Does Your SaaS Agreement Violate the New Restore Online Shopper’s Confidence Act?

On December 29, 2010, President Obama signed the Restore Online Shopper’s Confidence Act (ROSCA) that regulates credit and debit card data pass transactions, online post-transaction third party sales, and negative option billing plans. If your site markets to consumers under a SaaS agreement (software as a service), you should review your agreement and marketing practices immediately or risk legal action for unfair business practices by the Federal Trade Commission (FTC) or state Attorneys General.

There’s been some hysteria among certain Internet marketers claiming that ROSCA prohibits upsells, cross sells, and recurring billing plans common with membership sites and sites that sell subscription services. That’s just not true.

ROSCA merely restricts how these common marketing practices are done in order to crack down on consumer fraud. The catch is that there are regulations that need to be followed, and the sites that have always used best practices could be held liable if they don’t comply.

Data Pass Transactions

This is where ROSCA affects online upsells and cross sells to consumers.

For example if Merchant 1 makes an online sale to a consumer and then passes billing information (the “data pass”) to Merchant 2 for an upsell, the two merchants are involved in a “data pass” transaction regulated by ROSCA.

ROSCA flatly prohibits Merchant 1 from passing any billing information to Merchant 2.

ROSCA does permit the passing of the consumer prospect (but not his/her billing information) to Merchant 2 for purposes of an upsell or cross sell, provided that Merchant 2 obtains the billing information from the consumer. However, before obtaining the billing information, Merchant 2 is required to provide the following disclosures to the consumer:

  • a description of the goods or services being offered,
  • that Merchant 2 is not affiliated with Merchant 1, and
  • the costs of the goods or services.

Before charging the consumer’s account, Merchant 2 is also required to obtain the express informed consent of the consumers whose data may be obtained by requiring the consumers to indicate agreement by clicking on an I ACCEPT button or by checking a box.

Negative Option Billing Plans

The legaleze definition of a “negative option” billing plan is a plan in which a consumer agrees, for a price or for free, to receive a product or service for an initial period of time, after which the consumer will be charged without giving additional consent for another period of time.

The every day language definition is that you have a recurring billing plan where the consumer’s credit card is charged monthly, for example, until the consumer cancels the plan. Recurring billing plans were often abused either by tricking a consumer to enter into one, or by making it very difficult to cancel the plan.

ROSCA does not prohibit negative option billing plans. However, ROSCA regulates negative option billing plans by requiring the online marketer to:

  • clearly and conspicuously disclose all material terms of the plan prior to obtaining billing information,
  • obtain express informed consent before charging the consumer’s account, and
  • provide a simple mechanism for canceling the plan.

Recommended Actions for SaaS Sites

The following lists are not exhaustive and are provided for informational purposes only and not as legal advice, but they’re a good start.

Recommendations regarding data pass transactions:

  • If you are in the position of Merchant 1 in a data pass transaction, stop passing billing information now; it’s flatly prohibited by ROSCA.
  • If you are in the position of Merchant 2, don’t receive billing information from Merchant 1. Plus, before obtaining the billing information in the registration process, provide a Consent Form that makes the required disclosures discussed above and requires consent by clicking on an I ACCEPT button or by checking a box. Finally, before charging the account, present your click-through SaaS agreement that requires the consumers to indicate agreement by clicking on an I ACCEPT button or by checking a box.

Recommendations regarding Negative Option billing plans:

  • Provide the required disclosures in your online, click-through SaaS agreement, and before charging the account, present your click-through SaaS agreement that requires the consumers to indicate agreement by clicking on an I ACCEPT button or by checking a box.
  • Send the consumer an email notice prior to charging his/her account that also provides a simple mechanism for canceling the plan and all future charges.


There have been abuses by unscrupulous online marketers regarding both data pass transactions and negative option billing plans. ROSCA provides welcome restrictions that protect consumers from these deceptive practices.

However, legal regulations that restrict deceptive marketing practices also affect the good guys who have never intended to deceive consumers. Now all SaaS sites, even those that have never intended to employ deceptive practices, must comply with ROSCA to avoid liability.

Copyright © 2011 Chip Cooper

This article is provided for educational and informative purposes only. This information does not constitute legal advice, and should not be construed as such.

WANT TO USE THIS ARTICLE IN YOUR BLOG OR WEBSITE? You may, as long as you reprint the article in its entirety with live links and include this blurb with it:

From SaaS Attorney, Internet Attorney Chip Cooper: “SaaS Startups – You know how frustrating it is to find a top-rated SaaS attorney who can help you set up your business… on a budget? I solve this. I do this with my SaaS Marketer Pro online platform that empowers you to generate your SaaS Agreement and winning strategies by leveraging my experience as a top-rated SaaS Attorney, Internet Attorney. Top-quality results, fast, hassle-free, and on a budget.” ==>