Measure Requires Certain Operators of Publicly Accessible Payment or Withdrawal Systems to Take Certain Actions to Protect Customer Information
(Trenton) – Legislation sponsored by Assembly Democrat Annette Quijano and Daniel Benson aiming to confront the problem of “skimmers,” or devices used to steal customer’s personal information when they use their credit or debit cards at an ATM or other card payment machines cleared an Assembly panel on Monday.
“The unscrupulous use of these devices compromise residents’ personal information,” said Quijano (D-Union). “If a customer’s credit or debit card information is stolen in this fashion, it can lead to financial disaster; there are reports of thieves using skimmers to empty entire bank accounts.”
Specifically, the bill (A-4346) requires every operator of a publicly accessible credit or debit card payment machine, automated teller machine, or controlled access entry located in this state, that does not opt out of the provisions of the bill, to perform a daily inspection of those systems for any device intended to compromise the personal information of a customer, including but not limited to, skimmers, unapproved cameras, or other foreign objects.
“‘Skimmers’ are the latest tool by criminals to take a person’s credit card and financial information,” said Benson (D-Mercer, Middlesex). “To combat this problem effectively, ATM operators must take a more active approach. Regular inspections would help to locate and disable skimmers and unauthorized cameras at ATM machines and protect residents from criminal activities.”
If an operator of a payment or withdrawal system finds a device intended to compromise the personal information of a customer during a daily inspection, the operator must disable that system until the device has been removed and the system has been inspected and found to no longer compromise personal information.
The bill also requires every payment or withdrawal system located in this state to have displayed on or near it, in a conspicuous place, a permanent, affixed label or a notice that appears on the screen of the system that is visible before a customer swipes a debit or credit card or enters any personal information that clearly indicates that the operator of the system:
(1) Inspects the system on a daily basis for devices intended to compromise the personal information of customers, and disables the system, if a device is found, until the device has been removed; or
(2) Does not inspect the system on a daily basis for devices intended to compromise the personal information of customers, and that customers use the system at their own risk.
Under the bill, every operator of a payment or withdrawal system located in this state that does not opt out of the provisions of this bill to submit to the Department of Banking and Insurance a certification that the operator has complied with the requirements of the bill every six months. The bill requires the Commissioner of Banking and Insurance to create a form on which the operator of a payment or withdrawal system located in New Jersey may certify daily inspections, and to create procedure for the submission of that form.
Violations of the bill are subject to a civil penalty of not more than $1,000 per day for each day that the party is in violation, which penalty may be collected by summary proceedings.
The bill was released by the Assembly Financial Institutions and Insurance Committee and will now go to the Assembly Speaker for further consideration.