The Essential Guide to FTC Compliance, Investigations, and Enforcement

The Essential Guide to FTC Compliance, Investigations, and Enforcement

By Kronenberger Rosenfeld, LLP

High Risk Billing Practices

A surefire way to attract FTC attention is through high risk billing practices, such as subscription billing and upsells that are not clearly and conspicuously disclosed to consumers before they provide a merchant with their credit card information. When a consumer makes a purchase in a brick and mortar store, the price is communicated to the consumer before they pay for it – and often several times before they hand over cash or credit. For example, the price may be printed or tagged on the item itself, there may be a price displayed on the shelf or other signage adjacent to the product, the consumer notes the price as the item is rung up at the register, the total cost of the shopping trip is communicated verbally by the cashier and visually onscreen to the consumer, and the consumer is given a final opportunity to select “OK” at the pay terminal to approve the amount of the transaction. The aim of ROSCA (discussed below) and FTC Guidelines regarding billing practices is to replicate this real life experience to the extent possible in online transactions. However, billing methods like free trials that convert to subscriptions plans, or subscription plans that begin immediately, present a greater potential for the consumer to be surprised by the amount they end up being charged. Accordingly, these billing practices are high risk.

Negative Options / Free Trials / Subscription Billing

The FTC defines negative option billing as a plan where the seller discloses an offer to provide merchandise or services to a consumer, and thereafter the consumer is billed for the merchandise or services, unless by a certain date or within a time specified by the seller the consumer cancels the order or otherwise instructs the seller not to send the merchandise. The FTC’s Negative Option Rule (16 CFR Part 425), the FTC Act, and the federal Restore Online Shoppers’ Confidence Act, 15 U.S.C. §8401 (ROSCA), all apply to negative option billing plans and can be enforced by the FTC. Sellers often describe negative option offers as “free trials,” where the consumer receives a product but is only charged if the product is not returned after a certain period of time.

Different rules regarding negative option offers apply in different factual circumstances, but the key requirement is that consumers must affirmatively consent to the terms of the negative option billing plan, which must be conspicuously disclosed to consumers in close proximity to the point where action is taken by the consumer to enter the agreement. Importantly, the key terms, including price and the period of time in which the consumer can cancel the agreement must not only be conspicuously disclosed, but must be disclosed prior to the point where a consumer provides credit card details to the seller.

Some negative option offers also contain subscription billing, where a consumer will continue to be charged (often monthly) for periodic delivery of new products, unless he or she cancels the subscription billing agreement. Just like negative option offers, subscription billing offers must contain details about the amount that will be billed, the frequency of billing, and the manner in which consumers may cancel the subscription.

There are also state laws that regulate subscription billing, like the California Automatic Renewal Law (California Bus. & Prof. Code §17600), which may have additional requirements like post-transaction email summaries of the key terms and the ability to cancel online if the transaction occurred online.

IBO Structures and “Credit Card Laundering”

Merchants that want to process credit card transactions must apply to an "acquiring bank" and enter a credit card processing contractual relationship. Acquiring banks have relationships with the card associations (i.e., Visa, MasterCard, etc.), and thus acquiring banks are subject to the various fraud monitoring programs of the card associations. The card associations and acquiring banks have various standards that apply to merchants processing credit cards, and if a merchant falls below a particular standard, the merchant may be terminated. For example, if a significant number of a merchant's customers initiate "chargeback" requests, then the bank may terminate the merchant. Or, if the merchant has a history of defrauding consumers and having credit card processing relationships terminated, then an acquiring bank may deny a merchant's application for a new credit card processing account.

Some unscrupulous merchants attempt to circumvent the rules of the card associations and acquiring banks. For example, the VISA and MasterCard chargeback monitoring programs apply only to merchants with at least 100 chargeback transactions per month, and as a result some fraudulent merchants can manipulate the system and avoid chargeback monitoring by spreading their transactions across multiple merchant accounts and ensuring that no single account has more than 100 chargebacks per month. One technique some merchants have used is opening many shell companies as fronts. The merchant then cuts deals with individuals with good credit scores to be the faces of the shell companies, which apply for merchant accounts. When credit cards are processed, all of the proceeds flow through the shell company and to the true merchant, who may replicate this structure many times with many shell companies. This business practice, referred to as "credit card laundering" by the FTC, is a violation of the FTC Act.

The practice of credit card laundering has become fairly common in the affiliate marketing industry, despite the FTC's position about how it is unlawful. In fact, many internet marketers refer to the people who are the faces of credit card laundering shell companies as "IBOs,” which is short for independent business operation. Despite the self-serving moniker, IBOs are unlawful if the "true merchant" is someone other than the so-called IBO. In other words, if the IBO is not getting the revenues and profits of the business, and if the IBO is not performing any significant work for the business, then the IBO structure is a sham and violates the FTC Act.

It is a high risk business practice for a merchant to conceal its identity to banks in a credit card processing scheme. However, some complex business relationships that are not created for the purpose of circumventing the rules and regulations of banks and card associations may pass muster with the FTC. The analysis needed for determining whether a business is engaging in credit card laundering is a fact-intensive inquiry best conducted with an experienced attorney knowledgeable about FTC guidelines and the credit card processing industry.


“Upsells” are a high-risk advertising method wherein the consumer is encouraged to buy an extra product or service either just prior to completing the primary transaction, or just after. The intent of upsells is to capitalize on the consumer’s already-made decision to make a purchase by encouraging an extra impulse buy, not unlike the magazines, sodas, and candy displayed next to the cash register at the grocery store. Of course, grocery shoppers are well-aware at the time they add that pack of gum to the conveyor belt that it will result in an extra charge. The problem with upsells is that it is not always obvious or clear to the internet user that they are agreeing to purchase an additional item. Because of this tendency to mislead consumers, upsells are a good way to garner bad attention from the FTC.

There are three primary types of upsells the FTC investigates. The first type is third-party upsells, where the upsell product is sold by a different merchant than the one conducting the primary transaction. Third-party upsells are extremely high-risk due to the difficulty of adequately disclosing to the consumer that the upsell is offered by a third-party and the consumer’s financial and billing information will be transferred to the third-party.

Third-party upsells are governed by ROSCA, the Restored Online Shoppers Confidence Act. ROSCA comes up in compliance conversations frequently because it governs the “clear and conspicuous” disclosure requirements for negative options. However, ROSCA also has a section that requires additional disclosures for third-party upsells. What ROSCA aims to prevent is the transmission of the consumer’s credit card information to the upsell merchant without the consumer’s informed consent. Because such transfers implicate privacy and banking regulations in addition to ROSCA, they are highly-disfavored.

The second type of upsells are opt-out upsells, where the consumer is automatically enrolled in an upsell unless they take affirmative action to opt-out. Examples include pre-checked boxes opting in to the upsell, or situations where the consumer takes no action to opt-in, but is required to take some action (such as sending an email, making a phone call, or completing a form) to opt-out. The FTC usually takes the position that opt-out upsells are misleading and/or deceptive because they fail to give the consumer the opportunity to refuse to purchase certain products and services. As such, they are very high-risk.

The third type of upsells is opt-in upsells, where the consumer is not enrolled in an upsell unless they take affirmative action to opt-in. Examples include pre-checkout menus provided to the consumer where the consumer has to affirmatively check the box next to each upsell in order to add it to their cart. If the consumer does not check any boxes, the upsell is considered declined.

Historically, opt-in upsells have been considered more compliant than their more aggressive counterparts, but in recent years, the FTC has brought several enforcement actions against companies engaged in post-checkout upsells that appear to be a continuation of the first transaction. Generally, the consumer is taken through checkout to complete the transaction for the original product. However, after completing checkout, the next page in the sales funnel is not a thank-you or confirmation page, but an upsell page containing a call-to-action such as “Wait! Just one more thing to complete your order!” Thus, the consumer reasonably believes that they need to click an additional button to agree to the primary transaction, when, in fact, they are opting-in to the upsell. The FTC’s position is that such opt-in upsells are false and misleading and therefore a violation of the FTC Act.

Want to Reference This Later?
Download the Entire Guide Here:

Next chapter: High Risk Categories or “Verticals”

Keep Reading

You are reading the High Risk Billing Practices chapter from The Essential Guide to FTC Compliance, Investigations, and Enforcement by Kronenberger Rosenfeld
Get the help you need.

We offer legal advice on a wide range of online topics

Get legal help now

Not seeing what you’re looking for?

Submit your case in 3 minutes and get legal help fast.

Submit your case online


Give us a call