SB 1351, as amended, Hill. Payment cards.
Existing law generally provides for the regulation of credit and debit cards, including, but not limited to, limitations on the methods for offering and denying a credit card, requirements for listing the name appearing on a credit card, and restrictions on a person’s liability for an unauthorized use of his or her credit or debit card.
This bill would require retailers, starting April 1, 2016, except as specified, that accept a payment card, as defined, to provide a means of processing card-present payment card transactions involving payment cards equipped with embedded microchips or any other technology that is more secure thanbegin delete microchipend deletebegin insert static magnetic stripeend insert
technology for card-present fraud prevention. The bill would also require specified contracts entered into between a financial institution and a payment card network, as those terms are defined, to include a provision requiring thatbegin delete aend deletebegin insert 75% ofend insert new or replacement paymentbegin delete cardend deletebegin insert cardsend insert issued to a cardholder with a California mailing address have an embedded microchip or any other technology that is more secure than microchip technology for card-present fraud prevention. The bill would make legislative findings and declarations in this regard and would repeal these requirements on or before January 1, 2020, unless a later
enacted statute, that is enacted before January 1, 2020, deletes or extends that date.
Vote: majority. Appropriation: no. Fiscal committee: no. State-mandated local program: no.
The people of the State of California do enact as follows:
The Legislature finds and declares all of the
2following:
3(a) Over 80 countries utilize microchip technology for credit
4cards, including, but not limited to, Canada, Mexico, Brazil, and
5countries throughout Europe and Asia.
6(b) The United States is one of the few remaining countries that
7relies almost exclusively on magnetic stripe technology for credit
8and debit cards.
9(c) Credit and debit cards with microchip technology are
10preferred to magnetic stripe cards because identifying information
11is encrypted on an embedded
microchip, which is more difficult
12to counterfeit than a magnetic stripe.
13(d) Adoption of microchip technology in Britain has helped
14reduce fraud from counterfeit cards by 70 percent from 2007 to
152012, inclusive, according to the UK Card Association.
16(e) By contrast, breaches have more than doubled since 2007
17at retailers in the United States, affecting more than 5,000 records,
18according to a survey by the Ponemon Institute, a research firm
19located in Michigan.
20(f) In 2012, United States merchants and banks suffered losses
21of $11.3 billion due to credit card fraud, or $0.05 on every $100
22spent, according to the Nilson Report, a payment-industry
23newsletter based in California.
24(g) If credit and debit cards with microchip technology were
25used in the United States, fraud losses could be reduced by 50
P3 1percent, according to estimates by Aite Group, an independent
2research and advisory firm focused on business, technology, and
3regulatory issues and their impact on the financial services industry.
4(h) It has been widely reported that retailers, banks, financial
5institutions, and credit unions are planning on voluntarily adopting
6microchip technology beginning in October 2015.
Title 1.3E (commencing with Section 1748.70) is
8added to Part 4 of Division 3 of the Civil Code, to read:
9
(a) Except as specified in subdivision (b), on and
13after January 1, 2015, any contract entered into between a financial
14institution and a payment card network to govern the circumstances
15under which the logo of the payment card network is displayed on
16a payment card issued by that financial institution shall include a
17provision requiring thatbegin delete anyend deletebegin insert 75 percent ofend insert new or replacement
18paymentbegin delete cardend deletebegin insert
cardsend insert issued on or after April 1, 2016, to a cardholder
19with a California mailing address by that financial institution with
20that payment card logo, have an embedded microchip or any other
21technology that is more secure than microchip technology for
22card-present fraud prevention.
23(b) On and after January 1, 2017, any contract entered into
24between a small financial institution and a payment card network
25to govern the circumstances under which the logo of the payment
26card network is displayed on a payment card issued by that
27financial institution shall include a provision requiring thatbegin delete anyend deletebegin insert 75
28percent ofend insert new or replacement
paymentbegin delete cardend deletebegin insert cardsend insert issued on or
29after October 1, 2017, to a cardholder with a California mailing
30address by that financial institution with that payment card logo,
31have an embedded microchip or any other technology that is more
32secure than microchip technology for card-present fraud prevention.
33(c) A small financial institution that subsequently exceeds five
34billion dollars ($5,000,000,000) in assets shall be provided with
35one year from the date it first exceeds the five-billion-dollar
36($5,000,000,000) threshold to comply with subdivision (a).
(a) On and after April 1, 2016, a retailer that accepts
38a payment card in a card-present, point-of-sale transaction shall
39provide a means of processing card-present, point-of-sale payment
40card transactions involving payment cards equipped with an
P4 1embedded microchip or any other technology that is more secure
2thanbegin delete microchipend deletebegin insert static magnetic stripeend insert technology for card-present
3fraud prevention.
4(b) The requirements of subdivision (a) shall apply to small
5retailers and gas station pump payment
terminals on and after
6October 1, 2017.
For purposes of this title, the following terms shall
8have the following meanings:
9(a) “Financial institution” means a depository institution or other
10entity that issues a payment card to a cardholder for use by that
11cardholder to purchase goods, services, or anything else of value.
12“Financial institution” can include a retailer.
13(b) “Payment card” means a credit or debit card.
14(c) “Payment card network” means an entity that facilitates the
15payment process between credit or debit card users, retailers, and
16credit or debit card issuers.
17(d) “Retailer” means a person or entity that furnishes money,
18goods, services, or anything else of value upon the presentation
19of a payment card by a cardholder. “Retailer” shall not mean the
20state, a county, city, city and county, or any other political
21subdivision of the state.
22(e) “Small financial institution” means a financial institution
23with assets of five billion dollars ($5,000,000,000) or less as of
24January 1, 2015.
25(f) “Small retailer” means a retailer with 10 or less employees.
It is the intent of the Legislature that this title provide
27consumer protection consistent with federal law and not impact
28private agreements between retailers, small retailers, and payment
29card networks relating to which party bears liability for fraudulent
30payment card usage.
This title shall remain in effect only until January 1,
322020, and as of that date is repealed, unless a later enacted statute,
33that is enacted before January 1, 2020, deletes or extends that date.
O
93