noting that "courts repeatedly have denied coverage under similar computer fraud provisions, except in cases of hacking where a computer is used to cause another computer to make an unauthorized, direct transfer of property or money"Summary of this case from Am. Tooling Ctr., Inc. v. Travelers Cas. & Sur. Co. of Am.
OPINION AND ORDER
This matter is before the Court on Defendant Great American Insurance Company's ("GAIC") Motion for Summary Judgment , Plaintiffs InComm Holdings, Inc. and Interactive Communications International, Inc.'s (together, "InComm") Motion for Partial Summary Judgment , and GAIC's Motion for Leave to File a Sur-Reply in Opposition to Plaintiffs' Motion for Partial Summary Judgment  ("Motion for Sur-Reply").
This is an insurance coverage dispute involving debit card transactions. InComm, which is in the debit card processing business, had a processing system vulnerability by which a debit card holder could cause credit to be loaded onto their debit card in multiples of the credit amount purchased. The question in this case is whether the credited amounts to which the cardholders were not entitled constitute a loss which GAIC is required to cover under the insurance policy it issued to InComm.
B. InComm's Debit Card Processing Service
InComm provides a service enabling consumers to load funds onto prepaid debit cards issued by banks (the "InComm Process"). ([36.1] ¶¶ 1-4). Cardholders can purchase what are known as "chits" to add prepaid funds onto their cards. ([36.1] ¶¶ 4-5; [27.3] at 8). Chits may be purchased from retailers, such as CVS or Walgreens, for the amount of the chit plus a small service fee. ([36.1] ¶¶ 4-5; [27.3] at 8).
The cards contain a network brand, such as Visa or MasterCard, and "may be used wherever [bank account] debit cards are accepted as long as funds have been loaded on the card." ([36.1] ¶ 3).
The InComm Process consists of an Interactive Voice Response ("IVR") system and Application Processing Servers ("APS"). ([36.1] ¶ 19). The IVR uses eight computers that allow a debit card holder, using telephone voice commands or telephone touch-tone codes, to monitor and request transactions on their debit card account. ([36.1] ¶ 20; [27.3] at 29). The cardholder may, for example, call the IVR system on a telephone to check the balance on their card, report a lost or stolen card, or load money from a chit onto their card. ([27.3] at 29). The APS uses computer servers to provide transaction processing for the InComm Process. ([36.1] ¶ 21). When the cardholder calls the IVR system, the cardholder enters a voice or touchtone command, which is processed by the APS system. ([27.3] at 29; [36.1] ¶ 21). After the APS system completes the processing, it communicates the results to the IVR system, which, in turn, reports the results to the cardholder.
C. Chit Redemptions
When a cardholder purchases a chit from a retailer, the retailer sends InComm the payment it received for the chit. ( at 10-11). InComm holds the transferred funds in an account it maintains at Wells Fargo bank. ( at 10; [26.5] at 10-11; [37.2] at 4-17). To redeem the chit, the cardholder calls InComm's IVR system using the telephone number printed on the back of the chit. ([36.1] ¶¶ 6-7; [37.3] ¶ 9). The IVR system prompts the cardholder to provide three pieces of information: (1) the unique pin number printed on the chit, (2) the account number of the debit card, and (3) sometimes, a three-digit security code printed on the debit card. ([37.3] ¶ 10; [36.1] ¶¶ 8-9, 19-20). After the inputted information is verified by the APS system, the value of the chit is made "immediately available" for use on the debit card. ([37.3] ¶ 11; [27.3] at 31; [26.4] at 30; [26.5] at 20).
The retailer typically wires the payment to InComm within three to seven days after the chit sale. ( at 10-11).
The cardholder also may use an InComm website to redeem the chit. ([36.1] ¶ 6). The parties focus on telephone redemptions because telephone redemptions were used to cause the losses claimed.
Most chit redemptions occur within forty-eight hours after the chit was purchased. ([27.3] at 10).
It is unclear which party is responsible for ensuring that the debit card "immediately" reflects a chit redemption. For cards issued by The Bancorp Bank, for which InComm serves as Program Manager, InComm appears to perform this role. ( at 18-19). InComm ensures the cardholder "is able to use the card" up to the balance on the card. ( at 18-19). It is the issuer, however, that is responsible for transmitting money to the merchant at which the cardholder uses his card to make a purchase.
After a chit is redeemed, InComm transfers funds—in the amount of the chit—to an account at the bank that issued the prepaid debit card. ([37.3] ¶ 12; [36.1] ¶ 13). The transfer is made as required by InComm's contract with the card issuer. ([37.3] ¶ 12;  at 27-29). The funds are maintained in the issuer's bank, for the benefit of the cardholder, until the cardholder uses the card to conduct a transaction. ([37.3] ¶ 15). The issuer then remits, to the seller, funds to pay for the purchase made by the cardholder. ([36.1] ¶ 16; [37.3] ¶ 15; [27.3] at 12;  at 12). If the cardholder uses his card to conduct a transaction before InComm wires the funds to the issuer, InComm's wire effectively reimburses the issuer for the payment it made previously to the merchant from which the cardholder made his purchase. InComm is not involved in payments from the issuer to the merchant. ( at 12, 18).
The card issuer may remit these funds to the seller through the debit card's network brand (for example, Visa or MasterCard). ([26.5] at 18).
Although InComm does not immediately transfer the funds to the issuer's account, "the cardholder still gets to use their card [immediately] because that's between [the issuer] and the cardholder." ( at 20).
D. InComm's Relationship with Bancorp
The dispute here centers on the relationship between InComm and The Bancorp Bank ("Bancorp"), which is governed by contract (the "Bancorp Contract"). InComm is the Program Manager for prepaid debit cards issued by Bancorp. ([37.3] ¶ 34;  at 12; [26.6]). As Program Manager, InComm markets and sells Bancorp's cards, and performs various services, including processing services, to support the cards. ([26.6] at 8;  at 27;  at 12).
A small portion of InComm's alleged losses resulted from InComm's relationship with NetSpend Corporation ("NetSpend"), American Express, and other card issuers. The Court focuses its analysis on the relationship between InComm and Bancorp, but provides additional information about other issuers where appropriate.
When a cardholder redeems a chit for a Bancorp-issued card, InComm is required by its contract with Bancorp to transfer, within fifteen days, funds representing the dollar amount of the chit credit purchased. ([37.3] ¶ 12). Funds usually are transferred by InComm within twenty-four hours after the chit is redeemed. ([36.1] ¶ 15). The funds are transferred from InComm's account at Wells Fargo to an account at Bancorp (the "Bancorp Account"). The account has a Bancorp tax ID number, and the account name is "The Bancorp Bank, for the benefit of [InComm] as holder of the Cardholder Balances for the benefit of Cardholders." ([26.6] at 11;  ¶ 8). The Bancorp Contract provides: "[Bancorp] shall hold all Cardholder Balances in a fiduciary or custodial manner on behalf of [InComm] as holder of the Cardholder Balances for the benefit of Cardholders." ([26.6] at 4). The Bancorp Contract states further (i) that "all Cardholder Balances shall be held in trust for the benefit of the Cardholders," (ii) that neither Bancorp nor InComm "shall have an equitable interest in the Cardholder Balances," and (iii) that "the Cardholder Balances will not be used for any other purpose." ([26.6] at 11).
"The wire is based on all of the reloads on a particular day, which is then transferred the following day to the bank. ([27.3] at 11).
When a consumer redeems a chit for a NetSpend prepaid debit card, InComm is required to transfer funds to "whatever bank account" is designated by NetSpend. ([37.3] ¶ 18;  at 28-29). InComm is not a Program Manager for NetSpend, and it is not aware of how NetSpend cards are used by cardholders. ( at 27-28; [27.3] at 11;  at 45).
E. Unauthorized Chit Redemptions
Debit card holders pay a one-time fee for each InComm chit they purchase. Each chit represents the amount purchased, to be redeemed once. ([36.1] ¶ 30). From November 2013 to May 2014, there was a "code error" in InComm's IVR system. ([37.3] ¶ 21; [36.1] ¶¶ 23, 33). The error permitted chits to be redeemed more than once, essentially allowing cardholders to obtain more chit credit than that to which they were entitled and for which they paid. ([37.3] ¶ 21; [36.1] ¶¶ 23, 33). To obtain multiple redemptions of a single chit, cardholders used more than one telephone simultaneously to access InComm's IVR system to request redemption of the same chit. ([37.3] ¶ 21; [36.1] ¶ 24). The simultaneous redemption requests exploited InComm's coding error, causing the IVR system to send to the APS system (1) a "RedeemReload" request to redeem the chit, followed by (2) a "Reverse" request, which returned the chit to its original, unredeemed status. ([36.1] ¶¶ 27-29). This allowed cardholders to redeem the same chit, multiple times, using the simultaneous phone call scheme. ([36.1] ¶ 26).
The multiple chit redemptions are similar to a person depositing the same check into their bank account more than once and receiving account credit for each deposit.
The offending cardholders obtained an average of 13 redemptions per chit, for a total of 25,553 unauthorized redemptions involving 1,933 separate chits. ([36.1] ¶ 37). InComm processed these simultaneous redemption transactions as legitimate, which required Bancorp to make the redeemed funds immediately available to the cardholders, allowing the offending cardholders to use the funds to make purchases. InComm, consistent with its standard practice, wired the funds to Bancorp within twenty-four hours after it processed the redemptions. ([36.1] ¶ 34; [36.1] ¶¶ 35-36; [27.1] at 26). The average unauthorized redemption from a single chit, multiple times redeemed, was $450. ([36.1] ¶ 37). The highest aggregate amount redeemed from a single chit totaled $135,500. ([37.3] ¶ 30). Ninety percent (90%) of the unauthorized redemptions occurred between April 16, 2014, and May 6, 2014, and totaled approximately $10.3 million. ( ¶ 69). On May 6, 2014, InComm fixed the code error in its IVR system. ([37.3] ¶ 23).
This chit was redeemed 271 times. ([26.9] at 1).
The unauthorized redemptions occurred in at least twenty-eight different states. ([37.3] ¶ 20). The identity of the individuals who redeemed the chits is unknown. ([37.3]¶ 28). Although InComm identified the individuals to whom the relevant debit cards were registered, many of these individuals were victims of identity theft. (See [37.3] ¶ 27). The U.S. Secret Service and local law enforcement agencies have launched criminal investigations into the unauthorized redemptions. ([36.1] ¶ 32).
The unauthorized redemptions caused InComm to transmit $11,477,287 to various debit card issuers. Of this total, $10,796,039 was wired to Bancorp, $664,683 to NetSpend, $16,115 to American Express, and $450 to other card issuers. ([27.3] at 8). In May 2014, InComm deactivated the Bancorp-issued cards that were used to make the unauthorized redemptions. ( ¶ 5). Bancorp currently maintains, in its account, $1,880,769 of the wrongfully redeemed funds. ( ¶ 5; [27.3] at 8). InComm has not asked Bancorp to return the funds. ( ¶¶ 55, 72).
InComm does not know if NetSpend deactivated the prepaid cards it issued and which were used to make unauthorized redemptions. ([37.3] ¶ 36). InComm has not asked NetSpend to return the funds wired to NetSpend as a result of the unauthorized redemptions. ([37.3] ¶ 37).
F. InComm's Insurance Claim for the Unauthorized Redemptions
InComm is insured by GAIC under a policy covering a variety of risks (the "Policy"). The Policy provides for the following coverage:
[GAIC] will pay for loss of, and loss from damage to, money, securities and other property resulting directly from the use of any computer to fraudulently cause a transfer of that property from inside the premises or banking premises:
([37.3] ¶ 1 (the "Computer Fraud Provision")). The Policy defines "premises" as "the interior of that portion of any building you occupy in conducting your business." ([26.3] at 12). The Policy defines "banking premises" as "the interior of that portion of any building occupied by a banking institution or similar safe depository." ([37.3] ¶ 3).a. to a person (other than a messenger) outside those premises; or
b. to a place outside those premises.
The Policy limits coverage to $10 million "per occurrence," subject to a $500,000 deductible "per occurrence." ([26.3] at 5; [36.1] ¶ 39). "Occurrence" is defined as "all loss or losses caused by: (1) an act, or series of related acts; involving one or more persons; (2) an act or acts involving a person or group of persons acting together; or (3) an act or event, or a series of related acts or events, not involving any identifiable person." ([37.3] ¶ 6). The Policy also provides that "[GAIC] will not pay for any loss or damage in any case of fraud or concealment or misrepresentation of a material fact committed by you or any other insured, at any time, and relating to coverage under this Policy." ([26.3] at 36).
The Policy further provides that "[GAIC] will not pay for loss in any one occurrence unless the amount of loss exceeds [$500,000 per occurrence]." ([37.3] ¶ 4).
InComm "began investigating the duplicate redemptions at 3:30 p.m. on May 6, 2014; discovered the programming error an hour later; and corrected [the error] by 5:47 p.m. on the same day." ( at 16; see [36.10] at 2). On May 23, 2014, InComm notified GAIC of its claimed losses resulting from the unauthorized chit redemptions. ([36.1] ¶ 41;  ¶ 59). On July 21, 2014, InComm submitted its sworn proof of loss to GAIC. ( ¶ 60). On May 12, 2015, GAIC denied InComm's claim, including because (1) InComm's alleged loss did not result from "'the use of any computer' to access the IVR system, which is designed to be accessed by telephone," (2) "[n]o funds or property were automatically transferred as a result of the chit cards being reloaded," (3) and "[InComm's] losses resulted from multiple, separate occurrences, none of which exceed [$500,000]." ([36.1] ¶ 46; [27.5] at 94-95, 98).
"An additional thirty-five duplicate redemptions took place from May 7, 2014 through May 11, 2014." ([27.3] at 7). "The last instance of an improper CHIT reload occurred at 08:54 PM on May 11, 2014 in the amount of $300.00." ([27.3] at 36).
G. Procedural History
On July 28, 2015, InComm filed its Complaint , asserting claims for breach of contract (Count 1), bad faith under O.C.G.A. § 33-4-6 (Count 2), and declaratory judgment (Count 3). Count 1 alleges that, in violation of the Policy, GAIC "wrongfully and unlawfully refused to provide coverage for InComm's loss resulting from the Reload Chit Fraud." (Compl. ¶ 56). Count 2 claims InComm is entitled, under O.C.G.A. § 33-4-6, to attorney's fees and a "50 percent penalty" because GAIC's "refusal to provide coverage for InComm's loss constitutes a frivolous, unfounded, and bad faith refusal to pay." (Compl. ¶¶ 63, 65). Count 3 asks the Court to issue an order declaring that (1) InComm's losses are covered under the Policy, (2) "[n]o exclusion, condition or other term in the Policy bars or negates coverage," and (3) GAIC is "obligated to pay its $10 million Limit of Insurance to InComm." (Compl. ¶ 70).
On July 15, 2016, GAIC filed its Motion for Summary Judgment, seeking summary judgment on all of InComm's claims. GAIC argues that InComm's losses are not covered under the Policy because "(1) the alleged computer fraud did not cause a covered transfer of property to occur; (2) InComm's losses did not result directly from the alleged computer fraud; (3) the third parties at issue did not engage in computer fraud, as defined by the policy; and (4) InComm's losses involved multiple occurrences, none of which exceed [$500,000]." ([26.1] at 6). GAIC also contends that InComm did not provide timely notice of its alleged loss, and that InComm made material misrepresentations to GAIC under the Policy regarding the amount of its loss.
On July 15, 2016, InComm filed its Motion for Partial Summary Judgment, seeking summary judgment on its claims for breach of contract and declaratory judgment. InComm claims the Policy provides coverage because InComm's loss resulted from the use of a computer to fraudulently transfer money from InComm to the cardholders that made multiple redemptions of a single chit. InComm seeks a declaration that the Policy covers its losses and that GAIC's failure to provide coverage constitutes a breach of the Policy.
On September 13, 2016, GAIC filed its Motion for Sur-Reply, seeking leave to a file a sur-reply in opposition to InComm's Motion for Partial Summary Judgment.
II. LEGAL STANDARD FOR SUMMARY JUDGMENT
"Summary judgment is appropriate where the pleadings, the discovery and disclosure materials on file, and any affidavits show that there is no genuine issue as to any material fact and that the moving party is entitled to judgment as a matter of law." Ahmed v. Air France-KLM, 165 F. Supp. 3d 1302, 1309 (N.D. Ga. 2016); see Fed. R. Civ. P. 56. "An issue of fact is material if it 'might affect the outcome of the suit under the governing law.'" W. Grp. Nurseries, Inc. v. Ergas, 167 F.3d 1354, 1360 (11th Cir. 1999) (quoting Anderson v. Liberty Lobby, Inc., 477 U.S. 242, 248 (1986)). "An issue of fact is genuine 'if the evidence is such that a reasonable jury could return a verdict for the nonmoving party.'" Id. at 1361 (quoting Anderson, 477 U.S. at 248).
The party seeking summary judgment "bears the initial responsibility of informing the district court of the basis for its motion, and identifying [materials] which it believes demonstrate the absence of a genuine issue of material fact." Celotex Corp. v. Catrett, 477 U.S. 317, 323 (1986). "The movant can meet this burden by presenting evidence showing there is no dispute of material fact, or by showing that the nonmoving party has failed to present evidence in support of some element of its case on which it bears the ultimate burden of proof." Graham v. State Farm Mut. Ins. Co., 193 F.3d 1274, 1281-82 (11th Cir. 1999). The moving party need not "support its motion with affidavits or other similar materials negating the opponent's claim." Celotex, 477 U.S. at 323. Once the moving party has met its initial burden, the nonmoving party must demonstrate that summary judgment is inappropriate by designating specific facts showing a genuine issue for trial. Graham, 193 F.3d at 1282. The nonmoving party "need not present evidence in a form necessary for admission at trial; however, he may not merely rest on his pleadings." Id. "[T]he mere existence of some alleged factual dispute between the parties will not defeat an otherwise properly supported motion for summary judgment; the requirement is that there be no genuine issue of material fact." Anderson, 477 U.S. at 247-48.
"If the evidence presented by the non-moving party is merely colorable, or is not significantly probative, summary judgment may be granted." Apcoa, Inc. v. Fid. Nat. Bank, 906 F.2d 610, 611 (11th Cir. 1990) (internal quotation marks omitted) (quoting Anderson, 477 U.S. at 250). The party opposing summary judgment "must do more than simply show that there is some metaphysical doubt as to the material facts . . . . Where the record taken as a whole could not lead a rational trier of fact to find for the nonmoving party, there is no genuine issue for trial." Scott v. Harris, 550 U.S. 372, 380 (2007) (internal quotation marks omitted) (quoting Matsushita Elec. Indus. Co., Ltd. v. Zenith Radio Corp., 475 U.S. 574, 586-87 (1986)); cf. Miller v. Kenworth of Dothan, Inc., 277 F.3d 1269, 1275 (11th Cir. 2002) (a party is entitled to summary judgment if "the facts and inferences point overwhelmingly in favor of the moving party, such that reasonable people could not arrive at a contrary verdict" (quoting Combs v. Plantation Patterns, 106 F.3d 1519, 1526 (11th Cir. 1997) (internal quotation marks omitted))).
"At the summary judgment stage, facts must be viewed in the light most favorable to the nonmoving party only if there is a 'genuine' dispute as to those facts." Scott, 550 U.S. at 380. "When opposing parties tell two different stories, one of which is blatantly contradicted by the record, so that no reasonable jury could believe it, a court should not adopt that version of the facts for purposes of ruling on a motion for summary judgment." Id. "[C]redibility determinations, the weighing of evidence, and the drawing of inferences from the facts are the function of the jury." Graham, 193 F.3d at 1282. "The nonmovant need not be given the benefit of every inference but only of every reasonable inference." Id.
Rule 56(c) mandates the entry of summary judgment, after adequate time for discovery and upon motion, against a party who fails to make a showing sufficient to establish the existence of an element essential to that party's case, and on which that party will bear the burden of proof at trial. In such a situation, there can be "no genuine issue as to any material fact," since a complete failure of proof concerning an essential element of the nonmoving party's case necessarily renders all other facts immaterial.Celotex, 477 U.S. at 322-23; see Freeman v. JPMorgan Chase Bank N.A., -- Fed. App'x --, 2017 WL 128002, at *4 (11th Cir. Jan. 13, 2017) (same); Herzog v. Castle Rock Entm't, 193 F.3d 1241, 1247 (11th Cir. 1999) ("If the non-movant in a summary judgment action fails to adduce evidence which would be sufficient, when viewed in a light most favorable to the non-movant, to support a jury finding for the non-movant, summary judgment may be granted.").
A. Insurance Contract Interpretation under Georgia Law
The parties agree that Georgia law applies. (See [26.1] at 6 n.3); cf. Giddens v. Equitable Life Assur. Soc. of U.S., 445 F.3d 1286, 1297 (11th Cir. 2006) ("In diversity cases, the Court is bound by the applicable state law governing the contract, in this case Georgia law."). "Insurance in Georgia is a matter of contract and the parties to the contract of insurance are bound by its plain and unambiguous terms." Hurst v. Grange Mut. Cas. Co., 470 S.E.2d 659, 663 (Ga. 1996); see Yeomans & Assoc. Agency, Inc. v. Bowen Tree Surgeons, Inc., 618 S.E.2d 673, 677 (Ga. Ct. App. 2005) ("[A]n insurance policy is simply a contract, the provisions of which should be construed as any other type of contract."). "[A]n insurance company is free to fix the terms of its policies as it sees fit, so long as such terms are not contrary to law." Henning v. Cont'l Cas. Co., 254 F.3d 1291, 1295 (11th Cir. 2001) (internal quotation marks omitted) (quoting Cont'l Cas. Co. v. H.S.I. Fin. Servs., Inc., 466 S.E.2d 4, 6 (Ga. 1996)). "Policyholders have a duty to read the insurance contract, and they are charged with knowledge of its contents." Bogard, 589 S.E.2d at 318-19. "[A]n insured claiming an insurance benefit has the burden of proving that a claim falls within the coverage of the policy." Travelers Home & Marine Ins. Co. v. Castellanos, 773 S.E.2d 184, 186 (Ga. 2015) (internal quotation marks omitted).
If clear and unambiguous, "the terms and conditions of an insurance contract . . . must be given their literal meaning." Adams v. Atlanta Cas. Co., 509 S.E.2d 66, 68 (Ga. App. Ct. 1998); see Donaldson v. Pilot Life Ins. Co., 341 S.E.2d 279, 280 (Ga. Ct. App. 1986) ("Where the language fixing the extent of coverage is unambiguous, . . . and but one reasonable construction is possible, this court must enforce the contract as written."). If the terms of the policy are ambiguous, "the statutory rules of contract construction [are] applied." Pomerance v. Berkshire Life Ins. Co. of Am., 654 S.E.2d 638, 640 (Ga. Ct. App. 2007). Ambiguities in the policy are "strictly construed against the insurer as the drafter of the document." Federated Mut. Ins. Co. v. Ownbey Enterprises, Inc., 627 S.E.2d 917, 921 (Ga. App. Ct. 2006); see Giddens, 445 F.3d at 1297 ("[W]hen a policy is ambiguous, or is capable of two reasonable interpretations, it is construed in the light most favorable to the insured and against the insurer."). "[A] word or a phrase is ambiguous when it is of uncertain meaning and may be fairly understood in more ways than one." Ownbey Enterprises, 627 S.E.2d at 921 (citation and internal quotation marks omitted); see Bogard v. Inter-State Assur. Co., 589 S.E.2d 317, 318 (Ga. Ct. App. 2003) ("Under Georgia law, an insurance contract is considered ambiguous only if its terms are susceptible to two or more reasonable interpretations.").
When language in the insurance policy "is explicit and unambiguous, the court's job is simply to apply the terms of the contract as written, regardless of whether doing so benefits the carrier or the insured." Georgia Farm Bureau Mut. Ins. Co. v. Smith, 784 S.E.2d 422, 424 (Ga. 2016). "[T]he plain meaning of the terms must be given full effect without straining to extend coverage where none was contracted or intended." State Farm Fire & Cas. Co. v. Bauman, 723 S.E.2d 1, 3 (Ga. Ct. App. 2012).
"[T]he interpretation of an insurance policy, including the determination and resolution of ambiguities, is a question of law for the court to decide." Giddens, 445 F.3d at 1297 (citing O.C.G.A. § 13-2-1); see Pomerance, 654 S.E.2d at 640 ("The proper construction of a contract is a question of law for a court to decide.").
B. InComm's Claims for Breach of Contract and Declaratory Judgment
The Court begins by evaluating the Policy's Computer Fraud Provision, which is the central issue in the parties' cross-motions for summary judgment on Counts 1 and 3. The Computer Fraud Provision states:
[GAIC] will pay for loss of, and loss from damage to, money, securities and other property resulting directly from the use of any computer to fraudulently cause a transfer of that property from inside the premises or banking premises:
([37.3] ¶ 1). To understand how this provision applies, the Court begins with a flow chart illustrating an example of the way in which chits are redeemed and processed.a. to a person (other than a messenger) outside those premises; or
b. to a place outside those premises.
Image materials not available for display.
The following example illustrates the chit redemption process presented above. Bancorp issues a prepaid debit card to Mr. Smith. Smith wants to add $100 to his card, and purchases a chit for $100 (plus a small administrative fee) at his local Walgreens. Walgreens gives him the chit, and transfers his $100 chit payment to InComm's Wells Fargo account. A week later, Smith calls InComm's IVR system, enters the required information, and redeems his $100 chit. The $100 is immediately made available for use on Smith's debit card. That evening, Smith uses his Bancorp card to pay for a $100 dinner at a restaurant. Bancorp transmits $100 to the restaurant to cover the purchase. The next day or later, but within fifteen days of Smith's $100 chit redemption, InComm wires Bancorp $100 to reimburse Bancorp for the $100 it paid the restaurant.
The events indicated, in the chart, by dotted lines could occur in any order. For example, InComm could wire $100 to the issuer before it receives that money from the retailer and after the issuer transmits $100 to the seller.
In a variation of this example, Smith buys his $100 dinner three weeks after redeeming the $100 chit. InComm sends Bancorp the $100 before Smith spends the chit credit at the restaurant and thus before Bancorp is required to advance funds for Smith's purchase.
The unauthorized chit redemptions in this case were processed consistent with the above flow chart and example. The Court, against this factual backdrop, considers whether the Computer Fraud Provision covers InComm's alleged loss.
1. Whether a "Computer" was "Used"
The Policy provides coverage for "computer fraud," specifically, a "loss of . . . money . . . resulting directly from the use of any computer to fraudulently cause a transfer of that [money] from inside the premises or banking premises" to a person or place "outside those premises." ([37.3] ¶ 1). Fundamental to this provision is that the transfer was caused by the "use of a computer." The Court begins by considering whether the cardholders who made multiple redemptions of a single chit used a computer to do so. It is undisputed that the cardholders used telephones to provide information to InComm's IVR system, which then processed the information incorrectly, resulting in multiple redemptions of a single chit. InComm argues the IVR system was the "computer" that was "used" when the chits were redeemed, and thus that the Policy's "use of any computer" requirement is satisfied. The Court disagrees.
Other cases that have considered similar computer fraud provisions have assumed a computer was used and then found the losses were not otherwise covered. See Brightpoint, Inc. v. Zurich Am. Ins. Co., No. 1:04-cv-2085, 2006 WL 693377, at *7 & n.5 (S.D. Ind. Mar. 10, 2006) (declining to decide whether a facsimile machine is a "computer," stating that "the common and ordinary meaning of computer as widely used and understood in our society and around the world is severely stretched by the inclusion of a facsimile machine," and denying coverage on other grounds).
The term "computer" is not defined in the Policy. "[W]hen a term or phrase used in an insurance policy is undefined, courts look to the commonly accepted meaning of the term." Alea London Ltd. v. Lee, 649 S.E.2d 542, 544 (Ga. Ct. App. 2007). "In determining the meaning of words used in the insurance policy, dictionaries supply the plain, ordinary, and popular sense." Id. The common dictionary definition of "computer" is "a programmable usually electronic device that can store, retrieve, and process data." https://www.merriam-webster.com/dictionary/computer; see https://en.oxforddictionaries.com/definition/computer (defining a computer as "[a]n electronic device which is capable of receiving information (data) in a particular form and of performing a sequence of operations in accordance with a predetermined but variable set of procedural instructions (program) to produce a result in the form of information or signals.").
The American Heritage Science Dictionary provides a more technical, but parallel, definition of "computer":
A programmable machine that performs high-speed processing of numbers, as well as of text, graphics, symbols, and sound. All computers contain a central processing unit that interprets and executes instructions; input devices, such as keyboards and a mouse, through which data and commands enter the computer; memory that enables the computer to store programs and data; and output devices, such as printers and display screens, that show the results after the computer has processed data.http://www.dictionary.com/browse/computer?s=t.
A "telephone" is a completely different device. "Telephone" is commonly defined as "[a] system of transmitting voices over a distance using wire or radio, by converting acoustic vibrations to electrical signals." https://en.oxforddictionaries.com/definition/telephone. A secondary definition of "telephone" is "[a]n instrument used as part of a telephone system, typically a single unit including a handset with a transmitting microphone and a set of numbered buttons by which a connection can be made to another such instrument." Id.; see also https://www.merriam-webster.com/dictionary/telephone (defining "telephone" as "an instrument for reproducing sounds at a distance; specifically: one in which sound is converted into electrical impulses for transmission (as by wire or radio waves).")
A "telephone" is not a "computer." InComm's 30(b)(6) representative acknowledged, at his deposition, that cardholders used "telephones," not computers, to engage in multiple redemptions of a single chit:
Q. Is each one of the transactions involved in this claim arising out of a telephone call as opposed to somebody using a computer to try to—using their own personal computer to try to transfer money from a chit onto a GPR?
. . . .
A. They're all related to phone calls.
Q. Oh. Every transaction that's involved in the claim.
A. Yes.([26.4] at 22-23).
InComm also makes clear, in its Proof of Loss and Statement of Undisputed Material Facts, that the multiple chit redemptions were accomplished by persons using a telephone. (See [27.2] ¶ 24 ("The fraudsters engaged in the Reload Chit Fraud by accessing InComm's IVR system through two or more simultaneous phone calls from separate numbers." (emphasis added)); [27.2] ¶ 53 ("From the outset, InComm made clear to GAIC that all of the fraudulent reload chit redemption resulted from the same cause—namely, the manipulation of InComm's computer system by individuals calling into the IVR from multiple phone lines." (emphasis added)); [27.3] at 52 ("Our system was exploited primarily by third parties calling into InComm's IVR system from multiple phone lines and submitting multiple simultaneous requests to redeem individual chits." (emphasis added))).
"Use" also is not defined in the Policy. The word commonly is defined as to "take, hold, or deploy (something) as a means of accomplishing or achieving something; employ," such as "she used her key to open the front door." https://en.oxforddictionaries.com/definition/use; see also Webster's Encyclopedic Unabridged Dictionary of the English Language 2097 (2001) (defining "use" as "to employ for some purpose; put into service; make use of," such as "to use a knife"). A person thus "uses" a computer where he takes, holds or employs it to accomplish something. That a computer was somehow involved in a loss does not establish that the wrongdoer "used" a computer to cause the loss. To hold so would unreasonably expand the scope of the Computer Fraud Provision, which limits coverage to "computer fraud." Cf. Pestmaster Servs., Inc. v. Travelers Cas. & Sur. Co. of Am., 656 F. App'x 332, 333 (9th Cir. 2016) ("Because computers are used in almost every business transaction, reading [a computer fraud insurance policy] provision to cover all transfers that involve both a computer and fraud at some point in the transaction would convert this Crime Policy into a 'General Fraud' Policy."). It also would violate the Court's obligation to read the Policy "as a layman would read it and not as it might be analyzed by an insurance expert or an attorney." Smith, 784 S.E.2d at 424. Lawyerly arguments for expanding coverage to include losses involving a computer engaged at any point in the causal chain—between the perpetrators' conduct and the loss—unreasonably strain the ordinary understanding of "computer fraud" and "use of a computer".
Here, the cardholders "used" telephones to provide responses to prompts from a computer that InComm owned and operated. There is no record evidence that cardholders even realized their telephone calls resulted in interaction with a computer. That the cardholders' use of telephones ultimately led InComm's computer to process multiple chit redemptions does not establish that InComm's loss resulted from the cardholders' "use of a computer." The Policy does not cover InComm's losses resulting from the unauthorized redemptions, because the cardholders used telephones, not computers, to perpetrate their scheme.
2. Whether InComm Suffered "Loss . . . Resulting Directly from" Computer Use
Even if a computer was used to cause InComm's loss, InComm still is not entitled to coverage under the Computer Fraud Provision because the "loss" did not result "directly" from the alleged computer use.
The Policy covers "loss of . . . money . . . resulting directly from" a computer fraud. InComm argues its "loss occurred when fraudulent reload chit redemptions caused it to transfer money from its own bank account to the Cardholder Account." ( at 13-14). InComm claims that, "[a]fter the transfer, InComm had no further role in the money-flow process, and the money was immediately available for use by consumers." ( at 10). GAIC argues InComm's loss necessarily did not arise when money was transferred from InComm's Wells Fargo account to the Bancorp Account, because InComm retained an interest, as trustee, in the funds in Bancorp's account. GAIC claims InComm's loss occurred when the funds in Bancorp's account "were used by Bancorp to settle transactions involving third party merchants." ( at 8).
The Bancorp Contract defines the relationship between Bancorp and InComm, including the management of funds to be credited to the Bancorp Account and the parties' respective obligations regarding the funds to be credited. When a cardholder takes action to load funds onto his card, including by redeeming a chit, InComm is required to "ensure that each Load Amount associated with a Reloadable Card is deposited into the [Bancorp Account] within fifteen (15) calendar days following the loading of such funds on to such Card." ([26.6] § 2.9(a)). The Bancorp Contract provides:
The Parties acknowledge and agree that (i) the [Bancorp Account] shall be titled "The Bancorp Bank, for the benefit of [Incomm] as holder of the Cardholder Balances for the benefit of Cardholders . . ." (ii) all Cardholder Balances shall be held in trust for the benefit of the Cardholders, (iii) no Party shall have an equitable interest in the Cardholder Balances, and (iv) the Cardholder Balances will not be used for any other purpose. . . . [InComm] shall cause Processor to transfer Cardholder Balances from the [Bancorp Account] to the Settlement Account in an amount adequate to facilitate Settlement with the System. . . .([26.6] § 2.9(c)). "Settlement" is the process by which merchants from which cardholders purchased goods or services are paid. ([26.6] § 1). Funds in the Bancorp Account are deposited in the Settlement Account to be used for this purpose. ([26.6] § 2.9(c)). The Bancorp Contract shows that funds in the Bancorp Account are dedicated and processed to settle cardholder expenditures, and that neither InComm nor Bancorp have "an equitable interest" in the funds. ([26.6] § 2.9(c)); see Hall v. Glenn's Ferry Grazing Ass'n, No. CV-03-386, 2006 WL 1148153, at *1 (D. Idaho Mar. 9, 2006) ("An equitable interest is a right or expectancy in something.").
The Court finds, however, that InComm's loss did not occur until the funds held by Bancorp were paid to sellers to settle the cardholders' expenditure of the fraudulently redeemed chits. The transfer of funds to Bancorp did not result in a loss. The soonest a loss could occur was when funds were paid to merchants out of Bancorp's settlement account. This conclusion is underscored by the fact that funds wired to Bancorp, as a result of the fraudulent chit redemptions, are still in the Bancorp Account almost three years after the chits were wrongfully redeemed. That is, these funds have not been lost. InComm's loss thus did not result "directly" from the fraudulent redemptions, because it occurred only after InComm wired money to Bancorp, after the cardholder used his card to pay for a transaction, and after Bancorp paid the seller for the cardholder's transaction. The Policy covers only those losses caused by the direct transfer of money from "inside the premises or banking premises" to a person or place "outside those premises." ([37.3] ¶ 1). The losses here did not occur when funds were sent to Bancorp's premises. They occurred when funds were sent, by Bancorp, to the premises or accounts of merchants from which cardholders purchased goods or services.
InComm is entitled, under the Bancorp Contract, to "retain" funds in the Bancorp Account if they are not used within five years and are not distributed according to unclaimed property laws. ([26.6] § 2.9(d)).
Even if InComm incurred a loss earlier in the process—when, as InComm argues, it sent Bancorp funds for the fraudulent chit redemptions—the loss still did not result "directly" from the redemptions. GAIC argues that InComm's transfer of fraudulently-redeemed chit funds to Bancorp "resulted directly from InComm's contractual liability to fund the cardholder account to cover the amount of each redemption, not from the [wrongful chit redemptions]." ([26.1] at 16). GAIC claims "the redemption of chits did not reduce the available assets in InComm's hands—it triggered only InComm's contractual obligation to its business partners to fund the redemptions." ([26.1] at 11). The crux of GAIC's argument is that InComm's loss was not direct because the fraudulent redemptions did not automatically transfer funds to the issuers. (See e.g., [27.5] at 94-95). InComm argues its loss was direct because the unauthorized redemptions led InComm to wire funds to Bancorp, pursuant to its "standard funds-flow process," because InComm believed the redemptions were legitimate. ([27.1] at 26).
Black's Law Dictionary defines "directly" as "1. In a straightforward manner. 2. In a straight line or course. 3. Immediately." Black's Law Dictionary 557 (10th ed. 2014). The weight of authority is consistent with this definition and requires, as GAIC argues, an immediate relationship between the computer fraud and the loss. See, e.g., Brightpoint, Inc. v. Zurich Am. Ins. Co., No. 1:04-cv-2085, 2006 WL 693377, at *7 (S.D. Ind. Mar. 10, 2006) (noting the Black's Law Dictionary's definition of "directly," and finding no coverage because "[t]he loss to [the insured] that occurred here did not flow immediately from the use of [a computer]").
In Apache Corp. v. Great Am. Ins. Co., 662 F. App'x 252 (5th Cir. 2016), the Fifth Circuit considered a coverage provision identical to the Computer Fraud Provision in this case. The insured's accounts-payable department received an email purporting to be from a company with which the insured did business, requesting that future payments be made to a new bank account. A signed copy of a letter directing the account change was attached to the email. One of the insured's employees called a telephone number on the letter to verify the request, and concluded that the change-request was authentic. A different employee approved and implemented the change. Payments were made to the new account, which was fraudulent. The insured sought coverage, under the computer fraud provision, for payments made to the fraudulent account.
The district court found the payments were covered because the email—the computer use in the case—was a "substantial factor" in the insured's payments to the fraudulent account. Id. at 254. The Fifth Circuit reversed, finding that "[t]he email was part of the scheme; but, the email was merely incidental to the occurrence of the authorized transfer of money." Id. at 258. The court stated that "the authorized transfer was made to the fraudulent account only because, after receiving the email, [the insured] failed to investigate accurately the new, but fraudulent, information provided to it." Id. at 259. The Fifth Circuit also reviewed decisions from other jurisdictions and found that courts repeatedly have denied coverage under similar computer fraud provisions, except in cases of hacking where a computer is used to cause another computer to make an unauthorized, direct transfer of property or money. See Pestmaster Servs., Inc. v. Travelers Cas. & Sur. Co. of Am., No. 13-cv-5039, 2014 WL 3844627, at *8 (C.D. Cal. July 17, 2014), aff'd in part, vacated in part, 656 F. App'x 332 (9th Cir. 2016) (finding that, where a payroll contractor was authorized to transfer funds from the insured to the contractor to pay the insured's invoices, but the contractor instead used the transferred funds to pay for her own expenses, the computer fraud provision did not provide coverage because "there was no loss when funds were initially transferred to [the contractor] because the transfers were authorized by [the insured]" and "the claimed losses did not 'flow immediately' and 'directly' from [the contractor's] use of a computer"); Brightpoint, 2006 WL 693377, at *7 (S.D. Ind. Mar. 10, 2006) (finding no coverage where a fraudulent faxed order prompted the insured to acquire inventory and where the insured only delivered the property to the fraudsters in exchange for further documents); Great Am. Ins. Co. v. AFS/IBEX Fin. Servs., Inc., No. 307-cv-924, 2008 WL 2795205, at *1 (N.D. Tex. July 21, 2008), aff'd, 612 F.3d 800 (5th Cir. 2010) (finding that, where an employee of an insured insurance-premium-finance company used a computer to submit false loan applications to induce the insured to issue checks that the employee deposited for personal use, the computer fraud provision did not provide coverage, including because the provision was "designed to cover losses directly stemming from fraud perpetrated by use of a computer" and the losses in the case did not result directly from computer fraud); Vonage Holdings Corp. v. Hartford Fire Ins. Co., 11-cv-6187, 2012 WL 1067694, at *1 (D.N.J. Mar. 29, 2012) (allowing a claim under a computer fraud provision to proceed where hackers gained access to the insured's servers to fraudulently and directly route international telephone calls).
The question here is whether the cardholders' simultaneous use of telephones to make multiple redemptions of a single chit resulted "directly" in the transfer of funds from InComm to Bancorp. The Court finds it did not. Once the cardholders used simultaneous telephone calls to obtain fraudulent chit redemptions, InComm chose to wire funds to Bancorp because it was contractually required to do so and because, despite any reconciliation or verification process it had in place, it believed the redemptions were legitimate. (See  at 30 ("[W]e believed the transactions to be legitimate. So we transferred the funds to NetSpend.");  at 45 (InComm's treasurer testifying that the "fraudulent transactions . . . caused me to wire funds to Bancorp . . . which we believed to be legitimate transactions."); see  at 29-30 (InComm's corporate representative testifying that InComm had an "immediate liability to fund [the duplicate chit] redemption" and "sustain[ed] a loss at that moment")); cf. Pestmaster Servs., 2014 WL 3844627, at *8 ("[Insured's] alleged loss was [not direct because it was] entirely contingent on a series of events and decisions, including [a contractor's] decision to divert the funds in its account to pay its own obligations instead of using them for their agreed upon purpose of paying [insured's] federal payroll taxes."). As in Apache, "the authorized transfer was made to the [Bancorp] account only because, after receiving [notice of the duplicate chit redemptions], [InComm] failed to investigate accurately the new, but fraudulent, information provided to it." Id. at 259.
InComm did not recognize the duplicate redemptions because they were designated as legitimate by a system that InComm programmed incorrectly.
In the end, InComm's loss resulted directly—that is, immediately—from InComm's decision to wire the funds to Bancorp, not from the cardholders' redemptions. Apache, and the cases it discusses, warn that to find coverage based on the use of a computer, without a specific and immediate connection to a transfer, would effectively convert a computer fraud provision into a general fraud provision. See Apache Corp. v. Great Am. Ins. Co., 662 F. App'x 252, 258 (5th Cir. 2016) ("To interpret the computer-fraud provision as reaching any fraudulent scheme in which [a computer] communication was part of the process would, as stated in Pestmaster II, convert the computer-fraud provision to one for general fraud."). To accept InComm's argument that the cardholders' fraudulent redemptions resulted directly in the transfer of funds from InComm to Bancorp—where InComm itself chose to make the transfer—would violate the admonition in Apache and the other cases addressing computer fraud coverage.
The Court finds that the Policy's Computer Fraud Provision does not cover InComm's claimed loss. InComm's loss did not result from "the use of any computer" and, even if it did, the loss did not result "directly" from the computer use. GAIC is entitled to summary judgment on Counts 1 and 3.
In view of these findings, which preclude coverage, the Court does not reach the parties' remaining arguments about coverage under the Policy.
C. InComm's Claim for Statutory Penalties and Attorney's Fees
Count 2 asserts a claim, under O.C.G.A. § 33-4-6, for attorney's fees and a "50 percent penalty" on the grounds that GAIC's "refusal to provide coverage for InComm's loss constitutes a frivolous, unfounded, and bad faith refusal to pay." (Compl. ¶¶ 63, 65). Penalties and attorney's fees are available under section 33-4-6 only "[i]n the event of a loss which is covered by a policy of insurance." O.C.G.A. § 33-4-6(a). InComm has not established any loss covered by the Policy and is not entitled to statutory penalties or attorney's fees. See Orr v. Dairyland Ins. Co., 899, 273 S.E.2d 630, 631 (Ga. Ct. App. 1980) ("In the absence of basic liability by [the insurer], there likewise could have been no liability for statutory penalties or attorney fees."). GAIC is entitled to summary judgment on Count 2.
Because GAIC's proposed sur-reply addresses issues that the Court is not required to decide in this Order, GAIC's Motion for Sur-Reply is denied as moot. --------
For the foregoing reasons,
IT IS HEREBY ORDERED that Defendant's Motion for Summary Judgment  is GRANTED.
IT IS FURTHER ORDERED that Plaintiffs' Motion for Partial Summary Judgment  is DENIED.
IT IS FURTHER ORDERED that Defendant's Motion for Leave to File a Sur-Reply in Opposition to Plaintiffs' Motion for Partial Summary Judgment  is DENIED AS MOOT.
IT IS FURTHER ORDERED that this action is DISMISSED.
SO ORDERED this 16th day of March, 2017.
WILLIAM S. DUFFEY, JR.
UNITED STATES DISTRICT JUDGE