Auto-Renewal Worst Practices: How NOT To Violate The Law Or Lose In The Court Of Public Opinion

The recent avalanche of revelations about the unfolding disaster that is the Equifax data breach debacle includes a cautionary tale for subscription businesses that use automatic renewal.

There’s plenty of advice out there on “best practices” for running a business. But when a major scandal exposes remarkable malpractice, it can be an illuminating case study in “worst practices.” Well, as news continues to break about a huge database hack that has exposed literally half of the United States and Canada to identity theft and worse, it offers an excellent object lesson in how not to handle crisis management, how not to handle personal information, and how not to use your subscription service to profit from your victims.

One of the top three credit reporting services, Equifax, has been the target of a huge theft of data. Personal information for 143 million people has been compromised, including names, address histories, tax data, and social security numbers. That includes credit card numbers for about 200,000 people. Experts say that if you have a credit history, you should assume you are affected. The news is all over the Internet, but a good place to start is this New York Times article. Also check out this article in ArsTechnica by Dan Goodin: Why the Equifax breach is very possibly the worst leak of personal info ever.

Okay, so the hack itself is very bad news, but this story just gets more disturbing. From the top, let’s stipulate that Equifax has made mistakes that boggle the mind — and suggest malfeasance. Consider:

  • The company has already had three prior data breaches, in 2013, in 2015, and in 2016. This history of data breaches suggests a lack of attention to basic security. We do not know what the company did after these breaches to improve security, if anything,
  • The company discovered the latest breach but did not announce it for five weeks. During that time, the company allowed three top executives to sell $2 million in stock. Later, the company said the execs, including the CFO, “had no knowledge” of the incident beforehand, according to Business Insider.
  • Also after the breach was discovered but before it was made public, Equifax CEO Rick Smith was named to the Atlanta Business Chronicle’s list of Atlanta’s Most Admired CEOs of 2017. In an Aug. 1 interview, Smith was asked, “What are the keys to CEOs building a high level of trust in their organizations?” He answered, “Transparency, candor, consistency, and humility.”
  • After the hack was announced, Smith said he was “disappointed” in a tone-deaf apology; Equifax went on to flub its social media response, too. See Davia Temin at Forbes.
  • If users actually try to use the site, they are required to enter the last six digits of their social security number, and they are offered a free year of security monitoring through Equifax’s TrustedID Premier service. But in the fine print of the service terms, users agreed to waive their rights to sue, according to MarketWatch. The outrage over this was widespread on Capitol Hill, and the company responded by altering its terms.
  • Many users of the site complained, according to Fox Business News. “Consumers said they were still receiving erroneous and confusing responses. Some said they made up fake last names and social security numbers and received responses from the site that suggest it didn’t recognize they were fictitious identities.”
  • Equifax set up a phone hotline, but it connects callers to a third-party subcontractor with support staffers who do not actually have any answers and who just direct users to the website, as reported by USA Today. Equifax says it has since increased its call center staff to 2,000.

Okay, sure, Equifax has made many mistakes and has even engaged in what BoingBoing’s Cory Doctorow calls “gross misconduct.” So what? What’s the lesson for subscription businesses?

Let’s go back to that free year of security monitoring that Equifax is offering through its TrustedID Premier service. That’s a subscription service. Those who want to take advantage of the free year have to submit credit card data, and after the year is up, they are automatically renewed and charged for the service.

In an interview with TheRealNews.com, William K. Black, a professor of economics and law at the University of Missouri Kansas City and author of The Best Way To Rob A Bank Is To Own One, puts this in perspective:

They also said, “Hey, this is a chance to make money on the victims.” It turns out, if you sign up for this one-year of free protection, it’s automatically renewed, and they charge you for it after year one. Again, they know that if they do this to some tens of millions of people, that most people will simply not track that it’s a year later and that they have to kill this protection, and so they’ve turned this massive abuse, this greed upon greed upon greed, into yet another opportunity to make money off the customers who they’re treating in the most atrocious fashion possible. This is like a bad novel that someone wrote who hated corporations, except all of it’s coming from the senior leadership of the corporation.

That’s a clear illustration of the skeevy underbelly of the automatic subscription renewal business model: Users who sign up for free trials often do not opt out before the trial period expires, and they end up paying for service that they do not want and likely are not using. It is a business tactic that relies on human fallibility, not on providing a service to satisfied subscribers.

A poll by CreditCards.com and Princeton Survey Research Associates International released last month sheds some statistical light on the issue. Some highlights:

  • 35% of respondents have enrolled in automatic payments without realizing it.
  • 42% of consumers said it’s difficult to turn off recurring charges.
  • Gen-Xers (44%) and millennials (37%) were mostly likely to get hung up in automatic payments.

The Equifax example is particularly predatory because few users recall that an annual billing date is coming up. But the business practice is not especially rare. Gym and fitness subscriptions are notorious for this. For example, consider this report in the LA Times, filed a few weeks ago: Santa Monica fitness brand Beachbody is fined $3.6 million over automatic renewals.

In response to growing outrage, consumer advocates and legislators are taking action. As reported in the LA Weekly and here at Subscription Insider, bipartisan support for a new California law means that soon it may be illegal to use these bait-and-switch trial subscriptions. Subscription Insider Guide to Subscription Regulation and Compliance, Lisa B. Dubrow, Esq. writes:

  • The law would require that any offer that includes a free gift or trial include a “clear and conspicuous explanation of the price that will be charged after the trial ends or the manner in which the subscription…pricing will change upon conclusion of the trial.” The law will also require that any offer that is accepted online also be able to be canceled online, “including a termination email formatted and provided by the business that the consumer can send to the business without adding additional information.”

Clear pricing info and easy cancellation are practices that subscription service marketing execs can embrace when they are confident that their product is compelling and offers real value to subscribers. The opposite is what a consumer advocate quoted in the LA Weekly refers to as a “scam”:

You subscribe to a magazine or join a gym for a special rate and months later realize you’re paying a lot more for renewals. And those fees keep hitting your bank account while you try to figure out how to make it stop. “This is the kind of classic, everyday scam that drives people nuts because we’ve all had this experience,” says Richard Holober, executive director of the Consumer Federation of California.

The LA Weekly report also notes that “the law would also require three to seven days’ notice when a company is about to hit up your account for a renewal.”

Under an existing California law, Peet’s Coffee is currently facing a class-action suit based on the company’s automatic renewal subscription, reports Law360.

The fight against misleading subscription auto-renewal is not limited to California. The FTC is now in court suing DirecTV for $4 billion dollars for deceptive subscription pricing. According to Ad Law Access, the FTC alleges “DirecTV misled consumers by failing to disclose that it would raise its monthly subscription price after a consumer subscribed for three months, and then again after a year.”

The FTC is also working to shut down a seller of tooth-whitening products. Operating through more than 50 firms all helmed by the same person, Blair McNea, these sellers offer very low-cost trials and then ramp up the bills. According to Lexology.com:

  • The McNea-directed companies created websites that charged visitors small fees for supposed one-time trial offers of a tooth-whitening product, but which wound up enrolling consumers in a negative option scheme whereby consumers would be charged monthly fees thereafter unless they canceled. While the sample prices could be as low as $1.03, the monthly fees could reach $100 until the consumer affirmatively canceled the plan. In addition, the websites would often double-enroll customers in two separate negative option schemes. Required disclosures of the terms of the agreements were often posted in tiny, grayed-out text on the bottom of the sales web pages.

Both of these FTC actions were launched under the aegis of the Restore Online Shoppers’ Confidence Act (“ROSCA“). The federal law refers to automatic renewal as a “negative option.” One law firm describes the law this way:

  • A “negative option” feature is a provision in an offer to sell goods or services under which the consumer’s silence is taken as an acceptance of the offer. It is improper to utilize a “negative option” feature unless the seller satisfies the following requirements: (1) clearly and conspicuously disclose all material terms of the transaction before obtaining the consumer’s billing information, (2) obtain the consumer’s express written consent before charging the consumer, and (3) provide a simple mechanism for the consumer to stop recurring charges.

As public opinion builds against auto-renew trickery, complying with the ROSCA requirements becomes not only a sound legal strategy but a way to follow best practices for building customer loyalty and pre-empting social opprobrium.

Insider Take

Customers are becoming increasingly intolerant of auto-renewal business practices that take advantage of human weakness to “trick” subscribers into continuing to pay for services they do not want or need. That intolerance is being expressed through public outrage, enforcement of existing consumer protection law, and forthcoming passage of more laws. In the aftermath of a consumer-service debacle such as Equifax’s data breach response, it behooves all subscription execs to make sure they are not following in Equifax’s disastrous footsteps.

Up Next

Register Now For Email Subscription News Updates!

Search this site

You May Be Interested in:

Log In

Join Subscription Insider!

Get unlimited access to info, strategy, how-to content, trends, training webinars, and 10 years of archives on growing a profitable subscription business. We cover the unique aspects of running a subscription business including compliance, payments, marketing, retention, market strategy and even choosing the right tech.

Already a Subscription Insider member? 

Access these premium-exclusive features

Monthly
(Normally $57)

Perfect To Try A Membership!
$ 35
  •  

Annually
(Normally $395)

$16.25 Per Month, Paid Annually
$ 195
  •  
POPULAR

Team
(10 Members)

Normally Five Members
$ 997
  •  

Interested in a team license? For up to 5 team members, order here.
Need more seats? Please contact us here.