I’m only discussing the Lanham Act claims, but there are
many other claims in this case. First
Data and SecurityMetrics generally sit at different points in the
market for servicing merchants who take credit card payments, but apparently
First Data is encroaching into SecurityMetric’s space.
“PCI” originally stood for “Payment Card Industry,” but now also is used
to refer to the PCI Security Standards Council and the PCI Data Security
Standard administered by the council. Major credit card brands formed the
council, which developed the security standard now adopted by all the credit
card brands. They penalize noncompliance
with the security standard.
While the PCI standard is universal, the various brands have
different requirements for demonstrating or validating compliance with the
standard. There are a number of
different types of PCI compliance service vendors assessing various aspects of
transactions; the credit card brands recognize certifications for several
different functions, and the PCI Council certifies the vendors. SecurityMetrics is certified by the PCI
Council for several specific functions, and First Data isn’t.
Instead, First Data is a payment processor: it processes
transactions for merchants and independent sales organizations. SecurityMetrics
provided compliance services to some merchants for whom First Data provides
processing services. They worked
together by contract for several years.
First Data promoted SecurityMetrics to certain customers as a preferred
vendor for compliance validation services, and SecurityMetrics used a protocol
for reporting validation of compliance known as the START system. SecurityMetrics alleged that First Data
breached the agreement, then prematurely terminated it.
SecurityMetrics alleged that, in mid-2012, First Data began offering
a service called “PCI Rapid Comply,” in competition with SecurityMetrics. First Data imposes billing minimums on
certain customers. SecurityMetrics
alleged that, when calculating the minimums, First Data counted fees for PCI
Rapid Comply towards them, but not fees paid to vendors of other PCI compliance
services. First Data also allegedly told
merchants who used other compliance vendors that they’d have to pay for those
services in addition to the cost of PCI Rapid Comply. This was allegedly false because First Data
refunds amounts paid to third-party vendors by merchants who use the services
of those vendors to become compliant.
The court noted uncertainty whether failure to disclose can
be actionable in the Fourth Circuit, which is odd since implied falsity is, as
the court notes, actionable everywhere, and one way to imply a falsehood is to
say some things and withhold relevant information. In any event, SecurityMetrics stated a Lanham
Act false advertising claim because First Data’s advertising said that
merchants “will pay” the additional cost—that could be understood as an
affirmative misstatement.
SecurityMetrics’ false endorsement claim also survived. It alleged that First Data’s use of the
phrase “PCI” in the name of its “PCI Rapid Comply” service was likely to cause
merchants and others to incorrectly believe that the service is associated with
or approved by the PCI Council. First Data argued that SecurityMetrics lacked
standing to raise this claim, since it didn’t own any PCI marks. However, SecurityMetrics alleged that it had
actually been harmed by this misstatement.
Dastar
says that § 43 goes beyond trademark protection, and false endorsement covers
use of words that are likely to cause confusion “as to the affiliation,
connection, or association of such person with another person, or as to the
origin, sponsorship, or approval of his or her goods, services, or commercial
activities by another person.” Thus
there are three distinct individuals involved: (1) the user of the term, (2)
the misrepresented party, and (3) the plaintiff. First Data argued that (2) and (3) had to be
the same, but the court disagreed. While
some people, like consumers, lack standing to bring a false endorsement claim,
and while the plaintiff must have some sort of commercial or competitive
interest (what sort will soon be decided by the Supreme Court), the plaintiff need not have an
interest in the mark itself. See Famous Horse. This is consistent with the statutory
language covering “any person who believes that he or she is or is likely to be
damaged by such act.” SecurityMetrics alleged damage to its commercial
interests and its ability to stay competitive in the marketplace; that was
enough.
The same alleged damage made SecurityMetrics more than a
mere intermeddler and gave it standing to seek cancellation of First Data’s
trademark registration for the term.
Posts
No comments:
Post a Comment