SB 1351, as amended, Hill. Payment cards.
Existing law generally provides for the regulation of credit and debit cards, including, but not limited to, limitations on the methods for offering and denying a credit card, requirements for listing the name appearing on a credit card, and restrictions on a person’s liability for an unauthorizedbegin delete usedend deletebegin insert useend insert of his or her credit or debit card.
This bill would require retailers, starting April 1, 2016, except as specified, that accept a payment card, as defined, to provide a means of processing card-present payment card transactions involving payment cards equipped with embedded microchips or any other technology that is generally accepted within the
payments industry as being more secure than microchip technology for card-present fraud prevention. The bill would require a retailer that issues a payment card that lacks a payment network logo to ensure that any new or replacement card issued on or after October 1, 2017, has an embedded microchip or any other technology that is generally accepted within the payments industry as being more secure than microchip technology for card-present fraud prevention. The bill would also require specified contracts entered into between a financial institutionbegin delete, as defined,end delete and a payment card network, as those terms are defined, to include a provision requiring that a new or replacement payment card issued to a cardholder with a California mailing address have an embedded microchip or any other technology that is generally accepted within the payments industry as being more secure than microchip technology for card-present fraud
prevention. The bill would make legislative findings and declarations in this regard and would repeal these requirements on or before January 1, 2020, unless a later enacted statute, that is enacted before January 1, 2020, deletes or extends that date.
Vote: majority. Appropriation: no. Fiscal committee: no. State-mandated local program: no.
The people of the State of California do enact as follows:
The Legislature finds and declares all of the
2following:
3(a) Over 80 countries utilize microchip technology for credit
4cards, including, but not limited to, Canada, Mexico, Brazil, and
5countries throughout Europe and Asia.
6(b) The United States is one of the few remaining countries that
7relies almost exclusively on magnetic stripe technology for credit
8and debit cards.
9(c) Credit and debit cards with microchip technology are
10preferred to magnetic stripe cards because identifying information
11is encrypted on an embedded
microchip, which is more difficult
12to counterfeit than a magnetic stripe.
13(d) Adoption of microchip technology in Britain has helped
14reduce fraud from counterfeit cards by 70 percent from 2007 to
152012, inclusive, according to the UK Card Association.
16(e) By contrast, breaches have more than doubled since 2007
17at retailers in the United States, affecting more than 5,000 records,
18according to a survey by the Ponemon Institute, a research firm
19located in Michigan.
20(f) In 2012, United States merchants and banks suffered losses
21of $11.3 billion due to credit card fraud, or $0.05 on every $100
22spent, according to the Nilson Report, a payment-industry
23newsletter based in California.
P3 1(g) If credit and debit cards with microchip technology were
2used in the United States, fraud losses could be reduced by 50
3percent, according to estimates by Aite Group, an independent
4research and advisory firm focused on business, technology, and
5regulatory issues and their impact on the financial services industry.
6(h) It has been widely reported that retailers, banks, financial
7institutions, and credit unions are planning on voluntarily adopting
8microchip technology beginning in October 2015.
Title 1.3E (commencing with Section 1748.70) is
10added to Part 4 of Division 3 of the Civil Code, to read:
11
(a) Except as specified in subdivision (b), on and
15after January 1, 2015, any contract entered into between a financial
16institution and a payment card network to govern the circumstances
17under which the logo of the payment card network is displayed on
18a payment card issued by that financial institution shall include a
19provision requiring that any new or replacement payment card
20issued on or after April 1, 2016, to a cardholder with a California
21mailing address by that financial institution with that payment card
22logo, have an embedded microchip or any other technology that
23is generally accepted within the payments industry as being more
24secure than microchip technology for card-present fraud prevention.
25(b) On and after January 1, 2017, any contract entered into
26between a small financial institution and a payment card network
27to govern the circumstances under which the logo of the payment
28card network is displayed on a payment card issued by that
29financial institution shall include a provision requiring that any
30new or replacement payment card issued on or after October 1,
312017, to a cardholder with a California mailing address by that
32financial institution with that payment card logo, have an embedded
33microchip or any other technology that is generally accepted within
34the payments industry as being more secure than microchip
35technology for card-present fraud prevention.
36(c) A small financial institution that subsequently exceeds five
37billion dollars ($5,000,000,000)
in assets shall be provided with
38one year from the date it first exceeds the five-billion-dollar
39($5,000,000,000) threshold to comply with subdivision (a).
(a) On and after April 1, 2016, a retailer that accepts
2a payment card in a card-present, point-of-sale transaction shall
3provide a means of processing card-present, point-of-sale payment
4card transactions involving payment cards equipped with an
5embedded microchipbegin delete capable of storing a personal identification or any other technology that is generally accepted within
6numberend delete
7the payments industry as being more secure than microchip
8technology for card-present fraud prevention.
9(b) A retailer that issues a payment card that lacks a payment
10network logo shall ensure that any new or replacement
payment
11card issued on or after October 1, 2017, has an embedded microchip
12or any other technology that is generally accepted within the
13payments industry as being more secure than microchip technology
14for card-present fraud prevention.
15(c) The requirements of subdivision (a) shall apply to small
16retailers and gas station pump payment terminals on and after
17October 1, 2017.
For purposes of this title, the following terms shall
19have the following meanings:
20(a) “Financial institution” means a depository institution or other
21entity that issues a payment card to a cardholder for use by that
22cardholder to purchase goods, services, or anything else of value.
23“Financial institution” can include a retailer.
24(b) “Payment card” means a credit or debit card.
25(c) “Payment card network” means an entity that facilitates the
26payment process between credit or debit card users, retailers, and
27credit or debit card issuers.
28(d) “Retailer” means a person or entity that furnishes money,
29goods, services, or anything else of value upon the presentation
30of a payment card by a cardholder. “Retailer” shall not mean the
31state, a county, city, city and county, or any other political
32subdivision of the state.
33(e) “Small financial institution” means a financial institution
34with assets of five billion dollars ($5,000,000,000) or less as of
35January 1, 2015.
36(f) “Small retailer” means a retailer with 10 or less employees.
It is the intent of the Legislature that this title provide
38consumer protection consistent with federal law.
This title shall remain in effect only until January 1,
22020, and as of that date is repealed, unless a later enacted statute,
3that is enacted before January 1, 2020, deletes or extends that date.
O
95