United States District Court, E.D. Missouri, Eastern Division
MEMORANDUM AND ORDER
G FLEISSIG, UNITED STATES DISTRICT JUDGE.
putative class action arises out of Defendant Build.com,
Inc.'s alleged interception of its online customers'
names, addresses, telephone numbers, and credit card
information (defined in the complaint, collectively, as
“Credit Card Details”), and disclosure of those
details to unrelated third parties, without the
customers' consent. The matter is now before the Court on
Defendant's motion (ECF No. 24) to dismiss the second
amended complaint of named Plaintiff Rhonda Jurgens with
prejudice, for failure to state a claim and lack of standing.
For the following reasons, the Court will grant
about March 29, 2014, Plaintiff used a computer to visit
Defendant's website, on which consumers could purchase
home improvement merchandise. On the website, Plaintiff
selected kitchen plumbing hardware and added it to her online
shopping cart, for a purchase price totaling $703.53. When
Plaintiff clicked a button to begin the check-out process,
the website displayed a payment page, including a payment
form asking Plaintiff to enter her Credit Card Details. The
payment page also included a button to “Review
to the second amended complaint, the following then
16. Plaintiff entered her Credit Card Details on the Payment
Page. As she did so, with each keystroke that appeared on her
monitor display, her changes were transmitted to a file in
her browser referred to as the “DOM” (Document
Object Model)-an internal browser capture of the real-time
state of an active web page-in this case, the Payment Page,
the payment form on it, and the payment data Plaintiff
entered on it.
17. The DOM is a transient storage file, incidental to the
receipt and sending of web communications.
B. Defendant's Interception of Plaintiff's
Credit Card Details
18. While Plaintiff entered her Credit Card Details on
Defendant's Page, as described above, it was not her
intent to communicate with Defendant or any other party;
rather, it was her intent to fill in the payment data in the
payment form requested by Defendant, for transmittal to
Defendant if and when she chose to click the button to
confirm her purchase intent.
19. Plaintiff's entry of Credit Card Details was an
electronic communication to temporary browser storage, as
described above, but not to Defendant, and Defendant did not
have consent or the right in any way to intercept her Credit
Card Details . . . .
ECF No. 22 ¶¶ 16-19.
alleges that Defendant intercepted her Credit Card Details
“through the use of electronic devices known as
Plaintiff's computer via the Internet from
Defendant's computer facilities.” Id.
executed on her computer because of Defendant's explicit
instructions, built into its Payment Page, ” and
Defendant intercepted Plaintiff's Credit Card Details
while those details “were temporarily stored in
Plaintiff's browser, before transmission over the
Internet.” Id. ¶¶ 29, 39.
further alleges that “by operation of those same
scripts, ” Defendant disclosed Plaintiff's credit
card information to six or more third parties. Id.
¶¶ 24, 26. These third parties were
“providers of services such as image and video
advertising, user tracking and profiling, and tracking of
user mouse movements and clicks-none of which is necessary to
process payments.” Id. ¶ 22. Plaintiff
alleges that, for “other third parties, Defendant coded
its Payment Page to restrict scripts . . . [such that]
Defendant did not use the scripts to access Plaintiff's
Credit Card Details in the DOM or disclose them to the third
party.” Id. ¶ 25. Plaintiff points to
this “differential treatment” as evidence that
“Defendant engaged in interception and disclosure of
Credit Card Details in the DOM with knowledge and
and security breaches, and because of these risks, such
scripts are in violation of payment card industry standards
and are not used by more security-conscious online retailers.
In support of these allegations, Plaintiff cites news
articles dated in 2011 and 2014. Id. ¶ 33 n.5.
Plaintiff also states that the source of her information in
this regard is her “counsel's investigation.”
Id. ¶ 34.
Plaintiff accessed Defendant's website and made her
purchases on March 29, 2014, she did not file suit until
December 30, 2016. Plaintiff alleges that she “did not
have the technical knowledge or reasonable means to detect
computer” and to “understand their implications
for privacy [and] security, ” and that she only learned
of this violation “through the investigation of her
counsel in August 2016.” Id. ¶¶ 47,
second amended complaint asserts three claims: (1) Violations
of the Wiretap Act, as amended by the Electronic
Communications Privacy Act of 1986 (“ECPA”) 18
U.S.C. § 2511(1)(a) (Interception); (2) Violations of
the Wiretap Act, 18 U.S.C. § 2511(1)(c) (Disclosure);
and (3) Common-Law Unjust Enrichment. Plaintiff seeks
injunctive relief, the maximum allowable statutory damages,
punitive damages, and attorneys' fees.
brings this action on her own on behalf and on behalf of two
proposed classes: (1) a “Wiretap Act Class”
encompassing “[a]ll individuals in the United States
who used payment cards to purchase merchandise on the
www.build.comwebsite during the Wiretap Act Class
Period, ” defined as “two years preceding the
date of filing of the Original Petition in this matter and
extending to the date [of class certification]”; and
(2) a “Missouri Class” encompassing “[a]ll
individual Missouri citizens aged 18 years and over who used
payment cards to purchase merchandise on the
www.build.comwebsite during the Missouri Class
Period . . . where such merchandise was primarily for
personal, family, or household uses, ” with the
Missouri Class Period defined as “five years preceding
the date of filing of the Original Petition in this matter
and extending to the date of [class certification].”
Id. ¶¶ 58-59.