BRIGHT, Circuit Judge.
After receiving a number of chargebacks resulting from fraudulent use of U.S. Bank National Association (“U.S. Bank”) credit cards, E-Shops Corp. (“E-Shops”) filed a class action complaint alleging U.S. Bank knowingly allowed itself to be an instrument of the fraud, thereby making E-Shops’s performance under its contract with its merchant bank more expensive. The district court
dismissed E-Shops’s complaint when it granted U.S. Bank’s motion for failure to state a claim under Federal Rule of Civil Procedure 12(b)(6). E-Shops appeals the district court’s dismissal. Because E-Shops fails to satisfy the required pleading standards, we affirm.
BACKGROUND
E-Shops is an online merchant that sells paintball equipment. According to E-Shops, a typical online transaction occurs as follows: a cardholder orders goods through an online form, the merchant processes the transaction and ships the goods, the merchant’s processor provides the information to the cardholder’s bank, which sends funds to the merchant’s bank, which in turn deposits the funds into the merchant’s account. When the cardholder receives a bill describing transactions they did not authorize, they can object. The cardholder’s bank then initiates a charge-back to the merchant’s bank, causing it to transfer back to the cardholder’s bank any funds received for the transaction.
Between August and December of 2009, E-Shops received nine fraudulent orders made with U.S. Bank credit cards. These nine orders totaled $11,259.91 in merchandise. When the cardholders disputed the charges, U.S. Bank initiated chargebacks
which caused HSBC bank, E-Shops’s merchant bank, to send back the $11,259.91 to U.S. Bank.
Believing the chargebacks resulted from an alleged breach in U.S. Bank’s data security system, E-Shops filed a complaint
against U.S. Bank alleging four counts: (1) aiding and abetting fraudulent transactions; (2) intentional interference with contractual relations; (3) violations of the Minnesota Uniform Deceptive Trade Practices Act (MUDTPA) § 325F.69, subd. 1, and the Minnesota Consumer Fraud Act (MCFA) § 325D.44, subd. 1(13); and (4) unjust enrichment. In its nineteen-page complaint, E-Shops acknowledges the chargebacks are part of standard credit card network rules, but alleges in this instance they were “unusual” and “the most likely explanation ... is that the fraudulent activity resulted from a data breach at U.S. Bank.”
To avoid fraudulent transactions, E-Shops runs through a number of security checks to avoid fraudulent transactions made through its website. These include performing an “AVS” check to compare a “customer’s address and ZIP code provided in the order form with the address and ZIP code on file for the cardholder at U.S. Bank” and a “CVC2” check, “which requires the customer to provide the three-digit code written at the end of the card number on top of the card’s signature strip.” E-Shops “will only ship the requested products to the address that is on file at U.S. Bank” and requires the customer’s signature on the receipt to complete delivery.
E-Shops further alleges that two U.S. Bank employees “admitted that the bank’s system had been compromised” and that “U.S. Bank was well aware of the problem and that it had been going on for a while.” According to the employees, “U.S. Bank knows when fraudulent orders come through the system, because the cardholder typically has processed a change of address shortly before placing a large volume of orders on several different websites.” Noting the frequency of data breaches in the credit card industry in recent years, E-Shops acknowledges that “[sjometimes the breach occurs at the merchant ... [i]n other cases ... the breach occurs at the processor; in that case, a thief would gain access to information about customers patronizing merchants that use that particular processor.”
Alleging that “the most likely explanation” for the fraud is a data breach with U.S. Bank’s security system, E-Shops states that U.S. Bank “could have corrected the data breach at several points ... [and] notified all of the affected cardholders at once and cancelled their cards.” But E-Shops believes U.S. Bank had “strong incentives to cover up the data breach” as “it would stroke the fears and concerns of credit card fraud among its cardholders” and “seriously damage [its] position.”
Responding to E-Shops’s complaint, U.S. Bank filed a motion to dismiss under Rule 12(b)(6) for failure to state a claim, which the district court granted. E-Shops now appeals the dismissal.
DISCUSSION
This court reviews de novo the grant of a motion to dismiss, taking all facts alleged in the complaint as true, and makes reasonable inferences in favor of the nonmoving party.
Cent. Platte Natural Res. Dist. v. U.S. Dep’t of Agric.,
643
F.3d 1142, 1148 (8th Cir.2011). To withstand a Rule 12(b)(6) motion, a complaint must contain sufficient factual allegations to “state a claim to relief that is plausible on its face.”
Bell Atl. Corp. v. Twombly,
550 U.S. 544, 547, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007). “[T]hreadbare recitals of the elements of a cause of action, supported by mere conclusory statements, do not suffice.”
Ashcroft v. Iqbal,
556 U.S. 662, 678, 129 S.Ct. 1937, 173 L.Ed.2d 868 (2009) (citing
Twombly,
550 U.S. at 555, 127 S.Ct. 1955). Further, in reviewing a dismissal under Rule 12(b)(6), this court is not limited to the allegations in the complaint, but may also consider “materials that do not contradict the complaint, or materials that are necessarily embraced by the pleadings.”
Noble Sys. Corp. v. Alorica Cent., LLC,
543 F.3d 978, 982 (8th Cir.2008) (quotation omitted).
A. Aiding and Abetting Fraud
E-Shops alleges that U.S. Bank, in failing to correct the alleged data breach, aided and abetted unknown parties in obtaining credit card information from its cardholders to make the fraudulent transactions. A plaintiff who makes allegations based on fraud must state with particularity the circumstances constituting the fraud; although malice, intent, knowledge, and other conditions of a person’s mind may be alleged generally. Fed. R.Civ.P. 9(b);
Summerhill v. Terminix, Inc.,
637 F.3d 877, 880 (8th Cir.2011). Rule 9(b)’s particularity requirement for fraud applies equally to a claim for aiding and abetting.
Am. United Life Ins. Co. v. Martinez,
480 F.3d 1043, 1064-65 (11th Cir.2007). The level of particularity required depends on the nature of a case.
BJC Health Sys. v. Columbia Cas. Co.,
Free access — add to your briefcase to read the full text and ask questions with AI
BRIGHT, Circuit Judge.
After receiving a number of chargebacks resulting from fraudulent use of U.S. Bank National Association (“U.S. Bank”) credit cards, E-Shops Corp. (“E-Shops”) filed a class action complaint alleging U.S. Bank knowingly allowed itself to be an instrument of the fraud, thereby making E-Shops’s performance under its contract with its merchant bank more expensive. The district court
dismissed E-Shops’s complaint when it granted U.S. Bank’s motion for failure to state a claim under Federal Rule of Civil Procedure 12(b)(6). E-Shops appeals the district court’s dismissal. Because E-Shops fails to satisfy the required pleading standards, we affirm.
BACKGROUND
E-Shops is an online merchant that sells paintball equipment. According to E-Shops, a typical online transaction occurs as follows: a cardholder orders goods through an online form, the merchant processes the transaction and ships the goods, the merchant’s processor provides the information to the cardholder’s bank, which sends funds to the merchant’s bank, which in turn deposits the funds into the merchant’s account. When the cardholder receives a bill describing transactions they did not authorize, they can object. The cardholder’s bank then initiates a charge-back to the merchant’s bank, causing it to transfer back to the cardholder’s bank any funds received for the transaction.
Between August and December of 2009, E-Shops received nine fraudulent orders made with U.S. Bank credit cards. These nine orders totaled $11,259.91 in merchandise. When the cardholders disputed the charges, U.S. Bank initiated chargebacks
which caused HSBC bank, E-Shops’s merchant bank, to send back the $11,259.91 to U.S. Bank.
Believing the chargebacks resulted from an alleged breach in U.S. Bank’s data security system, E-Shops filed a complaint
against U.S. Bank alleging four counts: (1) aiding and abetting fraudulent transactions; (2) intentional interference with contractual relations; (3) violations of the Minnesota Uniform Deceptive Trade Practices Act (MUDTPA) § 325F.69, subd. 1, and the Minnesota Consumer Fraud Act (MCFA) § 325D.44, subd. 1(13); and (4) unjust enrichment. In its nineteen-page complaint, E-Shops acknowledges the chargebacks are part of standard credit card network rules, but alleges in this instance they were “unusual” and “the most likely explanation ... is that the fraudulent activity resulted from a data breach at U.S. Bank.”
To avoid fraudulent transactions, E-Shops runs through a number of security checks to avoid fraudulent transactions made through its website. These include performing an “AVS” check to compare a “customer’s address and ZIP code provided in the order form with the address and ZIP code on file for the cardholder at U.S. Bank” and a “CVC2” check, “which requires the customer to provide the three-digit code written at the end of the card number on top of the card’s signature strip.” E-Shops “will only ship the requested products to the address that is on file at U.S. Bank” and requires the customer’s signature on the receipt to complete delivery.
E-Shops further alleges that two U.S. Bank employees “admitted that the bank’s system had been compromised” and that “U.S. Bank was well aware of the problem and that it had been going on for a while.” According to the employees, “U.S. Bank knows when fraudulent orders come through the system, because the cardholder typically has processed a change of address shortly before placing a large volume of orders on several different websites.” Noting the frequency of data breaches in the credit card industry in recent years, E-Shops acknowledges that “[sjometimes the breach occurs at the merchant ... [i]n other cases ... the breach occurs at the processor; in that case, a thief would gain access to information about customers patronizing merchants that use that particular processor.”
Alleging that “the most likely explanation” for the fraud is a data breach with U.S. Bank’s security system, E-Shops states that U.S. Bank “could have corrected the data breach at several points ... [and] notified all of the affected cardholders at once and cancelled their cards.” But E-Shops believes U.S. Bank had “strong incentives to cover up the data breach” as “it would stroke the fears and concerns of credit card fraud among its cardholders” and “seriously damage [its] position.”
Responding to E-Shops’s complaint, U.S. Bank filed a motion to dismiss under Rule 12(b)(6) for failure to state a claim, which the district court granted. E-Shops now appeals the dismissal.
DISCUSSION
This court reviews de novo the grant of a motion to dismiss, taking all facts alleged in the complaint as true, and makes reasonable inferences in favor of the nonmoving party.
Cent. Platte Natural Res. Dist. v. U.S. Dep’t of Agric.,
643
F.3d 1142, 1148 (8th Cir.2011). To withstand a Rule 12(b)(6) motion, a complaint must contain sufficient factual allegations to “state a claim to relief that is plausible on its face.”
Bell Atl. Corp. v. Twombly,
550 U.S. 544, 547, 127 S.Ct. 1955, 167 L.Ed.2d 929 (2007). “[T]hreadbare recitals of the elements of a cause of action, supported by mere conclusory statements, do not suffice.”
Ashcroft v. Iqbal,
556 U.S. 662, 678, 129 S.Ct. 1937, 173 L.Ed.2d 868 (2009) (citing
Twombly,
550 U.S. at 555, 127 S.Ct. 1955). Further, in reviewing a dismissal under Rule 12(b)(6), this court is not limited to the allegations in the complaint, but may also consider “materials that do not contradict the complaint, or materials that are necessarily embraced by the pleadings.”
Noble Sys. Corp. v. Alorica Cent., LLC,
543 F.3d 978, 982 (8th Cir.2008) (quotation omitted).
A. Aiding and Abetting Fraud
E-Shops alleges that U.S. Bank, in failing to correct the alleged data breach, aided and abetted unknown parties in obtaining credit card information from its cardholders to make the fraudulent transactions. A plaintiff who makes allegations based on fraud must state with particularity the circumstances constituting the fraud; although malice, intent, knowledge, and other conditions of a person’s mind may be alleged generally. Fed. R.Civ.P. 9(b);
Summerhill v. Terminix, Inc.,
637 F.3d 877, 880 (8th Cir.2011). Rule 9(b)’s particularity requirement for fraud applies equally to a claim for aiding and abetting.
Am. United Life Ins. Co. v. Martinez,
480 F.3d 1043, 1064-65 (11th Cir.2007). The level of particularity required depends on the nature of a case.
BJC Health Sys. v. Columbia Cas. Co.,
478 F.3d 908, 917 (8th Cir.2007). However, “[c]onclusory allegations that a defendant’s conduct was fraudulent and deceptive are not sufficient to satisfy the rule.”
Id.
(citation omitted). Instead, the complaint must set forth the “who, what, when, where, and how” surrounding the alleged fraud.
United States ex rel. Joshi v. St. Luke’s Hosp., Inc.,
441 F.3d 552, 556 (8th Cir.2006).
We apply Minnesota law — the forum state’s substantive law — because jurisdiction is based on diversity.
Blankenship v. USA Truck, Inc.,
601 F.3d 852, 856 (8th Cir.2010). Minnesota law requires that E-Shops show: (1) a primary actor committed fraud that caused its injury; (2) U.S. Bank knew that the primary actor’s conduct constituted fraud; and (3) U.S. Bank substantially assisted or encouraged the primary actor in committing the fraud.
See Witzman v. Lehrman, Lehrman & Flom,
601 N.W.2d 179, 187 (Minn.1999) (beneficiary’s allegations were insufficient to state a claim against accountants for aiding and abetting trustee’s breach of trust).
Detrimental to the sufficiency of E-Shops’s aiding and abetting claim is its failure to plead with particularity how U.S. Bank knowingly and substantially assisted the underlying fraud. An aider and abettor’s knowledge of the wrongful purpose is a “crucial element in aiding or abetting” cases.
Fed. Deposit Ins. Corp. v. First Interstate Bank of Des Moines, N.A.,
885 F.2d 423, 431 (8th Cir.1989). To show U.S. Bank knew the unknown parties’ conduct constituted fraud, E-Shops alleges the supposed admission of two U.S. Bank employees stating, “the bank’s system had been compromised” and “U.S. Bank was well aware of the problem and that it had been going on for a while.” E-Shops does not, however, identify the employees, state their positions with U.S. Bank, state how they acquired such information, or whether the employees were authorized to speak on behalf of U.S.
Bank.
See Cornelia I. Crowell GST Trust v. Possis Med., Inc.,
519 F.3d 778 (8th Cir.2008) (plaintiff must allege facts which demonstrate how the anonymous employees gained access to information that defendant made false statements of material fact).
E-Shops simply contends that the employees’ statements confirmed a pattern of fraudulent activity — that “U.S. Bank knows when fraudulent orders come through the system, because the cardholder typically has processed a change of address shortly before placing a large volume of orders on several different websites.” The single suggestion that a change of address after a number of large orders signals identity theft is attenuated when, in the ordinary course of banking business, cardholders change their address for various unspecified reasons. There are no factual allegations that U.S. Bank knew the information it processed from the cardholders were false at the time of receipt. Conclusory statements by two unidentified employees at unmentioned times and unspecified positions, without more, do not allow us to infer how U.S. Bank knew the transactions here were fraudulent. At most, E-Shops makes general allegations that an unspecified data breach occurred within U.S. Bank’s computer system which enabled unidentified third parties to access cardholder information to make fraudulent transactions. E-Shops does not plead with any particularity the circumstances surrounding how U.S. Bank acquired this alleged knowledge of the fraudulent transactions.
E-Shops also alleges that U.S. Bank “substantially assisted the fraudulent transaction by not correcting the data breach” in a timely manner. Indeed, E-Shops acknowledges that U.S. Bank is not the only entity that possesses a cardholder’s credit card information and that it terminated the cards on a case-by-case basis after cardholders complained about the fraudulent transactions, but proceeds to allege that U.S. Bank “could have corrected the data breach at several points before the losses suffered.” Yet E-Shops provides no factual allegations pointing to the circumstances surrounding the alleged data breach — i.e., how it occurred, when it occurred, or where it occurred — such that U.S. Bank could have taken action. As a whole, the complaint is devoid of factual allegations showing how U.S. Bank substantially assisted or encouraged the fraudulent transactions. E-Shops’s assertions cannot satisfy Rule 9(b)’s particularity requirements.
Consequently, E-Shops has not sufficiently set forth a claim showing how U.S. Bank aided and abetted the alleged fraud.
B. Tortious Interference with Contractual Relations
Next, E-Shops alleges that U.S. Bank intentionally interfered with a contractual relationship between E-Shops and HSBC Bank. Under Minnesota law, a claim of tortious interference with contractual relations requires that E-Shops show: “(1) the existence of a contract; (2) the alleged wrongdoer’s knowledge of the contract; (3) intentional procurement of its breach; (4) without justification; and (5) damages.”
Furlev Sales & Assocs., Inc. v. N. Am. Auto. Warehouse, Inc.,
325 N.W.2d 20, 25 (Minn.1982).
The parties maintain conflicting interpretations of the third element — intentional procurement of a breach. E-Shops contends that the third element does not require the alleged wrongdoer to procure a breach; rather, it is enough that U.S. Bank’s conduct made E-Shops’s performance under its contract with HSBC bank more expensive. The Minnesota Supreme Court, in determining whether the
principal shareholder of a corporation allegedly interfered with a contractual relationship between the corporation he heads and a third party, expressly set forth the elements of a tortious interference claim to include procurement of a breach of contract.
Furlev,
325 N.W.2d at 25. Since
Furlev,
the court has adhered to this recitation of the elements of tortious interference.
See Kallok v. Medtronic, Inc.,
573 N.W.2d 356, 362 (Minn.1998);
Kjesbo v. Ricks,
517 N.W.2d 585, 588 (Minn.1994). Applying the rule laid out by the Minnesota Supreme Court, E-Shops’s claim fails as a matter of law because it does not allege U.S. Bank intentionally procured a breach of E-Shops’s contract with HSBC bank.
See Sip-Top, Inc. v. Ekco Group, Inc.,
86 F.3d 827, 832 (8th Cir.1996) (affirming summary judgment in favor of defendant where “evidence does not support an inference that [defendant’s] actions caused [plaintiff] to lose a contract”).
Assuming arguendo that the third element does not require procurement of a breach, E-Shops still does not allege how its agreement with HSBC bank has become more expensive. Whether E-Shops bears the loss from fraudulent transactions, and to what extent, arises from the agreement between E-Shops and HSBC bank, an agreement that does not include U.S. Bank as a party. That E-Shops must bear the loss under the agreement is different from how the agreement has become more expensive to perform. There are no factual allegations that U.S. Bank’s conduct, as opposed to those of the unknown parties, made it more expensive for E-Shops to fulfill its contract with HSBC bank. Simply stating that it was harmed because it “shipped product ordered by fraudulent purchasers for a specified amount and then suffered monetary loss when that amount was transferred out of [its] account and transmitted back to [U.S. Bank] as a result of the chargebacks,” without more, is insufficient to show how U.S. Bank made E-Shops’s contract with HSBC bank more expensive to perform.
Therefore, E-Shops’s claim for intentional interference with contractual relations also fails.
C. MUDTPA and MCFA
E-Shops alleges that U.S. Bank violated the MUDTPA, § 325D.44, subdiv. 1(13), and the MCFA, § 325F.69, subdiv. 1, by failing to notify its cardholders of the alleged data breach. The MUDTPA describes conduct that constitutes deceptive trade practices, including “passfing] off goods or services as those of another,” “causing] likelihood of confusion or of misunderstanding as to ... certification of goods or services” and “any other conduct which similarly creates a likelihood of confusion or misunderstanding.” Minn.Stat. § 325D.44, subdiv. 1(1),(2),(13). The MCFA prohibits “[t]he act, use, or employment by any person of any fraud, false pretense, false promise, misrepresentation, misleading statement or deceptive practice, with the intent that others rely thereon in connection with the sale of any merchandise.... ” MinmStat. § 325F.69, subdiv. 1. In sum, both the MUDTPA and the MCFA require that E-Shops plead false, deceptive, or misleading conduct by U.S. Bank. Rule 9(b)’s heightened pleading requirement also applies to statutory fraud claims.
Trooien v. Mansour,
608 F.3d 1020, 1028 (8th Cir.2010) (defendant’s fraudulent misrepresentation claim under Minnesota law is subject to Rule 9(b)’s pleading requirements).
This claim suffers from the same deficiency as the aiding and abetting claim. The complaint contains no factual allegations describing the circumstances surrounding the alleged data breach. E-Shops alleges that there was a data
breach, which “U.S. Bank was aware of’ but did nothing “to notify the affected cardholders” or remedy the problem. However, missing are factual allegations explaining the who, what, when, where and how U.S. Bank’s conduct amounted to false, deceptive, or misleading conduct.
See id.
(“complaint must plead ... the details of the defendant’s fraudulent acts, including when the acts occurred, who engaged in them, and what was obtained as a result”).
Consequently, E-Shops’s claim for violations of the MUDTPA and the MCFA also fail for lack of particularity.
D. Unjust enrichment
Finally, E-Shops alleges that it conferred a direct benefit on U.S. Bank which it should not be permitted to retain as it would be “unjustly enriched.” To establish a claim of unjust enrichment under Minnesota law, a plaintiff must show the defendant “knowingly received or obtained something of value for which the defendant in equity and good conscience should pay.”
Schaaf v. Residential Funding Corp.,
517 F.3d 544, 553-54 (8th Cir.2008) (quotation omitted).
The complaint states “[U.S. Bank] received and retained money, through a profit share or otherwise, belonging to [E-Shops] and the Class resulting from [U.S. Bank’s] conduct.” However, no other factual allegation exists to support this claim. Rather, E-Shops notes in its complaint the standard credit card network rules and Visa operating guidelines permit U.S. Bank to initiate the chargebacks in question. E-Shops does not describe or explain the alleged “profit share” or show any inequity in U.S. Bank seeking refunds for its cardholders. E-Shops’s bare assertions are insufficient to state a claim for unjust enrichment and the claim necessarily fails.
CONCLUSION
We therefore affirm the district court’s dismissal of E-Shops’s complaint under Rule 12(b)(6).