Earlier this week, the Federal Trade Commission (“FTC”) announced that three companies agreed to pay more than $22 million in consumer refunds for allegedly violating the Restore Online Shoppers’ Confidence Act (“ROSCA”). The ROSCA settlement is one of the largest in FTC history.

ROSCA  Generally

ROSCA was enacted in January 2011 to prohibit online retailers from charging consumers’ financial accounts unless they have clearly disclosed all material terms associated with their subject products/services and obtained consumers’ express informed consent to bill for those products/services.  ROSCA mandates that sellers obtain financial account information directly from consumers and not share that information with other third party sellers (for example, the sharing of consumer financial information between sellers in an online co-registration flow). Third party sellers are required to create a process for the consumer to re-enter personal and financial information before any transaction with them can be completed. This information may not be obtained from the initial transaction merchant.  In addition, ROSCA requires that online sellers provide consumers with a simple and effective way to opt-out of future recurring charges.

Any violation of ROSCA will be considered an unfair or deceptive act and practice under the FTC Act.  ROSCA fines can reach $10,000 per violation, not including any potential FTC civil action. States also have the right to enforce and prosecute any violation of the law that takes place within its borders.

FTC ROSCA Case

Similar to the FTC’s recent ROSCA suit brought against health and dietary supplement product “Simple Pure,” the FTC, along with the Illinois and Ohio state attorneys general, brought ROSCA charges against One Technology LP,  One Technology Capital, LLP and One Technology Management, LLC (d/b/a MyCreditHealth and ScoreSense).  Among other things, the complaint alleged that the defendants failed to clearly disclose that consumers using the defendants’ credit score services would incur automatic monthly recurring charges of $29.95 on their credit cards.  These charges would continue to accrue until consumers called the defendants and cancelled the services.  It was further alleged that the defendants did not immediately honor consumer opt-out requests, forcing consumers to make repeated calls to cancel and secure refunds.

According to the FTC, more than 200,000 consumers were affected by the actions of the defendants, the majority of which did not provide the defendants with the proper consent to charge their financial accounts on a recurring basis.  Moreover, the complaint alleged that requiring consumers to call defendants in order to opt-out of future charges did not qualify as a simple way to discontinue the automatic charges.

ROSCA Settlement

Under the terms of the settlement, the defendants agreed to: 1) clearly disclose the recurring charges associated with their services and to obtain consumers’ informed consent before charging any fees; 2) immediately honor consumer opt-out requests and to employ a simple opt-out mechanism in the future; and 3) pay $22 million to reimburse consumers that were improperly charged for defendants’ services.

ROSCA Takeaway

As evidenced by our regular posts on the topic, online marketers must be careful to comply with applicable state and federal marketing regulations.  Prior to launching an online marketing campaign, online sellers must be sure to strictly comply with the provisions of ROSCA by: 1) obtaining clear consumer consent to place charges on consumer credit card or telephone accounts; 2) not sharing any sensitive consumer financial data with third party marketers or sellers without consumer express informed consent; and 3) ensuring proper opt-out mechanisms are employed for recurring charges.