Interactive Communications International, Inc. v. Great American Insurance Company ( 2018 )


Menu:
  •                Case: 17-11712       Date Filed: 05/10/2018      Page: 1 of 15
    [DO NOT PUBLISH]
    IN THE UNITED STATES COURT OF APPEALS
    FOR THE ELEVENTH CIRCUIT
    ________________________
    No. 17-11712
    ________________________
    D.C. Docket No. 1:15-cv-02671-WSD
    INTERACTIVE COMMUNICATIONS INTERNATIONAL, INC. et al.,
    Plaintiff-Appellants,
    versus
    GREAT AMERICAN INSURANCE CO.,
    Defendant-Appellee.
    ________________________
    Appeal from the United States District Court
    for the Northern District of Georgia
    ________________________
    (May 10, 2018)
    Before MARCUS and NEWSOM, Circuit Judges, and BUCKLEW,* District
    Judge.
    PER CURIAM:
    ____________________
    *Honorable Susan C. Bucklew, United States District Judge for the Middle District of Florida,
    sitting by designation.
    Case: 17-11712    Date Filed: 05/10/2018    Page: 2 of 15
    This insurance-coverage case arises out of a “Computer Fraud” policy issued
    by Great American Insurance Company to Interactive Communications
    International, Inc. and HI Technology Corp. (together, “InComm”). InComm sells
    “chits”—each of which has a specific monetary value—to consumers, who can
    then “redeem” them by loading their value onto a debit card. InComm lost a lot of
    money—$11.4 million—when fraudsters manipulated a glitch in InComm’s
    computerized interactive-telephone system that enabled them to redeem chits
    multiple times, with each duplicative redemption of an already-redeemed chit
    defrauding InComm of the chit’s value. We hold, though, that InComm’s
    insurance policy does not cover its loss. Although the fraudsters did “use [a]
    computer” within the meaning of the policy, we conclude that InComm’s loss did
    not “result[] directly” from the computer fraud, as required by the policy’s plain
    language.
    I
    InComm operates a network that allows consumers to put money onto
    general-purpose reloadable debit cards issued by banks. In particular, InComm
    sells “chits” to consumers, which they can then use to transfer funds to their cards.
    After purchasing a chit at a retailer like CVS or Walgreens, a consumer can simply
    call InComm to redeem the chit and have its value moved over to his card.
    When a consumer dials InComm’s 1-800 number to redeem a chit, he is
    2
    Case: 17-11712    Date Filed: 05/10/2018    Page: 3 of 15
    connected to InComm’s interactive voice response (“IVR”) computer system. The
    IVR system uses eight computers that process voice requests or telephone touch-
    tone codes. To redeem a chit through InComm’s IVR, a consumer enters his debit
    card number and the PIN located on the back of the chit. The IVR then credits the
    value of the chit to the card, and the funds become immediately available to the
    cardholder.
    After making the funds available for use, InComm is contractually obligated
    to transfer money, equivalent to the value of the redeemed chit(s), to the bank that
    issued the debit card. By contract, InComm is obligated to transfer the funds
    within 15 days, although as a matter of standard practice, InComm typically does
    so within 24 hours. The funds are maintained in the card-issuing bank, for the
    cardholder’s benefit, until he uses the card to conduct a transaction. Because
    InComm’s computer system immediately credits the value of a redeemed chit to a
    debit card, a cardholder could make purchases using a debit card before or after
    funds sufficient to cover the value of the redeemed chit are transferred from
    InComm to the card-issuing bank.
    Between November 2013 and May 2014, fraudsters exploited a vulnerability
    in InComm’s IVR system that enabled multiple redemptions of a single chit.
    Specifically, the fraudsters figured out that they could redeem a single chit multiple
    times by making two or more concurrent calls to the IVR system and
    3
    Case: 17-11712    Date Filed: 05/10/2018    Page: 4 of 15
    simultaneously requesting the redemption of a particular chit. One call would
    transfer the funds from the chit to the debit card account, while the other would
    return the chit to an “unredeemed” state, allowing it to be redeemed again. Over
    seven months, InComm’s system processed 25,553 fraudulent redemptions
    associated with 1,988 individual chits.
    The fraudulent redemptions cost InComm $11.4 million. The vast majority
    of that loss—$10.7 million—was redeemed on debit cards issued by Bancorp bank.
    It is that $10.7 million sum that is at issue in this case. Pursuant to InComm’s
    contract with Bancorp, InComm sold chits to consumers and provided the IVR
    computer system that allowed the users to transfer the chit’s value to their
    Bancorp-issued debit cards. Once InComm’s IVR system was used to redeem a
    chit, the chit’s value was made available for use on the Bancorp card. Bancorp
    was obligated to transfer funds to merchants to cover purchases made using their
    debit cards, and InComm, in turn, was obligated to transfer funds equivalent to the
    value of the redeemed chit(s) to a Bancorp account through which Bancorp pays
    for those purchases.
    The fraudsters’ simultaneous calls to InComm’s IVR system resulted in
    duplicate funds being made immediately available on Bancorp customers’ debit
    cards. Because InComm believed the transactions to be legitimate, it wired funds
    to Bancorp to cover the purchasing power made available on the cards.
    4
    Case: 17-11712    Date Filed: 05/10/2018    Page: 5 of 15
    II
    The insurance policy at issue protects InComm against “Computer Fraud.”
    In particular—and the language is important—the policy provides coverage for
    “loss of, and loss from damage to, money, securities and other property resulting
    directly from the use of any computer to fraudulently cause a transfer of that
    property from inside the premises or banking premises: (a) to a person (other than
    a messenger) outside those premises; or (b) to a place outside those premises.”
    InComm seeks coverage for the $10.7 million lost to Bancorp debit card
    holders who fraudulently manipulated InComm’s IVR system to effectuate
    duplicate redemptions of InComm chits.
    The district court granted Great American’s motion for summary judgment.
    It held that the computer-fraud policy did not cover InComm’s claimed loss for
    two reasons. First, the court concluded that the fraud was not accomplished
    through “the use of a[] computer” within the meaning of InComm’s policy; and
    second, it held that, in any event, InComm’s loss did not “result[] directly” from
    the use (computer or otherwise) of the IVR system. Although we disagree with the
    district court’s determination that the fraudsters’ simultaneous phone calls to the
    IVR system did not constitute “use of a[] computer,” we agree with the court’s
    conclusion that InComm’s loss did not “result[] directly” from the computer fraud.
    Accordingly, we affirm the district court’s judgment that InComm’s loss is not
    5
    Case: 17-11712     Date Filed: 05/10/2018    Page: 6 of 15
    covered.
    III
    Great American contends, and the district court concluded, that the policy
    does not cover InComm’s claimed loss because the scam was not perpetrated
    through “the use of a[] computer.” We disagree.
    All parties agree that the IVR system comprises eight computers that process
    transaction requests from cardholders. Thus, the dispute over the “use of a[]
    computer” provision reduces to the question whether phone calls made to a
    computer system constitute “use” of that computer system.
    The district court started with the dictionary definitions of the terms
    “computer” and “telephone.” Based on those definitions, it concluded that “[a]
    ‘telephone’ is not a ‘computer’” but, rather, “a completely different device.” Thus,
    the court held, the phones with which fraudsters had dialed the IVR system were
    not computers within the meaning of InComm’s policy.
    But because the fraud here involved both telephones and computers, we
    cannot stop there. The question is whether the fraudsters “use[d]” both phones
    and computers to perpetrate their scheme—namely, using the phones to
    manipulate—and thereby use—the IVR computers. In rejecting InComm’s
    argument, the district court seems to have imposed additional conditions not
    required by the policy’s plain language—for instance, that the computer “use” be
    6
    Case: 17-11712    Date Filed: 05/10/2018    Page: 7 of 15
    knowing. See, e.g., Dist. Ct. Op. at 26 (“There is no record evidence that
    cardholders even realized their telephone calls resulted in interaction with a
    computer.”).
    But the plain meaning of the word “use”—indeed, as evidenced in the very
    definitions cited by the district court—comfortably supports an understanding that
    encompasses the callers’ access and manipulation of InComm’s IVR system. The
    district court, for instance, cited both the Oxford Dictionaries’ online definition of
    the term “use” to mean “take, hold, or deploy (something) as a means of
    accomplishing or achieving something; employ,” and Webster’s Encyclopedic
    Unabridged Dictionary’s definition to mean “to employ for some purpose; put into
    service; make use of.” Oxford Dictionaries,
    https://en.oxforddictionaries.com/definition/use; Webster’s Encyclopedic
    Unabridged Dictionary of the English Language 2097 (2001). Those definitions, it
    seems to us, fit like a glove. Here, the callers clearly “deploy[ed]”—or
    “employ[ed]”—the IVR computer system “as a means of accomplishing or
    achieving” fraudulent duplicate redemptions of InComm chits. See Oxford
    Dictionaries, https://en.oxforddictionaries.com/definition/use. So too, under the
    district court’s Webster’s-based definition, the callers “used” the IVR system,
    “employ[ing]” it “for some purpose; put[ting it] into service; mak[ing] use of” it.
    See Webster’s Encyclopedic Unabridged Dictionary of the English Language
    7
    Case: 17-11712       Date Filed: 05/10/2018     Page: 8 of 15
    (2001).
    Other dictionaries confirm what the district court’s own indicate. Webster’s
    Second New International Dictionary, for instance, defines “use” as “to convert to
    one’s service; to avail oneself of; to employ.” Webster’s New International
    Dictionary at 2806 (2d ed. 1939). There simply can be no doubt that the fraudsters
    “convert[ed]” InComm’s IVR computer system to their service and “avail[ed]”
    themselves of it by submitting fraudulent reload requests to the computer system in
    a way that yielded duplicate chit redemptions. To be clear, it is not the case, as the
    district court suggested, that the IVR system was just “somehow involved” in the
    fraudsters’ scheme, or that the system was merely “engaged at any point in the
    causal chain.” Rather, the fraudsters interfaced directly with the IVR computer
    system to effectuate their duplicate redemptions. Thus, we conclude that the fraud
    against InComm was perpetrated through the “use of a[] computer” within the
    terms of its insurance policy.
    IV
    But that is not the end. The question remains whether the “loss of …
    money” that InComm suffered here “result[ed] directly” from the use of the IVR.
    Like the district court, we conclude that it did not.1 In explaining why, we must
    1
    We assume for the purposes of this opinion—without deciding—that the use of the IVR
    “fraudulently cause[d] a transfer of … property from inside the … banking premises … to a
    person [or] place outside those premises” within the meaning of InComm’s policy.
    8
    Case: 17-11712     Date Filed: 05/10/2018    Page: 9 of 15
    explore two sub-issues. First, as a matter of law, what exactly does the phrase
    “result[] directly” mean? And second, as a matter of fact, when did InComm’s loss
    occur?
    A
    Not surprisingly, the parties have different views about what it means for a
    loss to “result[] directly” from a computer fraud. For its part, InComm contends—
    not without some support—that the policy’s “resulting directly” language entails
    only a showing of proximate cause. See, e.g., Scirex Corp. v. Fed. Ins. Co., 
    313 F.3d 841
    , 850 (3d Cir. 2002) (applying Pennsylvania law that equates “direct
    cause” with “proximate cause”); see also Retail Ventures, Inc. v. Nat’l Union Fire
    Ins. Co. of Pittsburgh, Pa., 
    691 F.3d 821
    , 831-32 (6th Cir. 2012) (holding that
    under Ohio law, a “proximate cause” standard should be used “to determine
    whether plaintiffs sustained loss ‘resulting directly from’ the ‘theft of Insured
    property by Computer Fraud’”). With its own cases in tow, Great American urges
    us instead to adopt a reading of “resulting directly” that requires immediacy
    between conduct and result. See, e.g., Apache Corp. v. Great Am. Ins. Co., 662 F.
    App’x 252, 258 (5th Cir. 2016) (declining to extend coverage where a loss caused
    by a fraudulent transfer was “the result of other events and not directly [caused] by
    9
    Case: 17-11712       Date Filed: 05/10/2018      Page: 10 of 15
    the computer use”).2
    Rather than following the thread of close-but-not-quite-on-point cases from
    other jurisdictions, however, we look to the plain language of InComm’s policy. It
    is a fundamental principle of Georgia law—and law more generally—that words in
    contracts “generally bear their usual and common signification[.]” Ga. Code Ann.
    § 13-2-2(2); accord, e.g., A. Scalia & B. Garner, Reading Law: The Interpretation
    of Legal Texts at 69 (2012) (“The ordinary meaning rule is the most fundamental
    semantic rule of interpretation. It governs constitutions, statutes, rules, and private
    instruments.”). Accordingly, if the phrase “resulting directly” has a “common
    signification”—i.e., an ordinary meaning—then we have to find and enforce it.
    The dispute here, of course, is not about the term “resulting,” but rather the
    word “directly”: What does it mean for a result to follow a cause “directly”?
    Common-language and legal dictionaries provide a clear (and essentially the same)
    answer. Webster’s Second, for instance, defines “direct” to mean “(1) straight;
    proceeding from one point to another in time or space without deviation or
    2
    The delta between the parties’ competing readings may be smaller than it appears. As Justice
    Cardozo taught us years ago, proximate cause serves to limit liability, not expand it. See
    Palsgraf v. Long Island R. Co., 
    162 N.E. 99
    , 101 (N.Y. 1928). To that end, Black’s defines
    “Proximate Cause,” in relevant part, as “[a] cause that directly produces an event and without
    which the event would not have occurred.—Also termed (in both senses) direct cause; direct and
    proximate cause ….” Black’s Law Dictionary at 265 (10th ed. 2014) (emphasis added).
    Webster’s Second provides a similar definition: “[A] cause which directly or with no mediate
    agency produces an effect; specifically in law, that which in ordinary natural sequence produces
    a specific result, no independent disturbing agencies intervening.” Webster’s New International
    Dictionary at 1995 (2d ed. 1939).
    10
    Case: 17-11712     Date Filed: 05/10/2018   Page: 11 of 15
    interruption; not crooked or oblique …; (2) Straightforward; going straight to the
    point …; (3) Immediate; marked by the absence of an intervening agency or
    influence; making contact or effected without an intermediary[.]” Webster’s New
    International Dictionary at 738 (2d ed. 1939). In the same way, Black’s defines
    “direct” to mean “(1) straight, undeviating; (2) straightforward; (3) free from
    extraneous influence, immediate; (4) of, relating to, or involving passing in a
    straight line of descent, as distinguished from a collateral line.” Black’s Law
    Dictionary at 265 (10th ed. 2014).
    The theme is unmistakable. In accordance with the term’s ordinary
    meaning, we hold that, for purposes of InComm’s policy, one thing results
    “directly” from another if it follows straightaway, immediately, and without any
    intervention or interruption.
    B
    Which leads to the factual question: When, exactly, did InComm’s loss
    occur? And based on the answer to that question, did InComm’s loss “result[]
    directly” (as we have interpreted that phrase) from the fraudsters’ misuse of
    InComm’s IVR computer system?
    We conclude that although the fraudsters’ manipulation of InComm’s
    computers set into motion the chain of events that ultimately led to InComm’s loss,
    their use of the computers did not “directly”—which is to say immediately and
    11
    Case: 17-11712        Date Filed: 05/10/2018       Page: 12 of 15
    without intervention or interruption—cause that loss. To the contrary, several
    steps typically intervened between the fraudulent manipulation of the IVR system
    to enable duplicate chit redemptions, on the front end, and InComm’s ultimate loss,
    on the back. Here is a timeline of sorts:
    • Step 1: The fraudsters manipulate InComm’s IVR system to enable a
    duplicate chit redemption. For each fraudulently redeemed chit, a
    fraudster’s debit card is immediately credited with purchasing power, but
    InComm’s funds are neither transferred, nor disturbed, nor altered in any
    way.
    • Step 2: Shortly after processing a redemption call through the IVR system,
    InComm transfers money (equal to the amount of the redeemed chits) to an
    account at Bancorp for the purpose of paying debts incurred by debit card
    holders. Bancorp maintains the account “for the benefit of” InComm as
    “holder[] of the Cardholder Balances for the benefit of [Debit] Cardholders.”
    Although InComm is contractually obligated to transfer funds to the
    Bancorp account within 15 days of making the corresponding purchasing
    power available on debit cards, as a matter of regular business practice it
    transfers the money to Bancorp within 24 hours. The funds remain in the
    Bancorp account until needed to cover purchases made on a consumer’s
    debit card.
    • Step 3: A debit card user makes a purchase from a merchant, incurring debt
    to be paid from the InComm-earmarked Bancorp account.
    •   Step 4: Bancorp transfers money from the account to the merchant to cover
    the purchase made by the cardholder.3
    3
    In the ordinary course, the fraud and transfer of funds would proceed as sequenced here. It is at
    least possible, however, that the expenditure of the fraudulently obtained funds could occur
    almost immediately after the commission of the fraud. Therefore, even though InComm
    12
    Case: 17-11712        Date Filed: 05/10/2018       Page: 13 of 15
    InComm insists that its loss occurred at Step 2—and is thus “directly” the
    result of the Step-1 fraud. In particular, InComm says that upon transfer of funds
    to the account held by Bancorp, it lost both ownership and control of those funds.
    But the facts of the case demonstrate otherwise—that, in fact, InComm retained at
    least some control over the funds held by Bancorp even after the Step-2 transfer,
    and could prevent their loss by intervening to halt the disbursement of money from
    the Bancorp account to merchants at Step 4. On one particular occasion, after
    identifying fraud associated with $1.9 million in duplicate redemptions by some
    debit card holders, InComm stepped in to prevent the cards from engaging in
    further transactions. InComm did so unilaterally, and indeed did not even inform
    Bancorp that it had done so for nearly a month. That $1.9 million was not “los[t]”;
    rather, it remains to this day in the InComm-earmarked account held by Bancorp.
    Accordingly, InComm’s loss did not occur with the Step-2 transfer of funds
    to the account held by Bancorp. Rather, the loss did not occur until—at Step 4—
    transfers funds to Bancorp within 24 hours of a chit redemption, it is possible that a cardholder
    might spend fraudulently obtained funds before InComm makes the corresponding transfer to
    Bancorp. Despite this potential variation in the sequencing of steps leading to InComm’s loss,
    InComm has always maintained that its loss occurred at the moment it transferred funds to
    Bancorp, not at the moment that fraudulently obtained purchasing power was used by
    cardholders. See, e.g., Br. of Appellant 21 (“InComm’s loss … occurred when the money was
    transferred to Bancorp.”). Thus, the potential for variation in the timing of cardholder purchases
    in the fraud-loss sequence does not change the outcome of this case. We are not obliged to
    consider arguments not raised by the parties. See United States v. Campa, 
    529 F.3d 980
    , 989
    (11th Cir. 2008) (arguments not made in a party’s initial brief are abandoned).
    13
    Case: 17-11712    Date Filed: 05/10/2018   Page: 14 of 15
    Bancorp actually disbursed money from the InComm-earmarked account to pay
    merchants for purchases made by cardholders. That was the point at which
    InComm could not recover its money. That was the point of no return.
    That being the case, it seems clear to us that InComm’s loss did not “result[]
    directly” from the initial computer fraud. Far from being immediate, the loss was
    temporally remote: days or weeks—even months or years—could pass between the
    fraudulent chit redemption and the ultimate disbursement of the fraud-tainted funds
    from InComm’s Bancorp account. And it is not just that the loss was remote in
    time; the chain of causation involved intervening acts and actors between the Step-
    1 fraud and the Step-4 loss. Even after a chit was fraudulently redeemed, each of
    the following had to occur: (1) InComm had to transfer money to the Bancorp
    account; (2) the cardholder had to make a purchase using fraudulently obtained
    funds; and (3) Bancorp had to disburse money from InComm’s account to cover
    the purchase and pay the merchant. It was only at that point that InComm’s loss
    truly materialized. The lack of immediacy—and the presence of intermediate
    steps, acts, and actors—makes clear that the loss did not “result[] directly” from
    the initial fraud.
    V
    Because InComm’s loss did not “result[] directly” from the fraudulent use of
    its IVR computer system, the loss is not covered by its insurance policy. We
    14
    Case: 17-11712    Date Filed: 05/10/2018   Page: 15 of 15
    therefore affirm the district court’s grant of summary judgment in favor of Great
    American.
    AFFIRMED.
    15
    

Document Info

Docket Number: 17-11712

Filed Date: 5/10/2018

Precedential Status: Non-Precedential

Modified Date: 4/17/2021