Court clears up some in-app purchase uncertainty

Mediating a battle between Amazon and the FTC, a federal judge offers some well-thought-out limits on in-app purchases for children.

baby computer
Credit: Pixabay

The Federal Trade Commission has long maintained that minors, who can't agree to a legal contract, can't be forced to pay for in-app purchases they make. But there are ambiguities within that policy. Do merchants overstep when they make it difficult to get reimbursed for such unauthorized purchases? And just what constitutes a "minor"?

Amazon has been especially aggressive in pursuing payments for in-app purchases, and last spring the FTC received a summary judgment in its suit against the online retailer, joining Apple and Google as companies that the FTC has successfully pursued regarding in-app sales to minors. Then, last month, a federal judge rejected the FTC's proposal for a $26.5 million fine against Amazon, but made some interesting observations at the same time.

In the Nov. 10 ruling, U.S. District Court Judge John Coughenour wrestled with how to calculate intent, given the FTC's attempt to connect password failures with intent. "The FTC requested approximately $26.5 million in monetary damages. The FTC generated this figure by calculating an 'unauthorized charge rate'—the rate of password failures as a portion of total password prompts given—and applying it to the universe of relevant in-app purchase revenue. The Court held that the rate suggested by the FTC in its original briefing was too high, as it assumed every failed password attempt should be associated with an attempted in-app purchase by a child. Rather, as the Court discussed, 'many password "failures" could have occurred because the user got distracted, changed his or her mind, or simply could not remember their password.'"

Then there's the issue of what constitutes a minor. Any uncertaintly on this question can be traced to the Children’s Online Privacy Protection Act (COPPA), which sets out to protect the privacy of children under the age of 13. Amazon wanted the court to restrict its reimbursements to cases involving children younger than 13. The court rejected that argument.

"The Court is not persuaded by Amazon’s argument that purchases made by children age 13 and older are not part of the harm in this matter. As the FTC points out, the FTC never made any sort of concessions on the scope of liability by using search terms like 'pre-teen' and 'under-13' during discovery. The Court agrees. This case deals with all unauthorized in-app purchases made by children. Children between ages 13 and 17 are included in this definition because drawing a line at age 13 would be an arbitrary distinction for which the Court finds no basis under these facts. Therefore, all unauthorized in-app purchases by children, not just those age 12 and under, are included in the potentially eligible transactions."

Amazon had also asked to exclude purchases made between 11 p.m. and 3 a.m. Pacific time, arguing that such a limit would exclude most children. The court agreed.

"The Court concludes that a reasonable way to account for the fact that not all failed password attempts would have been made by children is, in fact, to omit the purchases made in the late night hours. In so doing, the Court takes judicial notice of the fact that children are generally asleep between 11:00 p.m. and 3:00 a.m. Pacific Standard Time (2:00 a.m. – 6:00 a.m. Eastern Standard Time). Common sense dictates that the majority of people are asleep during these hours, particularly if they are children."

The retailer also tried to limit the definition of "unauthorized." If an adult shopper, for example, had already received a refund for an in-app payment by a child, Amazon argued "that those customers were fully informed about parental controls and the possibilities of in-app purchasing" because of the refund. The court disagreed.

"Amazon has not provided sufficient evidence that all consumers who received refunds were instructed about parental controls. In fact the evidence indicates that Amazon customer service agents did not always instruct or effectively educate customers about parental controls," Coughenour wrote. "Accordingly, purchases made after receipt of a refund are still included in the potentially eligible transactions. The same is true for purchases made regardless of a customer’s use or awareness of parental controls or Kindle FreeTime. Amazon did not disclose that parental controls or FreeTime had to be activated to avoid unauthorized in-app charges."

Amazon also tried to say that certain kinds of apps are unlikely to be of interest to children. "Amazon submits that additional apps’ potential refunds should be excluded: (1) those rated 'adult' or 'mature,' (2) those classified in categories that would not interest children, 'such as personal finance or navigation' and (3) thirty specific apps, including 'Crime City' and 'Gun Zombie: Hell Gate,' with violence or characteristics rendering them unlikely to have been played by children."

Really, Amazon? You think that games claiming to be violent are not of interest to children? Have you ever met a 15-year-old boy? The court also found the argument lacking. "The Court agrees with the FTC that Amazon’s argument that the potentially eligible transactions should be decreased by certain high-risk apps that are not likely to be of interest to children is inadequate. There is substantial evidence that those very apps have been used by children."

Amazon most impressively showed its chutzpa by trying to make any refunds paid only by Amazon gift cards. "Although it may be convenient for customers, that refund form is completely contrary to the Court’s determination that Amazon is liable for violations of the FTC Act. If Amazon were able to issue Amazon gift cards as a refund, Amazon would undoubtedly recapture some of the profits that are at issue. Therefore, the Court rejects that proposal and agrees with the FTC that the refunds should be returned to the source of the initial charge (such as a credit or debit card), and if that option is not available, the refunds should be issued in check form."

The court, unfortunately, did not directly address the key issue. When an 11-year-old asks a parent for permission to make an in-app purchase and is told "no" and the child makes that purchase anyway, are the parents liable for the charge? The implication is that they aren't. What if parental controls — which would theoretically lock out any unauthorized purchases — are offered but not used? Does that change the liability picture? Again, the court's decisions suggests that it doesn't.

As a practical matter, though, a strict interpretation of the law should be irrelevant. If a shopper calls and says that in-app purchases were made by an 8-year-old without authorization, marketing and customer service common sense demands that the charges be reversed.

This forces a key retail ROI decision. How many unauthorized charges will be disputed? Even in this decision, the paperwork burden on the consumer is non-trivial. Will fast and pleasant reversals please shoppers enough to generate good will and more future revenue?

In-app revenue is a key exploration area. At least now we have a few guidelines from one federal judge to consider.

Computerworld's IT Salary Survey 2017 results
Shop Tech Products at Amazon