House Research Bill Summary


File Number: H.F. 1758

Date: March 23, 2007

Version: First Engrossment

Status: Public Safety and Civil Justice Committee

Authors: Davnie and others

Subject: Retention of a card security code

Analyst: Thomas R. Pender, 651-296-1885


This publication can be made available in alternative formats upon request. Please call 651-296-6753 (voice); or the Minnesota State Relay Service at 1-800-627-3529 (TTY) for assistance. Summaries are also available on our website at:




This bill prohibits businesses that accept a credit or similar card in connection with a transaction from retaining the access code that permits use of the card, after the transaction is completed. Makes such a business liable to a financial institution for costs resulting from a breach of the security of the retained access code.




Access devices; breach of security.

Subd. 1. Definitions. Defines nine terms used in the bill.

Subd. 2. Security or identification information; retention prohibited. Prohibits a business from retaining a card security code or other electronic data that verifies the identity of the user for purposes of access to the card's purchasing power, after the transaction is completed. They can include a PIN number or the three digit number on the back of a credit or debit card.

Subd. 3. Liability. Makes a business that violates subdivision 2 and afterwards experiences a breach in its security system liable to any financial institution that issued access devices affected by the breach, for the cost of any reasonable actions it takes to protect itself or its customers. Five such actions are listed in the bill.


Subd. 4. Enforcement. Provides a private right of action, both under this section and under section 8.31.