The opinion of the court was delivered by: ARTHUR SPATT, District Judge
MEMORANDUM OF DECISION AND ORDER
On July 15, 2002, Jamie Garay, ("Garay" or the "plaintiff") commenced
this action against U.S. Bancorp (the "defendant"), asserting seven
causes of action, three claims relying on criminal violations and four
state common law claims: (1) aiding and abetting identity theft; (2)
aiding and abetting mail fraud; (3) obstructing justice; (4) gross
negligence; (5) failure to provide due diligence; (6) aiding and abetting
in a conspiracy to commit conversion; and (7)
invasion of privacy. Pending before the Court is the defendant's
motion for summary judgment dismissing the complaint on the ground that
the three claims asserting criminal violations do not afford a private
right of action. In addition, the defendant asserts that there is no
legal basis to support the plaintiff's four state common law claims.
The following facts are undisputed unless otherwise indicated. In 2001,
an imposter stole Garay's identification information, including her name,
date of birth, social security number, and address. Based on the stolen
information, the imposter applied for a credit card from U.S. Bank
National Association ND ("U.S. Bank"), a subsidiary of U.S. Bancorp.
In that same year, U.S. Bank received, via the internet, an application
for a WorldPerks Visa business credit card from a company called the
Ultimate Roots Inc. The application was transferred to a U.S. Bank data
entry form. The defendant explains that, upon receipt of a business
credit card application, it was U.S. Bank's standard procedure to attempt
to verify certain information associated with the business listed on the
application, including the owner and the address of the business, by
consulting a Dun & Bradstreet Report. The defendant contends that no
Dun & Bradstreet Report existed for Ultimate Roots Inc.
According to the defendant, to determine whether to issue a credit card
a business card application, U.S. Bank's underwriting practices
focused on the verification of certain information relating to the
authorizing officer indicated in the application because business cards
function very similarly to consumer credit cards. The authorizing officer
was identified as the plaintiff. The application also listed: (a) 16
Hallock Meadow Drive, Stonybrook, New York as the authorizing officer's
address; (b) October 13, 1958 as the authorizing officer's date of birth;
and (c) the authorizing officer with Garay's social security number.
Because the computer program U.S. Bank used at that time to initially
process internet-based credit card applications deleted leading zeros
from the social security number, the leading zero in the authorizing
officer's social security did not appear on the application.
Nevertheless, U.S. Bank received a nine digit social security number for
the authorizing officer and used the entire nine digit number to process
The defendant further contends that, to verify the information relating
to the authorizing officer listed on the application, U.S. Bank obtained
an electronic copy of an Equifax Consumer Credit Report in the name of
"Jamie Garay." By comparing the information listed on the application
with the information listed in the Equifax Consumer Credit Report, U.S.
Bank verified the information relating to the authorizing officer, which
included the authorizing officer's name, address, date of birth and
social security number. U.S. Bank also reviewed the credit history of the
authorizing officer contained in the Equifax
Consumer Credit Report. In sum, the defendant contends that it
followed all the regular procedures to investigate a new account.
In response, the plaintiff contends that neither U.S. Bank nor U.S.
Bankcorp ever tried to obtain a Dun & Bradstreet report about
Ultimate Roots Inc. In addition, the plaintiff disputes the defendant's
assertion that the name "Jamie Garay" was linked to the authorizing
officer. The plaintiff further contends that the defendant failed to
verify the address, date of birth, and social security number of the
On an unspecified date, U.S. Bank issued a WorldPerks Visa business
credit card with a credit limit in the amount of $20,000 to the imposter
in the name of "Jamie Garay" for Ultimate Roots Inc. Sixteen transactions
were executed with use of the credit card, totaling in the amount of
$20,098.05. On or about March 19, 2001, the account became delinquent.
On or about July 24, 2001, the plaintiff informed U.S. Bank that she
did not open the account and that the account was fraudulent. Soon
thereafter, U.S. Bank opened an internal fraud case to investigate the
facts and circumstances surrounding the application for and use of the
credit card. U.S. Bank reversed all of the charges associated with the
account, including the purchase charges, finance charges, late payment
fees and over-the-limit fees, causing U.S. Bank to absorb the loss of
more than a sum of $20,000. Pursuant to
its policy, if an account is delinquent for more than 150 days, the
defendant reports it to a credit reporting agency. However, because the
account here was less than 150 days past due, U.S. Bank never reported
any delinquency to any credit reporting agency.
Sometime after July 24, 2001, Garay contacted U.S. Bank seeking
documents related to the account. Soon thereafter, at the plaintiff's
request, U.S. Bank sent to her eight account statements.
On or about August 2, 2003, the defendant issued a credit card to her
home address but failed to follow the fraud alert on her credit file to
personally contact her at a specific telephone number before issuing a
credit card. The plaintiff contends that the defendant's failure to
follow the fraud alert is further evidence that the it fails to follow
procedures to investigate a new account.