Selling someone a front-end product as the initial merchant and
then channeling their billing information to another merchant to be used
in conjunction with an up-sale or cross-sale of some other product or
service ("back-end sales") is illegal. Under the Restore Online Shopper's Confidence Act (ROSCA), any initial merchant that directly obtains customer billing information cannot disclose this to a third-party "post-transaction seller"
where it is to be used in the sale of any goods or services by that
seller. This practice by the initial merchant is also known as a "data pass."
It typically occurs when the post-transaction seller offers a negative
option type plan (i.e. membership clubs) to consumers as they are in the
process of completing their transaction with the initial merchant.
These offers are designed to make consumers think they are part of the
initial purchase and not a new transaction with a third-party seller.
The Act also places restrictions directly on deceptive negative option sales and marketing tactics, sets forth transparency and informed consent requirements and gives the consumer the ability to stop recurring charges. The FTC can enforce this law and the Act authorizes every state attorney general (and other authorized state officers) to sue in federal court to stop Internet marketers who are violating this law.
Post-Transaction Third Party Seller Liability!
The customer must be provided with notice of the relevant facts and then can decide whether to purchase from the third-party or provide credit card information to the third-party. ROSCA makes it unlawful for any post-transaction seller to charge or attempt to charge a consumer's credit card, debit card, bank account or other financial account for any good or service through a negative option feature unless the seller has clearly and conspicuously disclosed to the consumer all material terms of the transaction, including: (1) a description of the goods or services being offered; (2) the fact that the post-transaction seller is not affiliated with the initial merchant; and (3) the cost of the goods or services.
The post transaction seller must also have received the express informed consent for the charges by the consumer by obtaining from the consumer the full account number to be charged and the consumer's name, address and contact information.
Post-transaction sellers must also require that the consumer perform some additional affirmative action, like clicking on "I accept" button or checking a box to indicate his or her informed consent. Finally, post-transaction sellers must also provide "simple mechanisms" for a consumer to stop recurring charges.
Some states, such as California, have enacted its own version of ROSCA. California state law enacted in 2010 imposes requirements on businesses that make automatic renewal or continuous service offers to California residents. Offers of continuous services or automatic renewals: (1) must present the offer terms in a "clear and conspicuous" manner; (2) must not charge the consumer's credit card without the affirmative consent of the consumer; and (3) may not change a material term of the offer without "clear and conspicuous" notice of the change.
Data Pass Transactions Guidelines:
This article was written by Philip A. Nicolosi, J.D. Mr. Nicolosi
provides legal services through his law firm, Phil Nicolosi Law, P.C.,
focusing on startup and small business law, Internet & technology
law and commercial transactions.The Act also places restrictions directly on deceptive negative option sales and marketing tactics, sets forth transparency and informed consent requirements and gives the consumer the ability to stop recurring charges. The FTC can enforce this law and the Act authorizes every state attorney general (and other authorized state officers) to sue in federal court to stop Internet marketers who are violating this law.
Post-Transaction Third Party Seller Liability!
The customer must be provided with notice of the relevant facts and then can decide whether to purchase from the third-party or provide credit card information to the third-party. ROSCA makes it unlawful for any post-transaction seller to charge or attempt to charge a consumer's credit card, debit card, bank account or other financial account for any good or service through a negative option feature unless the seller has clearly and conspicuously disclosed to the consumer all material terms of the transaction, including: (1) a description of the goods or services being offered; (2) the fact that the post-transaction seller is not affiliated with the initial merchant; and (3) the cost of the goods or services.
The post transaction seller must also have received the express informed consent for the charges by the consumer by obtaining from the consumer the full account number to be charged and the consumer's name, address and contact information.
Post-transaction sellers must also require that the consumer perform some additional affirmative action, like clicking on "I accept" button or checking a box to indicate his or her informed consent. Finally, post-transaction sellers must also provide "simple mechanisms" for a consumer to stop recurring charges.
Some states, such as California, have enacted its own version of ROSCA. California state law enacted in 2010 imposes requirements on businesses that make automatic renewal or continuous service offers to California residents. Offers of continuous services or automatic renewals: (1) must present the offer terms in a "clear and conspicuous" manner; (2) must not charge the consumer's credit card without the affirmative consent of the consumer; and (3) may not change a material term of the offer without "clear and conspicuous" notice of the change.
Data Pass Transactions Guidelines:
- If you are an initial seller or marketer DO NOT pass any customer billing information to any third-party end-sellers. As you learned, this is prohibited by ROSCA outright;
- If you are an end-seller receiving customers through an initial third-party seller/marketer, DO NOT accept billing information from the initial seller/marketer;
- Before obtaining the billing information in the registration process, provide a ROSCA Informed Consent Notice that makes the required disclosures and requires consent as indicated by clicking on an I ACCEPT button or by checking a box. This notice should be provided ideally during the registration process. You must notify your customers clearly and conspicuously that completing the registration process and/or proceeding with the purchase through your website will indicate their acceptance to the terms disclosed in the ROSCA Informed Consent; and
- Always use a click-wrap agreement and provide notice before charging the customer and require the customer to indicate agreement by clicking on an I ACCEPT button or by checking a box.
Mr. Nicolosi serves as a trusted advisor to numerous startups and small to medium sized businesses. This includes representation for a wide range of business law matters including business organization, corporate/LLC governance, regulatory law, contracts and transactions and most other matters outside of litigation. Mr. Nicolosi provides guidance with e-commerce, Internet marketing and technology-related legal matters. He also assists startup technology companies with seed financing, venture capital and exit transactions.