ROSCA: The Restore Online Shoppers’ Confidence Act

As we head into the holiday and then the most intense shopping days of the year, we want to wish everyone a safe and happy Thanksgiving.  It’s a last chance to rest and indulge before the “all hands on deck” holiday retailing season.

But, we’d be remiss if we didn’t take this time — just ahead of Cyber Monday — to mention the little known and often overlooked Restore Online Shoppers’ Confidence Act of 2010 (or ROSCA for short), which harkens back to a time when Congress actually passed laws.  With a name like that, of course, its hard not to let your expectations (or fears) get the better of you.  After all, restoring the confidence of the American public is no mean feat in this age of NSA snooping and identity theft by shadowy international figures. Congress, surely, must have come up with some brilliant, sweeping measures to allow consumers to shop online without a care in the world, right?

Wrong.

Rather than a sweeping piece of legislation, ROSCA instead focuses narrowly on certain kinds of online marketing approaches, namely “data pass” and “negative option” sales, and it contains requirements of which all online sellers should be aware.

WHAT, EXACTLY, IS “DATA PASS”?

Data pass occurs when a company passes along a consumer’s billing information to a third party seller, who may (or may not) proceed to bill the customer for goods and services without the customer’s consent.  For example, during the web site check-out process, a retailer may present a product or service sold by a third party.  The consumer thinks he’s buying that product or service from Retailer A, but, in fact, is buying it from Retailer B.  Retailer A “passes” the customer’s billing information to Retailer B, which in turn charges the consumer for the transaction.

In 2009, in connection with the passage of ROSCA, the Senate identified “hundreds of online websites and retailers” that partnered with three Connecticut-based marketing companies — Affinion, Vertrue, and Webloyalty — to sell club memberships to online shoppers using “highly aggressive sales tactics [during the check-out process] to charge millions of American consumers for services the consumers do not want and do not understand they have purchased.”

Credit card companies have implemented some restrictions on such practices.For example, Visa’s rules “forbid merchants from sharing a cardholder’s account number or other sensitive information with anyone not directly involved in the transaction,” but, in 2010, did not prohibit retailers from teaming up with other companies that offer products and services “sometime during the transaction process.”  Congress decided to go after both practices in ROSCA.

“DATA PASS” MEETS ROSCA

Under ROSCA, it’s now against the law for any third-party seller to “charge or attempt to charge” a consumer for any good or service sold on the Internet unless (1) before obtaining the customer’s billing information it has disclosed all material terms of the transaction (including its lack of affiliation to the initial merchant); (2) it has received the “express informed consent” for the charge from the consumer; and (3) the consumer is required to perform “an additional affirmative action, such as clicking on a confirmation button or checking a box” to reflect his or her consent to the charge.

In addition, however, it’s also illegal for the initial merchant to disclose to a third-party seller any credit card, debit card, bank account, or other financial account number, or other billing information used to charge a customer to any “post-transaction third party seller for use in an Internet-based sale of any goods or services” by that third party.  Note, however, that the term “post-transaction third party seller” does not include subsidiaries or corporate affiliates of, or successors to, the initial merchant.

ROSCA AND NEGATIVE OPTION MARKETING

Under ROSCA, online sellers are barred by selling goods or services via a “negative option feature,” as defined in the FTC’s Telemarketing Sales Rule, unless they: (1) clearly and conspicuously disclose all material terms before getting the consumer’s billing information; (2) obtain “express informed consent” before charging the consumer for such products or services”; and (3) provide “simple mechanisms” to stop recurring charges from being incurred.  If you sell anything that involves recurring charges, you need to be careful to meet each of these requirements.  This includes web site memberships and subscriptions, not just continuity plans involving goods (such as nutritional supplements or foods and beverages).

On a related note, the FTC this year decided to make no changes to the rules concerning negative options, concluding that “the Restore Online Shoppers’ Confidence Act and the Commission’s proposed amendments to the Telemarketing Sales Rule [in 2014] likely address many of [the] concerns” regarding potential abuses by negative option sellers.

ENFORCEMENT

The FTC and state attorneys general have the right to enforce the requirements of ROSCA, and you can be subject to a wide variety of sanctions, including injunctive relief, penalties of up to $16,000 per individual violation, redress to consumers, and, in egregious cases, criminal enforcement.  The FTC doesn’t hesitate to enforce ROSCA, as it did recently in a case against Health Formulas, LLC d/b/a Simple Pure Nutrition.

Happy Holidays!