(1) If the parties have agreed to use a security procedure to detect changes or errors and one party has conformed to the procedure, but the other party has not and the nonconforming party would have detected the change or error had that party also conformed, the conforming party may avoid the effect of the changed
or erroneous electronic record.
(2) In an automated transaction involving an individual, the individual may avoid the effect of an electronic record that resulted from an error made by the individual in dealing with the electronic agent of another person if the electronic agent did not provide an opportunity for the prevention or correction of the error and, at the time the individual learns of the error, the individual:
(A) Promptly notifies the other person of the error and that the individual did not intend to be bound by the electronic record received by the other person;
(B) Takes reasonable steps, including steps that conform to the other person's reasonable instructions, to return to the other person or, if instructed by the other person, to destroy the consideration received, if any, as a result of the erroneous electronic record; and
(C) Has not used or received any benefit or value from the consideration, if any, received from the other person.
(3) If neither subdivision (1) nor subdivision (2) of this section applies, the change or error has the effect provided by other law, including the law of mistake, and the parties' contract, if any.
(4) Subdivisions (2) and (3) of this subsection may not be varied by agreement.