One of the keys to managing a successful trade or professional
association is maintaining steady revenues from membership dues,
the sale of publications and educational materials, and other
products and services. An important corollary to maintaining
revenues is providing members with benefits, including the ability
to conveniently pay for membership and other association services.
With these two goals in mind, some trade and professional
associations have been looking to offer members (or the public at
large) the ability to set up preauthorized recurring payments for
membership dues and other association products and services
online.
While recurring payments have clear benefits for both an
association and its members, they should be structured to comply
with applicable federal and state consumer protection laws. This
article summarizes The Restore Online Shoppers' Confidence Act
(ROSCA) and the various federal and state payment-specific laws and
regulations that govern setting up recurring payment plans for
online sales. Although these laws and regulations are generally
focused on transactions with consumers (and not
business-to-business transactions), regulators often treat small
businesses and sole proprietors like consumers. Moreover, trade and
professional associations should consider setting up compliant
payment systems, given the difficulty in determining when a
transaction involves a business versus a consumer, especially where
an association's membership includes individual members (as in
a professional association) or the association regularly sells
subscriptions to the public.
ROSCA—Negative Option, Automatic Renewal, and Continuity Plans
Trade and professional associations that allow members or the
public to purchase memberships, subscriptions, or other products or
services on a recurring basis should review their websites and
other online payment portals for compliance with ROSCA. For online
transactions with a negative option feature, whether in the form of
trial offers, automatic subscription renewals, or continuity plans,
ROSCA (15 U.S.C. § 8403) requires the seller to
disclose to the consumer the material terms of the offer before the
consumer enters payment information or completes the order. To
comply with ROSCA, a website must: (1) clearly and conspicuously
disclose the material terms of the transaction before obtaining
billing information; (2) obtain the consumer's express informed
consent before charging the consumer; and (3) provide a
"simple mechanism" for the consumer to stop recurring
charges.
In addition to ROSCA, a number of states have laws that govern
online sales with recurring payments. California's continuity
law, for example, is similar to ROSCA but includes the additional
requirement that a website must send the purchaser an
acknowledgment—"in a manner that is capable of being
retained by the consumer"—that includes the sale terms,
the cancellation policy, and how to cancel. A standard email
confirmation and/or physical welcome letter with the required
information should suffice, because both items can be retained by
the consumer. As often happens, given the size of the California
market, California law often becomes a de facto national
standard.
Payment-Specific Laws and Regulations
To the extent that members (or the public) can submit payment by
credit card, debit card, or an electronic fund transfer from a
checking account, each of these payment mechanisms is subject to
specific requirements that govern preauthorized, recurring
payments.
The Electronic Fund Transfer Act (15 U.S.C. § 1693 et seq.) and the
Consumer Financial Protection Bureau's implementing Regulation
E (12 C.F.R. Part 1005) are the primary legal
authorities governing electronic fund transfers (EFTs). In
addition, NACHA (a not-for-profit association, previously known as
the National Automated Clearing House Association) manages the ACH
Network, a system for the electronic movement of money and data.
Together, Regulation E and NACHA set forth the steps that a website
must take to obtain authorization from a consumer to initiate
recurring debits from the consumer's debit card (Regulation E)
or checking account (NACHA and Regulation E) (although not
addressed in this article, Regulation E also applies to telephone
sales, with a few unique challenges when it comes to obtaining
consumer authorization).
Under Regulation E, an EFT authorized in advance to recur at
substantially regular intervals (e.g., every 30 or 45 days) can be
authorized only by a "writing, signed or similarly
authenticated by the consumer." A copy of the signed
authorization must be provided to the consumer. If the amount of a
preauthorized debit or check card payment will vary, the merchant
must notify the consumer at least ten days before the scheduled
transfer that the amount of the preauthorized debit will vary from
the amount of the previous debit or will vary from a preauthorized
range of amounts.
An electronic signature or a recording will satisfy the
"similarly authenticated" requirement if the
authorization would constitute a written and "signed"
authorization under Electronic Signatures in Global National
Commerce Act (E-SIGN). Electronic signatures include, but are not
limited to, digital signatures (e.g., retyping the email address)
and security codes. Ideally, a merchant should require consumers to
"check" or re-type their name or email address into a
specific box to complete the transaction, and include language
informing the consumer that by checking the box or re-typing the
email address, the consumer is providing an electronic signature to
authorize his or her account to be debited/charged in accordance
with the offer terms and conditions. In addition, a merchant should
require the consumer to click an "I agree" button on the
screen to authorize the transaction. Satisfaction of the Regulation
E requirements for online transactions also will satisfy the NACHA
requirements.
Similar to the requirements of Regulation E and ROSCA, the credit
card brands (e.g., Visa and MasterCard) have established their own
regulations governing merchant transactions. The Visa rules, for
example, require merchants to obtain a consumer's authorization
to set up a recurring payment plan and provide an online
cancellation procedure.
Suggested Best Practices
Trade and professional associations interested in allowing
members or the public to purchase goods or services on a recurring
basis online should review their websites and payment portals to
ensure that they comply with ROSCA and the various payment-specific
laws and regulations discussed above. Implementing the following
best practices will go a long way toward ensuring compliance with
the law:
- The website terms and conditions should include a section on preauthorized recurring payments for products and services.
- The website offer page and payment portal should include clear disclosures regarding the recurring nature of the transaction.
- The consumer should indicate his or her affirmative consent for recurring payments by clicking a checkbox and an "I Agree" button to complete the transaction.
- The association should provide the consumer a copy of his or her authorization that can be printed, from either a print screen following the purchase or a welcome email sent to the consumer, at least three days in advance of the first recurring payment.
- The association should send the consumer a payment reminder notice in advance of the next scheduled payment (especially for annual payments or other payment terms longer than month to month).
- The association should be properly equipped to handle and process cancellation requests and manage other customer service issues.
The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.