Delivering localized customer experiences in terms of languages, currencies, prices and payment methods is only one challenge you need to solve. You also need to comply with local rules and offer compliant shopping experiences. If you’re not exactly sure what all that entails, ask yourself:

• Do you offer customers a separate review opportunity after they have filled out their shopping cart page? Guess what? It’s a requirement if you want to sell to EU member countries.
• Do you require a double opt-in (or confirmed opt-in, COI) process for subscribing to your email newsletter? Hint: If you want use email marketing with Canadians, you need to implement it.
• Have you obtained express consent to charge a subscriber once their free trial has expired? Newsflash: You don’t want to be on the wrong side of this issue.

Compliance Risks for Global Subscriptions

Review Page

“Before the consumer is bound by a … contract … the trader shall provide the consumer with … information in a clear and comprehensible manner …” — Council Directive 2011/83/EU aka The Directive on Consumer Rights (European Commission)

European citizens have expressed discomfort with a lack of transparency when purchasing online. In order to combat these trust issues, online sellers are legally obliged to provide EU customers with a review page or opportunity that provides specific information relevant to the sale. If your typical checkout process is a quick one-page cart where the Buy Now button leads right to a confirmation page, you’ll need to create at least one additional step before a customer submits their payment from the EU.

While shoppers in the U.S. might find this step frustrating or a barrier to purchase, omitting it for shoppers in the EU can lead to invalid purchase agreements, penalties and damage to your reputation.

Double Opt-In Signups for Email

“It is prohibited to send or cause or permit to be sent to an electronic address a commercial electronic message unless the person to whom the message is sent has consented to receiving it.” – Canada’s Anti-Spam Law

On July 1, 2014, most of Canada’s Bill C-28, known as the “Fighting Internet and Wireless Spam Act” (FISA) or “Canada’s Anti-Spam Law” (CASL), came into effect. Consent is the operative word here, and it is used over 60 times in the text of this law. The law requires you to obtain explicit customer consent to send them commercial electronic messages through your marketing email lists. In cases of conflict, you as the merchant will have to provide evidence of customer consent. Therefore, double opt-in is generally considered a best practice.

Violating these rules while sending emails to Canada, Canadians or computers located in Canada may result in considerable fines (up to $10 million per violation for corporations).

Negative Option Billing

“It shall be unlawful for any person to charge or attempt to charge any consumer for any goods or services sold in a transaction effected on the Internet through a negative option feature” — Restore Online Shoppers’ Confidence Act (ROSCA)

In 2016, consumer rights watchdog nonprofit organization Truth in Advertising (TINA.org) alerted the Federal Trade Commission about the selling practices of a lingerie subscription company. These types of complaints from consumer rights organizations highlight the risk for companies who use confusing language about recurring charges. In this case, TINA.org complained to the trade regulators that this subscription company engaged in practices that violated ROSCA due to an unclear sign-up process that left customers on the hook for monthly charges that they didn’t expect.

This doesn’t mean you can’t offer subscriptions to online services. It just means that you have to be considerate of the customer experience. To paraphrase ROSCA:

1. Conspicuously disclose that customers are signing up for recurring charges before you obtain their billing information.
2. Get customers’ express consent before charging them.
3. Make it easy to cancel the subscription.

Keystone

Providing the best possible experience is critical to acquiring and retaining customers. When you begin expanding beyond your traditional markets, you need to not only localize, but maintain compliance with regional requirements in order to deliver the most successful customer experience.

Timm Neu contributed to this blog post

This blog post does not contain legal advice. The rights, obligations and liabilities of a business vary according to geography, industry, method of delivery, type of product, where your business is, where your customers are and all sorts of other variables that preclude us from using this blog post to tell anyone how they must act from a legal perspective.

Click here to learn more about growing your global subscriber base

The post Three Compliance Risks for Global Subscriptions appeared first on cleverbridge.

In order to fully understand the challenges facing subscription companies who seek recurring payments from customers, it’s important to consider three things: relevant legislation, industry standards and settlement agreements. These three areas interact to create a framework for companies to stay on the good side of the law, the payment brands and regulatory bodies. In order to do it right, companies need to manage how they obtain consent from customers for recurring transactions, when and how they send payment reminders to customers, and how customers can cancel unwanted subscriptions. The penalties for companies who don’t comply can be stiff.

As we show below, using common sense and putting customer relationships first will keep your company one step ahead of the shoe shine and keep your customers satisfied. In every case, putting customer experience first will keep you compliant.

Legislation

ROSCA

To address deceptive and coercive practices in online sales, the United States passed the Restore Online Shoppers’ Confidence Act (ROSCA) in 2010. The law addresses several practices and defines what companies must do to avoid these proscribed activities and stay on the right side of the law.

Though we’ve covered ROSCA before, the law remains relevant, even as the market shifts to subscription business models. The practice known as negative option marketing, wherein customers are automatically signed up for a recurring payment agreement, is strictly regulated. Companies like Adore Me were in direct violation of ROSCA’s provisions when they did not clearly and conspicuously disclose the terms of their agreement to customers (not buried in fine print). They ran afoul again by not providing a simple mechanism for customers to stop recurring charges.

State Laws

In addition to the federal ROSCA legislation, several states have laws that directly govern online commerce and recurring transactions. These laws vary in strenuousness; some are less strict than the federal standard, but many go further. Like ROSCA, most define a recurring billing agreement relationship, require a clear communication of any terms and a convenient method for cancellation. Some states establish specific penalties as well.

In California, for example, their Business and Professional Code defines recurring transactions and how merchants may obtain authorization for the charges. They also include a specific provision that deems any product sold through an unauthorized transaction to be considered an unconditional gift from the merchant to the consumer. So not only will a non-compliant company in California need to refund the customer, but the customer will be able to continue using the product for free for life.

European Law

The EU has created various legal acts to protect consumers. One of these is the EU Consumer Rights Directive 2011/83/EU that was implemented into the national laws of all EU member states. The rules laid down in the directive have to be generally applied whether customers purchase online or in a physical store. Certain provisions address online practices directly, though. The directive’s chapter III regulates information requirements and the consumer’s right to withdrawal in ecommerce. Chapter IV of the directive addresses limits for “fees for the use of certain means of payment (e.g. credit or debit cards) and regarding the charges for calling telephone hotlines operated by traders as well as a prohibition to use pre-ticked boxes on websites for charging extra payments.”

EU member states are obliged to introduce penalties for violating these provisions and may introduce the right to take action in case of violation of these provisions not only for “public bodies or their representatives,” but also for “consumer organisations having a legitimate interest in protecting consumers,” and “professional organisations having a legitimate interest in acting”.

Payment Industry Standards

The major payment brands also have standards governing recurring transactions that companies need to follow. For instance, VISA Europe has a set of guidelines that govern recurring transactions that require a payment reminder be sent to the customer before any recurring transaction (RT) is processed. Their policy states:

Merchants must use the agreed method of communication and provide notification to the customer at least seven working days prior to a RT if any of the following apply:

• More than six months have elapsed since the previous RT
• A trial period, introductory offer or any promotional activity has expired
• The RT agreement has been changed, including:

– any change to the amount of the RT;
– any change to the date of the RT.

It is recommended that merchants also notify customers when processing the first payment. At the same time as providing this notification, the merchant must also advise the customer how to cancel the payment.

VISA’s guidelines aren’t mere suggestions. Merchants who do not follow these guidelines but charge anyway are considered to be processing unauthorized transactions. VISA promises to take action against any merchant processing unauthorized transactions.

The last pieces of the puzzle are regulatory rulings and legal settlements resulting from regulatory complaints and consumer lawsuits.

Settlement Agreements

Without the stringent regulations of the EU, US companies may feel that they have fewer strings attached to their activities, but this can be dangerous. The US has robust resolution procedures. So, while the government may not be directly implementing standards on companies, their customers have every right to redress any grievances they have with the company in court. This can be costly and damaging to your company’s brand.

While consumers may lodge complaints with the FTC or sue a company they feel has violated their rights, not every case ends with a jury verdict. In fact, though ROSCA was passed in 2010, the first case tried under it didn’t begin until October 2014. The majority of cases are settled not with a verdict but with a binding decree. The resulting consent decrees, though only binding on the company involved in the lawsuit, shed light on how regulatory bodies view the spirit of the law.

In one case, an online dating service was ordered to provide a clear method to cancel subscriptions. Going further than the ROSCA legislation, the decree requires the defendant to provide a way to cancel via the channel through which the customer originally subscribed. So, if a customer signed up over the phone, they need to be able to cancel over the phone.

Subscription Compliance Made Easy — Think of Your Customers

But remaining compliant is easy if you put your customers first. The laws in the EU and those in the various states, as well as ROSCA all highlight what should be obvious: give customers accurate information, help them have a satisfying experience and if they’re not having one – make it clear how to exit the relationship. You don’t need a supreme court ruling to figure this one out. All you need is to put yourself in your customers’ shoes.

Keystone

Would you want to know exactly what kind of agreement you’re entering into? Or would you like to find surprise charges in the future? Would you like to know exactly what you’ll receive for your payment and then actually receive it? Would you like a clear and simple method for cancelling the agreement when it no longer suits you? Or would you like to keep making payments against your will for a product or service you don’t need or want? These answers are common sense. Applying the golden rule of treating the customer how you would like to be treated is the easiest way to stay compliant.

The post Subscription Compliance Made Easy — Think of Your Customers appeared first on cleverbridge.

This month on the blog, we covered the difference between user experience and customer experience in a guest post from Shane Barker. We took another look at the AgTech industry and how two companies approach user experience. And we explored three key tips for affiliate marketers to successfully leverage social media. But that’s not everything of note that happened. Below, we feature key stories from the past month about subscriptions, the cloud and global compliance.

Subscriptions in the News

Trapping You in a Club You Didn’t Know You Joined | Bloomberg

In the growing world of subscriptions, unscrupulous companies with abusive (or illegal) policies are getting attention. In Bloomberg’s recent feature, they highlight Adore Me, an online subscription company that ships lingerie to their subscribers. Sounds like many other subscription box companies we hear so much about. But these subscriptions must adhere to the provisions in ROSCA against negative option billing, or defaulting customers into a recurring billing agreement without upholding specific transparency standards. The law states that any subscription or recurring billing agreement must “provide simple mechanisms for a consumer to stop recurring charges from being placed on the consumer’s credit card, debit card, bank account, or other financial account.”

Here’s where Adore Me ran in to trouble. By signing customers up automatically for their VIP package, and then making cancellation of the package practically impossible, Adore Me inspired a torrent of customers to contact the FTC to complain. “Canceling what one customer described in an FTC complaint as the ‘seemingly inescapable VIP package’ can be an aggravating process. ‘I never opted in for monthly billing,’ another Adore Me customer wrote to the FTC, ‘and yet now it is MY responsibility to chase them down to tell them I wish no longer to be enrolled?'”

Oregon State University to Test Subscription-Based On-Demand Tickets for Sporting Events | SportTechie

Subscription models are making their way into college sports. Oregon State University is rolling out a subscription program for sporting events. SportTechie notes, “Oregon State deputy athletic director Zack Lassiter said, ‘We’re not trying to maximize revenue… We’re trying to create a price that resonates with our young alums.’ This on-demand ticket options allows SQUAD users to sit with each other at games, and also provides the option to upgrade to better seats, even at the last minute.”

Head in the Cloud

10 Industries That Have Embraced the Cloud | Inc.com

The cloud is becoming essential to business in more sectors every day. Inc.com compiled this list of 10 industries that have embraced cloud computing. Based on data from Okta, author and Okta COO Frederik Kerrist summarizes his company’s findings by looking at cloud adoption in Software, Marketing, Biotech/Pharma, Real-Estate, Not-for-Profit and five other industries with their heads in the cloud.

Strengthening Authentication Through Big Data | TechCrunch

The cloud is also beefing up authentication technology. We all know passwords are easy to crack, and other authentication technologies are often cumbersome for users, spoiling their experience. But fear not: “As a result of dramatic decreases in data storage costs and the explosion of cloud services, data collection technologies and advancements in web platforms and mobile technology,” connecting large data sets from disparate sources is simultaneously making authentication processes more secure and easier on users.

Global Compliance

Facebook Moments Launches in EU and Canada Without Facial Recognition | TechCrunch

Because of the data protection laws in the EU and Canada, Facebook has disabled facial recognition technology in their photo-sharing app Moments for those jurisdictions. “Facebook says it instead uses a form of object recognition, which is based on features like the distance between a person’s eyes and their ears,” and not on any personal information that users have provided to Facebook.

The article notes that this method is not as accurate as true facial recognition, and may also diminish the quality of the user experience depending on the user’s location. “This makes the app a bit more labor-intensive, as it now can’t automatically identify who is in your photos – it can only suggest that a group of photos that may contain the same person.”

United States: First Circuit Decision Increases Risks to Businesses Under VPPA | Mondaq

The First Circuit US Federal Court recently took up a case involving the 1988 Video Privacy Protection Act (VPPA), which prohibits companies that sell or rent video to consumers, renters or subscribers from disclosing any personally identifiable information to third parties. Mondaq deeply analyses the legal implications in their coverage of the ruling. TechCrunch also has an excellent discussion on their site through the lens of the tech industry.

The plaintiff in this case claims USA Today illegally provided his viewing and location data to Adobe for use in their analytics tool. Two important things to catch with this ruling: First, specifically if your company provides video services, be very careful about the way you use user data and share it with third parties. Equally important, the court found that the plaintiff in the case, who had downloaded a free app from USA Today, did count as a subscriber under the definitions in the law. While lower courts had reasoned that a subscriber had to pay subscription fees, this court’s embrace of a broader idea of the subscription governing a customer relationship updates the court’s understanding of the law to match current industry practice.

Want more? Visit our resources page today.

The post May 2016 Digest — Subscriptions, Cloud & Global Compliance appeared first on cleverbridge.

“Consumer confidence is essential to the growth of online commerce.” – Restore Online Shoppers’ Confidence Act (ROSCA)

The Restore Online Shoppers’ Confidence Act (ROSCA) of 2010 was passed by the U.S. legislature to protect consumers from aggressive sales practices by online merchants. The law focuses on merchants who pass their customers’ billing information to third-party sellers, who then charge the (typically unwitting) consumer for other services or products. This practice is known as a “data pass” and ROSCA prohibits third-party sellers from charging consumers whose billing information was obtained in this manner. The law also prohibits online merchants from enrolling consumers in negative option billing unless certain criteria are met during the checkout process.

Data pass

“Consumers who shop online using their Visa cards should be confident that they will only be charged for the products and services they legitimately intend to purchase — not those that are foisted on them through deceptive data pass schemes.” – Martin Elliot, a senior business leader for Visa. 

Suppose I am searching the Internet to purchase downloads of my favorite songs by my favorite recording artist. I find some songs that I want to buy, add them to my shopping cart and submit payment. After this transaction is approved I see an offer on the confirmation page (or on a pop-up window or an interstitial page) that offers me money back on my purchase.

The call-to-action is very enticing so I click it. Good deal, right?

Unfortunately, buried somewhere on the page beneath the CTA is an important piece of information of which I am unaware. The offer for the cash back is actually from a post-transaction third-party seller and not from the initial merchant. After I buy the songs and submit my payment information, the initial merchant passes my payment information to the third-party seller. (This action is the “data pass.”) The third-party seller than charges me for some service I have unknowingly signed up for by accepting the cash back offer.

This practice was used by many companies to lure customers into ambiguous billing agreements. Customers had strong negative reactions once they realized what happened and began asking for refunds and initiating chargebacks.

Not only that, but according to an investigation by the United States Senate Committee on Commerce, Science and Transportation, these data passes and subsequent charges eroded  consumer confidence in the Internet as a secure and reliable place to shop.

The truth is that the Senate’s conclusions are correct. Data passes between initial merchants and post transaction third-party sellers should never lead to the third-party charging the customer. If I was unwittingly lured into this kind of charge, I would certainly try to get my money back. But what about an ecommerce replatforming project? Can merchants supply new solutions provider data they acquired in previous signups and transactions?

In 2011, Forrester Research reported that half of all ecommerce merchants plan on changing ecommerce platforms within two years. When a company switches ecommerce platforms, they switch from an internal solution to an external solution or from one external solution to another. In either case, merchants must somehow move all their customers’ billing  information from one solution to the other, which leads to a potential data pass violation.

For example, what if a software company initially sells a subscription product through one ecommerce solution and at some later point in time, switches their ecommerce solution?

According to ROSCA, before the new ecommerce solution can start charging the customer, the customer must resubmit their billing information to the new merchant. The merchant must also restate exactly what product is being offered as well its cost.

If the customer was charged without resubmitting their billing information, or they were not informed of what product they were being charged for and how much it cost, the merchant and the third-party solution would likely be violating the data pass section of ROSCA.

The best practice in the case of a replatforming project is to be transparent. Send an email to the customer notifying them they have to resubmit their payment information for the new billing period while providing an easy-to-use form for doing so.

Negative option billing

The other main focus of ROSCA is the practice of enrolling consumers in negative option billing. The same companies that aggressively used the data pass to sell unwanted services to consumers, would also enroll their consumers in a “free-to-pay” situation. This meant that consumers would get a free month for the service but every subsequent month, their credit cards were charged until they they proactively contacted the merchant and said, “I no longer wish to be charged.”

Again, consumers were unpleasantly surprised and confused when they looked at their credit card bill over the next months and did not recognize the charges.

It’s important to note that this practice is not illegal in and of itself. Major companies like Linkedin, Netflix and others use negative option billing because consumers do not want to have to initiate a charge to their credit card every billing period.

Software merchants who use subscriptions as a way to ensure predictable recurring revenue must abide by the three criteria ROSCA set for negative option billing:

1. Merchants must provide information that clearly explains the terms of the transaction before obtaining the consumer’s billing information.

2. They must obtain a consumer’s express informed consent before charging the consumer’s credit card.

3. They must provide a simple mechanism to end the subscription.

License terms

Although license terms are not specifically addressed in ROSCA, it is a related issues. When subscribing customers to negative option billing, ecommerce merchants should specify the terms of their license, especially if it is an automatic renewal. If customers think they’ve bought a perpetual license, but it turns out they have to proactively submit payment every year, vendors are going to see a high churn rate.

Keystone

While ROSCA affects the way merchants sell products online, it primarily prohibits tactics most merchants wouldn’t think of using in the first place. Complying with ROSCA shouldn’t affect one’s ability to adhere to ecommerce best practices. In fact, adhering to ROSCA for its own sake is beneficial to your reputation and lowers the risk of chargebacks.

Learn the five rules for selling software online in the United States

The post Restoring Your Customers’ Confidence appeared first on cleverbridge.