Does Your SaaS Agreement Violate the New Restore Online Shopper's Confidence Act?

On December 29, 2010, President Obama signed the Restore Online Shopper's Confidence Act (ROSCA) that regulates credit and debit card data pass transactions, online post-transaction third party sales, and negative option billing plans. If your site markets to consumers under a SaaS agreement (software as a service), you should review your agreement and marketing practices immediately or risk legal action for unfair business practices by the Federal Trade Commission (FTC) or state Attorneys General.

There's been some hysteria among certain Internet marketers claiming that ROSCA prohibits upsells, cross sells, and recurring billing plans common with membership sites and sites that sell subscription services. That's just not true.

ROSCA merely restricts how these common marketing practices are done in order to crack down on consumer fraud. The catch is that there are regulations that need to be followed, and the sites that have always used best practices could be held liable if they don't comply.

This is where ROSCA affects online upsells and cross sells to consumers.

For example if Merchant 1 makes an online sale to a consumer and then passes billing information (the "data pass") to Merchant 2 for an upsell, the two merchants are involved in a "data pass" transaction regulated by ROSCA.

ROSCA flatly prohibits Merchant 1 from passing any billing information to Merchant 2.

ROSCA does permit the passing of the consumer prospect (but not his/her billing information) to Merchant 2 for purposes of an upsell or cross sell, provided that Merchant 2 obtains the billing information from the consumer. However, before obtaining the billing information, Merchant 2 is required to provide the following disclosures to the consumer:

• a description of the goods or services being offered,
• that Merchant 2 is not affiliated with Merchant 1, and
• the costs of the goods or services.

Before charging the consumer's account, Merchant 2 is also required to obtain the express informed consent of the consumers whose data may be obtained by requiring the consumers to indicate agreement by clicking on an I ACCEPT button or by checking a box.

The legaleze definition of a "negative option" billing plan is a plan in which a consumer agrees, for a price or for free, to receive a product or service for an initial period of time, after which the consumer will be charged without giving additional consent for another period of time.

The every day language definition is that you have a recurring billing plan where the consumer's credit card is charged monthly, for example, until the consumer cancels the plan. Recurring billing plans were often abused either by tricking a consumer to enter into one, or by making it very difficult to cancel the plan.

ROSCA does not prohibit negative option billing plans. However, ROSCA regulates negative option billing plans by requiring the online marketer to:

• clearly and conspicuously disclose all material terms of the plan prior to obtaining billing information,
• obtain express informed consent before charging the consumer's account, and
• provide a simple mechanism for canceling the plan.

The following lists are not exhaustive and are provided for informational purposes only and not as legal advice, but they're a good start.

Recommendations regarding data pass transactions:

• If you are in the position of Merchant 1 in a data pass transaction, stop passing billing information now; it's flatly prohibited by ROSCA.
• If you are in the position of Merchant 2, don't receive billing information from Merchant 1. Plus, before obtaining the billing information in the registration process, provide a Consent Form that makes the required disclosures discussed above and requires consent by clicking on an I ACCEPT button or by checking a box. Finally, before charging the account, present your click-through SaaS agreement that requires the consumers to indicate agreement by clicking on an I ACCEPT button or by checking a box.

Recommendations regarding Negative Option billing plans:

• Provide the required disclosures in your online, click-through SaaS agreement, and before charging the account, present your click-through SaaS agreement that requires the consumers to indicate agreement by clicking on an I ACCEPT button or by checking a box.
• Send the consumer an email notice prior to charging his/her account that also provides a simple mechanism for canceling the plan and all future charges.

There have been abuses by unscrupulous online marketers regarding both data pass transactions and negative option billing plans. ROSCA provides welcome restrictions that protect consumers from these deceptive practices.

However, legal regulations that restrict deceptive marketing practices also affect the good guys who have never intended to deceive consumers. Now all SaaS sites, even those that have never intended to employ deceptive practices, must comply with ROSCA to avoid liability.

Copyright © 2011 Chip Cooper

This article is provided for educational and informative purposes only. This information does not constitute legal advice, and should not be construed as such.

WANT TO USE THIS ARTICLE IN YOUR EZINE OR WEBSITE? You may, as long as you reprint the article in its entirety with live links and include this blurb with it:

Leading Internet, IP and software lawyer Chip Cooper has automated the process of drafting Website Legal Forms. Use his free online tool - Website Documents Determinator -- to determine which documents your website really needs for FTC website forms and website legal compliance. Discover how quick, easy, and cost-effective it is to draft your website contracts at http://www.digicontracts.com/.