs contend that the section of the Personal Deposit Account Agreement “titled ‘Unauthorized Transfers' applies to digital and debit card claims and mirrors the EFTA,” to wit:
If you notify us within two (2) Business Days after you learn of the loss or theft of your Card or PIN, you can lose no more than $50 if someone uses your Card or PIN
without your permission. If you do not notify us within two (2) Business Days after you learn of the loss or theft of your Card or PIN, and we can prove we could have prevented someone from using your Card and/or PIN without your permission if you had told us, you could lose as much as $500 ($50 if you are a resident of Massachusetts and this Agreement is governed by Massachusetts law).Dkt. No. 44, at 11 (citing Dkt. No. 45-50; Dkt. No. 45-28, at 40:13-41:13).
Plaintiffs argue that “[c]ourts find breach of contract claims based on form agreements to be well suited to class certification.” Dkt. No. 44, at 25 (citing In re U.S. Foodservice Inc. Pricing Litig., 729 F.3d at 124-26). “To be clear, courts properly refuse to certify breach of contract class actions where the claims require examination of individual contract language.” In re U.S. Foodservice Inc. Pricing Litig., 729 F.3d at 124. But where the contracts “essentially all [say] the same thing” and “are substantially similar in all material respects,” common issues will predominate. Id. at 124-25 (“Since the record does not indicate the existence of material differences in contract language or other significant individualized evidence, we conclude that the district court did not abuse its discretion in concluding that common issues will predominate over any individual issues, and that [the] claim to the contrary should be rejected.”).
Given that TD Bank utilizes the Personal Deposit Account Agreement for all customers who open a personal bank account and requires those customers to agree to the terms of the agreement (Dkt. No. 45-28, at 37:19-38:16, 39:2-10), common questions regarding whether TD Bank breached the agreement predominate over any individual questions. Because Plaintiffs' “theory of liability raises issues of breach [] common to the class that can be proven with common evidence and which predominate over individualized issues,” Plaintiffs have established the predominance requirement for the breach of contract class. See Mirkin v. XOOM Energy, LLC, No. 18-CV-2949 (ARR) (RER), 2023 WL 5622099, at *8 (E.D.N.Y. Aug. 31, 2023) (“Indeed, XOOM's breach of contract defense relies on common proof-evidence of XOOM's process for determining the variable rate margin.”); Steinberg v. Nationwide Mut. Ins. Co., 224 F.R.D. 67, 74 (E.D.N.Y. 2004) (“[C]laims arising from interpretations of a form contract appear to present the classic case for treatment as a class action, and breach of contract cases are routinely certified as such. (citations omitted)); cf. Dover v. Brit. Airways, PLC (UK), 321 F.R.D. 49, 58 (E.D.N.Y. 2017) (Dearie, J.) (“This is not to say that individual issues will not arise in this case. On the contrary, the parties agree that individualized proof will be necessary in determining the amount of damages each class member suffered. These individualized inquiries do not, however, defeat predominance.”).
This Court therefore finds that Plaintiffs have established the predominance requirement for the breach of contract class.
2. Superiority
“The second prong of Rule 23(b)(3) requires that Plaintiffs demonstrate that a class action is ‘superior to other available methods for fairly and efficiently adjudicating the controversy.'” Hill, 2019 WL 1900503, at *10 (quotation marks and citation omitted). The factors pertinent to this requirement include:
(A) the class members' interests in individually controlling the prosecution or defense of separate actions; (B) the extent and nature of any litigation concerning the controversy already begun by . . . class members; (C) the desirability or undesirability of concentrating the litigation of the claims in the particular forum; and (D) the likely difficulties in managing a class action.Id. (quoting Fed.R.Civ.P. 23(b)(3)).
Applying these factors here, this Court finds that they weigh in favor of certifying both proposed Rule 23(b)(3) classes. First, it is unlikely that the proposed class members have a strong interest in pursuing their claims individually, particularly where the potential costs of litigation may outweigh the money lost to fraudsters. See Hill, 2019 WL 1900503, at *10 (noting that it is not surprising that there is a dearth of other litigation, “given that the likely monetary relief is not likely to exceed the costs of pursuing an individual claim.”). Indeed, here, the losses alleged among Plaintiffs does not amount to more than a few thousand dollars. See, e.g., Dkt. No. 12 ¶¶ 34, 66, 90; Dkt. No. 45-2, at 3; Dkt. No. 45-10, at 7; Dkt. No. 45-17, at 6. This Court is also not aware of any other litigation concerning the controversy at issue in this action, and despite the present case being over three years old, none of the proposed class members have sought to join in Plaintiffs' claims. Id.; see also Stinson v. City of New York, 282 F.R.D. 360, 383 (S.D.N.Y. 2012) (“the relatively small amount of damages suffered by each individual plaintiff decreases the possibility of individual lawsuits being filed”).
Furthermore, in light of the potential class size that would include thousands of accountholders (Dkt. No. 50 ¶¶ 2-19), “it is clearly desirable to concentrate the litigation of their claims into a single action.” Hill, 2019 WL 1900503, at *10. “Moreover, it is more efficient to decide a single set of facts and single theory for liability in one case, rather than having multiple litigants bring individual actions on the same-or substantially similar-causes of action.” Winslow v. Forster & Garbus, LLP, No. 15-CV-2996 (AYS), 2017 WL 6375744, at *18 (E.D.N.Y. Dec. 13, 2017); see Hill, 2019 WL 1900503, at *10 (“in light of the potential class size of over 1,000 current and former employees, it is clearly desirable to concentrate the litigation of their claims into a single action.”).
Thus, the Court finds that the superiority requirement of Rule 23(b)(3) is satisfied.
D. Class Definition
Finally, the Court must determine “whether the definition of the class proposed by plaintiffs . . . is an appropriate one.” Nnebe, 2022 WL 615039, at *13 (internal quotations and citation omitted).
As explained above, Plaintiffs have proposed revised class definitions in their reply brief, which amend the stated reasons for why TD Bank denied the unauthorized transfer claims. See Dkt. No. 62 at 3-4. Plaintiffs' revised class definitions “use[] the denial reasons TD Bank's fraud agents copied and pasted from the bank's decision matrix into the Tracker and CIM systems” to include potential class members whose fraud claims “TD denied for reasons that don't actually refute a finding of fraud.” Dkt. No. 62, at 4.
TD Bank contends that the Court should decline to adopt the revised definitions for two reasons. First, TD Bank challenges the timing of the proposed revisions and argues that Plaintiffs' post-discovery amendments should not be allowed. Second, TD Bank challenges the scope of the revisions because the proposed amendments substantially expand the proposed classes' definitions. To that end, TD Bank emphasizes how instead of limiting the classes to individuals for whom TD Bank denied reimbursement claims because Plaintiffs gave an access device to a fraud perpetrator, Plaintiffs now seek to include those for whom TD Bank denied reimbursement for any of the four additional reasons listed.
As an initial matter, the Court “is not bound by the class definition proposed in the complaint.” Shady Grove Orthopedic Assocs., P.A. v. Allstate Ins. Co., 293 F.R.D. 287, 293 n.1 (E.D.N.Y. 2013) (quoting Robidoux, 987 F.2d at 937). Indeed, Rule 23 vests the Court with “the power to amend class definitions or decertify classes as necessary.” Brooklyn Ctr. for Indep. of the Disabled v. Bloomberg, 290 F.R.D. 409, 420 (S.D.N.Y. 2012); see also Morangelli v. Chemed Corp., 275 F.R.D. 99, 114 (E.D.N.Y.2011) (explaining that “[t]he court may, in its discretion . . .modify the definition of the proposed class to provide the necessary precision or to correct other deficiencies” (citation omitted)). “In fact, the court has a duty to ensure that the class is properly constituted and has broad discretion to modify the class definition as appropriate to provide the necessary precision.” Id.
With respect to the scope of the revisions, the Court agrees with Plaintiffs that the revised definitions do not broaden the class definitions. See Dkt. No. 70, at 23:4-12. Instead, the revised definitions provide a more objective description of the class “us[ing] the denial reasons TD Bank's fraud agents copied and pasted from the bank's [D]ecision [M]atrix into the Tracker and CIM systems.” Dkt. No. 62, at 4 (citations omitted).
The Court does, however, agree with TD Bank's assertion that “Plaintiffs' proposed amendments to the Breach of Contract Class contain substantially identical revisions but also include an inexplicable amendment to subsection (1) from ‘Were parties to TD Bank's Personal Deposit Account Agreement' to ‘who have or had an account with TD Bank.'” Dkt. No. 64-1, at 2, n.2. As set forth below, the Court revises the breach of contract class definition back to “[w]ere parties to TD Bank's Personal Deposit Account Agreement.”
V. Conclusion
For the reasons set forth herein, this Court respectfully recommends that Plaintiffs' motion be granted and that the following classes be certified under Fed.R.Civ.P. 23(a) and 23(b)(3):
1. Definitions of the Class:
EFTA Excess Consumer Liability Class. All persons (1) who have or had an account with TD Bank; and (2) notified TD Bank that they had been induced by fraud to provide another person with their account access device leading to unauthorized charges; and (3) within one year prior to filing of this action, TD Bank denied the consumer's Regulation E claim for reasons substantially the same as the following: (a) Evidence shows that an SMS was received and approved by the customer's phone number on file; (b) Customer has had no recent changes to the address, phone number, or online banking credentials in the last 90 days; (c) Customer indicated that they previously provided access/authorization to 3rd party; (d) Customer fell for a scam and gave online banking credentials to a 3rd party; or (e) Customer is a victim of TD imposter scam; and (4) who notified TD Bank within two
business days of the alleged loss or theft and who alleged a loss of more than $50, or who notified TD Bank at any time and who alleged a loss of more than $500.
Breach of Contract Class. All persons (1) who were parties to TD Bank's Personal Deposit Account Agreement; and (2) notified TD Bank that they had been induced by fraud to provide another person with their account access device leading to unauthorized charges; and (3) within six years prior to filing of this action, TD Bank denied the consumer's Regulation E claim for reasons substantially the same as the following: (a) Evidence shows that an SMS was received and approved by the customer's phone number on file; (b) Customer has had no recent changes to the address, phone number, or online banking credentials in the last 90 days; (c) Customer indicated that they previously provided access/authorization to 3rd party; (d) Customer fell for a scam and gave online banking credentials to a 3rd party; or (e) Customer is a victim of TD imposter scam; and (4) who notified TD Bank within two business days of the alleged loss or theft and who alleged a loss of more than $50, or who notified TD Bank at any time and who alleged a loss of more than $500.
2. Class Representatives: Ludmila Nelipa, Allison Archer, Verdenia Edwards
3. Class Counsel: Benjamin Drachler, Beth E. Terrell, Blythe H. Chandler, Ryan Tack-Hooper, and Daniel Adam Schlanger
It is further respectfully recommended that the parties be ordered to meet and confer and submit an agreed-upon form of notice that satisfies Fed.R.Civ.P. 23(c)(2)(B) and a joint plan for the dissemination of the proposed notice by a date certain following the district court's review of this Report and Recommendation. It is also respectfully recommended that the parties be ordered to confer and generate a class list to be used in disseminating notice by a date certain following the district court's review of this Report and Recommendation.
A copy of this Report and Recommendation is being electronically served on counsel. Any objections to this Report and Recommendation must be filed within 14 days after service of this Report and Recommendation. See 28 U.S.C. § 636(b)(1); Fed.R.Civ.P. 72(b)(2). See also Fed.R.Civ.P. 6(a) & (d) (addressing computation of days). Any requests for an extension of time for filing objections must be directed to Judge DeArcy Hall. Failure to file objections within this period designating the particular issues to be reviewed waives the right to appeal the district court's order. See 28 U.S.C. § 636(b); Fed.R.Civ.P. 72(b)(2); Wagner & Wagner, LLP v. Atkinson, Haskins, Nellis, Brittingham, Gladd & Carwile, P.C., 596 F.3d 84, 92 (2d Cir. 2010); Kotlyarsky v. United States Dep't of Just., No. 22-2750, 2023 WL 7648618 (2d Cir. Nov. 15, 2023); see also Thomas v. Arn, 474 U.S. 140 (1985).