Full Text of HB5311 95th General Assembly
HB5311ham001 95TH GENERAL ASSEMBLY
|
Consumer Protection Committee
Filed: 3/11/2008
|
|
09500HB5311ham001 |
|
LRB095 18444 LCT 47516 a |
|
| 1 |
| AMENDMENT TO HOUSE BILL 5311
| 2 |
| AMENDMENT NO. ______. Amend House Bill 5311 by replacing | 3 |
| the title with the following:
| 4 |
| "An ACT concerning financial regulation."; and | 5 |
| by replacing everything after the enacting clause with the | 6 |
| following: | 7 |
| "Section 5. The Electronic Fund Transfer Act is amended by | 8 |
| changing Section 10 and by adding Section 10.1 as follows:
| 9 |
| (205 ILCS 616/10)
| 10 |
| Sec. 10. Definitions. For purposes of this Act, the words | 11 |
| and phrases
defined in
this Section shall have the meanings | 12 |
| ascribed to them unless the context
requires otherwise. | 13 |
| Whenever the terms "network" and "switch" are used, they
shall | 14 |
| be deemed interchangeable unless, from the context and facts, | 15 |
| the
intention
is plain to apply only to one type of entity.
|
|
|
|
09500HB5311ham001 |
- 2 - |
LRB095 18444 LCT 47516 a |
|
| 1 |
| "Access device" means a card, code, or other means of | 2 |
| access to an
account, or any combination thereof, that may be | 3 |
| used by a customer to initiate
an electronic fund transfer at a | 4 |
| terminal. An "access device" contains a magnetic stripe, | 5 |
| microprocessor chip, or other means for storage information | 6 |
| that includes, but is not limited to, a credit card, debit | 7 |
| card, or stored value card.
| 8 |
| "Account" means a demand deposit, savings deposit, share, | 9 |
| member, or
other customer asset account held by a financial | 10 |
| institution.
| 11 |
| An "affiliate" of, or a person "affiliated" with, a | 12 |
| specified person,
means a person that directly, or indirectly | 13 |
| through one or more intermediaries,
controls, is controlled by, | 14 |
| or is under common control with, the person
specified.
| 15 |
| "Breach of the security of the system" has the meaning | 16 |
| given in Section 5 of the Personal Information Protection Act. | 17 |
| "Card security code" means the 3-digit or 4-digit value | 18 |
| printed on an access device or contained in the microprocessor | 19 |
| chip or magnetic stripe of an access device that is used to | 20 |
| validate access device information during the authorization | 21 |
| process. | 22 |
| "Commissioner" means the Commissioner of Banks and Real | 23 |
| Estate or a person
authorized by the Commissioner, the Office | 24 |
| of Banks and Real Estate Act, or
this Act to act in the | 25 |
| Commissioner's stead.
| 26 |
| "Magnetic stripe data" means data contained in the magnetic |
|
|
|
09500HB5311ham001 |
- 3 - |
LRB095 18444 LCT 47516 a |
|
| 1 |
| strip of an access device. | 2 |
| "Microprocessor chip data" means the data contained in
the | 3 |
| microprocessor chip of an access device. | 4 |
| "Electronic fund transfer" means a transfer of funds, other
| 5 |
| than a transaction originated by check, draft, or similar paper | 6 |
| instrument,
that is initiated through a terminal for the | 7 |
| purpose of ordering, instructing,
or authorizing a financial | 8 |
| institution to debit or credit an account.
| 9 |
| "Financial institution" means a bank established under the
| 10 |
| laws of this or any other state or established under the laws | 11 |
| of the United
States, a savings and loan association or savings | 12 |
| bank established under the
laws of this or any other state or | 13 |
| established under the laws of the United
States, a credit union | 14 |
| established under the laws of this or any other state or
| 15 |
| established under the laws of the United States, or a licensee | 16 |
| under the
Consumer Installment Loan Act or the Sales Finance | 17 |
| Agency Act.
| 18 |
| "Interchange transaction" means an electronic fund | 19 |
| transfer
that results in exchange of data and settlement of | 20 |
| funds between 2 or more
unaffiliated financial institutions.
| 21 |
| "Network" means an electronic information communication | 22 |
| and
processing system that processes interchange transactions.
| 23 |
| "Person" means a natural person, corporation, unit of | 24 |
| government or
governmental subdivision or agency, trust, | 25 |
| estate, partnership, cooperative, or
association.
| 26 |
| "PIN" means a personal identification code that identifies |
|
|
|
09500HB5311ham001 |
- 4 - |
LRB095 18444 LCT 47516 a |
|
| 1 |
| the cardholder. | 2 |
| "PIN verification code number" means the data used to | 3 |
| verify cardholder identity when a PIN is used in a transaction. | 4 |
| "Seller of goods and services" means a business entity | 5 |
| other than a
financial institution.
| 6 |
| "Service provider" means a person or entity that stores, | 7 |
| processes, or transmits access device data on behalf of another | 8 |
| person or entity. | 9 |
| "Switch" means an electronic information and communication | 10 |
| processing
facility that processes interchange transactions on | 11 |
| behalf of a network. This
term does not include an electronic | 12 |
| information and communication processing
company (1) that is | 13 |
| owned by a
bank holding company or an affiliate of a bank | 14 |
| holding company and used solely
for transmissions among | 15 |
| affiliates of the bank holding company or (2) to the
extent | 16 |
| that the facility, by virtue of a contractual relationship, is | 17 |
| used
solely for transmissions among affiliates of a bank | 18 |
| holding company, regardless
of whether the facility is an | 19 |
| affiliate of the bank holding company or operates
as a switch | 20 |
| with respect to one or more networks under an independent
| 21 |
| contractual relationship.
| 22 |
| "Terminal" means an electronic device through which a | 23 |
| consumer may
initiate an interchange transaction. This term | 24 |
| does not include (1) a
telephone, (2) an electronic device | 25 |
| located in a personal residence, (3) a
personal computer or | 26 |
| other electronic device used primarily for personal,
family, or |
|
|
|
09500HB5311ham001 |
- 5 - |
LRB095 18444 LCT 47516 a |
|
| 1 |
| household purposes, (4) an electronic device owned or operated | 2 |
| by a
seller of goods and services unless the device is | 3 |
| connected either directly or
indirectly to a financial | 4 |
| institution and is operated in a manner that provides
access to | 5 |
| an account by means of a personal and confidential code or | 6 |
| other
security mechanism (other than signature), (5) an | 7 |
| electronic device that is not
accessible to persons other than | 8 |
| employees of a financial institution or
affiliate of a | 9 |
| financial institution, or (6) an electronic device that is
| 10 |
| established by a financial institution on a proprietary basis | 11 |
| that is
identified as such and that cannot be accessed by | 12 |
| customers of other financial
institutions. The Commissioner | 13 |
| may issue a written rule that excludes
additional electronic | 14 |
| devices from the definition of the term "terminal".
| 15 |
| (Source: P.A. 89-310, eff. 1-1-96; 89-508, eff. 7-3-96.)
| 16 |
| (205 ILCS 616/10.1 new) | 17 |
| Sec. 10.1. Security or identification information, data | 18 |
| capture, and storage restrictions and liability. | 19 |
| (a) No person or entity conducting business in Illinois | 20 |
| that accepts an access device in connection with an electronic | 21 |
| fund transfer transaction (whether PIN or signature based) | 22 |
| shall: (1) retain the card security code data; (2) retain the | 23 |
| PIN verification code number; (3) retain the full contents of | 24 |
| any track of magnetic stripe data, subsequent to the | 25 |
| authorization of the transaction of in the case of a PIN debit |
|
|
|
09500HB5311ham001 |
- 6 - |
LRB095 18444 LCT 47516 a |
|
| 1 |
| transaction, subsequent to 48 hours after authorization of the | 2 |
| transaction on days the issuing bank is open for settlement; or | 3 |
| (4) store any payment-related data that is not needed for | 4 |
| business purposes. A person or entity is in violation of this | 5 |
| Section if its service provider retains such data subsequent to | 6 |
| the authorization of the transaction or in the case of a PIN | 7 |
| debit transaction, subsequent to 48 hours after authorization | 8 |
| of the transaction. | 9 |
| (b) Whenever there is a breach of the security of the | 10 |
| system of a person or entity that has violated this Section, or | 11 |
| that person's or entity's service provider, that person or | 12 |
| entity shall reimburse the financial institution that issued | 13 |
| any access devices affected by the breach for consequential | 14 |
| damages and costs for reasonable actions undertaken by the | 15 |
| financial institution as a result of the breach.
| 16 |
| Section 99. Effective date. This Act takes effect upon | 17 |
| becoming law.".
|
|