NY State Assembly Bill 2023-A9340A

Archive: Last Bill Status - Vetoed by Governor

Introduced
- In Committee Assembly
- In Committee Senate
- On Floor Calendar Assembly
- On Floor Calendar Senate
- Passed Assembly
- Passed Senate
Vetoed By Governor
Signed By Governor

Please enter your contact information

First Name

Last Name

Email Address

A valid email address is required.

Home address is used to determine the senate district in which you reside. Your support or opposition to this bill is then shared immediately with the senator who represents you.

Optional services from the NY State Senate:

Create an account. An account allows you to officially support or oppose key legislation, sign petitions with a single click, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Include a custom message for your Senator? (Optional)

Enter a message to your senator. Many New Yorkers use this to share the reasoning behind their support or opposition to the bill. Others might share a personal anecdote about how the bill would affect them or people they care about.

Actions

View Actions

Date of Action	Assembly Actions - Lowercase Senate Actions - UPPERCASE
Dec 13, 2024	tabled vetoed memo.84
Dec 02, 2024	delivered to governor
Jun 05, 2024	returned to assembly passed senate 3rd reading cal.1768 substituted for s8677b
Jun 04, 2024	referred to rules delivered to senate passed assembly ordered to third reading rules cal.405 rules report cal.405 reported reported referred to rules
May 31, 2024	reference changed to ways and means
May 30, 2024	print number 9340a
May 30, 2024	amend and recommit to consumer affairs and protection
Mar 06, 2024	referred to consumer affairs and protection

Votes

- Jun 5, 2024 - Floor Vote
  A9340A
  
  Aye
  
  59
  
  Nay
  
  0
  
  Absent
  
  1
  
  Excused
  
  2
  
  Abstained
  
  0
  - - Floor Vote: Jun 5, 2024
      
      aye (59)
      
      Addabbo Jr.
      
      Ashby
      
      Bailey
      
      Borrello
      
      Breslin
      
      Brisport
      
      Brouk
      
      Canzoneri-Fitzpatrick
      
      Chu
      
      Cleare
      
      Comrie
      
      Cooney
      
      Felder
      
      Fernandez
      
      Gallivan
      
      Gianaris
      
      Gonzalez
      
      Gounardes
      
      Griffo
      
      Harckham
      
      Helming
      
      Hinchey
      
      Hoylman-Sigal
      
      Jackson
      
      Kavanagh
      
      Krueger
      
      Lanza
      
      Liu
      
      Mannion
      
      Martinez
      
      Martins
      
      Mattera
      
      May
      
      Mayer
      
      Murray
      
      Myrie
      
      O'Mara
      
      Oberacker
      
      Ortt
      
      Palumbo
      
      Persaud
      
      Ramos
      
      Rhoads
      
      Rivera
      
      Rolison
      
      Ryan
      
      Salazar
      
      Scarcella-Spanton
      
      Sepúlveda
      
      Serrano
      
      Skoufis
      
      Stavisky
      
      Stec
      
      Stewart-Cousins
      
      Tedisco
      
      Thomas
      
      Webb
      
      Weber
      
      Weik
      
      absent (1)
      
      Sanders Jr.
      
      excused (2)
      
      Parker
      
      Walczyk

Bill Amendments

Original

A (Active)

co-Sponsors

2023-A9340 - Details

See Senate Version of this Bill:: S8677
Law Section:: General Business Law
Laws Affected:: Add §399-jj, Gen Bus L; amd §403, Fin Serv L
Versions Introduced in 2025-2026 Legislative Session:: A5730, S5500

2023-A9340 - Summary

Directs every peer-to-peer mobile service to require users to create a personal identification code associated with the user's account that is required to be used when certain actions are taken and to require users to set a monetary amount for intended transfers above which the use of a personal identification number will be required to authenticate the user's identity.

2023-A9340 - Bill Text download pdf

                             
                     S T A T E   O F   N E W   Y O R K
 ________________________________________________________________________
 
                                   9340
 
                           I N  A S S E M B L Y
 
                               March 6, 2024
                                ___________
 
 Introduced by M. of A. LEE -- read once and referred to the Committee on
   Consumer Affairs and Protection
 
 AN  ACT  to  amend the general business law, in relation to peer-to-peer
   mobile payment service security; and to amend the  financial  services
   law,  in  relation  to  authorizing  the financial frauds and consumer
   protection unit to enforce such provisions

   THE PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND  ASSEM-
 BLY, DO ENACT AS FOLLOWS:
 
   Section  1. This act shall be known and may be cited as the "Financial
 App Security Act".
   § 2. The general business law is amended by adding a new section  399-
 jj to read as follows:
   § 399-JJ. PEER-TO-PEER  MOBILE  PAYMENT  SERVICE  SECURITY. 1. FOR THE
 PURPOSES OF THIS SECTION:
   (A) "PEER-TO-PEER MOBILE SERVICE" MEANS ANY APP OR  APP  SERVICE  THAT
 ALLOWS USERS TO SEND AND RECEIVE MONEY FROM THEIR MOBILE DEVICES THROUGH
 A  LINKED BANK ACCOUNT OR CREDIT CARD OR DEBIT CARD USING ONLY A RECIPI-
 ENT'S CELL PHONE NUMBER OR EMAIL ADDRESS.
   (B) "BIOMETRIC AUTHENTICATION" MEANS EITHER FINGERPRINT OR FACE  IDEN-
 TIFICATION FOR ACCESS TO A SERVICE, OR VERIFICATION OF AN IN-APP ACTION.
   2.  EVERY  PEER-TO-PEER MOBILE SERVICE SHALL REQUIRE USERS TO CREATE A
 PERSONAL IDENTIFICATION CODE ASSOCIATED WITH THE USER'S ACCOUNT THAT  IS
 A  MINIMUM  OF  FOUR ALPHA-NUMERIC CHARACTERS ASSOCIATED WITH THE USER'S
 ACCOUNT. WHEN CERTAIN ACTIONS ARE TAKEN, INCLUDING BUT NOT  LIMITED  TO,
 ACTIONS  DEFINED IN SUBDIVISION FOUR OF THIS SECTION, THE PERSONAL IDEN-
 TIFICATION NUMBER MUST BE USED TO AUTHENTICATE THE USER'S IDENTITY.  THE
 USE OF SUCH PERSONAL IDENTIFICATION CODE MAY NOT BE SUBSTITUTED FOR  ANY
 FORM OF BIOMETRIC AUTHENTICATION.
   3.  EVERY  PEER-TO-PEER  MOBILE  SERVICE  SHALL REQUIRE USERS TO SET A
 MONETARY AMOUNT FOR INTENDED TRANSFERS ABOVE WHICH THE USE OF A PERSONAL
 IDENTIFICATION NUMBER WILL BE REQUIRED TO AUTHENTICATE THE USER'S  IDEN-
 TITY.
   4.  THE  FOLLOWING  ACTIONS  REQUIRE  USE OF A PERSONAL IDENTIFICATION
 NUMBER WHEN USING A PEER-TO-PEER MOBILE SERVICE:
 
  EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                       [ ] is old law to be omitted.

                                                            LBD14473-02-4
 A. 9340                             2
 
   (A) ANY PAYMENT TRANSACTION INITIATED BY THE USER EXCEEDING THE  MONE-
 TARY LIMIT SET BY SAID USER;
   (B)  PAYMENT  TRANSACTIONS INITIATED BY THE USER THAT WOULD BRING SAID
 USERS TWENTY-FOUR-HOUR PAYMENT TRANSACTION AMOUNT EXCEEDING THE MONETARY
 LIMIT SET BY SAID USER STARTING FROM THE FIRST TRANSACTION;
   (C) PAYMENT TRANSACTIONS INITIATED BY THE USER TO ANOTHER  USER  WHOSE
 ACCOUNT  WAS  CREATED  LESS  THAN TWENTY-FOUR HOURS PRIOR TO SAID TRANS-
 ACTION;
   (D) PAYMENT TRANSACTIONS INITIATED BY THE USER THAT APPEAR  SUSPICIOUS
 BASED  ON  SAID USER'S BEHAVIOR AND/OR GEOLOCATION PROFILE AS DETERMINED
 BY THE SERVICE'S EXISTING BEHAVIORAL ANALYTICS;
   (E) ANY  PAYMENT  TRANSACTIONS  INITIATED  BY  THE  USER  AFTER  THREE
 SUCCESSFUL  PAYMENT  TRANSACTIONS  INITIATED  BY THE USER HAVE BEEN MADE
 WITHIN SIXTY MINUTES FOR AMOUNTS UNDER THE USER'S SET MONETARY LIMIT;
   (F) ANY ATTEMPT TO SIGN IN TO THE SERVICE BY THE USER TO A NEW  AND/OR
 UNRECOGNIZED DEVICE;
   (G)  ANY  ATTEMPT TO SIGN IN TO THE SERVICE AFTER THE ACCOUNT PASSWORD
 HAS BEEN RESET IN ANY MANNER, INCLUDING BUT  NOT  LIMITED  TO,  PASSWORD
 RECOVERY SERVICE OFFERED BY THE SERVICE; AND
   (H) ANY ATTEMPT TO SIGN IN TO THE SERVICE BY THE USER AFTER THE DEVICE
 PASSWORD HAS BEEN RESET.
   5.  A  USER'S  ACCOUNT WILL BE LOCKED AFTER FIVE UNSUCCESSFUL ATTEMPTS
 WITHIN A TWENTY-FOUR HOUR PERIOD TO INPUT SAID USER'S PERSONAL IDENTIFI-
 CATION NUMBER WHEN REQUIRED. THE PEER-TO-PEER MOBILE SERVICE CAN  UNLOCK
 SAID  ACCOUNT  AFTER  TWENTY-FOUR  HOURS  IF SAID USER IS ABLE TO VERIFY
 THEIR IDENTITY THROUGH A TELEPHONE CALL.
   6. ANY PAYMENT TRANSACTIONS INITIATED BY THE USER AFTER THREE SUCCESS-
 FUL PAYMENT TRANSACTIONS INITIATED BY THE USER  HAVE  BEEN  MADE  WITHIN
 SIXTY  MINUTES  AFTER  THE FIRST SUCCESSFUL PAYMENT FOR AMOUNTS, DESPITE
 THE INPUT OF THE USER'S CORRECT  PERSONAL  IDENTIFICATION  NUMBER,  WILL
 HAVE  A  FORTY-EIGHT  HOUR HOLD BEFORE THE FUNDS WILL BE RELEASED TO THE
 RECIPIENT IF:
   (A) ANY OF THE TRANSACTIONS EXCEEDS THE USER'S SET MONETARY LIMIT; OR
   (B) THE AGGREGATE AMOUNT OF THE TRANSACTIONS EXCEEDS  THE  USER'S  SET
 MONETARY LIMIT.
   7.  ANY TRANSACTION PLACED ON A FORTY-EIGHT-HOUR HOLD CAN BE CANCELLED
 BY THE USER MAKING THE PAYMENT IN THE EVENT OF FRAUD OR USER-ERROR AFTER
 TIMELY NOTIFICATION IS MADE TO THE PEER-TO-PEER MOBILE SERVICE.
   8. ANY PEER-TO-PEER MOBILE SERVICE THAT  DOES  NOT  COMPLY  WITH  THIS
 SECTION  IS  PROHIBITED  FROM OFFERING ITS SERVICES TO USERS RESIDING IN
 THE STATE OF NEW YORK.
   § 3. Subsection (b) of section 403 of the financial  services  law  is
 amended to read as follows:
   (b) The financial frauds and consumer protection unit shall be a qual-
 ified  agency,  as  defined  in section eight hundred thirty-five of the
 executive law, to enforce the provisions of  this  article  and  article
 four  of  the  insurance  law  and  article  II-B of the banking law AND
 SECTION 399-JJ OF THE GENERAL BUSINESS LAW.
   § 4. This act shall take effect on the sixtieth  day  after  it  shall
 have become a law.

co-Sponsors

2023-A9340A (ACTIVE) - Details

See Senate Version of this Bill:: S8677
Law Section:: General Business Law
Laws Affected:: Add §399-jj, Gen Bus L; amd §403, Fin Serv L
Versions Introduced in 2025-2026 Legislative Session:: A5730, S5500

2023-A9340A (ACTIVE) - Summary

2023-A9340A (ACTIVE) - Bill Text download pdf

                             
                     S T A T E   O F   N E W   Y O R K
 ________________________________________________________________________
 
                                  9340--A
 
                           I N  A S S E M B L Y
 
                               March 6, 2024
                                ___________
 
 Introduced  by  M.  of  A.  LEE,  OTIS  -- read once and referred to the
   Committee on Consumer Affairs and Protection -- committee  discharged,
   bill  amended,  ordered  reprinted  as amended and recommitted to said
   committee
 
 AN ACT to amend the general business law, in  relation  to  peer-to-peer
   mobile  payment  service security; and to amend the financial services
   law, in relation to authorizing  the  financial  frauds  and  consumer
   protection unit to enforce such provisions
 
   THE  PEOPLE OF THE STATE OF NEW YORK, REPRESENTED IN SENATE AND ASSEM-
 BLY, DO ENACT AS FOLLOWS:
 
   Section 1. This act shall be known and may be cited as the  "Financial
 App Security Act".
   §  2. The general business law is amended by adding a new section 399-
 jj to read as follows:
   § 399-JJ. PEER-TO-PEER MOBILE PAYMENT SERVICE  SECURITY.  1.  FOR  THE
 PURPOSES OF THIS SECTION:
   (A)  "PEER-TO-PEER  MOBILE  SERVICE"  MEANS  ANY  APP  OR  APP SERVICE
 PROVIDED DIRECTLY TO USERS BY AN ENTITY THAT IS NOT AN INSURED DEPOSITO-
 RY INSTITUTION AND THAT:
   (1) DIRECTLY OR INDIRECTLY  RECEIVES  AND  HOLDS  MONEY  BELONGING  TO
 USERS,  OR  THAT  FACILITATES  TRANSACTIONS  BETWEEN  INSURED DEPOSITORY
 INSTITUTIONS BUT EXISTS SEPARATELY FROM SAID INSTITUTIONS; AND
   (2) WHOSE PRIMARY FUNCTIONALITY IS TO ALLOW USERS TO SEND AND  RECEIVE
 MONEY  THROUGH THEIR MOBILE DEVICES FROM A LINKED BANK ACCOUNT OR CREDIT
 CARD OR DEBIT CARD USING  A  RECIPIENT'S  CELL  PHONE  NUMBER  OR  EMAIL
 ADDRESS OR USERNAME.
   (B)  "BIOMETRIC AUTHENTICATION" MEANS EITHER FINGERPRINT OR FACE IDEN-
 TIFICATION FOR ACCESS TO A SERVICE, OR VERIFICATION OF AN IN-APP ACTION.
   2. EVERY PEER-TO-PEER MOBILE SERVICE SHALL REQUIRE USERS TO  CREATE  A
 PERSONAL  IDENTIFICATION CODE ASSOCIATED WITH THE USER'S ACCOUNT THAT IS
 A MINIMUM OF FOUR NUMERIC CHARACTERS ASSOCIATED WITH THE USER'S ACCOUNT.
 WHEN CERTAIN ACTIONS ARE TAKEN, INCLUDING BUT NOT  LIMITED  TO,  ACTIONS
 DEFINED IN SUBDIVISION FOUR OF THIS SECTION, THE PERSONAL IDENTIFICATION
 NUMBER  MUST  BE  USED  TO AUTHENTICATE THE USER'S IDENTITY.  THE USE OF
 
  EXPLANATION--Matter in ITALICS (underscored) is new; matter in brackets
                       [ ] is old law to be omitted.

                                                            LBD14473-08-4
 A. 9340--A                          2
 
 SUCH PERSONAL IDENTIFICATION CODE MAY NOT BE SUBSTITUTED FOR ANY FORM OF
 BIOMETRIC AUTHENTICATION.
   3.  EVERY  PEER-TO-PEER  MOBILE  SERVICE  SHALL REQUIRE USERS TO SET A
 MONETARY AMOUNT FOR INTENDED TRANSFERS ABOVE WHICH THE USE OF A PERSONAL
 IDENTIFICATION NUMBER WILL BE REQUIRED TO AUTHENTICATE THE USER'S  IDEN-
 TITY AND PROVIDE AN OPTION FOR USERS TO OPT-IN OF SUCH REQUIREMENT.
   4.  THE  FOLLOWING  ACTIONS  REQUIRE  USE OF A PERSONAL IDENTIFICATION
 NUMBER WHEN USING A PEER-TO-PEER MOBILE SERVICE:
   (A) ANY PAYMENT TRANSACTION INITIATED BY THE USER EXCEEDING THE  MONE-
 TARY LIMIT SET BY SAID USER;
   (B)  PAYMENT  TRANSACTIONS INITIATED BY THE USER THAT WOULD BRING SAID
 USERS TWENTY-FOUR-HOUR PAYMENT TRANSACTION AMOUNT EXCEEDING THE MONETARY
 LIMIT SET BY SAID USER STARTING FROM THE FIRST TRANSACTION;
   (C) PAYMENT TRANSACTIONS INITIATED BY THE USER TO ANOTHER  USER  WHOSE
 ACCOUNT  WAS  CREATED  LESS  THAN TWENTY-FOUR HOURS PRIOR TO SAID TRANS-
 ACTION;
   (D) ANY  PAYMENT  TRANSACTIONS  INITIATED  BY  THE  USER  AFTER  THREE
 SUCCESSFUL  PAYMENT  TRANSACTIONS  INITIATED  BY THE USER HAVE BEEN MADE
 WITHIN SIXTY MINUTES FOR AMOUNTS UNDER THE USER'S SET MONETARY LIMIT;
   (E) ANY ATTEMPT TO SIGN IN TO THE SERVICE BY THE USER TO A NEW  AND/OR
 UNRECOGNIZED DEVICE; AND
   (F)  ANY  ATTEMPT TO SIGN IN TO THE SERVICE AFTER THE ACCOUNT PASSWORD
 HAS BEEN RESET IN ANY MANNER, INCLUDING BUT  NOT  LIMITED  TO,  PASSWORD
 RECOVERY SERVICE OFFERED BY THE SERVICE.
   5.  A  USER'S  ACCOUNT WILL BE LOCKED AFTER FIVE UNSUCCESSFUL ATTEMPTS
 WITHIN A TWENTY-FOUR HOUR PERIOD TO INPUT SAID USER'S PERSONAL IDENTIFI-
 CATION NUMBER WHEN REQUIRED. THE PEER-TO-PEER MOBILE SERVICE CAN  UNLOCK
 SAID  ACCOUNT  AFTER  TWENTY-FOUR  HOURS  IF SAID USER IS ABLE TO VERIFY
 THEIR IDENTITY THROUGH A TELEPHONE CALL OR SECURITY QUESTIONS CREATED BY
 THE USER.
   6. ANY PAYMENT TRANSACTIONS INITIATED BY THE USER AFTER THREE SUCCESS-
 FUL PAYMENT TRANSACTIONS INITIATED BY THE USER  HAVE  BEEN  MADE  WITHIN
 SIXTY  MINUTES  AFTER THE FIRST SUCCESSFUL PAYMENT TO THE SAME RECIPIENT
 FOR AMOUNTS, DESPITE THE INPUT OF THE USER'S CORRECT PERSONAL  IDENTIFI-
 CATION  NUMBER,  WILL  REQUIRE  ADDITIONAL  IDENTITY VERIFICATION OF THE
 RECIPIENT IF:
   (A) ANY OF THE TRANSACTIONS EXCEED THE GREATER AMOUNT  OF  EITHER  THE
 USER'S SET MONETARY LIMIT OR ONE THOUSAND DOLLARS; OR
   (B) THE AGGREGATE AMOUNT OF THE TRANSACTIONS EXCEED THE GREATER AMOUNT
 OF EITHER THE USER'S SET MONETARY LIMIT OR ONE THOUSAND DOLLARS; OR
   (C) THE RECIPIENT IS A FIRST TIME TRANSACTION TO THE USER.
   7.  ANY TRANSACTION THAT COULD BE THE RESULT OF FRAUD CAN BE CANCELLED
 BY THE USER MAKING THE PAYMENT AFTER TIMELY NOTIFICATION IS MADE TO  THE
 PEER-TO-PEER MOBILE SERVICE.
   8.  ANY  PEER-TO-PEER  MOBILE  SERVICE  THAT DOES NOT COMPLY WITH THIS
 SECTION IS PROHIBITED FROM OFFERING ITS SERVICES TO  USERS  RESIDING  IN
 THE STATE OF NEW YORK.
   §  3.  Subsection  (b) of section 403 of the financial services law is
 amended to read as follows:
   (b) The financial frauds and consumer protection unit shall be a qual-
 ified agency, as defined in section eight  hundred  thirty-five  of  the
 executive  law,  to  enforce  the provisions of this article and article
 four of the insurance law and  article  II-B  of  the  banking  law  AND
 SECTION THREE HUNDRED NINETY-NINE-JJ OF THE GENERAL BUSINESS LAW.
   § 4. This act shall take effect on the one hundred eightieth day after
 it shall have become a law.

Comments

Open Legislation is a forum for New York State legislation. All comments are subject to review and community moderation is encouraged.

Comments deemed off-topic, commercial, campaign-related, self-promotional; or that contain profanity, hate or toxic speech; or that link to sites outside of the nysenate.gov domain are not permitted, and will not be published. Attempts to intimidate and silence contributors or deliberately deceive the public, including excessive or extraneous posting/posts, or coordinated activity, are prohibited and may result in the temporary or permanent banning of the user. Comment moderation is generally performed Monday through Friday. By contributing or voting you agree to the Terms of Participation and verify you are over 13.

Create an account. An account allows you to sign petitions with a single click, officially support or oppose key legislation, and follow issues, committees, and bills that matter to you. When you create an account, you agree to this platform's terms of participation.

Find your Senator and share your views on important issues.

Do you support this bill?

Assembly Bill A9340A

Vetoed By Governor

Sponsored By

Archive: Last Bill Status - Vetoed by Governor

Actions

Votes

Jun 5, 2024 - Floor Vote

Floor Vote: Jun 5, 2024

Bill Amendments

co-Sponsors

2023-A9340 - Details

2023-A9340 - Summary

2023-A9340 - Bill Text download pdf

co-Sponsors

2023-A9340A (ACTIVE) - Details

2023-A9340A (ACTIVE) - Summary

2023-A9340A (ACTIVE) - Bill Text download pdf

Comments

Do you support this bill?

Get Status Alerts for 2023-A9340A

Assembly Bill A9340A

Vetoed By Governor

Share this bill

Sponsored By

LEE

Archive: Last Bill Status - Vetoed by Governor

Actions

Votes

Bill Amendments

co-Sponsors

Steven Otis

2023-A9340 - Details

2023-A9340 - Summary

2023-A9340 - Bill Text download pdf

co-Sponsors

Steven Otis

Deborah Glick

John Lemondes

2023-A9340A (ACTIVE) - Details

2023-A9340A (ACTIVE) - Summary

2023-A9340A (ACTIVE) - Bill Text download pdf

Comments