I've read the bill (it's only 4 pages) and I don't understand any of his concerns. It's a prohibition on underhanded selling of payment information to a third party in order to sign someone up to some other purchase when they bought something from you. That has nothing to do with upselling your own customers with your own products, or affiliate referral programs.
I think "our industry" refers to CPA style affiliates. Negative option is the same type of thing as the old book of the month club - they ship you something and charge you for it unless you stop it or send it back. What's going on is that there are (shady) setups designed basically to be a variable CPA. You rope the customer in, charge them whatever you can for the upfront product and then pass on their details to the negative option marketer. The 3rd party fulfills the first order for free (effectively the CPA charge) and then proceeds to bill you long term.
It would seem that the title is pretty inappropriate for HN, "our industry" certainly doesn't match any significant part of HN.
Exactly, the bill includes restrictions such as the original seller (e.g. Amazon) can't give a third party (e.g. Ez Books) billing information from the original transaction (Amazon).
"It shall be unlawful for an initial merchant to disclose a credit card,
debit card, bank account, or other financial account number, or to disclose
other billing information that is used to charge a customer of the initial
merchant, to any post-transaction third party seller for use in an Internet-
based sale of any goods or services from that post-transaction third party
seller."
Just reading what's been quoted in the blog post, this makes it so that an upsell purchase is a distinctly different transaction from a previously completed purchase.
What was possible before:
1. Visitor enters billing information and makes a purchase
2. Visitor is shown an upsell page
3. Visitor clicks a link on the upsell page
4. The item that was clicked is automatically added to the previously completed purchase
Now, step 4 isn't possible. A retailer must make it clear (by virtue of asking for billing info again) that there is a new purchase that's about to happen.
Except that this isn't in the law at all. That scenario is still completely legal. There is no distinctly different transaction unless the upsell was to a different company, and involved that other company separately charging the customer.
That's certainly not my industry. My industry doesn't involve underhanded tactics for extracting money from customers. I don't care for regulation in general, but this is not making honest people into criminals...this is making things that ethical companies would never do anyway illegal.
Bill looks good to me and won't affect our company. I think the bill should be extended though to non-internet transactions as well. I got bamboozled by magazine subscriptions that autorenew themselves even though I never consented to, the consent was in the form of an opt-out scheme.
Nothing worse than buying something for $5 and suddenly they are deducting $49.95 from your bank account every 30 days. Hopefully this bill criminalizes that practice. If as a side effect, I have to reenter credit card numbers into legit sites like amazon, that's the price I pay and its no big deal.
Regarding the companies whose schemes this bill addresses, if they all go out of business, and have their board of directors and corporate attorneys taken out and shot by a firing squad at dawn, that would be a net gain for society. (Reader's Digest, I'm looking at you.)
I believe the original intent of the bill came about from companies selling you a product and then launching a pop-up ad. Consumers would then click on the ad and be billed a low, monthly recurring charge. They wouldn't be brought to a check out screen because they had just entered all of their billing information.
I forget a lot of the specific details surrounding this, but I think these sorts of things are what originally prompted this bill.
It started with good intentions and then politicians got involved.
Yes and no. The bill speaks to a number of scummy things being done.
The first is negative option sales in which the customer pays a low or no up front price but then is billed a larger price after a certain amount of time passes if the customer fails to cancel the service. This is how all the acai berry and colon cleanse sites worked. The blow up between Zynga/Facebook/Offerpal and the press last year which resulted in the Offerpal CEO stepping down was in relation to this topic as there was a lot of deceptive advertising going on with the negative option marketers. There were also a lot of really scummy merchants double and triple billing customers. Facebook reacted immediately by preventing landing pages for these offers from hiding the terms on later pages and being very explicit. Zynga stopped allowing any offers like those to be run at all and if I recall correctly Offerpal and others like them were stuck as a significant percentage of their offers fell into that category.
The second thing they are talking about is the pop up offer, confirmation page offer or co-registraton/co-sale paths that these types of merchants were very fond of using. These worked by making additional offers available to consumers at the end of a transaction and presenting the additional items as being all from the same merchant. These sales would often be completed by doing nothing more than clicking a single link or forgetting to uncheck a checkbox. The original merchant would transfer all customer information including credit card details to the merchants of the third party offers that were accepted without ever notifying the consumer they were doing business with a third party. Another way this type of a sale would take place is via "order confirmation calls." upsell.com (no longer the same site as it's redirecting to a different domain now) ran a call center that would call up your consumers, confirm their orders and then try to sell a bunch of other stuff. If a consumer chose to purchase an additional item upsell.com would request the consumers credit card details behind the scenes so that the entire process looks like it was happening from one merchant until it hits the credit card statement. Besides potential PCI violations consumers were unknowingly putting their data at risk by having it shared without their explicit consent. This bill attempts to stop these practices.
I don't think there's anything inherently spammy about ClickBank. It's a 3rd party payment processor with a built-in affiliate program for each merchant, pretty harmless stuff.
"Alan goes to work online, posting his HopLink in search engine ads, on his pet-training blog, and in the e-book review he writes for his favorite dog-training forum."
Something about the way it's worded just sounds to me like they're hinting that people should "go to work online" posting spammy 'reviews' as an excuse to post affiliate links, and otherwise post the affiliate links far and wide.
I don't think the US needs more economic problems right now. This is a huge deal breaker for many companies, and short term, it will result in relocation of systems to emerging markets, and other established countries, like Canada, the European Union, Brazil, Russia, China, etc. Silly, silly move.
If a business relies on stealthily moving payment information from the merchant with whom the customer is dealing and a 3rd party, then perhaps a "deal breaker" is necessary. A customer should be able to expect that payment information is only handled by the merchant processing the order. Throwing "click here for your FREE OFFER" pop-ups that contain "offer terms" signing the user up for 360 months of charges, or hiding "print tickets now" links amongst huge, blinking graphics about "E Z TRIALZ" that only serve to cause credit card charges should not be recognized as good business.
Having read through the bill[1], it seems narrowly-tailored just to prevent such annoyances. A merchant needs to understand that payment information is arguably the second most precious thing given by a customer, and that information needs to be protected. Yes, customers have options, but when every seller in a particular class--I'm glaring at you, movie ticket sales websites--has taken this scammy step, the "choice" is meaningless.
The guy got it wrong. If a company wants to bring ANOTHER merchant into the mix, AFTER the transaction has been concluded, it can’t just send my info to them, I have to send it myself. That's what the bill says.
Amazon and ClickBank are just fine.
The question I have is, how does this affect virtual currencies and systems where I pay money to the initial merchant and they turn around and pay someone else (such as PayPal)?
