Tuesday, July 15, 2014
In the July 10, 2014, complaint, the FTC charged that the online mega retailer violated the FTC Act by billing parents and other Amazon accountholders for the usually small-dollar in-app purchases made by their children without the permission of parents or other accountholders. "Amazon’s setup allowed children playing these kids’ games to spend unlimited amounts of money to pay for virtual items within the apps such as 'coins,' 'stars,' and 'acorns' without parental involvement," the FTC said.
The complaint stated that when Amazon introduced in-app payments via the Amazon Appstore in November 2011, no user authentication mechanism, such as passwords, was used by Amazon to ensure the proper accountholders were conducting in-app transactions, including transactions for games and other apps that appeal to children. The FTC said this lack of authentication resulted in parents having to "foot the bill for charges they didn’t authorize."
The FTC noted that children’s games, like "Ice Age Village," blur the line of "what costs virtual currency and what costs real money" for gamers. In the case of "Ice Age Village," gamers can collect "acorns" as part of advancement through the game. However, gamers can also purchase by some electronic payment account additional “coins” and “acorns” via an in-app screen "visually similar to the one that has no real-money charge," the FTC said.
The FTC also furnished internal communications among Amazon employees beginning in December 2011 that suggest Amazon knew the lack of authentication controls was problematic. The FTC quoted from one communication as saying that allowing unlimited in-app charges without password protection would negatively impact a large percentage of Amazon customers.
The complaint reported that Amazon updated its in-app payment system in March 2012 to require accountholders to enter passwords for in-app purchases, but only for charges over $20. The FTC stated that Amazon continued to allow for unlimited in-app purchases under $20, which permitted children to charge their parents' accounts without first getting parental approval.
The FTC disclosed one Amazon employee communication that stated it is '"much easier to get upset about Amazon letting your child purchase a $99 product without any password protection than a $20 product.” (According to the FTC, the largest in-app purchase amount allowed by Amazon is $99.99.)
The FTC cited instances where, via internal emails, Amazon employees characterized the gaps of in-app user authentication as creating a "house on fire” situation. It was only in June 2014, as the FTC was forming its complaint against Amazon, that the e-commerce giant modified its in-app policy so that Amazon had to obtain accountholders’ informed consent for in-app charges on newer Kindle Fire mobile devices.
In January 2014, Apple settled with the FTC over a similar issue. Apple agreed to refund a minimum of $32.5 million to consumers who had been charged for the unauthorized in-app payment activity of their children.
The FTC alleged Apple violated the FTC Act by undermining parental control. The commission said Apple failed to inform parents that by entering a password they were approving not only a single in-app purchase but also 15 minutes of additional unlimited purchases their children could make without further action taken by parents.
According to the FTC, Apple often presented a screen with a prompt for parents to enter passwords for their children without explaining to accountholders that password entry finalized all in-app purchases. The commission said one consumer reported that her child had spent $2,600 in the app “Tap Pet Hotel,” while other consumers reported unauthorized purchases by children totaling over $500 in the apps “Dragon Story” and “Tiny Zoo Friends.”
Editor's Note:
The Green Sheet Inc. is now a proud affiliate of Bankcard Life, a premier community that provides industry-leading training and resources for payment professionals. Click here for more information.
Notice to readers: These are archived articles. Contact names or information may be out of date. We regret any inconvenience.
