CALIFORNIA LEGISLATURE 20252026 REGULAR SESSION Senate Bill No. 505Introduced by Senator RichardsonFebruary 19, 2025 An act to add Division 16 (commencing with Section 34000) to the Financial Code, relating to financial protection.LEGISLATIVE COUNSEL'S DIGESTSB 505, as introduced, Richardson. Digital wallets: security.Existing law, the California Consumer Financial Protection Law, requires the Department of Financial Protection and Innovation to, among other things, regulate the offering and provision of consumer financial products or services under California consumer financial laws and exercise nonexclusive oversight and enforcement authority under California consumer financial laws.This bill would require a business that offers a digital wallet to users in the state to take certain actions relating to ensuring the security of the digital wallet, including requiring users to enable two-factor authentication for use before any transaction can be completed. The bill would define digital wallet to mean a digital payment application that allows a user to make a consumer transaction.This bill would impose a civil penalty of $5,000 per day of noncompliance, to be collected in an action brought by the department or the Attorney General, as specified.Digest Key Vote: MAJORITY Appropriation: NO Fiscal Committee: YES Local Program: NO Bill TextThe people of the State of California do enact as follows:SECTION 1. Division 16 (commencing with Section 34000) is added to the Financial Code, to read:DIVISION 16. Digital Wallet Security34000. As used in this section:(a) Covered business means a business that offers a digital wallet to users in the state.(b) Department means the Department of Financial Protection and Innovation.(c) Digital wallet means a digital payment application that allows a user to make a consumer transaction.(d) Two-factor authentication means a security protocol that requires the user to provide two separate pieces of information to verify the authenticity of an action, including, but not limited to, a password, an application-generated code, or a code delivered to the user through an email or text message.34001. (a) A covered business shall do all of the following:(1) Require users to enable two-factor authentication for use before any transaction can be completed.(2) Provide users with an easy-to-use mechanism to report fraudulent activity related to the digital wallet.(3) Immediately notify a user if the covered business detects suspicious or unauthorized activity related to the users digital wallet.(b) A covered business shall audit the security features required by this section at least annually.34002. Noncompliance with this division shall be punishable by a civil penalty of five thousand dollars ($5,000) per day to be collected in an action brought only by the department or the Attorney General.
CALIFORNIA LEGISLATURE 20252026 REGULAR SESSION Senate Bill No. 505Introduced by Senator RichardsonFebruary 19, 2025 An act to add Division 16 (commencing with Section 34000) to the Financial Code, relating to financial protection.LEGISLATIVE COUNSEL'S DIGESTSB 505, as introduced, Richardson. Digital wallets: security.Existing law, the California Consumer Financial Protection Law, requires the Department of Financial Protection and Innovation to, among other things, regulate the offering and provision of consumer financial products or services under California consumer financial laws and exercise nonexclusive oversight and enforcement authority under California consumer financial laws.This bill would require a business that offers a digital wallet to users in the state to take certain actions relating to ensuring the security of the digital wallet, including requiring users to enable two-factor authentication for use before any transaction can be completed. The bill would define digital wallet to mean a digital payment application that allows a user to make a consumer transaction.This bill would impose a civil penalty of $5,000 per day of noncompliance, to be collected in an action brought by the department or the Attorney General, as specified.Digest Key Vote: MAJORITY Appropriation: NO Fiscal Committee: YES Local Program: NO
CALIFORNIA LEGISLATURE 20252026 REGULAR SESSION
Senate Bill
No. 505
Introduced by Senator RichardsonFebruary 19, 2025
Introduced by Senator Richardson
February 19, 2025
An act to add Division 16 (commencing with Section 34000) to the Financial Code, relating to financial protection.
LEGISLATIVE COUNSEL'S DIGEST
## LEGISLATIVE COUNSEL'S DIGEST
SB 505, as introduced, Richardson. Digital wallets: security.
Existing law, the California Consumer Financial Protection Law, requires the Department of Financial Protection and Innovation to, among other things, regulate the offering and provision of consumer financial products or services under California consumer financial laws and exercise nonexclusive oversight and enforcement authority under California consumer financial laws.This bill would require a business that offers a digital wallet to users in the state to take certain actions relating to ensuring the security of the digital wallet, including requiring users to enable two-factor authentication for use before any transaction can be completed. The bill would define digital wallet to mean a digital payment application that allows a user to make a consumer transaction.This bill would impose a civil penalty of $5,000 per day of noncompliance, to be collected in an action brought by the department or the Attorney General, as specified.
Existing law, the California Consumer Financial Protection Law, requires the Department of Financial Protection and Innovation to, among other things, regulate the offering and provision of consumer financial products or services under California consumer financial laws and exercise nonexclusive oversight and enforcement authority under California consumer financial laws.
This bill would require a business that offers a digital wallet to users in the state to take certain actions relating to ensuring the security of the digital wallet, including requiring users to enable two-factor authentication for use before any transaction can be completed. The bill would define digital wallet to mean a digital payment application that allows a user to make a consumer transaction.
This bill would impose a civil penalty of $5,000 per day of noncompliance, to be collected in an action brought by the department or the Attorney General, as specified.
## Digest Key
## Bill Text
The people of the State of California do enact as follows:SECTION 1. Division 16 (commencing with Section 34000) is added to the Financial Code, to read:DIVISION 16. Digital Wallet Security34000. As used in this section:(a) Covered business means a business that offers a digital wallet to users in the state.(b) Department means the Department of Financial Protection and Innovation.(c) Digital wallet means a digital payment application that allows a user to make a consumer transaction.(d) Two-factor authentication means a security protocol that requires the user to provide two separate pieces of information to verify the authenticity of an action, including, but not limited to, a password, an application-generated code, or a code delivered to the user through an email or text message.34001. (a) A covered business shall do all of the following:(1) Require users to enable two-factor authentication for use before any transaction can be completed.(2) Provide users with an easy-to-use mechanism to report fraudulent activity related to the digital wallet.(3) Immediately notify a user if the covered business detects suspicious or unauthorized activity related to the users digital wallet.(b) A covered business shall audit the security features required by this section at least annually.34002. Noncompliance with this division shall be punishable by a civil penalty of five thousand dollars ($5,000) per day to be collected in an action brought only by the department or the Attorney General.
The people of the State of California do enact as follows:
## The people of the State of California do enact as follows:
SECTION 1. Division 16 (commencing with Section 34000) is added to the Financial Code, to read:DIVISION 16. Digital Wallet Security34000. As used in this section:(a) Covered business means a business that offers a digital wallet to users in the state.(b) Department means the Department of Financial Protection and Innovation.(c) Digital wallet means a digital payment application that allows a user to make a consumer transaction.(d) Two-factor authentication means a security protocol that requires the user to provide two separate pieces of information to verify the authenticity of an action, including, but not limited to, a password, an application-generated code, or a code delivered to the user through an email or text message.34001. (a) A covered business shall do all of the following:(1) Require users to enable two-factor authentication for use before any transaction can be completed.(2) Provide users with an easy-to-use mechanism to report fraudulent activity related to the digital wallet.(3) Immediately notify a user if the covered business detects suspicious or unauthorized activity related to the users digital wallet.(b) A covered business shall audit the security features required by this section at least annually.34002. Noncompliance with this division shall be punishable by a civil penalty of five thousand dollars ($5,000) per day to be collected in an action brought only by the department or the Attorney General.
SECTION 1. Division 16 (commencing with Section 34000) is added to the Financial Code, to read:
### SECTION 1.
DIVISION 16. Digital Wallet Security34000. As used in this section:(a) Covered business means a business that offers a digital wallet to users in the state.(b) Department means the Department of Financial Protection and Innovation.(c) Digital wallet means a digital payment application that allows a user to make a consumer transaction.(d) Two-factor authentication means a security protocol that requires the user to provide two separate pieces of information to verify the authenticity of an action, including, but not limited to, a password, an application-generated code, or a code delivered to the user through an email or text message.34001. (a) A covered business shall do all of the following:(1) Require users to enable two-factor authentication for use before any transaction can be completed.(2) Provide users with an easy-to-use mechanism to report fraudulent activity related to the digital wallet.(3) Immediately notify a user if the covered business detects suspicious or unauthorized activity related to the users digital wallet.(b) A covered business shall audit the security features required by this section at least annually.34002. Noncompliance with this division shall be punishable by a civil penalty of five thousand dollars ($5,000) per day to be collected in an action brought only by the department or the Attorney General.
DIVISION 16. Digital Wallet Security34000. As used in this section:(a) Covered business means a business that offers a digital wallet to users in the state.(b) Department means the Department of Financial Protection and Innovation.(c) Digital wallet means a digital payment application that allows a user to make a consumer transaction.(d) Two-factor authentication means a security protocol that requires the user to provide two separate pieces of information to verify the authenticity of an action, including, but not limited to, a password, an application-generated code, or a code delivered to the user through an email or text message.34001. (a) A covered business shall do all of the following:(1) Require users to enable two-factor authentication for use before any transaction can be completed.(2) Provide users with an easy-to-use mechanism to report fraudulent activity related to the digital wallet.(3) Immediately notify a user if the covered business detects suspicious or unauthorized activity related to the users digital wallet.(b) A covered business shall audit the security features required by this section at least annually.34002. Noncompliance with this division shall be punishable by a civil penalty of five thousand dollars ($5,000) per day to be collected in an action brought only by the department or the Attorney General.
DIVISION 16. Digital Wallet Security
DIVISION 16. Digital Wallet Security
34000. As used in this section:(a) Covered business means a business that offers a digital wallet to users in the state.(b) Department means the Department of Financial Protection and Innovation.(c) Digital wallet means a digital payment application that allows a user to make a consumer transaction.(d) Two-factor authentication means a security protocol that requires the user to provide two separate pieces of information to verify the authenticity of an action, including, but not limited to, a password, an application-generated code, or a code delivered to the user through an email or text message.
34000. As used in this section:
(a) Covered business means a business that offers a digital wallet to users in the state.
(b) Department means the Department of Financial Protection and Innovation.
(c) Digital wallet means a digital payment application that allows a user to make a consumer transaction.
(d) Two-factor authentication means a security protocol that requires the user to provide two separate pieces of information to verify the authenticity of an action, including, but not limited to, a password, an application-generated code, or a code delivered to the user through an email or text message.
34001. (a) A covered business shall do all of the following:(1) Require users to enable two-factor authentication for use before any transaction can be completed.(2) Provide users with an easy-to-use mechanism to report fraudulent activity related to the digital wallet.(3) Immediately notify a user if the covered business detects suspicious or unauthorized activity related to the users digital wallet.(b) A covered business shall audit the security features required by this section at least annually.
34001. (a) A covered business shall do all of the following:
(1) Require users to enable two-factor authentication for use before any transaction can be completed.
(2) Provide users with an easy-to-use mechanism to report fraudulent activity related to the digital wallet.
(3) Immediately notify a user if the covered business detects suspicious or unauthorized activity related to the users digital wallet.
(b) A covered business shall audit the security features required by this section at least annually.
34002. Noncompliance with this division shall be punishable by a civil penalty of five thousand dollars ($5,000) per day to be collected in an action brought only by the department or the Attorney General.
34002. Noncompliance with this division shall be punishable by a civil penalty of five thousand dollars ($5,000) per day to be collected in an action brought only by the department or the Attorney General.