"Security procedure" means a procedure established by agreement of a customer and a receiving bank for the purpose of (i) verifying that a payment order or communication amending or canceling a payment order is that of the customer or (ii) detecting error in the transmission or the content of the payment order or communication. A security procedure may impose an obligation on the receiving bank or the customer and may require the use of algorithms or other codes, identifying words, numbers, symbols, sounds, biometrics, encryption, callback procedures or similar security devices. Comparison of a signature on a payment order or communication with an authorized specimen signature of the customer or requiring a payment order to be sent from a known email address, internet protocol address or telephone number is not by itself a security procedure. History: 1978 Comp., § 55-4A-201, enacted by Laws 1992, ch. 114, § 205; 2023, ch. 142, § 26. OFFICIAL COMMENTS UCC Official Comments by ALI & the NCCUSL. Reproduced with permission of the PEB for the UCC. All rights reserved. 1. A large percentage of payment orders and communications amending or cancelling payment orders are transmitted electronically and it is standard practice to use security procedures that are designed to assure the authenticity of the message through steps designed to assure the identity of the sender, the integrity of the message, or both. Security procedures can also be used to detect error in the content of messages or to detect payment orders that are transmitted by mistake as in the case of multiple transmission of the same payment order. Security procedures might also apply to communications that are transmitted by telephone or in writing. Section 4A-201 [55-4A-201 NMSA 1978] defines these security procedures. The second sentence of the definition provides several examples of a security procedure, but this list is not exhaustive. The inclusion of the phrase "or similar security devices" means that, as new technologies emerge, what can be a security procedure will evolve. The definition of security procedure limits the term to a procedure "established by agreement of a customer and a receiving bank." The term does not apply to procedures that the receiving bank may follow unilaterally in processing payment orders. The question of whether loss that may result from the transmission of a spurious or erroneous payment order will be borne by the receiving bank or the sender or purported sender is affected by whether a security procedure was or was not in effect and whether there was or was not compliance with the procedure. Security procedures are referred to in Sections 4A-202 and 4A-203 [55-4A-202 and 55-4A-203 NMSA 1978, respectively], which deal with authorized and verified payment orders, and Section 4A-205 [55-4A-205 NMSA 1978], which deals with erroneous payment orders. Requiring that a payment order be sent from a known email, IP address or phone number is not by itself a "security procedure" within the meaning of this section because it is possible to make a payment order with a different origin appear to have been sent from such an address or phone number. However, requiring that a payment order have such an apparent origin in combination with other security protocols might be a security procedure. 2. Several revisions to the pre-2022 text of this section were made in furtherance of medium neutrality. Other 2022 revisions were made for clarification. The 2023 amendment, effective January 1, 2024, provided that a security procedure may impose an obligation on the receiving bank or the customer, added certain security devices to an existing list of security devices, and provided that requiring a payment order to be sent from a known email address, internet protocol address or telephone number, by itself, is not a security procedure; and, after "A security procedure", added "may impose an obligation on the receiving bank or the customer and", after "numbers", added "symbols, sounds, biometrics", and after "signature of the customer", added "or requiring a payment order to be sent from a known email address, internet protocol address or telephone number".
‹ Prev All New Mexico sections Next ›
Lexace provides legal information, not legal advice, and no attorney–client relationship is created. Statute text is provided for general information and may not reflect the most recent amendments; verify against the official state code.