Compare Versions


Bill PDF |Add To My Favorites | print page

AB-844 Credit and debit cards: transactions: personal information.(2013-2014)



Current Version: 05/28/13 - Amended Assembly

Compare Versions information image


AB844:v94#DOCUMENT

Amended  IN  Assembly  May 28, 2013
Amended  IN  Assembly  May 01, 2013
Amended  IN  Assembly  April 24, 2013
Amended  IN  Assembly  April 15, 2013
Amended  IN  Assembly  March 19, 2013

CALIFORNIA LEGISLATURE— 2013–2014 REGULAR SESSION

Assembly Bill
No. 844

Introduced by Assembly Member Dickinson

February 21, 2013

An act to amend Sections 1747.02, 1747.08, and 1747.09, and 1748.30of the Civil Code, and to amend Section 99030 of the Education Code, relating to credit and debit cards.


LEGISLATIVE COUNSEL'S DIGEST


AB 844, as amended, Dickinson. Credit and debit cards: transactions: personal information.
Existing state and federal law regulate regulates the provision of credit and the use of credit cards. Existing state law The Song-Beverly Credit Card Act of 1971 generally prohibits a person, firm, partnership, association, or corporation that accepts credit cards for the transaction of business from requesting or requiring the cardholder to provide personal identification information, which is then recorded, as a condition to accepting the credit card as payment in full or in part for goods or services, but provides various exceptions to this prohibition.
Under existing law, a person who violates the above provisions is subject to specified civil penalties, an action for injunctive relief, or both.
This bill would extend the above restrictions regarding the collection of personal identification information to debit cards. The bill would define “debit card” and related terms for these purposes, and would make conforming changes.

This

The bill would permit the collection of personal identification information if the credit card or debit card is being used as part of a layaway transaction. The bill would permit a person, firm, partnership, association, or corporation, including the operator of a commercial Internet Web site or online service, accepting the credit card or debit card in a business transaction to collect personal identification information, as defined, if used solely for the detection, investigation, or prevention of fraud, theft, or identity theft, criminal activity, or enforcement of terms of sale. The bill would require that operator to destroy or dispose of the personal identification information so collected and would prohibit the operator from sharing the personal identification information, as specified. The bill would authorize the assessment of civil penalties or an action for injunctive relief, or both, for a violation of these provisions also permit the collection of personal identification information if the cardholder is advised, or if it is apparent, that the provision of personal identification information is not a condition to accepting the credit card or debit card as payment in full or in part for goods or services and the cardholder has consented to the collection of the personal identification information.
Existing law prohibits a person, firm, partnership, association, corporation, or limited liability company that accepts credit or debit cards for the transaction of business from printing more than the last 5 digits of an individual’s credit card or debit card number, or the expiration date, on a transaction receipt, as specified.
This bill would revise the above provisions to remove specific references to printed receipts, and would make other conforming changes.
Vote: MAJORITY   Appropriation: NO   Fiscal Committee: YES   Local Program: NO  

The people of the State of California do enact as follows:


SECTION 1.

 Section 1747.02 of the Civil Code is amended to read:

1747.02.
 As used in this title:
(a) “Credit card” means any card, plate, coupon book, or other single credit device existing for the purpose of being used from time to time to obtain money, property, labor, or services on credit. “Credit card” does not mean any of the following:
(1) Any single credit device used to obtain telephone property, labor, or services in any transaction under public utility tariffs.
(2) Any device that may be used to obtain credit pursuant to an electronic fund transfer, but only if the credit is obtained under an agreement between a consumer and a financial institution to extend credit when the consumer’s asset account is overdrawn or to maintain a specified minimum balance in the consumer’s asset account.
(3) Any key or card key used at an automated dispensing outlet to obtain or purchase petroleum products, as defined in subdivision (c) of Section 13401 of the Business and Professions Code, that will be used primarily for business rather than personal or family purposes.
(b) “Accepted credit card” means any credit card that the cardholder has requested or applied for and received or has signed, or has used, or has authorized another person to use, for the purpose of obtaining money, property, labor, or services on credit. Any credit card issued in renewal of, or in substitution for, an accepted credit card becomes an accepted credit card when received by the cardholder, whether the credit card is issued by the same or a successor card issuer.
(c) “Debit card” means an accepted debit card or other means of access to a debit cardholder’s account that may be used to initiate electronic funds transfers and may be used without unique identifying information such as a personal identification number to initiate access to the debit cardholder’s account. has the same meaning as defined in Section 1748.30.
(d) “Accepted debit card” means a debit card that the debit cardholder has requested and received or has signed, or has used, or has authorized another person to use, for the purpose of obtaining money, property, labor, or services. Any debit card issued in renewal of, or in substitution for, an accepted debit card becomes an accepted debit card when received by the debit cardholder, whether the debit card is issued by the same or by a successor card issuer. has the same meaning as defined in Section 1748.30.
(e) “Card issuer” means any person who issues a credit card or the agent of that person for that purpose with respect to the credit card.
(f) “Cardholder” means a natural person to whom a credit card is issued for consumer credit purposes, or a natural person who has agreed with the card issuer to pay consumer credit obligations arising from the issuance of a credit card to another natural person. For purposes of Sections 1747.05, 1747.10, and 1747.20, the term includes any person to whom a credit card is issued for any purpose, including business, commercial, or agricultural use, or a person who has agreed with the card issuer to pay obligations arising from the issuance of that credit card to another person.
(g) “Debit card issuer” means any person who issues a debit card or the agent of that person for that purpose. has the same meaning as defined in Section 1748.30.
(h) “Debit cardholder” means a natural person to whom a debit card is issued. has the same meaning as defined in Section 1748.30.
(i) “Retailer” means every person other than a card issuer or debit card issuer who furnishes money, goods, services, or anything else of value. “Retailer” does not mean the state, a county, city, city and county, or any other public agency.
(j) “Unauthorized use” means the use of a credit card or debit card by a person, other than the cardholder or debit cardholder, (1) who does not have actual, implied, or apparent authority for that use and (2) from which the cardholder or debit cardholder receives no benefit. “Unauthorized use” does not include the use of a credit card or debit card by a person who has been given authority by the cardholder or debit cardholder to use the credit card or debit card. Any attempted termination by the cardholder or debit cardholder of the person’s authority is ineffective as against the card issuer or debit card issuer until the cardholder or debit cardholder complies with the procedures required by the card issuer or debit card issuer to terminate that authority. Notwithstanding the above, following the card issuer’s or debit card issuer’s receipt of oral or written notice from a cardholder or debit cardholder indicating that it wishes to terminate the authority of a previously authorized user of a credit card or debit card, the card issuer or debit card issuer shall follow its usual procedures for precluding any further use of a credit card or debit card by an unauthorized person.
(k) “Inquiry” means a writing that is posted by mail to the address of the card issuer or debit card issuer to which payments are normally tendered, unless another address is specifically indicated on the statement for that purpose, then to that other address, and that is received by the card issuer or debit card issuer no later than 60 days after the card issuer transmitted the first periodic statement that reflects the alleged billing error, and that does all of the following:
(1) Sets forth sufficient information to enable the card issuer or debit card issuer to identify the cardholder or debit cardholder and the account.
(2) Sufficiently identifies the billing error.
(3) Sets forth information providing the basis for the cardholder’s or debit cardholder’s belief that the billing error exists.
(l) “Response” means a writing that is responsive to an inquiry and mailed to the cardholder’s or debit cardholder’s address last known to the card issuer or debit card issuer.
(m) “Timely response” means a response that is mailed within two complete billing cycles, but in no event later than 90 days, after the card issuer or debit card issuer receives an inquiry.
(n) “Billing error” means an error by omission or commission in (1) posting any debit or credit, or (2) in computation or similar error of an accounting nature contained in a statement given to the cardholder or debit cardholder by the card issuer or debit card issuer. A “billing error” does not mean any dispute with respect to value, quality, or quantity of goods, services, or other benefit obtained through use of a credit card or debit card.
(o) “Adequate notice” means a printed notice to a cardholder or debit cardholder that sets forth the pertinent facts clearly and conspicuously so that a person against whom it is to operate could reasonably be expected to have noticed it and understood its meaning.
(p) “Secured credit card” means any credit card issued under an agreement or other instrument that pledges, hypothecates, or places a lien on real property or money or other personal property to secure the cardholder’s obligations to the card issuer.
(q) “Student credit card” means any credit card that is provided to a student at a public or private college or university and is provided to that student solely based on his or her enrollment in a public or private university, or is provided to a student who would not otherwise qualify for that credit card on the basis of his or her income. A “student credit card” does not include a credit card issued to a student who has a cocardholder or cosigner who would otherwise qualify for a credit card other than a student credit card.
(r) “Retail motor fuel dispenser” means a device that dispenses fuel that is used to power internal combustion engines, including motor vehicle engines, that processes the sale of fuel through a remote electronic payment system, and that is in a location where an employee or other agent of the seller is not present.
(s) “Retail motor fuel payment island automated cashier” means a remote electronic payment processing station that processes the retail sale of fuel that is used to power internal combustion engines, including motor vehicle engines, that is in a location where an employee or other agent of the seller is not present, and that is located in close proximity to a retail motor fuel dispenser.

SEC. 2.

 Section 1747.08 of the Civil Code is amended to read:

1747.08.
 (a) Except as provided in subdivision (c), no person, firm, partnership, association, or corporation that accepts credit cards or debit cards for the transaction of business shall do any of the following, whether in person or through an operator of a commercial Internet Web site or online service:
(1) Request, or require as a condition to accepting the credit card or debit card as payment in full or in part for goods or services, the cardholder or debit cardholder to provide any personal identification information.
(2) Request, or require as a condition to accepting the credit card or debit card as payment in full or in part for goods or services, the cardholder or debit cardholder to provide personal identification information, which the person, firm, partnership, association, or corporation accepting the credit card or debit card collects, causes to be collected, or otherwise records upon the credit card or debit card transaction template or otherwise.
(3) Utilize, in any credit card or debit card transaction, a credit card or debit card template which contains spaces specifically designated for filling in any personal identification information of the cardholder or debit cardholder.
(b) For purposes of this section, the following terms have the following meanings:
(1) “Personal identification information,” means information concerning the cardholder or debit cardholder, other than information set forth on the credit card or debit card, and including, but not limited to, the cardholder’s or debit cardholder’s address and telephone number.
(2) “Operator” means a person or entity and any and all affiliated corporate entities that own owns an Internet Web site or online service and that accepts a credit card or debit card for the transaction of business from a cardholder or debit cardholder residing in California. “Operator” does not mean the state, a county, city, city and county, or any other public agency.
(c) Subdivision (a) does not apply in the following instances:
(1) If the credit card or debit card is being used as a deposit to secure payment in the event of default, loss, damage, or other similar occurrence, or as part of a layaway transaction.
(2) Cash advance transactions.
(3) If any of the following applies:
(A) The person, firm, partnership, association, or corporation accepting the credit card or debit card is contractually obligated to provide personal identification information in order to complete the credit card or debit card transaction.
(B) The person, firm, partnership, association, or corporation accepting the credit card or debit card in a sales transaction at a retail motor fuel dispenser or retail motor fuel payment island automated cashier uses the ZIP Code information solely for prevention of fraud, theft, or identity theft.
(C) The person, firm, partnership, association, or corporation accepting the credit card or debit card is obligated to collect and record the personal identification information by federal or state law or regulation.
(D) The person, firm, partnership, association, or corporation, including the operator of a commercial Internet Web site or online service, accepting the credit card or debit card in a business transaction uses the personal identification information solely for the detection, investigation, or prevention of fraud, theft, or identity theft. An operator of a commercial Web Site or online service accepting the credit card or debit card shall destroy or dispose of the personal identification information in a secure manner after it is no longer needed for the prevention of fraud, theft, or identity theft. An operator of a commercial Web Site or online service may not share the personal identification information with any other operator of a commercial Internet Web site or online service. theft, criminal activity, or enforcement of terms of sale.
(E) The cardholder is advised, or it is apparent, that the provision of personal identification information is not a condition to accepting the credit card or debit card as payment in full or in part for goods or services and the cardholder has consented to the collection of the personal identification information.
(4) If personal identification information is required for a special purpose incidental but related to the individual credit card or debit card transaction, including, but not limited to, information relating to shipping, delivery, servicing, sales documentation, or installation of the purchased merchandise, or for special orders.
(d) This section does not prohibit any person, firm, partnership, association, or corporation from requiring the cardholder or debit cardholder, as a condition to accepting the credit card or debit card as payment in full or in part for goods or services, to provide reasonable forms of positive identification, which may include a driver’s license or a California state identification card, or where one of these is not available, another form of photo identification, provided that none of the information contained thereon is collected or recorded on the credit card or debit card transaction template or otherwise. If the cardholder or debit cardholder pays for the transaction with a credit card or debit card number and does not make the credit card or debit card available upon request to verify the number, the cardholder’s or debit cardholder’s driver’s license number or identification card number may be recorded on the credit card or debit card transaction or otherwise.
(e) This section does not prohibit any person, firm, partnership, association, or corporation, including the operator of a commercial Internet Web site or online service, from collecting or using personal identification information if the operator maintains or its affiliated corporate entities maintain an account associated with the credit cardholder or debit cardholder and if the cardholder provides personal information as part of the establishment, updating, or maintenance of that account.
(f) Any person who violates this section shall be subject to a civil penalty not to exceed two hundred fifty dollars ($250) for the first violation and one thousand dollars ($1,000) for each subsequent violation, to be assessed and collected in a civil action brought by the person paying with a credit card or debit card, by the Attorney General, or by the district attorney or city attorney of the county or city in which the violation occurred. However, no civil penalty shall be assessed for a violation of this section if the defendant shows by a preponderance of the evidence that the violation was not intentional and resulted from a bona fide error made notwithstanding the defendant’s maintenance of procedures reasonably adopted to avoid that error. When collected, the civil penalty shall be payable, as appropriate, to the person paying with a credit card or debit card who brought the action, or to the general fund of whichever governmental entity brought the action to assess the civil penalty.
(g) The Attorney General, or any district attorney or city attorney within his or her respective jurisdiction, may bring an action in the superior court in the name of the people of the State of California to enjoin violation of subdivision (a) and, upon notice to the defendant of not less than five days, to temporarily restrain and enjoin the violation. If it appears to the satisfaction of the court that the defendant has, in fact, violated subdivision (a), the court may issue an injunction restraining further violations, without requiring proof that any person has been damaged by the violation. In these proceedings, if the court finds that the defendant has violated subdivision (a), the court may direct the defendant to pay any or all costs incurred by the Attorney General, district attorney, or city attorney in seeking or obtaining injunctive relief pursuant to this subdivision.
(h) Actions for collection of civil penalties under subdivision (f) and for injunctive relief under subdivision (g) may be consolidated.
(i) The changes made to this section by Chapter 458 of the Statutes of 1995 apply only to credit card transactions entered into on and after January 1, 1996. Nothing in those changes shall be construed to affect any civil action which was filed before January 1, 1996.

SEC. 3.

 Section 1747.09 of the Civil Code is amended to read:

1747.09.
 (a) Except as provided in this section, no person, firm, partnership, association, corporation, or limited liability company that accepts credit or debit cards for the transaction of business shall display more than the last five digits of the credit or debit card account number or the expiration date upon any of the following:
(1) Any receipt provided to the cardholder.
(2) Any receipt retained by the person, firm, partnership, association, corporation, or limited liability company.
(3) Any receipt retained by the person, firm, partnership, association, corporation, or limited liability company that at the time of the purchase, exchange, refund, or return, is not signed by the cardholder, because the cardholder or debit cardholder used a personal identification number to complete the transaction.
(b) This section shall apply only to receipts that include a credit or debit card account number that are electronically printed and shall not apply to transactions in which the sole means of recording the person’s credit or debit card account number is by handwriting or by an imprint or copy of the credit or debit card.
(c) This section shall not apply to documents, other than the receipts described in paragraphs (1) to (3), inclusive, of subdivision (a), used for internal administrative purposes.
(d) Paragraphs (2) and (3) of subdivision (a) shall become operative on January 1, 2009.

SEC. 4.Section 1748.30 of the Civil Code is amended to read:
1748.30.

For purposes of this title, the following definitions shall apply:

(a)“Accepted debit card” means any debit card which the debit cardholder has requested and received or has signed, or has used, or has authorized another person to use, for the purpose of obtaining money, property, labor, or services. Any debit card issued in renewal of, or in substitution for, an accepted debit card becomes an accepted debit card when received by the debit cardholder, whether the debit card is issued by the same or by a successor card issuer.

(b)“Account” means a demand deposit (checking), savings, or other consumer asset account, other than an occasional or incidental credit balance in a credit plan, established primarily for personal, family, or household purposes.

(c)“Adequate notice” has the same meaning as found in subdivision (o) of Section 1747.02.

(d)“Debit card” means an accepted debit card or other means of access to a debit cardholder’s account that may be used to initiate electronic funds transfers and may be used without unique identifying information such as a personal identification number to initiate access to the debit cardholder’s account.

(e)“Debit card issuer” means any person who issues a debit card or the agent of that person for that purpose.

(f)“Debit cardholder” means a natural person to whom a debit card is issued.

(g)“Unauthorized use” means the use of a debit card by a person, other than the debit cardholder, to initiate an electronic fund transfer from the debit cardholder’s account without actual authority to initiate the transfer and from which the debit cardholder receives no benefit. The term does not include an electronic fund transfer initiated in any of the following manners:

(1)By a person who was furnished the debit card to the debit cardholder’s account by the debit cardholder, unless the debit cardholder has notified the debit card issuer that transfers by that person are no longer authorized.

(2)With fraudulent intent by the debit cardholder or any person acting in concert with the debit cardholder.

(3)By the debit card issuer or its employee.

SEC. 5.SEC. 4.

 Section 99030 of the Education Code is amended to read:

99030.
 The Regents of the University of California and the governing body of each accredited private or independent college or university in the state are requested to, and the Trustees of the California State University and the Board of Governors of the California Community Colleges shall, adopt policies to regulate the marketing practices used on campuses by credit card companies. In adopting the policies, it is the intent of the Legislature that those entities consider including all of the following requirements:
(a) That sites at which student credit cards are marketed be registered with the campus administration and that consideration be given to limiting the number of sites allowed on a campus.
(b) That marketers of student credit cards be prohibited from offering gifts to students for filling out credit card applications.
(c) That credit card and debt education and counseling sessions become a regular part of campus orientation of new students. For purposes of this section, colleges and universities shall utilize existing debt education materials prepared by nonprofit entities and thus not incur the expense of preparing new materials.
(d) For the purposes of this chapter, “student credit card” has the meaning set forth in subdivision (q) of Section 1747.02 of the Civil Code.