United States v. Rueda

United States Court of Appeals
For the First Circuit

No. 18-1962

UNITED STATES,

Appellee,

v.

MEYLISI RUEDA,

Defendant, Appellant.

APPEAL FROM THE UNITED STATES DISTRICT COURT
FOR THE DISTRICT OF MAINE

[Hon. Nancy Torresen, U.S. District Judge]

Before

Howard, Chief Judge,
Thompson and Barron, Circuit Judges.

J. Hillary Billings, Assistant Federal Defender was on brief
for appellant.
Renee M. Bunker, Assistant United States Attorney, Appellate
Chief, with whom Halsey B. Frank, United States Attorney, was on
brief, for appellee.

July 31, 2019
 BARRON, Circuit Judge. Meylisi Rueda ("Rueda") pleaded

guilty to one count of conspiracy to commit access-device fraud,

in violation of 18 U.S.C. § 1029(a)(2), (a)(3), and (b)(2), in the

District Court for the District of Maine. She now challenges the

District Court's sentence resulting from that plea. She argues

that the District Court erred in its calculation of the "loss"

attributable to her offense, due to what, she argues, was an

incorrect reading of § 2B1.1(b)(1) of the United States Sentencing

Guidelines. We affirm.

I.

Beginning in June of 2016, state and federal law

enforcement agencies initiated an investigation into multiple

complaints of credit card fraud originating in Maine. Law

enforcement agents received information in connection with that

investigation that Yaisder Herrera Gargallo, Jose Castillo Febles,

Juan Carlos Febles, and Rueda, had, over the span of several

months, used fraudulent credit cards to purchase merchandise, gift

cards, airline tickets, and to lease rental vehicles.

On June 18, 2016, law enforcement agents stopped a Jeep

in Brunswick, Maine that matched the description of a vehicle used

during the fraudulent credit card transactions under

investigation. Rueda was not in the vehicle when it was pulled

over, but Gargallo, Jose Castillo Febles, and Juan Carlos Febles

were. The agents questioned the three passengers, who admitted in

- 2 -
response that they, along with Rueda, were participants in a

fraudulent credit card scheme; that they had traveled from Florida

to Maine to undertake that scheme; and that they had stolen credit

cards in their possession at the time that they were pulled over.

A search of the vehicle led agents to discover multiple

packages of unopened merchandise (e.g., a Dewalt drill set and

three iPads), multiple credit cards bearing stolen account

information, credit card "skimming" equipment, and a laptop. A

forensic search of the laptop revealed nine text files that

contained what appeared to be credit card information. Agents

identified what they determined were numbers for 2,732 unique

credit cards in these files. In addition to the text files, the

forensic search of the laptop revealed various programs associated

with the manufacture of fake credit cards.

Investigators were able to identify the issuing

financial institutions associated with 2,580 of the 2,732 apparent

credit card numbers that were retrieved from the laptop's text

files. Most of these financial institutions did not submit victim

impact statements. Eight of them did. The victim impact

statements that those eight financial institutions submitted

averred that the losses associated with the card numbers from the

laptop text files that were associated with their institutions

totaled, collectively, $24,673.60.

- 3 -
 On October 6, 2017, Rueda pleaded guilty to one count of

conspiracy to commit access-device fraud, in violation of 18 U.S.C.

§ 1029(a)(2), (a)(3), and (b)(2). The District Court then

requested a pre-sentence report ("PSR"), which the United States

Office of Probation prepared and disclosed on November 24, 2017.

The PSR recommended, pursuant to the Guidelines, a guidelines

sentencing range ("GSR") of 37-46 months of imprisonment.

The PSR based the GSR on the Guidelines' "loss"

definition. Section 2B1.1 of the guidelines defines "loss" as

"the greater of actual loss or intended loss." § 2B1.1, cmt.

n.3(A). "Actual loss" is defined as "the reasonably foreseeable

pecuniary harm that resulted from the offense." Id. at cmt.

n.3(A)(i). "Intended loss," by contrast, is defined as "the

pecuniary harm that the defendant purposely sought to inflict

[which] includes intended pecuniary harm that would have been

impossible or unlikely to occur." Id. at cmt. n.3(A)(ii).

The Guidelines provide additional instructions for

calculating "loss" in cases that involve "Stolen or Counterfeit

Credit Cards and Access Devices." Id. at cmt. n.3(F)(i)

[hereinafter Application Note 3(F)(i)]. These instructions

provide that, "[i]n a case involving any counterfeit access device

or unauthorized access device, loss includes any unauthorized

charges made with the counterfeit access device or unauthorized

access device and shall be not less than $500 per access device."

- 4 -
Section 2B1.1 further states that "counterfeit access device" and

"unauthorized access device" are defined in accordance with 18

U.S.C. § 1029(e). Id. at cmt. n.10(A).

Section 1029(e) of the United States Criminal Code

defines "access device" as "any card, plate, code, account number,

electronic serial number, mobile identification number, [or]

personal identification number . . . that can be used, alone or in

conjunction with another access device, to obtain money, goods,

services, or any other thing of value." 18 U.S.C. § 1029(e)(1).

That section of the federal criminal code defines "counterfeit

access device" as "any access device that is counterfeit,

fictitious, altered, or forged, or an identifiable component of an

access device or a counterfeit access device." Id. at

§ 1029(e)(2). Finally, that section of the federal criminal code

defines "unauthorized access device" as "any access device that is

lost, stolen, expired, revoked, canceled, or obtained with intent

to defraud." Id. at § 1029(e)(3).

After applying the Application Note 3(F)(i), the PSR

determined that the "loss" totaled $1,290,000. The PSR did so by

attributing a loss of $500 to each of the 2,580 numbers retrieved

from the laptop text files that had been determined to constitute

unauthorized or counterfeit access devices.

Rueda objected to the PSR's loss calculation. She

contended that to apply Application Note 3(F)(i)'s $500 minimum

- 5 -
loss amount to each of the 2,580 credit card numbers at issue, the

government would first need to establish that each "can be

used . . . to obtain money, goods, services, or any other thing of

value," in accordance with the statutory definition of an access

device. See 18 U.S.C. § 1029(e)(1). Rueda further contended that

there was no evidentiary basis for the government to make such a

showing. Accordingly, she contended that the "loss" that could be

attributed to her offense was no more than the $24,673.60 of loss

that the eight financial institutions had described in their victim

impact statements.

At sentencing, on October 1, 2018, the District Court

noted that the question of the loss calculation was "close" but

ultimately rejected Rueda's contention. The District Court

adopted, instead, the GSR of 37-46 months of imprisonment based on

the PSR's attribution of a loss of $500 to each of the 2,580

numbers retrieved from the laptop's text files determined to be

counterfeit or unauthorized access devices. The District Court

did note, however, that the difference between the GSR based on

the PSR's "loss" calculation and the GSR based on Rueda's proposed

calculation was "profound." Thus, given various mitigating

factors that the District Court identified, it imposed a variant

sentence of four-months imprisonment followed by two years of

supervised release. Additionally, the District Court ordered a

joint and several restitution obligation of $24,673.60 on Rueda

- 6 -
and her co-defendants. Finally, the District Court granted a

motion to stay Rueda's sentence, pending appeal, to allow Rueda

the opportunity to receive an answer from our Court on the "loss

issue."

Rueda timely appealed her sentence. Our review is de

novo, as her challenge to her sentence turns on a matter of

guidelines interpretation. United States v. Flores-Machicote, 706

F.3d 16, 19 (1st Cir. 2013).

II.

Rueda first contends that the District Court erred in

applying Application Note 3(F)(i)'s $500 minimum loss amount to

each of the 2,580 credit card numbers in making its loss

calculation under the Guidelines, because the government failed to

establish that, in accord with 18 U.S.C. 1029(e)(1)'s definition

of an "access device," each of those numbers "can be used . . . to

obtain money, goods, services, or any other thing of value." 18

U.S.C. § 1029(e)(3). But, we do not agree.

Application Note 3(F)(i) incorporates the definition of

"counterfeit" and "unauthorized" access devices in 18 U.S.C. §

1029(e)(2) and 18 U.S.C. § 1029(e)(3), respectively. Thus,

Application Note 3(F)(i) necessarily requires that a $500 minimum

loss be attributed to each access device of that type, see United

States v. Moon, 808 F.3d 1085, 1092 (6th Cir. 2015) (concluding

that Application Note 3(F)(i)'s express use of the terms

- 7 -
"counterfeit" and "unauthorized" access devices indicated that any

usability requirement must be permissive enough to encompass such

devices in its scope), save for possibly available exceptions not

relevant here, see Application Note 3(F)(i) (describing the

exception for "telecommunication" access devices). As a result,

by the plain terms of Application Note 3(F)(i), the $500 minimum

loss amount must be attributed even to, for example, a "fictitious"

"expired, revoked, [or] canceled" access device. 18 U.S.C. §

1029(e)(2)-(3).

As a result, we do not see how Rueda's contention that

Application Note 3(F)(i) must be read to exclude from its scope

the 2,580 numbers that are at issue here is a tenable one. Rueda

does contend that Application Note 3(F)(i) incorporates the "can

be used" requirements from the definition of an "access device" in

§ 1029(e)(3). She does not develop, however, any argument that

would explain why, given this record, these 2,580 numbers do not

qualify as the kind of "unauthorized" or "counterfeit" access

devices to which Application Note 3(F)(i) plainly applies.

To be sure, Rueda argues that nothing about Application

Note 3(F)(i)'s express inclusion of "unauthorized" and

"counterfeit" access devices precludes the conclusion that it

contains an implicit usability requirement. According to her,

even "expired, revoked, or canceled" access devices can be "used"

in limited ways, such as by "manually impress[ing] [the fraudulent

- 8 -
cards] onto a paper receipt" and "present[ing] [the fraudulent

cards] over the phone . . . when electronic access is temporarily

unavailable."

But, if this is the definition of "can be used" that

Rueda contends should apply here, then we fail to see on what basis

she means to contend that it would not encompass every one of the

2,580 numbers at issue here. Rueda cannot supportably argue that

any of those 2,580 numbers is just a random string of sixteen

digits that happened to be stored on the co-conspirators' computer.

Each of the 2,580 credit card numbers was linked, by a bank

identification number, to an identifiable financial institution.

Each of those 2,580 credit card numbers was also discovered along

with physical credit cards bearing stolen credit card information,

software used to manufacture fake credit cards, products purchased

using stolen credit cards, and "skimming" equipment used to steal

credit card information from gas station customers.

Rueda does rely on the out-of-circuit case United States

v. Onyesoh, 647 F.3d 1157 (9th Cir. 2012), in which the Ninth

Circuit did clearly endorse a usability requirement. But, we do

not read that precedent to hold that the government must show that

a credit card number could successfully obtain money before such

a number could be subject to the $500 minimum "loss" amount for

"counterfeit" and "unauthorized" access devices pursuant to

Application Note 3(F)(i). Thus, even that precedent does not

- 9 -
support her challenge on this score, given this record. See id.

at 1160 (holding that evidence of expired cards "in combination

with another device" such as an "embosser" would potentially

suffice to establish usability).

III.

Rueda separately contends that Application Note

3(F)(i)'s use of the phrase "shall not be less than $500 per access

device" merely modifies "loss includes any unauthorized charges

made with the counterfeit access device or unauthorized access

device." (Emphasis added). Accordingly, Rueda contends, the "most

logical and reasonable" reading of Application Note 3(F)(i) is

that its $500 minimum loss amount may be attributed to an access

device only when it was actually "charge[d]" during the commission

of the offense. And, so read, Rueda contends, Application Note

3(F)(i) would not permit the $500 loss amount to be attributable

to any of the 2,580 numbers at issue here, given that the

government has not shown that any of them were actually charged.

As a result, Rueda argues that the loss attributable to her offense

should not be the $1,290,000 calculated by the District Court. It

should be the $24,673.60 that was reflected in the victim impact

statement that the eight financial institutions submitted.

But, here too, we disagree. The word "loss" in

Application Note 3(F)(i) operates as the subject for the two verb

clauses that follow and that are connected by a conjunction:

- 10 -
"includes any unauthorized charges made with the counterfeit

access device or unauthorized access device" and "shall be not

less than $500 per access device." Accordingly, the sentence is

most naturally read so that these two verb clauses have the same

subject: "loss." So read, Application Note 3(F)(i) provides that

"loss" both (1) shall "include[] any unauthorized charges made

with the counterfeit access device or unauthorized access device"

and (2) "shall be not less than $500 per access device" regardless

of whether each access device was actually charged.

This reading accords -- as Rueda's reading does

not -- with Section 2B1.1(b)(1)'s broader instruction that "loss"

include "intended loss," which is defined as "intended pecuniary

harm that would have been impossible or unlikely to occur." Id.

at cmt. n.3(A)(ii) (emphasis added). This reading also comports

with the rest of Application Note 3(F)(i)'s language, which appears

to establish a special carve-out from the $500 limit for only a

certain type of unauthorized access device -- a telecommunications

access device -- that is merely possessed and not used. § 2B1.1,

cmt. n.3(F)(i). That carve-out indicates that -- contrary to

Rueda's contention -- the higher $500 minimum loss amount generally

does apply to unauthorized or counterfeit access devices that a

defendant merely possesses and has not otherwise used. See United

States v. Cardenas, 598 F. App'x 264, 267 (5th Cir. 2015)

(concluding that the language in the telecommunications provision

- 11 -
indicates that the loss calculation in the previous sentence

encompassed both used and unused devices); United States v. Thomas,

841 F.3d 760, 764 (8th Cir. 2016) (concluding the same).

Finally, this reading accords with the reading given to

Application Note 3(F)(i) by every circuit to have addressed the

argument about its scope that Rueda now advances. See, e.g.,

Cardenas, 598 F. App'x at 267 (concluding that "nothing in the

text [of Application Note 3(F)(i)] requires the access devices to

be actually used" (emphasis in original)); Thomas, 841 F.3d at 764

("[Application Note 3(F)(i)] does not require that the device

actually have been used."); United States v. Gilmore, 431 F. App'x

428, 430-31 (6th Cir. 2011) ("The plain language [of Application

Note 3(F)(i)] sets a floor for calculating the loss attributable

to each device, namely $500; it does not limit loss calculations

to devices actually used.").

IV.

The District Court here noted the "profound" disparity

between the "loss" as calculated by Rueda's PSR and the actual

"loss" attributed to her offense based on the victim impact

statements submitted by the various financial institutions. But,

the District Court, based on that disparity and various mitigating

factors, exercised its discretion to impose a variant sentence of

four-months imprisonment followed by two years of supervised

release. We thus conclude that the District Court did not err in

- 12 -
imposing the sentence that it did. United States v. Popovski, 872

F.3d 552, 554 (7th Cir. 2017) ("If a calculation under Application

Note 3(F)(i) overstates the seriousness of the offense, a district

judge must adjust accordingly."). Accordingly, we affirm the

District Court's sentence.

- 13 -