The Kansas Legislature on Thursday unanimously approved a bill that’s intended to safeguard Kansans from scams that employ cryptocurrency kiosks scattered across the state.
The bill, which now goes to the governor, will install measures to make it harder for fraudsters to use those machines to dupe consumers into forking over thousands of dollars to get out of a jam.
There are about 31,000 cryptocurrency ATM machines nationally, including about 300 in Kansas.
Since at least 2021, the FBI has been warning about fraud schemes that used cryptocurrency ATMs and QR codes to get money from their victims.
The FBI reported that Americans lost more than $333 million last year – from January to November – through schemes that employed cryptocurrency ATM machines.
By comparison, two years earlier the FBI reported more than 5,500 complaints using cryptocurrency kiosks with losses exceeding $189 million.
A 2024 report from the Federal Trade Commission indicated that people 60 and over were more than three times as likely as younger adults to report a loss using a cryptocurrency ATM machine.
The Kansas attorney general gets about 150 cryptocurrency complaints a year, most of which are related to cryptocurrency ATMs.
Plots generally involve scammers who contact consumers through unsolicited phone calls, text messages or emails, claiming a bank account is frozen or a relative is in trouble.
Scammers direct them to use a crypto ATM to secure funds and provide a QR code to transfer money directly to the scammer’s digital wallet.
They tell the consumer that depositing cash into the ATM will protect their money or address the fraudulent problem.
Last summer, the U.S. Department of the Treasury’s Financial Crimes Enforcement Network issued a notice to financial institutions urging them to be vigilant in identifying and reporting suspicious activity involving virtual currency kiosks.
The speed and difficulty of reversing kiosk transactions make them an attractive payment mechanism for scammers, the agency said in its notice.
Once the victim makes the transfer with a kiosk, the fraudster running the scam instantly owns the digital currency and often immediately transfers the funds into another digital wallet or exchange account they control, the agency said.
Among other things, the bill would:
- Require virtual currency kiosk operators to be licensed and be regulated by the Office of the State Bank Commissioner. All unlicensed kiosk operators would be required to apply for a money transmitter license within 60 days after July 1, 2026.
- Require kiosk operators to post warnings on the screen of the machines in English and Spanish about the possibility of schemes to defraud consumers.
- Require each virtual currency kiosk operator to hold any money or virtual currency provided as part of a transaction for 72 hours before it is processed within 14 days of the initial transaction.
- Limits the initial transaction with the kiosk to $1,000 and only one transaction within 72 hours of the first one. The bill also sets $10,000 as the maximum total transactions within 14 days of the first one.
- Would allow a refund of any transaction within 14 days of the initial transaction. Someone may request a full refund of the initial transaction for any reason from a virtual currency kiosk operator within the 72-hour holding period.
- Virtual currency kiosk operators could not collect direct or indirect charges related to a transaction that exceed $5 in U.S. currency or 18% of the money transmission.
- Virtual currency kiosk operators doing business in Kansas shall provide live customer service during kiosk operating hours. The customer service toll-free number shall be displayed on the virtual currency kiosk or the virtual currency kiosk screens. The customer service toll-free number shall be staffed by trained individuals who are employed by or on behalf of the virtual currency kiosk operator and who provide customer assistance to a caller in real time.
- All virtual currency kiosk operators shall take reasonable steps to detect and prevent fraud, including establishing and maintaining a written anti-fraud policy. The anti-fraud policy shall, at a minimum, include the identification and assessment of fraud-related risk areas as well as procedures and controls to protect against fraud.
