Opinion
2:21-cv-20561 (BRM) (ESK)
07-27-2023
CASSANDRA VALERIE BEAMAN, STEFAN BROOKS, and LAURA ROSELLI, individually and on behalf of others similarly situated, Plaintiffs, v. BANK OF AMERICA, N.A., Defendant.
NOT FOR PUBLICATION
OPINION
BRIAN R. MARTINOTTI, UNITED STATES DISTRICT JUDGE
Before the Court is Bank of America, N.A.'s (“BOA”) Motion to Dismiss (ECF No. 37) the First Amended Class Action Complaint (“FAC”) (ECF No. 36), filed by Plaintiffs Cassandra Valerie Beaman, Stefan Brooks, and Laura Roselli (“Plaintiffs”), individually and on behalf of all others similarly situated. Plaintiffs filed an Opposition. (ECF No. 38.) BOA filed a Reply. (ECF No. 40.) Thereafter, BOA filed a Notice of Supplemental Authority. (ECF No. 41.) Plaintiffs filed a Response. (ECF No. 42.) Plaintiffs subsequently filed their own Notice of Recent Decision. (ECF No. 43.) Having reviewed the parties' submissions filed in connection with the Motion and having declined to hold oral argument pursuant to Federal Rule of Civil Procedure 78(b), for the reasons set forth below and for good cause having been shown, BOA's Motion to Dismiss is GRANTED, and Plaintiffs' FAC is DISMISSED WITHOUT PREJUDICE, and with leave to amend.
I. Background
For the purpose of this Motion to Dismiss, the Court accepts the factual allegations in the FAC as true and draws all inferences in the light most favorable to Plaintiffs. See Phillips v. Cnty. of Allegheny, 515 F.3d 224, 228 (3d Cir. 2008). The Court also considers any “document integral to or explicitly relied upon in the [FAC].” In re Burlington Coat Factory Sec. Litig., 114 F.3d 1410, 1426 (3d Cir. 1997) (quoting Shaw v. Digit. Equip. Corp., 82 F.3d 1194, 1220 (1st Cir. 1996)).
A. Factual Background
Plaintiffs are residents of the State of New Jersey, who lost their jobs during the COVID-19 pandemic (the “Pandemic”), and who received and relied upon New Jersey Department of Labor & Workforce Development (“LWD”) unemployment and other public benefits, administered through their respective BOA accounts, and accessible by a BOA LWD debit card. (ECF No. 36 ¶¶ 1, 9-11.) BOA is a Delaware corporation and financial institution with an exclusive contract to administer unemployment benefits and other payments through LWD debit cards and accounts. (Id. ¶ 12.) Pursuant to the contract, Plaintiffs and Class Members, which include all others similarly situated to Plaintiffs, received periodic payments through the BOA-issued prepaid debit cards, which are linked to individual BOA depository accounts, to access their benefits. (Id. ¶ 2.)
The FAC identifies LWD as an agency of the State of New Jersey responsible for administering various benefit programs, including for New Jersey residents who are low-income or unemployed, like unemployment insurance benefits, pandemic unemployment assistance benefits, pandemic emergency unemployment compensation benefits, disability insurance benefits, and paid family leave benefits. (ECF No. 36 ¶ 14.)
Plaintiffs submit, upon information and belief, BOA and LWD entered into a contract (the “Contract”) some time prior to 2020. (Id. ¶ 15.) At all relevant times thereafter, LWD distributed benefits pursuant to the Contract, through BOA-issued and administered debit cards. (Id. ¶ 17.) Under the terms of the Contract, BOA would disperse to each claimant the entire amount authorized by LWD, without commingling the benefits with any other funds, and without any alteration or adjustment. (Id. ¶ 20.) In exchange, BOA agreed to fully protect LWD debit cardholders in the event they became victims of fraud. (Id. ¶ 18.) Specifically, BOA agreed to comply with all Electronic Fund Transfers Act (“EFTA”) requirements and timelines with respect to error resolution, and BOA extended their “Zero Liability protection on disputed claims” to the transactions. (Id. ¶ 18.) The Contract between LWD and BOA was contingent on BOA's description of their error resolution process. (Id. ¶ 19.)
However, Plaintiffs allege BOA failed to secure Plaintiffs' and Class Members' personally identifiable information and other sensitive debit card and account information in a reasonably secure manner. (Id. ¶ 21.) Specifically, BOA issued LWD cards without industry-standard, fraud preventing EMV chips, which the Bank has used on all of its regular consumer debit cards since 2014. (Id. ¶ 2.) Further, BOA failed to take reasonable steps to ensure the proper hiring, supervision, training, and retention of its subcontractors, employees, and agents with access to said information. (Id.) As a result, both Plaintiffs' and Class Members' cardholder information has been obtained by unauthorized third parties in a series of security breaches, resulting in unauthorized transactions on their accounts and access to their personal information. (Id. ¶¶ 22-23.)
1. Evolution of Fraud-Combatant Technology Standards
Plaintiffs assert that from the 1960s until about or around 2010, banks used magnetic stripes to store consumer information on debit and credits cards in the United States. (Id. ¶ 25.) However, because the stripes are static and easily readable, they are also highly susceptible to fraud. (Id. ¶ 26.) Through a process called “skimming,” third parties can access and use information from the card to clone it and conduct unauthorized transactions. (Id.) Skimming has resulted in hackers capturing the personal data of over tens of millions of people. (Id. ¶ 27.)
To combat the fraud enabled by magnetic stripes, banks have adopted EMV chip technology as the industry standard. (Id. ¶ 28.) EMV chips are “dynamic” and create a unique signature for every transaction, rendering debit card data from past purchases useless to hackers. (Id.) BOA, specifically, began using EMV chips in corporate credit cards for customers who regularly traveled outside of the United States in 2011. (Id. ¶ 29.) In 2014, BOA used chip technology on all new and reissued consumer debit cards to “increas[e] card security.” (Id. ¶ 30.) By 2015, banks, generally, began a shift toward EMV chip cards, and by 2017, the cards became the industry norm. (Id. ¶ 31.) On BOA's website, BOA acknowledges that EMV chip technology is the security standard, is more secure, and makes a card more difficult to counterfeit or copy. (Id. ¶ 33.) Still, BOA issued LWD debit cards without EMV chips to hundreds of thousands of New Jerseyans - Plaintiffs and Class Members - which Plaintiffs allege resulted in predictable and rampant fraud. (Id. ¶ 34.)
2. The Bank's Representations to Cardholders
In a Cardholder Agreement on BOA's website, BOA represented they would be responsible for unauthorized transactions on their LWD debit cards or accounts because of the bank's “zero liability” policy. (Id. ¶ 35.) BOA also represented they were available twenty-four hours a day, seven days per week, to receive reports of any unauthorized transactions, and would promptly investigate the transaction to determine whether it was unauthorized within ten business days. (Id.) If the bank took longer than ten business days to investigate, BOA would credit the account for the amount believed to be in error. (Id.) Plaintiffs allege this agreement was in effect at the time Plaintiffs received their benefits and has been effective over the duration relevant to this case. (Id. ¶ 36.)
3. Third-Party Fraud of LWD Debit Card Accounts
In the spring of 2020, the Pandemic resulted in hundreds of thousands of workers losing their jobs, and the state's unemployment rate to skyrocket to record heights. (Id. ¶ 37.) Since the start of the Pandemic in 2020, LWD received over 200,000 claims for unemployment benefits, and BOA issued thousands of LWD debit cards to New Jersey residents. (Id. ¶ 38.) Tens of thousands of those debit cardholders have been victims of fraud during the Pandemic, and tens of millions of dollars have been stolen from their accounts. (Id. ¶ 39.) The reported fraud has occurred in various forms, including in massive ATM withdrawals, thousand-dollar charges at luxury vendors, and repeated transactions with food delivery services. (Id. ¶ 40.) Criminals have also exploited the security vulnerabilities to misappropriate cardholder information. (Id. ¶ 41.) Plaintiffs claim the increase in fraud during the Pandemic was foreseeable, but BOA nonetheless failed to take reasonable measures to prepare for and prevent the fraud. (Id. ¶ 42.)
4. BOA's Pre-Suit Response to Fraud
After the increase in fraudulent activity, BOA failed to employ reasonable procedures for monitoring, detecting, stopping, and notifying Plaintiffs and Class Members about suspicious transactions; failed to answer customer service phone lines it advised LWD cardholders to call; established “customer service” procedures that frustrated Plaintiffs' and Class Members' efforts to file fraud claims; closed fraud claims without a reasonable and good faith investigation; reversed “permanent” credits previously granted for unauthorized transitions without good faith basis and without notice to LWD cardholders; failed to extend provisional credit to LWD cardholders; and indefinitely froze and blocked accounts of the cardholders who reported third-party fraud on their accounts. (Id. ¶ 43.) This is due, in part, to BOA's failure to adequately staff its call centers and provide reasonable levels of assistance to the predictably large number of cardholders seeking assistance during the pandemic. (Id. ¶ 44.)
Since October 2020, BOA had a policy and practice of automatically and summarily denying fraud claims of LWD debit cardholders without adequate investigation or explanation, using the bank's automated fraud filter (“Claim Fraud Filter”). (Id. ¶ 45.) When a LWD debit cardholder reported an unauthorized transaction, the Claim Fraud Filter flagged the report and, within a day or two of the complaint, sent a form letter closing the cardholder's claim before investigating the claim. (Id.) LWD debit cardholders who have called the bank for further information have been given erroneous instructions or told they could not be helped, even after providing detailed documentation in support of their claims. (Id. ¶ 46.) Even those whose claims were reopened for investigation were not issued provisional credit pending completion of BOA's investigation. (Id.) BOA's practice of automatically denying fraud claims of LWD debit cardholders allowed the bank to circumvent its obligations under EFTA and Regulation E, which require the bank to issue provisional credit if an investigation is not completed in ten days, and to complete the investigation in no more than forty-five days. (Id. ¶ 47.) Further, BOA retroactively rescinded funds that were “permanently” credited to LWD debit cardholder victims by debiting the amount from their accounts without notice or explanation, and sometimes leaving the cardholders with a negative balance. (Id. ¶ 48.) This would leave those cardholders without access to benefits because the LWD benefit payments paid off the negative balance and were not available for use. (Id.)
Around the same time, BOA began implementing another policy and practice of automatically and indefinitely freezing or blocking accounts without notice, explanation, or opportunity to be heard, based upon the results of the bank's Claim Fraud Filter. (Id. ¶ 49.) When an account is frozen, the cardholder cannot access any funds in the account, and further, LWD benefits payments are not accepted in the account. (Id.) As a result, the cardholders who are victims of third-party fraud are then further deprived of access to their benefits at the hands of BOA. (Id.) Many accounts were frozen for months without further information. (Id. ¶ 50.) If a LWD debit cardholder wanted to re-access their frozen LWD account, BOA required the cardholder to reestablish their identity and re-verify their eligibility before re-opening the account. (Id. ¶ 51.) Even after cardholders complied with these requirements, BOA still failed to unfreeze some accounts. (Id. ¶ 52.)
LWD debit cardholders whose fraud claims have been denied or whose accounts were frozen have been unable to reach BOA's customer service hotline. (Id. ¶ 53.) BOA failed to appropriately staff its call centers in a manner that would provide reasonable levels of assistance to the predictably large volume of cardholders seeking assistance during the Pandemic. (Id. ¶ 54.) The service agents who were hired were not adequately trained and were not empowered to investigate or resolve fraud claims. (Id.) Instead, cardholders were repeatedly kept on hold, sometimes for hours, waiting to speak to a live agent, or they were disconnected, hung up on, or treated rudely by overwhelmed agents. (Id. ¶ 55.) BOA representatives also provided erroneous information regarding the cardholders' accounts. (Id. ¶ 56.)
Further, BOA has failed to notify their cardholders within twenty-one days of any changes to their ability to initiate electronic fund transfers from their LWD debit card accounts. (Id. ¶ 64.) Plaintiffs and Class Members allege BOA decreased their access to their accounts because of freezes and/or holds placed on those accounts but were not given written notice of those changes. (Id. ¶¶ 65-66.) BOA continues to freeze and/or block thousands of cardholders' accounts without notice, depriving Class Members of their benefits. (Id. ¶ 67.)
Furthermore, BOA continues to depend upon the Claim Fraud Filter as a basis for denying or closing unauthorized transaction claims, or as a basis for freezing any class member's account. (Id. ¶ 61.) This practice results in the closing of tens of thousands of Class Member accounts each month, depriving Class Members of access to critical unemployment and other public benefits. (Id. ¶ 62.) Class Members also continue to experience unauthorized transactions on their debit cards. (Id. ¶ 63.)
5. Consumer Finance Protection Bureau (“CFPB”) and the Office of Comptroller of the Currency (“OCC”) Response
On June 14, 2022, the CFPB and the OCC collectively fined BOA $225 million for its handling of state unemployment benefits at the height of the Pandemic. (Id. ¶ 68.) The CFPB found BOA engaged in unfair and abusive acts and practices, because they replaced a reasonable investigation process with a faulty Claim Fraud Filter, lowered the bar for freezing unemployment insurance benefits, and improperly retroactively deprive account members of access to their accounts that were investigated and paid. (Id. ¶¶ 68-72.) Further, the CFPB found BOA failed to issue provisional credits to account holders within the legally-required ten business days, failed to complete investigations on accounts within forty-five days, and ultimately failed to timely investigate account holders' notices of error. (Id. ¶¶ 74-77.) BOA's erroneous use of the Claim Fraud Filter occurred while handling approximately 188,000 notices of error by affected customers. (Id. ¶ 78.) The CFPB found BOA's actions violated Sections 908 and 909 of the EFTA, and Section 1005.11 of Regulation E. (Id.) The OCC similarly found BOA failed to give access of unemployment funds to account holders, leaving them without any effective way of remedying the situation. (Id. ¶ 73.)
6. Class Representative Experiences
Plaintiff Cassandra Valerie Beaman (“Beaman”) lost her job due to the Pandemic in March of 2020. (Id. ¶ 79.) Beaman applied for, and began receiving, unemployment benefits through the State of New Jersey. (Id.) On May 23, 2021, Beaman's debit card was declined. (Id. ¶ 80.) Beaman called BOA and discovered fraudulent transactions had been made on her account. (Id.) The fraudulent transactions included purchases totaling approximately $300.00. (Id.) From that day through the filing of the Class Complaint, BOA failed to credit her account for any of the stolen money. (Id. ¶ 81.) Instead, BOA froze her account without notice, and has since failed to unfreeze it. (Id.) Since May 2021, Beaman has called BOA over twenty times. (Id. ¶ 82.) BOA told her she needed to re-verify her identity to gain access to her account; however, even when she completed the process, BOA still failed to grant her access. (Id.) Because of Beaman's inability to access her BOA account, she missed a $200.00 rent payment, $60 phone bill, and struggled to afford food, gas, and clothing. (Id. ¶ 83.)
Plaintiff Stefan Brooks's (“Brooks”) BOA debit card was declined when shopping at a grocery store, despite having sufficient funds to cover the purchases on his account. (Id. ¶ 84.) Brooks's account had been frozen without prior notice. (Id.) When he called BOA to unfreeze the account, BOA asked him to re-verify his identity. (Id. ¶ 85.) After spending thirty minutes on the phone with BOA, Brooks's account was unfrozen. (Id.) Shortly thereafter, Brooks's account was frozen again without notice. (Id. ¶ 86.) He, again, spent thirty minutes on the phone with BOA to unfreeze his account. (Id. ¶¶ 86-87.) After Brooks's account was unfrozen, BOA froze the account for a third time. (Id. ¶ 88.) Brooks then called BOA's fraud department, which re-directed him to the LWD. (Id.) LWD informed Brooks the funds had been released to the bank, and he should have access to them. (Id. ¶ 89.) Brooks called the bank to request access to the funds, but he was referred back to LWD. (Id. ¶ 90.) Brooks was never given any notice of any changes of access to his account. (Id. ¶ 91.)
Plaintiff Laura Roselli (“Roselli”) was approved to receive unemployment benefits from the State of New Jersey. (Id. ¶ 92.) While waiting to receive the LWD debit card, fraudulent transactions occurred on her account. (Id.) On October 24, 2021, $7000.00 was transferred from Roselli's account without her knowledge or approval. (Id. ¶ 93.) On October 31, 2021, $9800.00 was transferred without her knowledge or approval. (Id. ¶ 94.) Roselli immediately contacted BOA to report the fraudulent transfers that drained her account before she had even received her debit card in the mail. (Id. ¶¶ 96-97.) After doing some research, Roselli discovered her card had been mailed to an unknown address in Brooklyn, New York. (Id. ¶ 97.) Roselli also discovered two smaller fraudulent transactions on her account, for $44.99 and $359.18, of which she notified BOA, and were refunded to her account. (Id. ¶ 98.) However, Roselli still has not received provisional credit or reimbursement of $16,800.00 worth of fraudulent transactions. (Id. ¶ 99.)
B. Procedural History
Plaintiff Cassandra Beaman initiated this Class Action on December 17, 2021, individually and on behalf of all others similarly situated. (ECF No. 1.) BOA moved to dismiss (ECF No. 6), but the motion was terminated pending the parties' agreement on an acceptable briefing schedule, (ECF No. 15). BOA's motion to dismiss, Beaman's opposition, and BOA's response were re-filed on July 19, 2022. (ECF Nos. 20-22.) On October 18, 2022, the parties stipulated to permit Beaman to amend the Complaint and to extend BOA's time to answer, move or otherwise respond. (ECF No. 35.)
On October 19, 2022, Plaintiffs Beaman, Brooks, and Roselli filed the FAC. (ECF No. 36.) BOA moved to dismiss the FAC on December 9, 2022. (ECF No. 37.) Plaintiffs filed an opposition on January 13, 2023. (ECF No. 38.) BOA filed a reply on February 3, 2023. (ECF No. 40.) Thereafter, BOA filed a Notice of Supplemental Authority on March 29, 2023 in further support of its motion. (ECF No. 41.) Plaintiffs filed a letter in reply on April 5, 2023. (ECF No. 42.) On June 3, 2023, Plaintiffs similarly filed a letter with supplemental authority for the Court's consideration. (ECF No. 43.)
C. Class Action Allegations
Plaintiffs Beaman, Brooks, and Roselli seek to bring this lawsuit individually and as a class pursuant to Federal Rule of Civil Procedure 23, and they also seek declaratory and injunctive relief and damages on behalf of a class defined as:
All persons who were [BOA] LWD Debit Cardholders at any time between January 1, 2020 and the present (“Class Period”), and whose eligibility for benefits LWD has not revoked for failure to establish valid identity.(ECF No. 36 ¶ 100.) Plaintiffs further seek declaratory and injunctive relief, restitution, disgorgement, and statutory and actual damages on behalf of the following subclasses:
Claim Denial Subclass: All Class Members who, during the Class Period, gave [BOA] notice of a claim that an unauthorized transaction had occurred on their Account (“Claim”) and whose Claim the Bank closed or denied based on application of the Claim Fraud Filter.
Untimely Investigation Subclass: All Class Members who, during the Class Period, received provisional credit in connection with their claim for an unauthorized transaction that [BOA] rescinded more than 45 days after [BOA] received notice of the claim.
Credit Rescission Subclass: All Class Members who, during the Class Period, received provisional or permanent credit from [BOA] in connection with their Claim, which [BOA] rescinded more than 45 days after the Class Member gave notice of the Claim.
Account Freeze Subclass: All Class Members whose LWD Debit Card Account [BOA] froze during the Class Period based on application of the Claim Fraud Filter and later unfroze or later converted from frozen to blocked status and then unblocked.
Account Block Subclass: All Class Members whose LWD Debit Card Account [BOA] blocked during the Class Period based on application of the Claim Fraud Filter and later unblocked.
Security Breach Subclass: All Class Members whose Card, Account, or other personal information in the possession of [BOA] or its agents was, during the Class Period, accessed or taken by a third party without the Class Member's consent.
EMV Chip Subclass: All Class Members whose LWD Debit Card, during the Class Period, did not include an EMV chip and whose Card, Account, or other personal information was accessed or taken from the Card by a third party without the Class Member's consent.
Lack of Notice Subclass: All Class Members who experienced decreased access, and/or change in rights to make EFT on their consumer accounts without receiving written notice twenty-one-days prior to the effective date of any change from [BOA].(Id. ¶ 101.) Plaintiffs allege the action can be maintained as a class action against Defendants pursuant to the provisions of Rule 23. (Id. ¶ 104.) Plaintiffs allege the following against BOA, including: (1) violations of the EFTA, 15 U.S.C. §§ 1693, et seq. and Regulation E of EFTA, 12 C.F.R. §§ 1005.1-1005.20; (2) negligence and negligence per se; (3) negligent hiring, supervision and retention; (4) breach of contract; (5) breach of implied contract; and (6) breach of implied covenant of good faith and fair dealing. (Id. ¶¶ 106-55.)
II. Legal Standard
In deciding a motion to dismiss pursuant to Federal Rule of Civil Procedure 12(b)(6), a district court is “required to accept as true all factual allegations in the complaint and draw all inferences from the facts alleged in the light most favorable to [the non-moving party].” Phillips, 515 F.3d at 228. “[A] complaint attacked by a Rule 12(b)(6) motion to dismiss does not need detailed factual allegations.” Bell Atl. Corp. v. Twombly, 550 U.S. 544, 555 (2007) (citations omitted). However, “a plaintiff's obligation to provide the ‘grounds' of his ‘entitle[ment] to relief' requires more than labels and conclusions, and a formulaic recitation of the elements of a cause of action will not do.” Id. (alteration in original) (quoting Papasan v. Allain, 478 U.S. 265, 286 (1986)). A court is “not bound to accept as true a legal conclusion couched as a factual allegation.” Papasan, 478 U.S. at 286. Instead, assuming factual allegations in the complaint are true, those “[f]actual allegations must be enough to raise a right to relief above the speculative level.” Twombly, 550 U.S. at 555.
“To survive a motion to dismiss, a complaint must contain sufficient factual matter, accepted as true, to ‘state a claim for relief that is plausible on its face.'” Ashcroft v. Iqbal, 556 U.S. 662, 678 (2009) (quoting Twombly, 550 U.S. at 570). “A claim has facial plausibility when the plaintiff pleads factual content that allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Id. at 678 (citing Twombly, 550 U.S. at 556). This “plausibility standard” requires the complaint allege “more than a sheer possibility that a defendant has acted unlawfully,” but it “is not akin to a ‘probability requirement.'” Id. at 678 (citing Twombly, 550 U.S. at 556). “[D]etailed factual allegations” are not required, but “more than an unadorned, the-defendant-unlawfully-harmed-me accusation” must be pleaded; it must include “factual enhancement” and not just conclusory statements or a recitation of the elements of a cause of action. Id. (citations omitted). In assessing plausibility, the court may not consider any “[f]actual claims and assertions raised by a defendant.” Doe v. Princeton Univ., 30 F.4th 335, 345 (3d Cir. 2022).
“Determining whether a complaint states a plausible claim for relief [is] . . . a contextspecific task that requires the reviewing court to draw on its judicial experience and common sense.” Iqbal, 556 U.S. at 679. “[W]here the well-pleaded facts do not permit the court to infer more than the mere possibility of misconduct, the complaint has alleged-but it has not ‘show[n]'-‘that the pleader is entitled to relief.'” Id. (quoting Fed.R.Civ.P. 8(a)(2)). Indeed, after Iqbal, it is clear that conclusory or “bare-bones” allegations will no longer survive a motion to dismiss: “[t]hreadbare recitals of the elements of a cause of action, supported by mere conclusory statements, do not suffice.” Id. at 678. To prevent dismissal, all civil complaints must now set out “sufficient factual matter” to show that the claim is facially plausible. This “allows the court to draw the reasonable inference that the defendant is liable for the misconduct alleged.” Id. The Supreme Court's ruling in Iqbal emphasizes that a plaintiff must show that the allegations of his or her complaints are plausible. See id. at 670.
While, as a general rule, the court may not consider anything beyond the four corners of the complaint on a motion to dismiss pursuant to Rule 12(b)(6), the Third Circuit has held “a court may consider certain narrowly defined types of material without converting the motion to dismiss [to one for summary judgment pursuant to Rule 56].” In re Rockefeller Ctr. Props. Sec. Litig., 184 F.3d 280, 287 (3d Cir. 1999). Specifically, courts may consider any “document integral to or explicitly relied upon in the complaint.” In re Burlington Coat Factory, 114 F.3d at 1426 (emphasis added) (quoting Shaw, 82 F.3d at 1220). However, “[w]hen the truth of facts in an ‘integral' document are contested by the well-pleaded facts of a complaint, the facts in the complaint must prevail.” Princeton Univ., 30 F.4th at 342.
III. Decision
BOA argues Plaintiffs have failed to state a claim under EFTA and Regulation E; failed to sufficiently assert any contract-related claims; and failed to allege claims for negligence, negligence per se, or negligent hiring, supervision and retention. (ECF No. 37-1 at 7-33.) BOA submits the FAC should be dismissed with prejudice because Plaintiffs had ample time to amend their Complaint, with the benefit of possessing BOA's initial motion to dismiss, but still failed to address the “glaring deficiencies” therein. (Id. at 3.) Plaintiffs respond that they have sufficiently pleaded each of the causes of action. (ECF No. 38.) BOA reaffirms in reply that each of the claims should be dismissed. (ECF No. 40.)
A. The EFTA and Regulation E (Count I)
1. EFTA, 15 U.S.C. § 1693f
BOA submits Plaintiffs' claim under the EFTA and Regulation E fails as a matter of law because Plaintiffs have not alleged sufficient facts to state a claim for violation of 15 U.S.C. § 1693f or 12 C.F.R. § 1005.11. (ECF No. 37-1 at 7-17.) Specifically, BOA claims Plaintiffs do not allege any facts that Brooks experienced or reported any fraudulent transactions, only that BOA froze his account when it should not have been frozen, and therefore, they do not state a claim under Section 1693f. (Id. at 8.) Further, BOA argues Plaintiffs, collectively, have failed to plead that they provided sufficient notice to BOA of the transactions to trigger BOA's obligations under the regulations, which require the reporter to convey the type, date and amount of error, as well as the reason the customer believes the error exists. (Id.) Relatedly, BOA contends there are ten possible bases for violation under the EFTA, but Plaintiffs fail to identify which bases apply to which Plaintiffs. (Id. at 10.) Overall, BOA argues the FAC lacks sufficient facts related to the sufficiency of BOA's investigations, decisions to issue or not to issue provisional credits, and communications with Plaintiffs regarding their ultimate decision to credit or not to credit the accounts. (Id. at 12-13.) Finally, BOA submits that Plaintiffs' assertions of wrongdoing are based on BOA's attempt to “circumvent” its obligations under EFTA and Regulation, which is not a requirement under the regulations. (Id. at 14.)
Plaintiffs respond that they properly alleged facts demonstrating BOA violated the EFTA and Regulation E through their acts and omissions when handling Plaintiffs' accounts, and further, by failing to provide Plaintiffs and Class Members with the required twenty-one-day notice prior to changing their investigation processes. (ECF No. 38 at 8.) BOA also argues Plaintiffs have failed to allege sufficient facts showing they provided the requisite notice to BOA, and Plaintiffs' allegations about BOA's freezing of their accounts is futile because BOA is permitted to freeze accounts under the regulations. (ECF No. 40 at 2-6.)
The EFTA and its implementing regulations, including Regulation E, “impose, in certain situations, liability on banks for unauthorized electronic fund transfers . . . drawn against their customers' accounts.” Marquess v. Pa. State Emples. Credit Union, 427 Fed.Appx. 188, 188-89 (3d Cir. 2011) (citing 15 U.S.C. § 1693, et seq.; 12 C.F.R. § 205.6, et seq.). The EFTA was enacted “to provide a basic framework establishing the rights, liabilities, and responsibilities of participants in electronic fund and remittance transfer systems,” especially regarding individual consumer rights. Perry v. OCNAC #1 Fed. C.U., 423 F.Supp.3d 67, 77 (D.N.J. 2019) (citations omitted). Generally, the EFTA provides a private cause of action to the customer seeking damages for the financial institutions' unauthorized electronic transfer of funds from the customer's account. Id.
Specifically, Section 1693f of the EFTA requires financial institutions to “investigate [an] alleged error, determine whether an error has occurred, and report or mail the results of such investigation . . . within ten business days,” if the customer provides notice of the purported error within sixty days of the financial institution having transmitted to the customer a periodic statement containing the error. 15 U.S.C. § 1693f(a); see also 12 C.F.R. § 205.6(b)(3) (“A consumer must report an unauthorized electronic fund transfer that appears on a periodic statement within 60 days of the financial institution's transmittal of the statement to avoid liability for subsequent transfers.”). Under the EFTA, an unauthorized electronic fund transfer is an error. See 15 U.S.C. § 1693f(f)(1).
A customer's notice under this Section must: (1) set forth the name and account number of the consumer, or set forth information to otherwise enable the institution to identify the customer; (2) indicate the customer's belief that the documentation or the customer's account contains an error, and the amount of the alleged error; and (3) set forth the reasons for the customer's belief that an error has occurred. 15 U.S.C. § 1693f(a). The customer must take “steps reasonably necessary to provide the institution with pertinent information” and must notify the institution in person, by telephone, or in writing. 12 C.F.R. § 205.6(b)(5). The financial institution's obligations under the EFTA are triggered once proper notice is given. See 15 U.S.C. § 1693f(a).
Plaintiffs argue each named Plaintiff has met the requirements of 15 U.S.C. § 1693f(a) by providing sufficient information for BOA to identify their accounts, reporting the amount of the errors on the accounts, and stating their beliefs as to why the account contained the errors. (ECF No. 38 at 10, 12, 14, 15.) However, “the statute's notice requirement is more demanding: it requires Plaintiff[s] to provide notice within sixty days of the date on which the unauthorized transfer first appeared on the account statement.” Perry, 423 F.Supp.3d at 77. In other words, in order to trigger BOA's error resolution requirements and to avoid liability for subsequent transfers, the EFTA and Regulation E require consumers to report any unauthorized electronic fund transfers within the sixty-day window, which begins on the date the financial institution sends the periodic statement containing the problematic charge. See 15 U.S.C. § 1693f(a); 12 C.F.R. § 205.6(b)(3).
“While proof of Plaintiff[s'] untimely notice may limit [BOA's] liability . . ., it does not necessarily complete the EFTA analysis.” See Perry, 423 F.Supp.3d at 78. If notice is untimely, the EFTA places the burden of proof on the financial institution to show that Plaintiffs are liable for the allegedly unauthorized transfers because timely notice would have prevented the subsequent unauthorized transfers. See 15 U.S.C. § 1693g(a). Therefore, BOA is not responsible for reimbursing “losses the financial institution establishes would not have occurred but for the failure of the consumer to report [the unauthorized transfers] within sixty days of transmittal of the statement.” Id. In other words, “the EFTA may still provide recovery for consumers who fail to timely report unauthorized transfers,” but the failure to provide timely notice makes the consumer liable for any transfers that could have been prevented had the notice been timely. Exarhos v. JPMorgan Chase Bank, N.A., No. 20-7754, 2021 WL 3047152, *2 (N.D. Ill. July 20, 2021) (citing Perry, 423 F.Supp.3d at 78; Cifaldo v. BNY Melon Inv. Serv. Tr. Co., No. 17-842, 2017 WL 6513342, at *4 (D. Nev. Dec. 19, 2017)).
Plaintiffs' recovery is dependent upon when notice of the alleged fraud was provided. See 12 C.F.R. § 205.6(b)(3) (“[T]he consumer's liability shall not exceed the amount of the unauthorized transfers that occur after the close of the 60 days and before notice to the institution, and that the institution establishes would not have occurred had the consumer notified the institution within the 60-day period.”) For example, in Exarhos, the defendant financial institution, Chase, issued a statement to the plaintiffs, the Exarhoses, containing the unauthorized transfer on October 16, 2019. Exarhos, 2021 WL 3047152 at *3. The EFTA required the Exarhoses to report the transfer within sixty days, by December 15, 2019, but the transfer was not reported until July 24, 2020. Id. Other than the initial unauthorized transfer appearing in the October 2019 statement, the remaining fraudulent transfers at issue in the case occurred between December 15, 2019 and July 24, 2020. Id. Therefore, the Court explained “if Chase establishes that the remainder of the unauthorized transfers would not have occurred if the Exarhoses timely reported the October 2019 transfer, the Exarhoses would be liable for the transfers.” Id. (citations omitted). However, the Court held that was a factual issue not appropriate for the pleading stage. Id. at *4.
Here, the Court lacks information on the threshold issue regarding when each of the allegedly unauthorized transactions first appeared on Plaintiffs' respective account statements, which is a crucial piece of information for this Court to consider. (ECF No. 36 ¶¶ 79-99); see also Scheffler v. TD Bank, N.A., No. 18-6688, 2019 WL 192651, *5 (D.N.J. Jan. 15, 2019). Instead, Plaintiffs' FAC contains the following facts relating to the timing of their reports:
80. On May 23, 2021, [Beaman] experienced fraud on her account.
The fraudulent transactions included purchases totaling approximately $300. On May 23, 2021, she discovered the fraudulent transactions when she called [BOA] after her card was declined. [BOA] told her a fraudulent person made purchases on the account. On May 23, 2021, during the same phone call, she reported the fraud to [BOA] disclosing that a fraudulent transaction totaling $300.00 had occurred on her account. ....
84. Stefan Brooks . . . was shopping at a grocery store when his [BOA] card was declined. Stefan Brooks had sufficient funds to easily cover his purchases in his account, and his card should not have been declined. However, his card was nevertheless declined. [Brooks] received no notice of this freeze, or hold, prior to [Brooks's] use of his card....[Brooks's] account was frozen again without notice when [he] was attempting to buy groceries a second time....[Brooks's] card was then frozen for a third time. ....
93. On October 24, 2021, $7000.00 was transferred from [Roselli's] Bank account without [her] approval or knowledge.
94. On October 31, 2021, $9800.00 was transferred from [Roselli's] account without [her] approval or knowledge.
95. Both transfers were to a Sutton Bank account which [Roselli] had no connection with, and continues to have no connection with.
96. [Roselli] immediately contacted [BOA] when she learned of the $16,800.00 worth of fraudulent activities that drained her account. [She] gave [BOA] notice [of] these fraudulent transactions and informed [BOA] of specific transactions that were fraudulent.(ECF No. 36 ¶¶ 80, 84, 86, 88, 93-96.) Then, Plaintiffs generally allege, “Plaintiffs and Class Members provided notice to [BOA] within 60 days after [BOA] sent a period statement reflecting an unauthorized transaction . . . consistent with [the EFTA and Regulation E].” (Id. ¶ 108.)
Plaintiffs provide no information about when the fraudulent charges first appeared on their account statements, making it impossible for this Court to determine whether Plaintiffs' reports to BOA were made within sixty days of BOA's transmittal of a statement. See 12 C.F.R. § 205.6(b)(3). While Plaintiffs claim in their FAC that their notice complied with the sixty-day notice provision, such an allegation is “no more than [a] conclusion[], [which is] not entitled to the assumption of truth.” Santiago v. Warminster Twp., 629 F.3d 121, 130 (3d Cir. 2010) (quoting Iqbal, 556 U.S. at 679); see also Papasan, 478 U.S. at 286 (explaining a court is “not bound to accept as true a legal conclusion couched as a factual allegation”).
BOA's liability relative to Plaintiffs', if BOA is liable at all, is dependent upon the timing of each of Plaintiffs' receipt of their account statements compared to the timing of their notice to BOA. See 12 C.F.R. § 205.6(b)(3) (“If the consumer fails to [report an unauthorized electronic fund transfer that appears on a periodic statement within 60 days of the . . . transmittal of the statement], the consumer's liability shall not exceed the amount of the unauthorized transfers that occur after the close of the 60 days and before notice to the institution, and that the institution establishes would not have occurred had the consumer notified the institution within the 60-day period.”). Plaintiffs allege facts relating to when Beaman discovered the fraud on her account in March 2021, and claim Roselli contacted BOA “when she learned” of the fraud that occurred in October 2021, but do not state when those fraudulent charges were initially transmitted to Plaintiffs. Plaintiffs' failure to allege when each Plaintiff received the statement containing the allegedly fraudulent transfer prevents this Court from determining whether, or which, of the Plaintiffs met the threshold for triggering the error resolution processes set forth in 15 U.S.C. § 1693f. See Scheffer v. TD Bank, N.A., No. 18-6688, 2019 WL 192651, at *5 (D.N.J. Jan. 15, 2019) (noting the plaintiff failed to “allege the dates on which she received documentation like an account statement that might show electronic transfers from her checking and savings accounts,” in violation of 15 U.S.C. § 1693f(a), but dismissing for violation of the statute of limitations); Golden-Koether v. JPMorgan Chase Bank, N.A., No. 11-3586, 2011 WL 6002979, at *2 (D.N.J. Nov. 29, 2011) (dismissing the plaintiffs' EFTA claim for violation of the statute of limitations, “[e]ven presuming that [the p]laintiffs satisfied the prerequisite of providing notice within sixty days of receiving the bank statement.”).
Ultimately, the extent of liability facing BOA, if any, is dependent upon when Plaintiffs received their statements containing the allegedly fraudulent transfers, and how soon after those charges were reported to BOA. 15 U.S.C. § 1693f(a); 12 C.F.R. § 205.6(b)(3). Plaintiffs' failure to provide any information about their receipt of account statements prevents BOA from fully responding to Plaintiffs' allegations and inhibits this Court's ability to assess liability between the parties. In re Bank of America California Unemployment Benefits Litig., No. 21-2992, 2023 WL 3668535, *5 (S.D. Ca. May 25, 2023) (“A complaint that doesn't allege that a consumer provided timely notice doesn't state a claim under the EFTA. At the pleading stage, a complaint must state sufficient facts, construed in the light most favorable to the plaintiff, to plausibly allege timely notice.”).Without providing those “operative piece[s] of information,” Perry, 423 F.Supp.3d at 78, Plaintiffs fail to trigger the error resolution processes set forth in EFTA and Regulation E. Accordingly, Plaintiffs' claim for violation of the EFTA, specifically, 15 U.S.C. § 1693f, and the corresponding provisions of Regulation E, is dismissed without prejudice and with opportunity to amend.
BOA's arguments relating to the substantive sufficiency of the allegations can be re-raised, if applicable, in a motion to dismiss Plaintiffs' amended pleading.
2. EFTA, 15 U.S.C. § 1693c
BOA argues Plaintiffs' Section 1693c claim fails because, from the onset of the parties' relationship, Plaintiffs' Account Agreement permitted BOA to freeze their accounts upon suspicion of fraud or irregular activity without prior notice to the account holder. (ECF No. 37-1 at 14-17.) Because there has been no change to that term of their Agreement, BOA claims they were not required to notify Plaintiffs of any such change under Section 1693c. (Id.) Alternatively, BOA submits any decision to freeze accounts would fall into an EFTA exception, allowing for changes to terms or conditions where the change is immediately necessary to maintain or restore the security of the account. (Id.) Plaintiffs respond that BOA decreased Beaman and Brooks's access to their respective accounts without a twenty-one-day notice, in violation of 15 U.S.C. § 1693c(b). (ECF No. 38 at 19-21.) BOA contends Plaintiffs fail to address either of their arguments for dismissal, including that Plaintiffs failed to identify any change to a term or condition of their agreement. (ECF No. 40 at 6-7.) BOA further argues Plaintiffs failed to address that the EFTA does not require notice of a term or condition change that is immediately necessary, and holding otherwise would cripple BOA and other financial institutions from combatting fraud. (Id.)
The EFTA requires financial institutions to disclose, in readily understandable language, the terms and conditions of electronic fund transfers on a consumer's account, at the time the consumer contracts for the service. 15 U.S.C. § 1693c(a). Under this Section, the financial institution is responsible for notifying a consumer “in writing at least twenty-one days prior to the effective date of any change in any term or condition of the consumer's account” if that change “would result in greater cost or liability for such consumer or decreased access to the consumer's account.” 15 U.S.C. § 1693c(b). However, the financial institution may implement a change without prior notice “when such change is immediately necessary to maintain or restore the security of an electronic fund transfer system or a consumer's account.” Id.
Plaintiffs' initial Account Agreement, disclosed at the time they contracted with BOA for its services through the New Jersey Department of Labor and Workforce Development, permitted BOA to freeze Plaintiffs' accounts if the bank suspected irregular, unauthorized, or unlawful activities, pending an investigation. (ECF No. 37-2, Lustberg Dec., Ex 1 (“Account Agreement”) § 2) (“If we suspect irregular, unauthorized, or unlawful activities may be involved with your Account, we may ‘freeze' (or place a hold on) the balance pending an investigation of such suspected activities. If we freeze your Account, we will give you a notice required by law.”) This provision was included in the agreement, in readily understandable language, at the time of the contract. See 15 U.S.C. § 1693c(a). It was not subsequently added or changed, which would have triggered the twenty-one-day notice requirement of Section 1693c(b).
The Account Agreement was provided by BOA as an exhibit to an attorney certification in support of its Motion to Dismiss. The Court is free to consider the document in determination of BOA's motion to dismiss, because the Account Agreement is integral to and was explicitly relied upon in Plaintiffs' FAC. See In re Burlington Coat Factory, 114 F.3d at 1426 (“Plaintiffs cannot prevent a court from looking at the texts of the documents on which its claim is based by failing to attach or explicitly cite them.”); Scheffler, 2019 WL 192651 at *2 (finding the Court could consider the parties' Account Agreement, which was not attached to the plaintiff's complaint because the agreement was integral to the plaintiff's claims).
Plaintiffs argue Beaman and Brooks experienced decreased access to their accounts, which they call a “change in their account,” without any notice from BOA, in violation of the EFTA. (ECF No. 38 at 19-20.) However, Plaintiffs misunderstand the provision. The freeze, or the alleged “change in their account,” is not prohibited by Section 1693c(b). Instead, it is permitted by the parties' Account Agreement. (See Account Agreement § 2). Had BOA unilaterally changed the terms and conditions relating to the parties' rights and obligations under the provision governing the freezing of accounts, notice would have been required. See 15 U.S.C. § 1693c(b). Here, Plaintiffs' allegations only demonstrate BOA froze Plaintiffs' accounts upon suspected fraudulent activity, which is permissible under the original Account Agreement, and did not require prior notice because there was no change to the provision from the parties' initial agreement. (See Account Agreement § 2). Because Plaintiffs fail to identify any change or alteration to the terms and conditions of their initial agreement with BOA, their claims under Section 1693c also fail.Accordingly, Plaintiffs' cause of action for violation of 15 U.S.C. § 1693c similarly fails, and BOA's motion to dismiss the claim is granted.
To the extent Plaintiffs challenge that BOA was required under the Account Agreement to give “notice required by law,” such an argument is not sustainable under the EFTA.
Whether BOA provided sufficient notice under the agreement, which requires notice be provided “by law,” is a separate cause of action unrelated to this provision of the EFTA.
B. Contract-Related Claims (Counts IV-VI)
1. Breach of Contract (Count IV)
BOA argues Plaintiffs' claim for breach of the Account Agreement must be dismissed because none of the theories advanced by Plaintiffs are sufficiently pleaded. (ECF No. 37 at 1727.) First, BOA submits Plaintiffs fail to state a claim based on violations of the investigation or reimbursement provisions of the agreement because: (1) Brooks does not allege he experienced such an intrusion; (2) Plaintiffs fail to allege they provided contractually-required notice to trigger any obligations under the agreement; and (3) Plaintiffs fail to allege BOA breached any contractual provision because Plaintiffs do not assert the fraudulent transactions on their accounts were “unauthorized” according to BOA's investigation. (Id. at 18-20.) BOA also claims Plaintiffs' breach of contract claim relating to the freezing of Plaintiffs' accounts fail, because Plaintiffs attempt to hold BOA to a standard higher than the one articulated in the Account Agreement. (Id. at 20-22.) Lastly, BOA argues there is no factual basis for Plaintiffs' claims that BOA disregarded instructions from the LWD because the Account Agreement did not require BOA to make funds available to Plaintiffs when the accounts were frozen. (Id. at 22-23.)
Plaintiffs respond they have properly pleaded a cause of action for breach of contract by providing notice of the alleged errors pursuant to the terms of the Account Agreement, but allege BOA's account freezes continued to breach the terms of the contract. (ECF No. 38 at 33-36.) BOA maintains Plaintiffs' breach of Account Agreement claim must be dismissed. (ECF No. 40 at 79.)
Under North Carolina law, to state a claim for breach of contract, a plaintiff must allege “(1) existence of a valid contract and (2) breach of the terms of that contract.” MedShift, LLC v. Charles W. Morgan Pelle, LLC, 584 F.Supp.3d 112, 122 (W.D. N.C. 2022) (quoting Poor v. Hill, 530 S.E.2d 838, 843 (N.C. 2000)). Where a complaint alleges both of those elements, “it is error to dismiss a breach of contract claim under Rule 12(b)(6).” Woolard v. Davenport, 601 S.E.2d 319, 322 (N.C. 2004).
See Account Agreement § 18 (“The Agreement will be governed by the laws and regulations of the United States and, to the extent not so covered, by the laws and regulations of the State of North Carolina.”). Neither party disputes the application of North Carolina law to this action.
Plaintiffs allege they “entered into a Cardholder Agreement with [BOA] that require[d] [BOA] to administer LWD benefits to them through prepaid debit cards.” (ECF No. 36 ¶ 138.) The parties do not dispute that the Account Agreement was a valid contract, only whether the Account Agreement was breached. Plaintiffs allege BOA breached Sections 9, 2 and other miscellaneous provisions of the Account Agreement. (See id. ¶¶ 139-42.) Section 9 covers BOA's “Zero Liability” Policy for Unauthorized Transactions which states:
Federal law . . . may limit your liability for unauthorized transactions on your Account, but you may still be liable in some circumstances. Under the [BOA] “zero liability” policy, you may incur no liability for unauthorized use of your Card up to the amount of the unauthorized transaction, provided you notify us within a reasonable time of the loss or theft of your Card, Card number or PIN or its unauthorized use, subject to [certain enumerated] terms and conditions[.]”(Account Agreement § 9.) Plaintiffs also refer to a Section entitled “WHEN YOU WILL HEAR
FROM US” which states:
We will determine whether an error occurred within 10 business days after we hear from you - and will correct any error promptly.
If we need more time, however, we may take up to 45 days to investigate your complaint or questions. If we decide to do this, we will credit your Account within 10 business days for the amount you think is in error ....(Id.). Lastly, Plaintiffs' FAC references portions of Section 2 entitled, “When Funds are Available for Withdrawal,” and “‘Freezing' Your Account,” which state:
Funds are available for your use on the day we have been instructed by [LWD] to fund your Account. Once the funds are available, you may make the transactions described [therein]. Funds received by us may be delayed for a longer period of there is an emergency .... We will notify you if we delay your ability to make transactions as a result of an emergency .... ....
If we suspect irregular, unauthorized, or unlawful activities may be involved with your Account, we may “freeze” (or place a hold on) the balance pending an investigation of such suspected activities. If we freeze your Account, we will give you a notice required by law.(Id. § 2.) Plaintiffs allege BOA breached these provisions by:
(a) failing to timely and reasonably investigate and resolve their fraud claims;
(b) failing to reimburse them for unauthorized transactions;
(c) failing to provide them with provisional credit when [BOA's] investigation . . . exceed[ed] 10 business days;
(d) failing to limit their liability for unauthorized transactions;
(e) freezing or blocking their LWD Debit Card Accounts without a reasonable basis for suspecting irregular, unauthorized, or unlawful activities . . ., and beyond the length of time necessary for a reasonable investigation;
(f) freezing or blocking their LWD Debit Card Accounts for reasons other than those specified in the Cardholder Agreement;
(g) failing to make funds available to them . . . on the day [BOA] ha[d] been instructed by the LWD to fund their Accounts; and (h) otherwise failing to make funds available to them in accordance with LWD's instructions.(ECF No. 36 ¶ 142.) Plaintiffs further allege they were harmed by BOA's conduct and suffered actual damages, despite providing valuable consideration for the services they received. (Id. ¶ 143).
Plaintiffs' allegations of breach fall into three categories: (1) BOA failed to timely and properly investigate and reimburse Plaintiffs for the allegedly fraudulent transactions on their accounts; (2) BOA froze or suspended the accounts in a manner inconsistent with the agreement, including the length of time the accounts were frozen and the reasons for which they were frozen; and (3) BOA failed to make funds available to Plaintiffs in account with LWD's instructions. Each theory fails.
a. Investigation and Reimbursement
Plaintiffs' allegations for breach of the investigation and reimbursement provisions of BOA's Account Agreement fail. In Hardin v Bank of America, N.A., the plaintiffs sued BOA for several causes of action relating to BOA's administration of unemployment benefits in Michigan during the COVID-19 Pandemic, including for breach of contract. No. 22-10023, 2022 WL 3568568, *4 (E.D. Mich. Aug. 18, 2022). The Michigan District Court applied North Carolina state law, which governed the applicable agreement between BOA and the State. Id. at *4.
First, the Hardin court dismissed one of the plaintiff's claims for breach of contract under this theory because she failed to allege her account experienced a fraudulent transaction, only that it was impermissibly frozen. Id. To the extent Brooks, in our case, has failed to allege that he experienced or reported any unauthorized transaction to BOA, he similarly cannot sustain a claim for breach of a contractual provision governing BOA's obligations related to unauthorized transactions. Id. (“Without an unauthorized transaction, [the] [d]efendant could not breach its duties to reimburse [the plaintiff] for an unauthorized transaction.”). Plaintiffs' opposition fails to address this point, and instead, focuses on Plaintiffs Beaman and Roselli. (See ECF No. 38 at 35.) Accordingly, to the extent the FAC alleged a breach of BOA's investigation and reimbursement responsibilities as to Plaintiff Brooks, those claims are dismissed.
The Hardin court dismissed the remaining plaintiffs' cause of action for breach under this theory for separate reasons. First, the court held the remaining plaintiffs “never alleged that they complied with the contract's requirements to provide notice that would trigger [BOA's] duties to investigate and reimburse a potential unauthorized transaction” including by failing to allege they provided the necessary information to verify their identity or whether they followed up in writing, as required by the agreement. Id. at *5. Further, the Hardin court explained, even if the plaintiffs provided the proper notice, “no allegations show that [BOA], after an investigation, violated its duty to reimburse[,]” in other words, whether BOA simply determined the transactions were not fraudulent. Id. Accordingly, the Hardin plaintiffs' breach of contract claims related to the unauthorized transactions were dismissed. Id.
Here, Plaintiff Beaman and Roselli's claim for breach of BOA's investigation and reimbursement obligations fails for the latter reason. Section 9 of the Account Agreement only applies to claims that are unauthorized, which is defined as a transaction “initiated by someone other than you (the cardholder) without your actual or apparent authority, and you receive no benefit from the transaction.” (Account Agreement § 9.) It is in BOA's sole discretion whether the “facts and circumstances . . . reasonably support a claim of unauthorized use.” (Id.) If the transaction is not found to be “unauthorized,” Section 9 of the Account Agreement detailing “[BOA's] ‘Zero Liability' Policy for Unauthorized Transactions” does not apply. Section 11 similarly provides BOA with great flexibility in investigating a cardholder's allegation of error, again, allowing BOA to “determine whether an error occurred” before its responsibilities under the provision are triggered. (Id. § 11.)
Plaintiffs' allegations in the FAC do not sufficiently allege BOA unreasonably failed to reach either conclusion-that the transactions were unauthorized, or an error occurred. While Plaintiff Beaman alleges “[BOA] told her a fraudulent person made purchases on the account,” (ECF No. 36 ¶ 80), she does not sufficiently allege the facts and circumstances surrounding the transaction supported a claim for unauthorized use, in BOA's discretion, and that BOA still failed to fulfill its obligations under the Agreement. Plaintiff Roselli does not mention BOA's investigation into the transactions or errors at all. (Id. ¶¶ 92-98.) In short, none of Plaintiffs' allegations support that BOA, “after an investigation, violated its duty to reimburse.” Hardin, 2022 WL 3568568 at *5. Without more detailed factual allegations, Plaintiffs' fail to state a claim for breach of the Account Agreement, and their allegations under the theories of investigation and reimbursement are dismissed. See California Unemployment Benefits Litig., 2023 WL 3668535 at *27 (“Based on the plain language of the contract, Plaintiffs can't allege [BOA] breached its obligations under the Account Agreement simply by disagreeing with the outcome.”).
b. Account Freezing
Plaintiffs allege their accounts were frozen without a “reasonable basis” for suspecting fraudulent activities; beyond the time reasonably necessary for an investigation; and for reasons other than those specified in the agreement. (ECF No. 36 ¶ 142.) However, the Account Agreement does not require a “reasonable basis” to freeze an account, only a suspicion of fraudulent activity. (See Account Agreement § 2.) Plaintiff Beaman reported allegedly fraudulent transactions to BOA the same day her account was frozen, which support an inference the freeze on her account was motivated by a suspicion of fraud, as permitted by the Agreement. (ECF No. 36 ¶¶ 80-81). Plaintiff Brooks failed to offer any facts to support his allegation that BOA froze his account for any reasons other than those permitted by the Agreement, (id. ¶¶ 84-91), and Plaintiff Roselli does not allege her account was frozen at all, (id. ¶¶ 92-99). Further, there is no time limit imposed by the terms of the contract, and instead, BOA is permitted to freeze accounts until the end of its investigations into those suspicions. (Account Agreement § 2.) Accordingly, Plaintiffs' assertion that their accounts were frozen beyond the time necessary for an investigation is insufficient to support allegations of breach under this theory. Plaintiffs' breach of contract claims relating to breach of the account freezing provisions are dismissed. See Hardin, 2022 WL 3568568 at *5 (dismissing the plaintiffs' breach of contract claims relating to BOA's freezing of their accounts because the contract did not include a reasonable basis requirement, only a suspected fraud requirement, and because the contract did not contain a time limit for how long BOA could freeze an account if the investigation was pending); see also Eggiman v. Bank of America, N.A., No. 22-10298, 2023 WL 2647071, *6 (D. Mass. Mar. 27, 2023).
c. Availability of Funds
While generally, BOA is required to make funds available in accordance with LWD's instructions, BOA is not required to do so while Plaintiffs' accounts are frozen. (See Account Agreement at § 2.) Plaintiffs fail to allege facts or circumstances wherein BOA failed to issue or make available funds to their accounts in accordance with instructions from LWD, in a situation other than when Plaintiffs' accounts were frozen. Without identifying such circumstances, “the Court will dismiss breach of contract claims that stem from [BOA] ‘failing to make funds available to [Plaintiffs].'” Hardin, 2022 WL 3568568 at *5; see also California Unemployment Benefits Litig., 2023 WL 3668535 at *27 (“In addition to Section 2's funding language, the Account Agreement also contains numerous provisions that allow [BOA] to restrict access to accounts .... Adopting Plaintiffs' interpretation would render large portions of the Account Agreement [to] no effect.”).
2. Breach of Implied Covenant of Good Faith and Fair Dealing (Count VI)
BOA submits Plaintiffs' Implied Covenant of Good Faith and Fair Dealing claim must fail because: (1) Plaintiffs cannot use an implied covenant to manufacture obligations under an existing agreement, if those obligations were not included in said agreement; (2) Plaintiffs cannot bring allegations under this theory that are duplicative of their allegations of breach of contract; and (3) the proposed terms of BOA's obligations were too vague to be interpreted or imposed by a Court or jury. (ECF No. 37 at 23-25.) Plaintiffs argue the implied covenant exists in every contract, and where the claims for implied covenant and breach of express contract are plausibly pleaded, the issue should not be addressed at the pleading stage. (ECF No. 38 at 37-39.) They contend BOA breached the implied covenant by failing to provide adequate customer service and reasonable measures to safeguard their information, like failure to use EMV chip technology. (Id.) BOA responds the implied covenant only protects the benefits for which the parties actually bargained in the contract, and not extra-contractual benefits like EMV chip technology. (ECF No. 40 at 10.)
“In every contract there is an implied covenant of good faith and fair dealing that neither party will do anything which injures the right of the other to receive the benefits of the agreement.” Williams v. Craft Dev., LLC, 682 S.E.2d 719, 723 (N.C. Ct. App. 2009) (quoting Bicycle Transit Auth. v. Bell, 333 S.E.2d 299, 305 (N.C. 1985)). However, “an asserted implied term cannot be used to contradict the express terms of a contract.” Liris S.A. v. Morris & Assocs., Inc., 496 F.Supp.3d 931, 942 (E.D. N.C. 2020) (citations omitted); see also Rich Food Servs., Inc. v. Rich Plan Corp., 98 Fed.Appx. 206, 211 (4th Cir. 2004); Cordaro v. Harrington Bank, FSB, 817 S.E.2d 247, 256 (N.C. 2018) (“As a general proposition, where a party's claim for breach of the implied covenant of good faith and fair dealing is based upon the same acts as its claim for breach of contract, we treat the former claim as ‘part and parcel' of the latter.”). The implied duty is further “not understood to interpose new obligations about which the contract is silent, even if inclusion of the obligation is thought to be logical and wise.” E. Shore Mkts, Inc. v. J.D. Assocs. Ltd., 213 F.3d 175, 184 (4th Cir. 2000).
Plaintiffs claim BOA breached the covenant of good faith and fair dealing by:
(a) failing to take reasonable and necessary steps to safeguard Plaintiffs' and Class Members' LWD benefits, including but not limited to
(i) failing to issue LWD Debit Cards with EMV chip technology,
(ii) failing to secure Plaintiffs' and Class Members' Cardholder Information and other sensitive personal information that could be used by third parties to effect unauthorized transactions,
(iii) failing to adequately monitor for fraudulent or suspected fraudulent transactions on LWD Debit Cards and Accounts, and
(iv) failing to promptly issue LWD Debit Cards with EMV chips and to increase its efforts with respect to securing personal information, fraud monitoring, and otherwise safeguarding benefits in light of the foreseeable and actual rise in the number of LWD Debit Cardholders and the amount of financial fraud caused by or related to the [Pandemic];
(b) failing to ensure its customer service operations were capable of providing effective assistance to LWD Debit Cardholders who experienced fraud on their LWD Debit Card or Account, including during the [P]andemic;
(c) failing to warn or notify LWD Debit Cardholders that their LWD benefits were and remain subject to, or at risk of being subject to, actual or suspected unauthorized use;
(d) failing to timely or adequately process and investigate LWD Debit Cardholders' claims regarding unauthorized transactions;
(e) failing to extend provisional credit in cases where LWD Debit Cardholders' fraud claims are not timely resolved;
(f) freezing or blocking LWD Debit Card Accounts without a reasonable basis for believing that the Cardholders themselves had committed fraud, and for longer than it would reasonably take to investigate any such belief;
(g) failing to provide LWD Debit Cardholders any reasonable means of contesting [BOA's] purported basis for freezing their LWD Debit Card Accounts or for otherwise getting their Accounts unfrozen; and
(h) freezing or blocking LWD Debit Card Accounts not to protect the Cardholders, but rather to protect [BOA] itself, from liability for third-party fraud.(ECF No. 36 ¶ 154.) Plaintiffs' breach of implied covenant claims generally center on BOA's failure to effectively deal with or warn them of alleged fraud, failure to timely investigate unauthorized transactions, failure to issue provisional credit while investigating claims, improperly freezing accounts. (Id.) Each of these purported breaches of the implied covenant are alleged as breaches of the parties' express contract. Accordingly, these claims are dismissed as duplicative. See Hardin, 2022 WL 3568568 *6; Cordaro, 817 S.E.2d at 256.
As for Plaintiffs' claims relating to BOA's failure to issue certain safeguards, including issuing debit cards with EMV chip technology, those allegations similarly fail. These are new obligations, not agreed to by the parties, which “impermissibly contradict or expand the scope of the express terms of the contract.” See Eggiman, 2023 WL 2647071, *8. Because the implied covenant is not meant to impose new obligations upon the parties, Plaintiffs' breach of implied covenant claim is dismissed. See E. Shore Mkts, Inc., 213 F.3d at 184.
3. Breach of Implied Contract (Count V)
BOA claims Plaintiffs' Implied Contract Claim must fail for the same reasons the implied covenant claim fails, plus: (1) an implied contract cannot exist when there is an express contract about the identical subject; and (2) mutual assent is an essential element of an implied contract claim. (ECF No. 37 at 25-27.) Plaintiffs respond that implied contracts can coexist with express contracts, and BOA violated the implied contract by failing to provide Plaintiffs with “faster, easier, more secured unemployment insurance benefits payments.” (ECF No. 38 at 36-37.) In reply, BOA submits the purported implied contract covers the same subject matter as the parties' express contract--BOA's servicing of LWD debit cards--and therefore, there can be no implied contract. (ECF No. 40 at 10-12.) BOA further argues there is no demonstration of mutual asset, an offer, or a sufficiently enforceable contract term. (Id.)
Plaintiffs' FAC alleges BOA agreed to take reasonable steps to ensure the accounts were secure against unauthorized transactions, and that any claims regarding unauthorized transactions were adequately resolved. (ECF No. 36 ¶ 145.) Similar to the implied covenant analysis above, “[t]here can be no implied contract where there is an express contract between the parties in reference to the same subject matter.” Charlotte Motor Speedway, Inc. v. Tindall Corp., 672 S.E.2d 691, 692 (N.C. Ct. App. 2009) (citations omitted); see also Snyder v. Freeman, 266 S.E.2d 593, 603 (N.C. 1980) (explaining where an express agreement exists, it covers the “whole subject matter” and leaves no promise “implied by law”). The parties clearly have an agreement that deals with the conduct at issue in express terms. Plaintiffs, therefore, “may not add extracontractual terms when an express agreement exists.” Eggiman, 2023 WL 2647071, *7. Accordingly, Plaintiffs' implied contract claim, like their breach of Account Agreement and breach of implied covenant, fails.
C. Negligence Claims (Counts II-III)
1. Negligence and Negligence Per Se (Count II)
BOA submits Plaintiffs' negligence claim fails because: (1) the tort duties alleged have no legal basis; (2) Plaintiffs fail to allege facts to establish causation; (3) and Plaintiffs cannot rely on a theory of negligence per se based on violations of the Gramm-Leach-Bliley Act (“GLBA”), as they fail to identify any provision that was violated. (ECF No. 37 at 27-31.) Plaintiffs respond BOA had a non-delegable, ordinary duty of care to its LWD customers; BOA breached the duty of care by failing to comply with the safeguards it was contractually obligated to ensure; and BOA's breach of duty resulted in direct harm, namely, stolen personal and financial information. (ECF No. 38 at 21-26.) BOA argues in reply that Plaintiffs fail to address the absence of a legal basis for the asserted duties, for example, how an ordinary duty of care gives rise to BOA's obligation to use certain card technology or provide a certain level of customer service. (ECF No. 39 at 12-15.) Further, BOA contends Plaintiffs fail to identify any facts tying the alleged breach of duties to any purported injuries, including whether any breach resulted in their compromised information or fraudulent transactions, and whether chip technology would have prevented the losses. (Id.)
To sustain a cause of action for negligence, a plaintiff must establish: “(1) a duty of care; (2) a breach of that duty; (3) proximate cause; and (4) actual damages.” Townsend v. Pierre, 110 A.3d 52, 61 (N.J. 2015) (citations omitted). A plaintiff must establish those four elements “by some competent proof.” Id. (citations omitted).
Plaintiffs allege BOA had a duty to:
(a) safeguard their [unemployment insurance] and other LWD benefits;
(b) protect them from fraudulent access by unauthorized third parties to the funds paid into their LWD Debit Card Accounts, including by timely and accurately warning them of suspicious activity in those Accounts;
(c) protect them from unreasonable interference with their right and ability to continue to collect, receive, and access the LWD benefits to which they were entitled;
(d) ensure that [BOA's] customer service staffing levels, technology, and operations were capable of providing Plaintiffs and Class Members reasonably timely and effective customer service, including to address those customers' concerns about fraudulent or unauthorized transactions related to their LWD Debit Cards or Accounts;
(e) provide Plaintiffs and Class Members reasonable and adequate notice that their LWD Debit Cards and Accounts were at risk of being subject to unauthorized use or had been subjected to unauthorized use;
(f) timely and adequately investigate and resolve Plaintiffs' and Class Members' claims regarding unauthorized or fraudulent transactions; and
(g) extend to Plaintiffs and Class Members provisional credit in cases where [BOA] failed to timely resolve their fraud-related claims.(ECF No. 36 ¶ 122.) Initially, in Plaintiffs' FAC, Plaintiffs alleged BOA had these duties pursuant to the “special relationship” between Plaintiffs and BOA. (Id.) However, in Opposition to BOA's Motion to Dismiss, Plaintiffs abandon the “special relationship” position and claim BOA owed Plaintiffs “an ordinary duty of care.” (ECF No. 38 at 22-23.) Because Plaintiffs failed to respond to BOA's argument that Plaintiffs failed to plead a “special relationship” between the bank and the customer, (ECF No. 37 at 28), Plaintiffs' claims based on a special relationship between the parties are waived. See Hardin, 2022 WL 3568568 *6. Further, because Plaintiffs failed to plead negligence based upon a theory of BOA's breach of the duty of ordinary care, and it is unclear how, if at all, the duties alleged in Plaintiffs' FAC arise under an “ordinary duty of care,” the Court cannot consider the argument raised for the first time in Plaintiffs' opposition. Accordingly, Plaintiffs' negligence claim is dismissed.
As for the negligence per se portion of Plaintiffs' claim, BOA argues the claim should be dismissed because Plaintiffs fail to allege any facts to support BOA failed to comply with the GLBA and fail to cite the provision BOA allegedly violated. (ECF No. 37 at 30-31.) Plaintiffs argue BOA was required to comply with the GLBA and EFTA, which it failed to do; and the GLBA and EFTA are consumer protection statutes, and therefore, contain a duty of care. (ECF No. 38 at 26-31.) BOA responds Plaintiffs failed to plead the EFTA provisions that would form the basis of this theory; neither the GLBA nor EFTA incorporate the common law standard of care, as is required to plead negligence per se under the statutes; and Plaintiffs fail to plead a violation of either statute. (ECF No. 40 at 12-15.)
Plaintiffs' allegations relating to violation of the GLBA are “conclusory,” which cannot survive a motion to dismiss. See Iqbal, 556 U.S. at 679. Plaintiffs fail to identify how BOA's conduct violated which portion of the GLBA, and how that conduct caused their injuries. See Mest v. Cabot Corp., 449 F.3d 502, 518 (3d Cir. 2006) (detailing the elements of establishing negligence per se). Therefore, Plaintiffs fail to plead a violation of the GLBA. Indeed, negligence per se only arises where the statute incorporates the common law standard of care, but neither the GLBA nor the EFTA, which was raised for the first time in Plaintiffs' opposition, invokes such a duty. See Kelly v. Walker-Grassi, No. 182-03, 2007 WL 162285, at *6 (N.J.Super.Ct.App.Div. Jan. 24, 2007); Ortiz v. Adams, No. 08-04509, 2018 WL 3410027, at *10 (D.N.J. July 13, 2018) (“Because neither of the other statutes referred to by Plaintiff incorporates the common law standards or invokes similar language, any violation of those statutes may be evidence of negligence, but would not constitute negligence per se.”); see also California Unemployment Benefits Litig., 2023 WL 3668535 at *22. Accordingly, Plaintiffs' negligence per se claim is dismissed.
2. Negligent Hiring, Supervision and Retention (Count III)
BOA claims Plaintiffs' negligent hiring cause of action fails because Plaintiffs fail to allege any tort duties to support their claim; and fail to allege any facts to support breach or causation for the claim. (ECF No. 37 at 31-32.) Plaintiffs argue the claim is sufficiently pleaded because it alleges BOA hired various subcontractors to provide customer service, but failed to provide background checks, training or supervision, leading to the loss of their cardholders' data and money. (ECF No. 38 at 31-33.) BOA maintains Plaintiffs fail to allege a legal basis for the asserted duty, and any factual bases trying the injuries to the breach. (ECF No. 40 at 12-15.)
“An employer is potentially liable to a third party whose injury was proximately caused by the employer's negligence in hiring or retaining an employee who is unfit for the job.” Maddox v. City of Newark, 50 F.Supp.3d 606, 636 (D.N.J. 2014) (citing Di Cosala v. Kay, 450 A.2d 508, 514 (N.J. 1982)). To establish a prima facie case of negligent hiring and retention, a plaintiff must establish: (1) “the employer must have had knowledge that the employee is dangerous or unfit” and (2) “the employer's negligence in hiring the employee, the employee's dangerous characteristics or unfitness must have caused the injury.” K.G. v. Owl City, No. 17-8118, 2023 WL 3735891, *7 (D.N.J. May 31, 2023) (citing Lingar v. Live-In Companions, Inc., 692 A.2d 61, 65 (N.J. App. Div. 1997)). Thus, there is an element of foreseeability, which requires a plaintiff to “show that the person's prior conduct somehow foreshadowed the actual harm [the plaintiff] suffered. Maddox, 50 F.Supp.3d at 636 (citing DiCosala, 450 A.2d at 516-17). Similarly, to prove negligent supervision under New Jersey law, a plaintiff must show “[d]efendant should have reasonably foreseen that its employees would injure a customer during the performance of their duties.” K.G., 2023 WL 3735891 at *7 (quoting Brijall v. Harrah's Atl. City, 905 F.Supp.2d 617, 621 (D.N.J. 2012)).
Plaintiffs allege BOA hired subcontractors to hire hundreds of employees to perform customer service and call center operations services without conducting background checks or providing proper training or supervision. (ECF No. 36 ¶¶ 130-31.) Plaintiffs generally allege, “Given [BOA's] failure to conduct background checks or to take other reasonable security measures in hiring employees en masse . . ., it was reasonably foreseeable that such unvetted agents would compromise the security of . . . confidential Cardholder Information.” (Id. ¶ 132.) These allegations fall far short of alleging that BOA knew or should have known the employees hired and retained were “violent or aggressive” or “might engage in injurious conduct.” See Brijall, 905 F.Supp.2d at 620 (dismissing a negligent hiring claim where the hired employee had a lack of criminal history and uneventful work history). They are similarly insufficient to establish reasonably foreseeability the employee would injury a customer in the performance of their duties due to negligent supervision. See K.G., 2023 WL 3735891 at *7; Brijall, 905 F.Supp.2d at 620.
Accordingly, Plaintiffs' claims for negligent hiring, supervision and retention are dismissed.
IV. Conclusion
For the reasons set forth above, BOA's Motion to Dismiss (ECF No. 37) is GRANTED, and Plaintiffs' FAC (ECF No. 36) is DISMISSED WITHOUT PREJUDICE. The matter shall be marked CLOSED. Plaintiffs may file a Second Amended Complaint within twenty-one days curing the deficiencies identified by the Court. Upon the timely filing of a Second Amended Complaint, the matter shall be reopened. Failure to timely file a Second Amended Complaint will result in the matter being dismissed with prejudice.