Page 19 - gs251001
P. 19
Insights and Expertise
luding with a merchant that is in violation of the law.
How would an ISO be found in collusion with a merchant?
A pretty bad case would be one where an ISO or proces-
sor counsels a merchant on how to build a program that
Legal ease: is very hard to opt out of or hosts the program through
technology that they supply to the merchant.
These days, ISOs and processors often supply integrated
shopping carts and other checkout tools for merchants.
ISOs and processors that supply these tools should con-
sider how they may skew the consumer flow to be more or
Untangling ROSCA: less ROSCA-compliant.
3. The ISO processor says, 'It wasn't me!'
What you need to know A processor and ISO could be found to be colluding with
ROSCA-breaching merchants even if the consumer never
By Adam Atlas knows they are part of the flow. Neither the processor nor
Attorney at Law
e've all been there: neck-deep in the account Spotting trouble before it starts
settings of a paid service, hunting for a
way to cancel it—without any luck. Have Processors and ISOs play a critical, if often invisible,
W consumers in this situation been misled? Is role in recurring billing. While merchants bear
cancelling so complicated as to be essentially impossible? primary responsibility under the Restore Online
Perhaps. Shoppers’ Confidence Act (ROSCA), liability can
extend upstream when payment providers enable or
Somewhere in the matrix of relationships behind such a ignore questionable practices.
service is a payment processor and perhaps an ISO du-
tifully processing the monthly payments. Are they liable The following tips do not constitute legal advice, but
for the heavy hand of their merchant? Each case like this they can help you spot early-warning signs to help
would turn on the individual facts, so this column sets out you steer clear of costly involvement in a “too hard to
some of the key legal questions in play and suggests some cancel” scheme.
ideas for how ISOs and payment processors can spot them.
First, scrutinize merchant sign-up and cancellation
1. What is ROSCA flows. If consumers must dig through multiple pages
or contact support to cancel, that’s a red flag. Likewise,
The Restore Online Shoppers' Confidence Act (ROSCA), vague language around renewal
15 U.S.C. §§ 8401–8405 (2010) (ROSCA) was adopted 15 terms or missing opt-in confirmations may indicate
years ago in the early days of online shopping. ROSCA is ROSCA noncompliance.
federal law that establishes basic common-sense ground
rules of consumer protection for online shoppers includ- Second, examine any technology or plug-ins
ing requiring clear and conspicuous disclosure of material your organization provides. Integrated carts or
terms before picking up consumer payment information. subscription tools that obscure disclosures or default
to auto-renewal can draw regulators’
Material terms include any "negative option" in the terms, attention.
amount and frequency of charges, and disclosure about
the fact the charges will continue unless the consumer Finally, consider requiring merchants to provide
opts out. The consumer has to opt-in to charges, especially written legal opinions confirming compliance.
recurring charges. Acceptance by silence is not permitted. This shifts responsibility where it belongs and
ROSCA also mandates a simple cancellation mechanism. demonstrates good-faith diligence if issues arise later.
Another requirement is that Merchant A cannot transfer
cardholder data to Merchant B. In short, maintaining clear documentation, vetting
2. Are ISOs and processors subject to ROSCA? merchant flows and erring on the side of transparency
are the best defenses against being caught in another
Processors are not expressly responsible for ROSCA com- party’s deception. Processors need to recognize when
pliance. Instead, merchants are responsible for compliance a merchant’s design crosses the line from clever to
in their terms with consumer customers. However, a pro- deceptive.
cessor or ISO could be found liable under ROSCA for col-
19
