Governor Kathy Hochul has vetoed a bill aimed at making mobile banking transactions more secure following two high-profile Hell’s Kitchen murders, saying it would be too onerous to implement.
The Financial App Security Act, which passed unanimously in the past state legislative session, would have required mobile banking applications like Zelle, Venmo and CashApp to require the use of a personal identification number (PIN) when users make a transaction exceeding a monetary limit of their choosing, or when making a payment to an account created within the past 24 hours, along with other circumstances.
Hell’s Kitchen State Senator Brad Hoylman-Sigal and Assemblymember Grace Lee wrote the legislation with the support of Manhattan District Attorney Alvin Bragg, to prevent criminals with access to an unlocked smartphone from transferring large sums of money without the owner’s consent.
That’s what happened in the murders of Julio Ramirez and John Umberger, who were drugged before being electronically robbed of thousands of dollars at LGBTQ nightlife venues, after perpetrators used facial recognition data to access their phones and bank accounts.
Requiring the use of a pin, instead of exclusively biometric identification could prevent theft from occurring, especially at nightlife venues, according to the Anti-Violence Project.
“This bill was inspired sadly by the deaths of two men in our Senate district, who were the victims of heinous violence,” Hoylman-Sigal told W42ST. “And the motive was clear. The perpetrator drugged them and drained their bank accounts, and did so because they knew that these financial apps like Zelle are notoriously porous and easily accessible.”
Hoylman-Sigal described his and Lee’s bill as “a common-sense approach to increase security on peer-to-peer phone applications.”
“We think the corporations that own and operate these apps have a responsibility to limit fraud on their platforms, and we don’t think they’re fulfilling that responsibility at the moment,” Hoylman-Sigal said.
A spokesperson for Bragg’s office confirmed the District Attorney had provided input for the legislation. Early this year, Bragg sent letters to Zelle, Venmo and CashApp, calling on them to add consumer protections to their apps.
In a memo following her veto, Hochul wrote that requiring apps to include pins for security “would mandate the use of onerous banking security measures, commonly utilized by the largest financial institutions.”
“This legislation includes requirements that conflict with Department of Financial Services banking regulations and other technical challenges that could hinder compliance and unnecessarily restrict users’ access to these widely-used applications,” Hochul wrote.
In July, following the bill’s passage, a tech lobbying group, Chamber of Progress, wrote a letter to Hochul urging her to veto the bill, stating it would “expose consumers to increased financial fraud and economic hardship.”
“What’s good for the goose is good for the gander,” Hoylman-Sigal said. “I can’t understand why common-sense security measures are viewed as onerous when every major financial institution, with the exception of these apps, uses them.”
Hoylman-Sigal said he plans to draft a new version of the legislation next year. “Our fight is not over,” he said. “We are going to go back to the drawing board, talk to the opponents, but also continue to raise the alarm about the lack of security and responsibility on the part of companies that operate these peer-to-peer mobile apps.”
link