Assembly BillNo. 844

3

1747.02.  

As used in this title:

4(a) “Credit card” means any card, plate, coupon book, or other
5single credit device existing for the purpose of being used from
6time to time to obtain money, property, labor, or services on credit.
7“Credit card” does not mean any of the following:

8(1) Any single credit device used to obtain telephone property,
9labor, or services in any transaction under public utility tariffs.

10(2) Any device that may be used to obtain credit pursuant to an
11electronic fund transfer, but only if the credit is obtained under an
12agreement between a consumer and a financial institution to extend
13 credit when the consumer’s asset account is overdrawn or to
14 maintain a specified minimum balance in the consumer’s asset
15account.

P3    1(3) Any key or card key used at an automated dispensing outlet
2to obtain or purchase petroleum products, as defined in subdivision
3(c) of Section 13401 of the Business and Professions Code, that
4will be used primarily for business rather than personal or family
5purposes.

6(b) “Accepted credit card” means any credit card that the
7cardholder has requested or applied for and received or has signed,
8or has used, or has authorized another person to use, for the purpose
9of obtaining money, property, labor, or services on credit. Any
10credit card issued in renewal of, or in substitution for, an accepted
11credit card becomes an accepted credit card when received by the
12cardholder, whether the credit card is issued by the same or a
13successor card issuer.

14(c) “Debit card” means an accepted debit card or other means
15of access to a debit cardholder’s account that may be used to initiate
16electronic funds transfers and may be used without unique
17identifying information such as a personal identification number
18to initiate access to the debit cardholder’s account.

19(d) “Accepted debit card” means a debit card that the debit
20cardholder has requested and received or has signed, or has used,
21or has authorized another person to use, for the purpose of
22obtaining money, property, labor, or services. Any debit card issued
23in renewal of, or in substitution for, an accepted debit card becomes
24an accepted debit card when received by the debit cardholder,
25whether the debit card is issued by the same or by a successor card
26issuer.

27(e) “Card issuer” means any person who issues a credit card or
28the agent of that person for that purpose with respect to the credit
29card.

30(f) “Cardholder” means a natural person to whom a credit card
31is issued for consumer credit purposes, or a natural person who
32has agreed with the card issuer to pay consumer credit obligations
33arising from the issuance of a credit card to another natural person.
34For purposes of Sections 1747.05, 1747.10, and 1747.20, the term
35includes any person to whom a credit card is issued for any
36purpose, including business, commercial, or agricultural use, or a
37person who has agreed with the card issuer to pay obligations
38arising from the issuance of that credit card to another person.

39(g) “Debit card issuer” means any person who issues a debit
40card or the agent of that person for that purpose.

P4    1(h) “Debit cardholder” means a natural person to whom a debit
2card is issued.

3(i) “Retailer” means every person other than a card issuer or
4debit card issuer who furnishes money, goods, services, or anything
5else of value. “Retailer” does not mean the state, a county, city,
6city and county, or any other public agency.

7(j) “Unauthorized use” means the use of a credit card or debit
8card by a person, other than the cardholder or debit cardholder,
9(1) who does not have actual, implied, or apparent authority for
10that use and (2) from which the cardholder or debit cardholder
11receives no benefit. “Unauthorized use” does not include the use
12of a credit card or debit card by a person who has been given
13authority by the cardholder or debit cardholder to use the credit
14card or debit card. Any attempted termination by the cardholder
15or debit cardholder of the person’s authority is ineffective as against
16the card issuer or debit card issuer until the cardholder or debit
17cardholder complies with the procedures required by the card issuer
18or debit card issuer to terminate that authority. Notwithstanding
19the above, following the card issuer’s or debit card issuer’s receipt
20of oral or written notice from a cardholder or debit cardholder
21indicating that it wishes to terminate the authority of a previously
22authorized user of a credit card or debit card, the card issuer or
23debit card issuer shall follow its usual procedures for precluding
24any further use of a credit card or debit card by an unauthorized
25person.

26(k) “Inquiry” means a writing that is posted by mail to the
27address of the card issuer or debit card issuer to which payments
28are normally tendered, unless another address is specifically
29indicated on the statement for that purpose, then to that other
30address, and that is received by the card issuer or debit card issuer
31no later than 60 days after the card issuer transmitted the first
32periodic statement that reflects the alleged billing error, and that
33does all of the following:

34(1) Sets forth sufficient information to enable the card issuer or
35debit card issuer to identify the cardholder or debit cardholder and
36the account.

37(2) Sufficiently identifies the billing error.

38(3) Sets forth information providing the basis for the
39cardholder’s or debit cardholder’s belief that the billing error exists.

P5    1(l) “Response” means a writing that is responsive to an inquiry
2and mailed to the cardholder’s or debit cardholder’s address last
3known to the card issuer or debit card issuer.

4(m) “Timely response” means a response that is mailed within
5two complete billing cycles, but in no event later than 90 days,
6after the card issuer or debit card issuer receives an inquiry.

7(n) “Billing error” means an error by omission or commission
8in (1) posting any debit or credit, or (2) in computation or similar
9error of an accounting nature contained in a statement given to the
10cardholder or debit cardholder by the card issuer or debit card
11issuer. A “billing error” does not mean any dispute with respect
12to value, quality, or quantity of goods, services, or other benefit
13obtained through use of a credit card or debit card.

14(o) “Adequate notice” means a printed notice to a cardholder
15or debit cardholder that sets forth the pertinent facts clearly and
16conspicuously so that a person against whom it is to operate could
17reasonably be expected to have noticed it and understood its
18meaning.

19(p) “Secured credit card” means any credit card issued under
20an agreement or other instrument that pledges, hypothecates, or
21places a lien on real property or money or other personal property
22to secure the cardholder’s obligations to the card issuer.

23(q) “Student credit card” means any credit card that is provided
24to a student at a public or private college or university and is
25provided to that student solely based on his or her enrollment in a
26public or private university, or is provided to a student who would
27not otherwise qualify for that credit card on the basis of his or her
28income. A “student credit card” does not include a credit card
29issued to a student who has a cocardholder or cosigner who would
30otherwise qualify for a credit card other than a student credit card.

31(r) “Retail motor fuel dispenser” means a device that dispenses
32fuel that is used to power internal combustion engines, including
33motor vehicle engines, that processes the sale of fuel through a
34remote electronic payment system, and that is in a location where
35an employee or other agent of the seller is not present.

36(s) “Retail motor fuel payment island automated cashier” means
37a remote electronic payment processing station that processes the
38retail sale of fuel that is used to power internal combustion engines,
39including motor vehicle engines, that is in a location where an
P6    1employee or other agent of the seller is not present, and that is
2located in close proximity to a retail motor fuel dispenser.

4

1747.08.  

(a) Except as provided in subdivision (c), no person,
5firm, partnership, association, or corporation that accepts credit
6cards or debit cards for the transaction of business shall do any of
7the following:

8(1) Request, or require as a condition to accepting the credit
9card or debit card as payment in full or in part for goods or services,
10the cardholder or debit cardholder to provide any personal
11identification information.

12(2) Request, or require as a condition to accepting the credit
13card or debit card as payment in full or in part for goods or services,
14the cardholder or debit cardholder to provide personal identification
15information, which the person, firm, partnership, association, or
16corporation accepting the credit card or debit card collects, causes
17to be collected, or otherwise records upon the credit card or debit
18card transaction template or otherwise.

19(3) Utilize, in any credit card or debit card transaction, a credit
20card or debit card template which contains spaces specifically
21designated for filling in any personal identification information of
22the cardholder or debit cardholder.

23(b) For purposes of this section “personal identification
24information,” means information concerning the cardholder or
25debit cardholder, other than information set forth on the credit card
26or debit card, and including, but not limited to, the cardholder’s
27or debit cardholder’s address and telephone number.

28(c) Subdivision (a) does not apply in the following instances:

29(1) If the credit card or debit card is being used as a deposit to
30secure payment in the event of default, loss, damage, or other
31similar occurrence.

32(2) Cash advance transactions.

33(3) If any of the following applies:

34(A) The person, firm, partnership, association, or corporation
35accepting the credit card or debit card is contractually obligated
36to provide personal identification information in order to complete
37the credit card or debit card transaction.

38(B) The person, firm, partnership, association, or corporation
39accepting the credit card or debit card in a sales transaction at a
40retail motor fuel dispenser or retail motor fuel payment island
P7    1automated cashier uses the ZIP Code information solely for
2prevention of fraud, theft, or identity theft.

3(C) The person, firm, partnership, association, or corporation
4accepting the credit card or debit card is obligated to collect and
5record the personal identification information by federal or state
6law or regulation.

7(4) If personal identification information is required for a special
8purpose incidental but related to the individual credit card or debit
9card transaction, including, but not limited to, information relating
10to shipping, delivery, servicing, or installation of the purchased
11merchandise, or for special orders.

12(d) This section does not prohibit any person, firm, partnership,
13association, or corporation from requiring the cardholder or debit
14cardholder, as a condition to accepting the credit card or debit card
15as payment in full or in part for goods or services, to provide
16reasonable forms of positive identification, which may include a
17driver’s license or a California state identification card, or where
18one of these is not available, another form of photo identification,
19provided that none of the information contained thereon is collected
20or recorded on the credit card or debit card transaction template
21or otherwise. If the cardholder or debit cardholder pays for the
22transaction with a credit card or debit card number and does not
23make the credit card or debit card available upon request to verify
24the number, the cardholder’s or debit cardholder’s driver’s license
25number or identification card number may be recorded on the
26credit card or debit card transaction or otherwise.

27(e) Any person who violates this section shall be subject to a
28civil penalty not to exceed two hundred fifty dollars ($250) for the
29first violation and one thousand dollars ($1,000) for each
30subsequent violation, to be assessed and collected in a civil action
31brought by the person paying with a credit card or debit card, by
32the Attorney General, or by the district attorney or city attorney
33of the county or city in which the violation occurred. However,
34no civil penalty shall be assessed for a violation of this section if
35the defendant shows by a preponderance of the evidence that the
36violation was not intentional and resulted from a bona fide error
37made notwithstanding the defendant’s maintenance of procedures
38reasonably adopted to avoid that error. When collected, the civil
39penalty shall be payable, as appropriate, to the person paying with
40a credit card or debit card who brought the action, or to the general
P8    1fund of whichever governmental entity brought the action to assess
2the civil penalty.

3(f) The Attorney General, or any district attorney or city attorney
4within his or her respective jurisdiction, may bring an action in
5the superior court in the name of the people of the State of
6California to enjoin violation of subdivision (a) and, upon notice
7to the defendant of not less than five days, to temporarily restrain
8and enjoin the violation. If it appears to the satisfaction of the court
9that the defendant has, in fact, violated subdivision (a), the court
10may issue an injunction restraining further violations, without
11requiring proof that any person has been damaged by the violation.
12In these proceedings, if the court finds that the defendant has
13violated subdivision (a), the court may direct the defendant to pay
14any or all costs incurred by the Attorney General, district attorney,
15or city attorney in seeking or obtaining injunctive relief pursuant
16to this subdivision.

17(g) Actions for collection of civil penalties under subdivision
18(e) and for injunctive relief under subdivision (f) may be
19consolidated.

20(h) The changes made to this section by Chapter 458 of the
21Statutes of 1995 apply only to credit card transactions entered into
22on and after January 1, 1996. Nothing in those changes shall be
23construed to affect any civil action which was filed before January
241, 1996.

26

1747.08.1.  

(a) An operator of a commercial Internet Web site
27or online service that collects personal identifiable information for
28a credit card or debit card transaction may require a cardholder or
29debit cardholder, as a condition to accepting a credit card or debit
30card as payment in full or in part in an online transaction, to provide
31only the billing ZIP Code number associated with the credit card
32or debit card, if used solely for the prevention of fraud, theft, or
33identity theft. An operator of a commercial Internet Web site or
34online service accepting the credit card or debit card shall destroy
35or dispose of the ZIP Code in a secure manner after it is no longer
36needed for the prevention of fraud, theft, or identity theft. An
37 operator of a commercial Internet Web site or online service
38accepting the credit card or debit card may not aggregate the ZIP
39Code with any other personal identifiable information and may
P9    1not share the ZIP Code with any other operator of a commercial
2Internet Web site or online service.

3(b) Subdivision (a) does not apply to any of the following:

4(1) Instances in which the credit card or debit card is being used
5as a deposit to secure payment in the event of default, loss, damage,
6or other similar occurrence.

7(2) Cash advance transactions.

8(3) Instances in which any of the following applies:

9(A) An operator of a commercial Internet Web site or online
10service is contractually obligated to provide personal identifiable
11information in order to complete the credit card or debit card
12transaction.

13(B) An operator of a commercial Internet Web site or online
14service is obligated to collect and record the personal identifiable
15information by federal or state law or regulation.

16(C) An operator of a commercial Internet Web site or online
17service maintainsbegin delete a preexistingend deletebegin insert anend insert account associated with the
18cardholder or debit cardholder where the cardholder or debit
19cardholderbegin delete has previously providedend deletebegin insert providesend insert personal identifiable
20information as part of thebegin delete creation of anend delete account on the commercial
21Internet Web site or online service.

22(4) Instances in which personal identifiable information is
23required for a special purpose incidental but related to the
24individual credit card or debit card transaction, including, but not
25limited to, information relating to shipping, delivery, servicing, or
26installation of the purchased merchandise, or for special orders.

27(c) For purposes of this section, the following definitions apply:

28(1) “Personal identifiable information” means individually
29identifiable information concerning a cardholder or debit
30cardholder, other than information set forth on the credit card or
31debit card, collected online by the operator from that cardholder
32or debit cardholder, including, but not limited to, the following:

33(A) Home or other physical address, including street name and
34name of a city or town.

35(B) Email address.

36(C) Telephone number.

37(2) “Operator” means a person or entity and any and all affiliated
38corporate entities that own an Internet Web site or an online service
39that collects and maintains personal identifiable information from
40a cardholder or debit cardholder residing in California who uses
P10   1or visits the Internet Web site or online service if the Internet Web
2site or online service is operated for commercial purposes.

3(d) (1) A person who violates this section shall be subject to a
4civil penalty not to exceed two hundred fifty dollars ($250) for the
5first violation and one thousand dollars ($1,000) for each
6subsequent violation, to be assessed and collected in a civil action
7brought by the person paying with a credit card or debit card, by
8the Attorney General, or by the district attorney or city attorney
9of the county or city in which the violation occurred.

10(2) Notwithstanding paragraph (1), a civil penalty shall not be
11assessed for a violation of this section if the defendant shows, by
12a preponderance of the evidence, that the violation was not
13intentional and resulted from a bona fide error made
14notwithstanding the defendant’s maintenance of procedures
15reasonably adopted to avoid that error.

16(3)  When collected, the civil penalty shall be payable, as
17appropriate, to the person paying with a credit card or debit card
18who brought the action, or to the general fund of the governmental
19entity that brought the action to assess the civil penalty.

20(e) The Attorney General, or any district attorney or city attorney
21within his or her respective jurisdiction, may bring an action in
22the superior court in the name of the people of the State of
23California to enjoin violation of subdivision (a) and, upon notice
24to the defendant of not less than five days, to temporarily restrain
25and enjoin the violation. If it appears to the satisfaction of the court
26that the defendant has, in fact, violated subdivision (a), the court
27may issue an injunction restraining further violations, without
28requiring proof that any person has been damaged by the violation.
29In these proceedings, if the court finds that the defendant has
30violated subdivision (a), the court may direct the defendant to pay
31any or all costs incurred by the Attorney General, district attorney,
32or city attorney in seeking or obtaining injunctive relief pursuant
33to this subdivision.

34(f) Actions for collection of civil penalties under subdivision
35(d) and for injunctive relief under subdivision (e) may be
36consolidated.

37(g) This section shall apply only to credit card and debit card
38transactions entered into on and after January 1, 2014. This section
39shall not be construed to affect any civil action that was filed before
40January 1, 2014.

2

1747.09.  

(a) Except as provided in this section, no person,
3firm, partnership, association, corporation, or limited liability
4company that accepts credit or debit cards for the transaction of
5business shall display more than the last five digits of the credit
6or debit card account number or the expiration date upon any of
7the following:

8(1) Any receipt provided to the cardholder.

9(2) Any receipt retained by the person, firm, partnership,
10association, corporation, or limited liability company.

11(3) Any receipt retained by the person, firm, partnership,
12association, corporation, or limited liability company that at the
13time of the purchase, exchange, refund, or return, is not signed by
14the cardholder, because the cardholder or debit cardholder used a
15personal identification number to complete the transaction.

16(b) This section shall apply only to receipts that include a credit
17or debit card account number that are electronically printed and
18shall not apply to transactions in which the sole means of recording
19the person’s credit or debit card account number is by handwriting
20or by an imprint or copy of the credit or debit card.

21(c) This section shall not apply to documents, other than the
22receipts described in paragraphs (1) to (3), inclusive, of subdivision
23(a), used for internal administrative purposes.

24(d) Paragraphs (2) and (3) of subdivision (a) shall become
25operative on January 1, 2009.

27

1748.30.  

For purposes of this title, the following definitions
28shall apply:

29(a) “Accepted debit card” means any debit card which the debit
30cardholder has requested and received or has signed, or has used,
31or has authorized another person to use, for the purpose of
32obtaining money, property, labor, or services. Any debit card issued
33in renewal of, or in substitution for, an accepted debit card becomes
34an accepted debit card when received by the debit cardholder,
35whether the debit card is issued by the same or by a successor card
36issuer.

37(b) “Account” means a demand deposit (checking), savings, or
38other consumer asset account, other than an occasional or incidental
39credit balance in a credit plan, established primarily for personal,
40family, or household purposes.

P12   1(c) “Adequate notice” has the same meaning as found in
2subdivision (o) of Section 1747.02.

3(d) “Debit card” means an accepted debit card or other means
4of access to a debit cardholder’s account that may be used to initiate
5electronic funds transfers and may be used without unique
6identifying information such as a personal identification number
7to initiate access to the debit cardholder’s account.

8(e) “Debit card issuer” means any person who issues a debit
9card or the agent of that person for that purpose.

10(f) “Debit cardholder” means a natural person to whom a debit
11card is issued.

12(g) “Unauthorized use” means the use of a debit card by a
13person, other than the debit cardholder, to initiate an electronic
14fund transfer from the debit cardholder’s account without actual
15authority to initiate the transfer and from which the debit cardholder
16receives no benefit. The term does not include an electronic fund
17transfer initiated in any of the following manners:

18(1) By a person who was furnished the debit card to the debit
19cardholder’s account by the debit cardholder, unless the debit
20cardholder has notified the debit card issuer that transfers by that
21person are no longer authorized.

22(2) With fraudulent intent by the debit cardholder or any person
23acting in concert with the debit cardholder.

24(3) By the debit card issuer or its employee.

27

99030.  

The Regents of the University of California and the
28governing body of each accredited private or independent college
29or university in the state are requested to, and the Trustees of the
30California State University and the Board of Governors of the
31California Community Colleges shall, adopt policies to regulate
32the marketing practices used on campuses by credit card
33companies. In adopting the policies, it is the intent of the
34Legislature that those entities consider including all of the
35following requirements:

36(a) That sites at which student credit cards are marketed be
37registered with the campus administration and that consideration
38be given to limiting the number of sites allowed on a campus.

39(b) That marketers of student credit cards be prohibited from
40offering gifts to students for filling out credit card applications.

P13   1(c) That credit card and debt education and counseling sessions
2become a regular part of campus orientation of new students. For
3purposes of this section, colleges and universities shall utilize
4existing debt education materials prepared by nonprofit entities
5and thus not incur the expense of preparing new materials.

6(d) For the purposes of this chapter, “student credit card” has
7the meaning set forth in subdivision (q) of Section 1747.02 of the
8Civil Code.