Law Offices of David J. Bartone
Your Subtitle text

Advisory Newsletter


Compliance with Recent FTC and Visa-MasterCard Policies: 
New Challenges for E-Commerce Merchants

In January, 2010, a new set of policies were implemented by Visa-MasterCard and the card associations as a result of their cooperation with the U.S. Federal Trade Commission (“FTC”). These new policies seek to reduce the amount of alleged fraud being perpetrated on consumers by e-commerce merchants.   


E-Commerce merchants are well advised to comply with the new policies being implemented lest they face substantial fines from the card associations. E-commerce merchants must be aware of what components of their businesses are being closely scrutinized. The following is a primer on what e-commerce need to know.


So called  “Continuity Programs” are being closely scrutinized. They include any plan, arrangement, or system under which a consumer is periodically charged for products or services, including, but not limited to, access to a “members only” website, without prior notification by the seller before each charge, regardless of any trial or approval period allowing the consumer to cancel the program.


“Negative Option” features are being even more closely analyzed. They are found in an offer or agreement to sell or provide any goods or services and include provisions under which the consumer’s silence or failure to take an affirmative action to reject goods or services or to cancel the agreement is interpreted by the seller as an acceptance of the offer.


E-Commerce merchants must not fail to disclose, clearly and conspicuously, before consumers provide any billing information or incur a charge (i) all products and services that are part of the sales offer, including, but not limited to, any Continuity Program and goods and services provided by third parties; (ii) all charges for all products and services that are part of the sales offer, including, but not limited to, any Continuity Program and goods and services provided by third parties; (iii) that consumers are enrolled in a Continuity Program (if that is the case) and the specific steps consumers must follow to cancel enrollment in the Continuity Program to avoid incurring any charge; and (iv) any Negative Option feature of any product or service.


Merchants must not misrepresent, in any manner, expressly or by implication, any material term regarding any of their products or services, including, but not limited to: (i) the amount of money the merchants will charge the consumer; (ii) the products or services included in the sales offer; and, (iii) in conjunction with any Continuity Program, the amount of money the merchant will charge the consumer, the products or services included in the sales offer; and, in conjunction with a Continuity Program, that consumers are signing up for a Continuity Program, the length of the trial period, that consumers who do not take affirmative action to cancel the Continuity Program within the trial period will incur a charge by the Merchant; the charges that the merchant will impose on the consumer who does not cancel within the trial period; the dates the charges will be submitted for payment; the specific steps consumers must take to avoid the charges or to cancel the Continuity Program; that the merchant will honor the consumer’s request to cancel their participation in the merchant’s Continuity Program; and, that consumers will be able to cancel their participation in the merchant’s Continuity Program easily.


“Get rich quick” website content is particularly discouraged. Merchants must not, in any manner, either expressly or by implication, make any false or unsubstantiated representation about income, earnings, or profits that consumers who order the merchant’s products or services are likely to earn. Merchants cannot falsely represent, expressly or by implication, that the merchant is affiliated with any particular business entity, including, but not limited to, Google, Inc.


Merchants must not fail to obtain written authorization for preauthorized electronic funds transfers from a consumer’s account before initiating any “Preauthorized Electronic Fund Transfers” as required by Section 907(a) of the Electronic Fund Transfer Act, 15 U.S.C. § 1693e(a) and Section 205.10(b) of Regulation E, 12 C.F.R. §205.10(b), as more fully set forth in Section 205.10 of the Federal Reserve Board’s Official Staff Commentary to Regulation E, 12 C.F.R. § 205, Supp. 1, including providing a copy of the written authorization to the consumer.


Merchants must ensure that, in connection with any consumer who is enrolled into any Continuity Program who uses a debit card or other means of electronic funds transfer, that it shall not fail to maintain procedures reasonably adapted to avoid an unintentional failure to obtain written authorization for a Preauthorized Electronic Fund Transfer as required in Section 205.10 of the Federal Reserve Board’s Official Staff Commentary to Regulation E, 12 C.F.R. § 205, Supp. 1.


Merchants failing to comply with the new policies must be aware of the legal consequences. The Federal Trade Commission Act (“Act”) allows the Federal Trade Commission (“FTC”) to act in the interest of all consumers to prevent deceptive and unfair acts or practices. In interpreting Section 5 of the Act, the Commission has determined that a representation, omission or practice is deceptive if it is likely to:  (i) mislead consumers and affect consumers' behavior or decisions about the product or service; and (ii) an act or practice is unfair if the injury it causes, or is likely to cause, is substantial, not outweighed by other benefits, and not reasonably avoidable.


The FTC Act prohibits unfair or deceptive advertising in any medium. Merchants must not engage in any advertising in which they fail to tell the truth and attempt to mislead consumers. A claim can be misleading if relevant information is left out or if the claim implies something that is not true. In addition, claims made in advertising must be substantiated, especially when they concern health, safety, or performance. Merchants will be held responsible for claims they make about their products and/or services. Third-parties contracting with merchants to provide advertising and other media services may also be held liable for making or disseminating deceptive representations if they participate in the actual preparation or distribution of the advertising, or know about the deceptive claims.


Disclaimers and disclosures in advertising must be clear and conspicuous; that is, consumers must be able to notice, read or hear, and understand the information. However, disclaimer or disclosure alone usually is not enough to remedy a false or deceptive claim.


In addition to the foregoing, merchants must demonstrate how the products they are selling  will perform under normal use. Merchants must make timely refunds to dissatisfied consumers if they promised to make such refunds.   


Merchants bear and assume the duty and responsibility for the assembling, packaging and scrubbing of leads submitted to ensure compliance thereof with the CAN-SPAM Act of 2003. Merchants must be fully aware of the terms of the CAN-SPAM Act of 2003 and state and federal laws applicable hereto. Merchants must ensure that, to the best of their knowledge, emailing conducted in connection with their marketing programs shall be in full compliance with the above laws. The following is a list of requirements: 

                1.    Merchants must not use false or misleading header information. The "From," "Reply To," and routing information – including the originating domain name and email address – shall be accurate and identify the person or business who initiated the message;

                2.    Merchants must not use deceptive subject lines. The subject line of the email shall accurately reflect the content of the message;

                3.    Merchants must identify the message as an advertisement. While the law gives merchants a lot of leeway in how to do this, merchants must disclose clearly and conspicuously that the message is an advertisement;

                4.    Merchants must notify recipients where the merchant is located. The merchant’s message must include its valid physical postal address. This can be its current street address, post office box registered with the U.S. Postal Service, or a private mailbox registered with a commercial mail receiving agency established under Postal Service regulations;

                5.    Merchants must inform recipients how to opt out of receiving future email from the merchant. The message must include a clear and conspicuous explanation of how the recipient can opt out of getting email in the future. The merchant must craft the notice in a way that is easy for an ordinary person to recognize, read, and understand. Creative use of type size, color, and location can improve clarity. Merchants shall give a return email address or another easy Internet-based way to allow people to communicate their choice to the merchant. The merchant may create a menu to allow a recipient to opt out of certain types of messages, but the merchant must include the option for the Consumer to stop all commercial messages. The merchant must ensure that its spam filter does not block these opt-out requests.

                6.    Merchants must honor opt-out requests promptly. Any opt-out mechanism merchants offer must be able to process opt-out requests for at least 30 days after the email message is sent. Merchants must honor a recipient’s opt-out request within 10 business days. Merchants cannot charge a fee, require the recipient to provide any personally identifying information beyond an email address, or make the recipient take any step other than sending a reply email or visiting a single page on an Internet website as a condition for honoring an opt-out request. Once recipients have provided notice that they do not want to receive more messages, merchants cannot sell or transfer their email addresses, even in the form of a mailing list. The only exception is that merchants may transfer the addresses to an entity with which they have contracted to assist in complying with the CAN-SPAM Act.

                7.    Merchants must agree to monitor what others are doing on their behalf. The law makes it clear that even if merchants hire another company to handle their email marketing, they cannot contract away their legal responsibility to comply with the law. Both the entity whose product is promoted in the message and the entity that actually sends the message may be held legally responsible.

                8.    Merchants must otherwise agree to comply with all state and federal laws in conducting its business.

For more information on the foregoing compliance matters, contact David J. Bartone, Esq.