DFI-CU 63.02(5)
(5)
Supplier. “Supplier" means any person furnishing equipment, goods or services used to complete any function performed through a given remote terminal.
DFI-CU 63.02 History
History: Cr.
Register, March, 1978, No. 267, eff. 4-1-78; correction in (4) made under s. 13.93 (2m) (b) 7., Stats.,
Register, June, 2000, No. 534.
DFI-CU 63.04
DFI-CU 63.04
Restrictions on access prohibited. DFI-CU 63.04(1)(1)
General provisions. Except as provided in sub.
(2), no credit union may directly or indirectly acquire, place or operate a remote terminal and no credit union may participate in the acquisition, placement or operation of a remote terminal, unless the terminal is available on a nondiscriminatory basis to the following financial institutions and their designated customers:
DFI-CU 63.04(1)(b)
(b) Any other credit union which is qualified to do business in this state and has obtained the written consent of a credit union that has its home office in this state and is making use of the terminal;
DFI-CU 63.04(1)(c)
(c) Any savings and loan association which is qualified to do business in this state and has obtained the written consent of a savings and loan association that has its home office in this state and is making use of the terminal; and
DFI-CU 63.04(1)(d)
(d) Any other bank which is qualified to do business in this state and has obtained the written approval of a bank that has its home office in this state and is making use of the terminal.
DFI-CU 63.04(2)
(2)
Exceptions. The temporary limitation of access to a remote terminal to designated customers of designated financial institutions for reasonable test periods determined by the director will not be deemed in violation of this section if approved by the director in writing. The director may approve such limitations if:
DFI-CU 63.04(2)(a)
(a) The director considers it necessary or desirable to permit restricted operation during periods of testing or experimentation; or,
DFI-CU 63.04(2)(b)
(b) The director determines that the accommodation of additional users is beyond the capacity of existing equipment and a good faith effort is being made to accommodate them within a reasonable period of time determined by the director.
DFI-CU 63.04 History
History: Cr.
Register, March, 1978, No. 267, eff. 4-1-78.
DFI-CU 63.05
DFI-CU 63.05
Discriminatory rates or services prohibited. A remote terminal will not be deemed available for use on a nondiscriminatory basis unless:
DFI-CU 63.05(1)
(1)
User fees. The fees charged to a financial institution for the use of the terminal by the institution or its customers are equitably apportioned and reasonably reflect the cost of the services actually provided to the institution or customer. Such fees may provide for the amortization of development costs and capital expenditures over a reasonable period of time.
DFI-CU 63.05(2)
(2)
Customer services. Each financial institution making use of the terminal may permit its customers to make use of all of the functions performed by the terminal at each location of the terminal or only those functions and locations that such institution elects to make available to its customers.
DFI-CU 63.05(3)
(3)
Technical information and specifications. Each supplier provides at reasonable cost such technical information and specifications as may be necessary to enable a financial institution that is eligible to use the terminal, or any data processor serving the accounts of such an institution, to obtain interface with the terminal.
DFI-CU 63.05(4)
(4)
Other requirements. No financial institution eligible to use the terminal is required to purchase from any supplier any goods, equipment or services not reasonably necessary to complete a transaction through the terminal.
DFI-CU 63.05 History
History: Cr.
Register, March, 1978, No. 267, eff. 4-1-78.
DFI-CU 63.06
DFI-CU 63.06
Confidentiality and security requirements. No credit union may directly or indirectly acquire, place or operate a remote terminal, and no credit union may participate in the acquisition, placement or operation of a remote terminal, unless precautions acceptable to the director are provided to:
DFI-CU 63.06(1)
(1)
Precautions against unauthorized access. Prevent unauthorized access to, or use of, the terminal.
DFI-CU 63.06(2)
(2)
Precautions to assure confidentiality. Prevent information regarding a transaction conducted through the terminal from being disclosed to any person other than:
DFI-CU 63.06(2)(b)
(b) Any other person who is a party to the transaction or is necessary to effect the transaction, but only to the extent that the information disclosed is necessary to effect the transaction; or
DFI-CU 63.06(2)(c)
(c) Those persons lawfully authorized to have access to the records of the credit union or of parties to the transaction.
DFI-CU 63.06(3)
(3)
Unsolicited access to remote terminals prohibited. Ensure that the plastic card or other means providing its customers access to the terminal is issued only:
DFI-CU 63.06(3)(b)
(b) As a renewal of, or in substitution for an accepted card or other means of access, whether issued by the initial issuer or a successor.
DFI-CU 63.06 History
History: Cr.
Register, March, 1978, No. 267, eff. 4-1-78.
DFI-CU 63.07(1)(1)
Between credit union and third parties. Each activity authorized under s.
186.113 (15), Stats., shall be conducted in accordance with a written agreement between the credit union and any participating merchant, service center, data processor or other third party, setting out the manner in which liability from errors, malfunctions or the unauthorized use of a remote terminal will be allocated between the parties.
DFI-CU 63.07(2)(a)
(a) The liability of a customer of a credit union for the unauthorized use of a plastic card or other access device to a remote terminal shall be determined as follows:
DFI-CU 63.07(2)(a)3.
3. If the customer notifies the credit union within 2 business days after learning of the unauthorized use or of loss or theft of the plastic card or other access device, the customer's liability may not exceed the lesser of $50 or the amount of unauthorized transfers that occur before notice to the credit union.
DFI-CU 63.07(2)(a)4.
4. If the customer fails to notify the credit union within 2 business days after learning of the unauthorized use or of loss or theft of the plastic card or other access device, the customer's liability may not exceed the lesser of $500 or the sum of all of the following:
DFI-CU 63.07(2)(a)4.a.
a. $50 or the amount of unauthorized transfers that occur within the 2 business days, whichever is less.
DFI-CU 63.07(2)(a)4.b.
b. The amount of unauthorized transfers that occur after the close of 2 business days and before notice to the credit union, if the credit union establishes that these transfers would not have occurred had the customer notified the credit union within that 2-day period.
DFI-CU 63.07(2)(a)5.
5. A customer must report an unauthorized transfer from the unauthorized use of a plastic card or other access device to a remote terminal that appears on a periodic statement within 60 days of the credit union's transmittal of the statement to avoid liability for subsequent transfers. If the customer fails to do so, the customer's liability may not exceed the amount of the unauthorized transfers that occur after the close of the 60 days and before notice to the credit union and that the credit union establishes would not have occurred had the customer notified the credit union within the 60-day period. When a plastic card or other access device is involved in the unauthorized transfer, the customer may be liable for other amounts set forth in subd.
3. or
4., as applicable.
DFI-CU 63.07(2)(a)6.
6. If the customer's delay in notifying the credit union as provided in subd.
5. was due to extenuating circumstances, the credit union shall extend the time specified in subd.
5. to a reasonable period.
DFI-CU 63.07(2)(a)7.a.a. Notice to a credit union is given when a customer takes steps reasonably necessary to provide the credit union with the pertinent information, whether or not a particular employee or agent of the credit union actually receives the information.
DFI-CU 63.07(2)(a)7.c.
c. Written notice is considered given at the time the customer mails the notice or delivers it for transmission to the credit union by any other usual means. Notice may be considered constructively given when the credit union becomes aware of circumstances leading to the reasonable belief that an unauthorized transfer to or from the customer's account has been or may be made.
DFI-CU 63.07(2)(a)8.
8. If an agreement between the customer and the credit union imposes less liability than is provided by this section, the customer's liability may not exceed the amount imposed under the agreement.
DFI-CU 63.07(2)(b)
(b) A customer furnishing another person with a plastic card or other access device to the customer's account through a remote terminal shall be deemed to authorize all transactions that may be accomplished by that means, until the customer has given actual notice to the credit union that further transactions are unauthorized.
DFI-CU 63.07 History
History: Cr.
Register, March, 1978, No. 267, eff. 4-1-78;
2013 Wis. Act 136: am. (2) (a) (intro.), r. (2) (a) 1., 2., cr. (2) (a) 3. to 8., am. (2) (b)
Register March 2014 No. 699, eff. 4-1-14.
DFI-CU 63.08
DFI-CU 63.08
Customer service and disclosure requirement. DFI-CU 63.08(1)(1)
Periodic statements. A credit union shall provide each customer with a periodic statement of each account of the customer accessible through a remote terminal. The statement shall be provided on a monthly basis for each month in which a transaction occurs, or once every 3 months, whichever is more frequent. The statement shall identify the date, location, and nature of each transaction. An account statement issued under this subsection may include transactions made through a remote terminal or otherwise.
DFI-CU 63.08(2)
(2)
Transaction documentation. Except as provided in sub.
(4), every transfer of funds through a remote terminal made by a customer of a credit union shall be evidenced by a written document made available to the customer at the time of the transaction. The document shall indicate with reasonable specificity the identity of any third party to whom funds are electronically transferred, the identity of the customer's account, the amount of funds transferred, the type of transaction, and the date of the transaction. A customer may be required to reenter an access device, such as a card, at a terminal in order to receive transaction documentation if all of the following conditions are met:
DFI-CU 63.08(2)(a)
(a) The terminal simultaneously controls the distribution of products at several locations on the same site to more than one customer;
DFI-CU 63.08(2)(b)
(b) Each customer must remove the access device from the terminal and move to another location in order to complete the transaction; and
DFI-CU 63.08(2)(c)
(c) The terminal cannot produce transaction documentation for a particular transaction until the customer completes distribution of the product and the amount of the transaction is known.
DFI-CU 63.08 Note
Note: Paragraphs (a) to (c) apply, for example, to a terminal which monitors a series of gasoline pumps. Each customer must remove the card from the terminal in order to pump the gasoline and then reenter the card in order to obtain a receipt.
DFI-CU 63.08(3)
(3)
Written disclosure of services and charges. Each customer of a credit union whose account with the credit union is accessible through a remote terminal shall be provided with a written statement of the terms and conditions governing the account. Such a statement shall be provided at the time that the customer is issued a card or other means affording access to the remote terminal, and whenever the terms and conditions governing the account are amended. The statement shall set out:
DFI-CU 63.08(3)(a)
(a) Applicable limitations on the customer's liability for unauthorized use of the means providing access to the remote terminal, and the address and telephone number of the person to be notified in the event that the means affording the customer access to the remote terminal is lost or stolen or the customer otherwise believes that unauthorized access to the account may be obtained.
DFI-CU 63.08(3)(b)
(b) The customer's right to a periodic statement of transactions affecting the account.
DFI-CU 63.08(3)(c)
(c) An initial disclosure of the specific transactions which, subject to the capabilities of individual terminals, may be performed through the remote terminal.
DFI-CU 63.08(3)(d)
(d) Any charges to the customer for account maintenance or for the use of the remote terminal.
DFI-CU 63.08(3)(e)
(e) Any limitation imposed on the number of remote terminal transactions permitted within any given period of time.
DFI-CU 63.08(4)
(4)
Exception for written document in small-value transfers. A credit union is not subject to the requirement to make available a written document under sub.
(2) if the amount of the transfer is $15 or less.
DFI-CU 63.08 History
History: Cr.
Register, March, 1978, No. 267, eff. 4-1-78; renum. (2) to be (2) (intro.) and am., cr. (2) (a) to (c),
Register, July, 1984, No. 343, eff. 8-1-84; am. (2) (intro.),
Register, October, 1988, No. 394, eff. 11-1-88;
2013 Wis. Act 136: am. (2) (intro.), cr. (4)
Register March 2014 No. 699, eff. 4-1-14.
DFI-CU 63.10
DFI-CU 63.10
Advertising restrictions. If use of a remote terminal is restricted under s.
DFI-CU 63.04 (2), to designated financial institutions, all advertisements regarding the terminal shall clearly state that use of the terminal will be available to customers of other financial institutions, at the end of the period of restricted use authorized by the director.
DFI-CU 63.10 History
History: Cr.
Register, March, 1978, No. 267, eff. 4-1-78;
Register, March, 1996, No. 483, eff. 4-1-96.
DFI-CU 63.11
DFI-CU 63.11
Filing of supplemental information. Each credit union engaging in an activity authorized under s.
186.113 (15), Stats., shall file with the director such additional information regarding its activity as the director may require.
DFI-CU 63.11 History
History: Cr.
Register, March, 1978, No. 267, eff. 4-1-78.