Bill Text: NY A05730 | 2025-2026 | General Assembly | Introduced

Bill Title: Directs every peer-to-peer mobile service to require users to create a personal identification code associated with the user's account that is required to be used when certain actions are taken and to require users to set a monetary amount for intended transfers above which the use of a personal identification number will be required to authenticate the user's identity.

Spectrum: Slight Partisan Bill (Democrat 3-1)

Status: (Introduced) 2025-02-20 - referred to consumer affairs and protection [A05730 Detail]

Download: New_York-2025-A05730-Introduced.html




                STATE OF NEW YORK
        ________________________________________________________________________

                                          5730

                               2025-2026 Regular Sessions

                   IN ASSEMBLY

                                    February 20, 2025
                                       ___________

        Introduced  by  M.  of  A.  LEE,  LEMONDES, OTIS, GLICK -- read once and
          referred to the Committee on Consumer Affairs and Protection

        AN ACT to amend the general business law, in  relation  to  peer-to-peer
          mobile  payment  service security; and to amend the financial services
          law, in relation to authorizing  the  financial  frauds  and  consumer
          protection unit to enforce such provisions

          The  People of the State of New York, represented in Senate and Assem-
        bly, do enact as follows:

     1    Section 1. This act shall be known and may be cited as the  "Financial
     2  App Security Act".
     3    §  2. The general business law is amended by adding a new section 399-
     4  jj to read as follows:
     5    § 399-jj. Peer-to-peer mobile payment service  security.  1.  For  the
     6  purposes of this section:
     7    (a)  "Peer-to-peer  mobile  service"  means  any  app  or  app service
     8  provided directly to users by an entity that is not an insured deposito-
     9  ry institution and that:
    10    (1) directly or indirectly  receives  and  holds  money  belonging  to
    11  users,  or  that  facilitates  transactions  between  insured depository
    12  institutions but exists separately from said institutions; and
    13    (2) whose primary functionality is to allow users to send and  receive
    14  money  through their mobile devices from a linked bank account or credit
    15  card or debit card using  a  recipient's  cell  phone  number  or  email
    16  address or username.
    17    (b)  "Biometric authentication" means either fingerprint or face iden-
    18  tification for access to a service, or verification of an in-app action.
    19    2. Every peer-to-peer mobile service shall require users to  create  a
    20  personal  identification code associated with the user's account that is
    21  a minimum of four numeric characters associated with the user's account.
    22  When certain actions are taken, including but not  limited  to,  actions
    23  defined in subdivision four of this section, the personal identification
    24  number  must  be  used  to authenticate the user's identity.  The use of
    25  such personal identification code may not be substituted for any form of
    26  biometric authentication.

         EXPLANATION--Matter in italics (underscored) is new; matter in brackets
                              [ ] is old law to be omitted.
                                                                   LBD01953-01-5

        A. 5730                             2

     1    3. Every peer-to-peer mobile service shall  require  users  to  set  a
     2  monetary amount for intended transfers above which the use of a personal
     3  identification  number will be required to authenticate the user's iden-
     4  tity and provide an option for users to opt-in of such requirement.
     5    4.  The  following  actions  require  use of a personal identification
     6  number when using a peer-to-peer mobile service:
     7    (a) any payment transaction initiated by the user exceeding the  mone-
     8  tary limit set by said user;
     9    (b)  payment  transactions initiated by the user that would bring said
    10  users twenty-four-hour payment transaction amount exceeding the monetary
    11  limit set by said user starting from the first transaction;
    12    (c) payment transactions initiated by the user to another  user  whose
    13  account  was  created  less  than twenty-four hours prior to said trans-
    14  action;
    15    (d) any  payment  transactions  initiated  by  the  user  after  three
    16  successful  payment  transactions  initiated  by the user have been made
    17  within sixty minutes for amounts under the user's set monetary limit;
    18    (e) any attempt to sign in to the service by the user to a new  and/or
    19  unrecognized device; and
    20    (f)  any  attempt to sign in to the service after the account password
    21  has been reset in any manner, including but  not  limited  to,  password
    22  recovery service offered by the service.
    23    5.  A  user's  account will be locked after five unsuccessful attempts
    24  within a twenty-four hour period to input said user's personal identifi-
    25  cation number when required. The peer-to-peer mobile service can  unlock
    26  said  account  after  twenty-four  hours  if said user is able to verify
    27  their identity through a telephone call or security questions created by
    28  the user.
    29    6. Any payment transactions initiated by the user after three success-
    30  ful payment transactions initiated by the user  have  been  made  within
    31  sixty  minutes  after the first successful payment to the same recipient
    32  for amounts, despite the input of the user's correct personal  identifi-
    33  cation  number,  will  require  additional  identity verification of the
    34  recipient if:
    35    (a) any of the transactions exceed the greater amount  of  either  the
    36  user's set monetary limit or one thousand dollars; or
    37    (b) the aggregate amount of the transactions exceed the greater amount
    38  of either the user's set monetary limit or one thousand dollars; or
    39    (c) the recipient is a first time transaction to the user.
    40    7.  Any transaction that could be the result of fraud can be cancelled
    41  by the user making the payment after timely notification is made to  the
    42  peer-to-peer mobile service.
    43    8.  Any  peer-to-peer  mobile  service  that does not comply with this
    44  section is prohibited from offering its services to  users  residing  in
    45  the state of New York.
    46    §  3.  Subsection  (b) of section 403 of the financial services law is
    47  amended to read as follows:
    48    (b) The financial frauds and consumer protection unit shall be a qual-
    49  ified agency, as defined in section eight  hundred  thirty-five  of  the
    50  executive  law,  to  enforce  the provisions of this article and article
    51  four of the insurance law and  article  II-B  of  the  banking  law  and
    52  section three hundred ninety-nine-jj of the general business law.
    53    § 4. This act shall take effect on the one hundred eightieth day after
    54  it shall have become a law.

LegiScan Search

View Top 50 Searches

Select area of search.
Find an exact bill number.
Search bill text and data. [help]
Reset

LegiScan Trends

View Top 50 National

IA SSB1004 A bill for an act establishing the offense of assault by criminal groping,...
IL SB2487 HUMAN RIGHTS-IDHR CONFERENCE
CA SB66 Civil discovery.
UT HB0197 Criminal Conduct Amendments
HI SB1020 Relating To Single-use Plastics.
MT SB418 Generally revise laws relating to home based businesses
NY S03662 Restricts a law enforcement officer from initiating a traffic stop for...
IL HB2979 HUMAN RIGHTS ACT-PROCEDURES
CA AB1452 State mandates: claims.
WV SB41 Approving overtime pay for teachers
feedback