To protect the privacy of customers using electronic financial terminals, including any supporting equipment, structures or systems, information received by or processed through such terminals, supporting equipment, structures or systems shall be treated and used only in accordance with applicable law relating to the dissemination and disclosure of such information. The person establishing and maintaining an electronic financial terminal, including any supporting equipment, structures or systems, shall take such steps as are reasonably necessary to restrict disclosure of information to that necessary to complete the transaction and to safeguard any information received or obtained about a customer or that customer's account from misuse by any person staffing an electronic financial terminal, including any supporting equipment, structures or systems.
The commissioner shall have the authority by rule to require each person operating pursuant to sections 47.61 to 47.74 to supply information to customers using electronic financial terminals of the person's consumer protection policies including the rights and liabilities of the consumer and protection against wrongful and unnecessary or accidental disclosure of confidential information.
Every financial institution using an electronic financial terminal shall maintain reasonable procedures to minimize losses from unauthorized withdrawals from its customers' accounts by use of an electronic financial terminal. After a customer makes a bona fide deposit or payment at an electronic financial terminal and has received a receipt, any loss due to theft or other reason shall not be borne by the customer; provided, loss due to the nonpayment or dishonor of a check, or other order for payment, deposited at an electronic financial terminal shall be governed by the applicable provisions of chapter 336. A financial institution shall be liable for all unauthorized withdrawals unless the unauthorized withdrawal was due to the loss or theft of the customer machine readable card, including a debit card, in which case the customer shall be liable, subject to a maximum liability of $50, for those unauthorized withdrawals made prior to the time the financial institution is notified of the loss or theft. With respect to debit card transactions, this subdivision applies to unauthorized withdrawals made from an electronic financial terminal or from an electronic point-of-sale terminal operated by a retailer, described in section 47.61, subdivision 3, paragraph (b), clause (3). The limitation on liability is effective only if the issuer is notified of unauthorized charges contained in a bill within 60 days of receipt of the bill by the person in whose name the card is issued. For purposes of this subdivision, "unauthorized withdrawal" means a withdrawal by a person other than the customer without actual authority to initiate the withdrawal and from which the customer receives no benefit. The term does not include any withdrawal that is: (1) initiated by a person who was furnished with the card by the customer, unless the customer has notified the financial institution involved that transfers by that person are no longer authorized; (2) initiated with fraudulent intent by the customer or any person acting in concert with the customer; or (3) initiated by the financial institution or its employee.
No person's Social Security number shall be used as the personal identification number or as any code to activate any electronic financial terminal.
Any customer of a financial institution may bring a civil action against any person violating any subdivision of this section in the district court in the county of the alleged violator's residence or principal place of business or in the county wherein the alleged violation occurred. Upon adverse adjudication, the defendant shall be liable for actual damages, or $500, whichever is greater, punitive damages when applicable, together with the court costs and reasonable attorneys' fees incurred by the plaintiff. The court may provide such equitable relief as it deems necessary or proper, including enjoining the defendant from further violations. If the unauthorized withdrawal was due to the negligent conduct or the intentional misconduct of an operator or person establishing and maintaining an electronic financial terminal other than a financial institution or agent of a financial institution, that operator or person establishing and maintaining an electronic financial terminal or its agent is liable and subject to a civil action under this subdivision by the financial institution considered liable under subdivision 3 that has reimbursed the customer.
Every financial institution using an electronic financial terminal shall provide its customers a receipt or record of each transaction initiated at the terminal, and shall provide its customers a transaction statement at least quarterly specifying types, dates, and amounts of all electronic financial terminal transactions for the previous statement period.