CA SB505

Beginning January 1, 2028, digital wallet providers and money transmitters operating in California must require two-factor authentication or multifactor authentication for every user login

"Two-factor authentication" is defined as requiring two distinct forms of verification, while "multifactor authentication" requires more than two forms of verification

"User login" covers any action to access an account for initiating, receiving, or managing digital wallet or money transmission services

The bill adds Chapter 10 to the Financial Code under the Money Transmission Act, which already prohibits unlicensed money transmission and punishes violations with civil penalties, license revocation, or felony charges

The amended version removes earlier provisions that would have required stored value platform operators to reimburse customers for losses from fraudulently induced transfers