Subscription Traps: when taking advantage of a free offer takes advantage of you

Have you ever signed up for a free service, only to find yourself caught in a subscription you never asked for? Subscription traps are the latest dubious consumer practice being tackled by the authorities – how do companies create these subscription traps, and what can CSPs do to help prevent them?

As part of its broader online safety campaign, the UK government has announced a new crackdown on unscrupulous e-commerce practices.

Under the new rules, businesses must make clear what consumers are signing up for before entering a free trial, provide clear information to consumers as to whether it will roll into a subscription contract or not, must send reminders to consumers that a free trial is coming to an end before it auto-renews (akin to Ofcom’s Annual Best Tariff Notifications), and ensure that customers can easily extract themselves from so-called subscription traps.

What is a subscription trap? Free trials offer a way for prospective customers to try out a product or service for a limited period of time, free of charge – in theory. We’ve all signed up for a free trial period now and again with the intent of cancelling before the trial period ends, but when taking up these offers, some may find themselves automatically enrolled in a hidden recurring service without their knowledge, the details buried deep in the terms and conditions.

Businesses employing subscription traps will request credit card details from a customer, even for a “free” service, ostensibly for the purposes of verifying their identity or delivering a product, keeping these details on file, and then charging the cost of the subscription to this card once the free trial period has ended, and often without any warning.

These tactics tend to go hand-in-hand with other deceitful methods such as scarcity text (indicating limited availability of the offer) or pushy sales tactics to rope the customers in, and dark patterns embedded within the user experience to keep them trapped.

It’s abuse of Continuous Payment Authorities (CPAs) that makes these subscriptions possible; CPAs are set up by the vendor, rather than the customer, and charges can be taken immediately from the customer’s card. No notice has to be given over changes to the amount being charged.

In short, though they have some benefits, fewer safeguards in place means they are open to abuse by unscrupulous companies. This is one of the reasons why strong customer authentication (SCA) has been introduced via 3DS2, requiring the customer to authorise any card payments with a one-time passcode, and to explicitly opt-in to allow recurring payments to happen.

Though the telecoms industry doesn’t represent a majority of subscription trap cases, the most common ways by which these scams are delivered is via premium rate text messages or by exploiting Direct Carrier Billing (DCB).

A 2020 survey by the European Commission found that 8% of respondents had fallen victim to a subscription trap in the previous two years, and only 21% of those reported this to the authorities. For those who suffered more than €50 of financial harm, this figure rose to 44%.

The UK’s Citizens Advice warned consumers in 2015 of an ad promoting a flash sale of iPhones for £1 – in reality, those unfortunate consumers would be entered into a prize draw, and would end up unwittingly signing up to a recurring monthly payment of £74.

This scam was a veritable minnow though when compared with Dark Herring, a malware network which reportedly affected 470 apps on 105 million Android devices worldwide. The fishy malware prompted users to enter their phone number, and then submitted that to a DCB service that charged an average of $15 per month, generating millions from unsuspecting customers before the network of apps and phishing websites were removed.

Is this a case of customers not reading the fine print? Well, yes – often, customers are staggeringly in the dark as to what they’re actually getting themselves in to, with one study finding that a mere 1% of customers read the terms and conditions.

A study by the RAND Corporation into consumer behaviour and subscriptions found that, despite the monthly fees to be charged after the end of the free trial being clearly labelled, many customers still don’t notice these charges. What’s more, many customers feel overconfident in their capacity to remember to cancel a free trial; 52% of respondents stated that they enter a free trial with the intent to cancel, while only 38% actually did.

Therefore, legislation and clampdowns targeting traders and the misuse of services such as DCB are the most effective course of action, rather than trying to engage in raising further awareness of subscription traps.

The US targeted a similar practice over a decade ago, where many high-profile companies were passing on credit card information to one of a number of membership clubs, unbeknownst to the customers. Misleading payment or shipping forms, or offers on cash back or free shipping would conceal that this was taking place. This is called post-transaction marketing.

One victim of this practice, who initially purchased two movie tickets from MovieTickets.com, found $320 in charges on her credit card from other companies, triggered by her following a link to a discount on her next purchase. At no point had she re-entered her payment details; the post-transaction marketing company had simply copied them over.

After an investigation by the US Senate Commerce Committee, this practice was mostly dropped by the biggest post-transactional marketers.

Would a further clampdown negatively affect subscription-based businesses who are playing by the rules though? According to the UK government’s consultation, though it would potentially undermine businesses which rely on recurring payments for revenue, it would lead to more healthy market competition overall.

With many people looking to cut back on subscriptions in the face of rising household costs, CSPs must put in place safeguards to ensure that DCB is not abused by bad actors, and businesses must make cancelling as easy as it is to sign up, allowing consumers to opt-in rather than opt-out of subscriptions after free trials.

Update [25/04/2023]: The CMA's Digital Markets Unit will be granted new powers to tackle subscription traps, as well as fake online reviews, under the new Digital Markets, Competition and Consumers Bill.