Amendments to 7 TAC §3.92

Title 7. Banking and Securities
Part 1. Finance Commission of Texas
Chapter 3. State Bank Regulation
Subchapter E. Banking House and Other Facilities
7 TAC §3.92

The Finance Commission of Texas (the commission) proposes to amend §3.92(e), concerning user safety at unmanned teller machines, typically referred to as automated teller machines or ATMs. The amended rule is proposed to reduce regulatory burden by eliminating repetitive annual notice requirements and by authorizing delivery of notice by electronic means in certain circumstances. In addition, the recommended basic safety precautions in subsection (e) are proposed to be updated to mention online fraud and other relatively new cyber threats and other ATM risks.

Subsection (e) currently requires a bank to furnish its customers with a printed notice of basic safety precautions that a customer should employ while using an ATM at the time the initial disclosure of terms and conditions is provided to the customer, and subsequently furnish the same notice at least annually. This requirement has not been altered since 1996, despite significant public experience gained in almost 20 years of ATM usage and the proliferation of electronic communications between consenting parties.

As proposed to be amended, §3.92(e) will require a bank to provide notice of basic ATM safety precautions to its customer whenever an access device (e.g., an ATM card or debit or credit card) is issued, renewed or replaced, and an annual notice will no longer be required. Further, the amendment will permit the notice to be delivered to a customer electronically if the customer has agreed to conduct transactions by electronic means, and will further clarify that only one notice is required in the event the bank furnishes an access device to more than one customer on the same account.

In addition, the example list of possible safety precautions in current §3.92(e)(3) (proposed to be renumbered as §3.92(e)(2)) is proposed to be updated to mention online fraud and other relatively new cyber threats and other ATM risks.

Robert L. Bacon, Deputy Commissioner, Texas Department of Banking, has determined on behalf of the commission that for the first five-year period the proposed rule is in effect, there will be no fiscal implications for state government or for local government as a result of enforcing or administering the rule.

Mr. Bacon also has determined that, for each year of the first five years the amended rule as proposed is in effect, the public benefit anticipated as a result of enforcing the amended rule is the elimination of unnecessary regulatory burden and the corresponding reduction in costs that will result.

For each year of the first five years that the rule will be in effect, there will be no economic costs to persons required to comply with the rule as proposed.

There will be no adverse economic effect on small businesses or micro-businesses, and no difference in the cost of compliance for small businesses as compared to large businesses.

To be considered, comments on the proposed amended section must be submitted no later than 5:00 p.m. on January 26, 2015. Comments to the commission should be addressed to General Counsel, Texas Department of Banking, Legal Division, 2601 North Lamar Boulevard, Suite 300, Austin, Texas 78705-4294. Comments may also be submitted by email to legal@banking.state.tx.us.

Amendments to §3.92 are proposed under Finance Code, §59.310, which provides that the commission shall adopt rules to implement Subchapter D of Finance Code, Chapter 59 (§§59.301-59.310).

Finance Code, §59.309, is affected by the proposed amendments.

§3.92. User Safety at Unmanned Teller Machines.

(a)-(d) (No change.)

(e) Notice. An issuer of access devices shall furnish its customers with a notice of basic safety precautions that each customer should employ while using an unmanned teller machine. The notice must be personally delivered or sent to each customer whose mailing address is in this state, according to records for the account to which the access device relates, and may be delivered electronically if permissible under Business & Commerce Code, §322.008.

(1) When notice is required. The issuer must furnish the notice to its customer whenever an access device is issued, renewed or replaced. If the issuer furnishes an access device to more than one customer on the same account, the issuer is not required to furnish the notice to more than one of the customers. [New access devices. An issuer of access devices shall furnish its customer with a notice of basic safety precautions at the time the initial disclosure of terms and conditions is provided to such customer].

(2) [Annual notice. An issuer of access devices shall furnish its customers with a notice of basic safety precautions on a basis no less frequently than annually.]

[(3)] Content of notice. The notice of basic safety precautions required by this subsection [must be provided in written form which can be retained by the customer and] may include recommendations or advice regarding:

(A) security at walk-up and drive-up unmanned teller machines, such as recommendations that the customer should:

(i) remain aware of surroundings and exercise caution when withdrawing funds;

(ii) inspect an unmanned teller machine before use for possible tampering, or for the presence of an unauthorized attachment that could capture information from the access device or the customer’s personal identification number;

(iii) refrain from displaying cash and put it away as soon as the transaction is completed; and

(iv) wait to count cash until the customer is in the safety of a locked enclosure, such as a car or home;

(B) [security at drive-up unmanned teller machines;]

[(C)] protection of the customer’s code or personal identification number, such as a recommendation that the customer ensure no one can observe entry of the customer’s code or personal identification number [numbers];

(C) safeguarding and protection of the customer’s access device, such as a recommendation that the customer treat the access device as if it were cash, and if the access device has an embedded chip, that the customer keep the access device in a safety envelope to avoid undetected and unauthorized scanning;

(D) procedures for reporting a lost or stolen access device and for reporting a crime [devices];

(E) reaction to suspicious circumstances, such as a recommendation that a customer who observes suspicious persons or circumstances, while approaching or using an unmanned teller machine, should not use the unmanned teller machine at that time or, if the customer is in the middle of a transaction, should cancel the transaction, take the access device, leave the area, and come back at another time, or use an unmanned teller machine at another location;

(F) safekeeping and secure disposition of unmanned teller machine receipts [, such as the inadvisability of leaving an unmanned teller machine receipt near the unmanned teller machine];

(G) the inadvisability of surrendering information about the customer’s access device over the telephone or over the Internet, unless to a trusted merchant in a call or transaction initiated by the customer;

(H) [safeguarding and protecting of the customer’s access device, such as a recommendation that the customer treat the access device as if it was cash;]

[(I)] protection against unmanned teller machine fraud, such as a recommendation that the customer promptly review the customer’s monthly statement and compare unmanned teller machine receipts against the [customer’s monthly] statement; [and]

(I) protection against Internet fraud, such as a recommendation that the customer, if purchasing online with the access device, should end transactions by logging out of websites instead of just closing the web browser; and

(J) other recommendations that the issuer reasonably believes are appropriate to facilitate the security of its unmanned teller machine customers.

(f)-(h) (No change.)