32-6-303. Unauthorized transactions -- liability. (1) A customer whose account is debited by an electronic funds transfer without the customer's authorization is not liable for the amount of the transaction, and the amount must be recredited to the customer's account as provided under 32-6-302 unless:

(a) the financial institution has provided the customer with a unique identification device for initiating electronic funds transfer requests and transactions are made as a result of the theft or loss of that device, in which case the customer is liable for the first $50 of any consequent transactions made prior to the time the financial institution is notified of the loss or theft; or

(b) the financial institution has provided the customer with a unique identification device for initiating, in conjunction with a personal identification number separate from the device, electronic funds transfer requests and the customer attaches the personal identification number to the device by writing or otherwise or in any way makes the number readily available for discovery in connection with the theft or loss of the device and transactions are made as a result of the theft or loss of the device, in which case the customer is liable for one-half the value of all consequent transactions made until the financial institution is notified of the theft or loss.

(2) A customer who willingly gives the customer's unique identification device and personal identification number to another is presumed to have authorized any electronic funds transfers requested by the other person.

(3) A merchant who makes electronic funds transfer services available on the merchant's premises is liable for the amount of an unauthorized electronic funds transfer requested from the premises only if the merchant:

(a) or the merchant's agent is negligent in requiring a user of electronic funds transfer services to furnish adequate self-identification;

(b) fails to retain a physical record of the transaction for 1 year following the transaction; or

(c) breaches the warranty required by subsection (4).

(4) A merchant operating a point-of-sale terminal shall warrant to the financial institution or the department that an order for an electronic funds transfer emanating from the terminal is part of a commercial transaction in which the customer receives goods or services of commensurate value.

(5) The liability for any unauthorized or erroneous electronic funds transfer that does not fall upon a customer or a merchant under this section falls upon the financial institution that carries out the transfer.