Restoring Your Customers’ Confidence

“Consumer confidence is essential to the growth of online commerce.” – Restore Online Shoppers’ Confidence Act (ROSCA)

The Restore Online Shoppers’ Confidence Act (ROSCA) of 2010 was passed by the U.S. legislature to protect consumers from aggressive sales practices by online merchants. The law focuses on merchants who pass their customers’ billing information to third-party sellers, who then charge the (typically unwitting) consumer for other services or products. This practice is known as a “data pass” and ROSCA prohibits third-party sellers from charging consumers whose billing information was obtained in this manner. The law also prohibits online merchants from enrolling consumers in negative option billing unless certain criteria are met during the checkout process.

Data pass

“Consumers who shop online using their Visa cards should be confident that they will only be charged for the products and services they legitimately intend to purchase — not those that are foisted on them through deceptive data pass schemes.” – Martin Elliot, a senior business leader for Visa. 

Suppose I am searching the Internet to purchase downloads of my favorite songs by my favorite recording artist. I find some songs that I want to buy, add them to my shopping cart and submit payment. After this transaction is approved I see an offer on the confirmation page (or on a pop-up window or an interstitial page) that offers me money back on my purchase.

The call-to-action is very enticing so I click it. Good deal, right?

Unfortunately, buried somewhere on the page beneath the CTA is an important piece of information of which I am unaware. The offer for the cash back is actually from a post-transaction third-party seller and not from the initial merchant. After I buy the songs and submit my payment information, the initial merchant passes my payment information to the third-party seller. (This action is the “data pass.”) The third-party seller than charges me for some service I have unknowingly signed up for by accepting the cash back offer.

Typical offer from 3rd Party Sellers
Typical offer from 3rd party sellers- via Committee on Commerce, Science, & Transportation

This practice was used by many companies to lure customers into ambiguous billing agreements. Customers had strong negative reactions once they realized what happened and began asking for refunds and initiating chargebacks.

Not only that, but according to an investigation by the United States Senate Committee on Commerce, Science and Transportation, these data passes and subsequent charges eroded  consumer confidence in the Internet as a secure and reliable place to shop.

The truth is that the Senate’s conclusions are correct. Data passes between initial merchants and post transaction third-party sellers should never lead to the third-party charging the customer. If I was unwittingly lured into this kind of charge, I would certainly try to get my money back. But what about an ecommerce replatforming project? Can merchants supply new solutions provider data they acquired in previous signups and transactions?

In 2011, Forrester Research reported that half of all ecommerce merchants plan on changing ecommerce platforms within two years. When a company switches ecommerce platforms, they switch from an internal solution to an external solution or from one external solution to another. In either case, merchants must somehow move all their customers’ billing  information from one solution to the other, which leads to a potential data pass violation.

For example, what if a software company initially sells a subscription product through one ecommerce solution and at some later point in time, switches their ecommerce solution?

According to ROSCA, before the new ecommerce solution can start charging the customer, the customer must resubmit their billing information to the new merchant. The merchant must also restate exactly what product is being offered as well its cost.

If the customer was charged without resubmitting their billing information, or they were not informed of what product they were being charged for and how much it cost, the merchant and the third-party solution would likely be violating the data pass section of ROSCA.

The best practice in the case of a replatforming project is to be transparent. Send an email to the customer notifying them they have to resubmit their payment information for the new billing period while providing an easy-to-use form for doing so.

Negative option billing

The other main focus of ROSCA is the practice of enrolling consumers in negative option billing. The same companies that aggressively used the data pass to sell unwanted services to consumers, would also enroll their consumers in a “free-to-pay” situation. This meant that consumers would get a free month for the service but every subsequent month, their credit cards were charged until they they proactively contacted the merchant and said, “I no longer wish to be charged.”

Again, consumers were unpleasantly surprised and confused when they looked at their credit card bill over the next months and did not recognize the charges.

It’s important to note that this practice is not illegal in and of itself. Major companies like Linkedin, Netflix and others use negative option billing because consumers do not want to have to initiate a charge to their credit card every billing period.

Software merchants who use subscriptions as a way to ensure predictable recurring revenue must abide by the three criteria ROSCA set for negative option billing:

1. Merchants must provide information that clearly explains the terms of the transaction before obtaining the consumer’s billing information.

2. They must obtain a consumer’s express informed consent before charging the consumer’s credit card.

3. They must provide a simple mechanism to end the subscription.

License terms

Although license terms are not specifically addressed in ROSCA, it is a related issues. When subscribing customers to negative option billing, ecommerce merchants should specify the terms of their license, especially if it is an automatic renewal. If customers think they’ve bought a perpetual license, but it turns out they have to proactively submit payment every year, vendors are going to see a high churn rate.


While ROSCA affects the way merchants sell products online, it primarily prohibits tactics most merchants wouldn’t think of using in the first place. Complying with ROSCA shouldn’t affect one’s ability to adhere to ecommerce best practices. In fact, adhering to ROSCA for its own sake is beneficial to your reputation and lowers the risk of chargebacks.

Learn the five rules for selling software online in the United States