Senate Finance reviews S.129; debate centers on moratorium, transaction limits and consumer protections for crypto kiosks

At a Senate Finance Committee meeting, legislative counsel and the Department of Financial Regulation reviewed S.129 — a bill that would change how in-person virtual-currency kiosks operate in the state — and committee members heard competing proposals from industry and consumer advocates about transaction limits, fee caps and new consumer protections.

Maria Bridal, legislative counsel, walked the committee through S.129 and said the bill would change the daily transaction limit that currently applies to kiosk purchases and add new consumer-protection requirements, including expanded disclosures and requirements for blockchain-analytics and anti-fraud programs.

Ethan McLaughlin, assistant general counsel for the Department of Financial Regulation, described findings from DFR’s report and framed why the agency now “recommend[s] extending the moratorium for at least another year.” McLaughlin told the committee that federal and state data show substantial fraud at kiosks: he cited an FTC finding of a roughly tenfold increase in reported kiosk-related fraud losses from 2020 to 2023 and said the median reported loss in some data was $10,000. He said DFR’s current view is that additional safeguards and more time to study outcomes in other jurisdictions are needed before allowing broader kiosk expansion.

The text of S.129 reviewed at the meeting would, among other changes, raise the daily transaction limits in two tiers (a $2,000-per-day cap for certain new customers and a $5,000-per-day cap for established customers as drafted in the version presented to the committee) and increase the statutory fee cap on a single transaction from the greater of $5 or 3% of the transaction to a cap as high as 15%. The bill text also would require prominent, written disclosures at kiosks that list 10 risk points (for example, that virtual currency is not legal tender, is not FDIC insured and that transactions may be irreversible) and would add requirements for written anti-fraud policies, enhanced due diligence, blockchain-analytics checks at the time of transaction, and designated compliance and consumer-protection officers who must be full-time employees and not owners with more than 20% equity.

Industry witnesses said they support many of the protective measures but oppose a continued moratorium and some proposed limits. “CoinFlip wants every actor in the space to utilize the same protections that we do to keep consumers safe,” said Larry, a CoinFlip representative who identified the company as an operator of kiosks in Vermont. He told committee members CoinFlip had agreed to most of DFR’s suggested protections — including transaction receipts, photo capture, ID and biometric checks at first use, blockchain analytics, live customer service and refund provisions for new users — but argued that the $1,000-per-day limit now in place is too restrictive and reduces the utility and federal reporting value of transactions. He said CoinFlip would accept a new-user period of 30 days and proposed $2,000 per day for new users and $5,000 per day for established users.

Consumer advocates pressed for stronger, lower transaction caps and an explicit refund mechanism. “Our concern with S.129 … is around the risk of fraud that these machines pose,” said Colin Hillier, advocacy director for AARP Vermont, who highlighted FBI and other agency data showing older Vermonters are disproportionately represented among kiosk fraud victims and argued that larger daily caps increase the risk to seniors and other vulnerable residents.

Committee members questioned technical details and enforcement practicality: how “new customer” is defined in the draft (the bill text tied a new-customer definition to an operator’s transaction history and a 72-hour rule in one draft clause, while industry favored a 30-day new-customer window), whether bank reporting and suspicious-activity reporting thresholds interact with the state limits, how kiosks would implement real-time blockchain-analytics screening, and what the biometric and data-retention practices are for identity-verification vendors.

McLaughlin said DFR’s recommendations include precise operational controls — written anti-fraud and enhanced due-diligence policies, periodic policy review, live customer-service availability, and the authority of the commissioner to request evidence that an operator uses blockchain analytics — and that DFR is willing to pilot protective measures on the three machines currently operating while keeping a moratorium on new placements unless the protections prove effective.

No formal vote was taken. Committee members directed continued negotiation among DFR, industry representatives and consumer advocates and left S.129 and related language in H.137 open for further amendment. Several witnesses said they expected additional, narrower compromise language could be prepared for later committee meetings.

The committee did not adopt a final bill or report at the hearing; members said they plan to continue work with DFR, the Attorney General’s office and industry representatives before advancing legislation.