Firepush SMS guidance: TCPA and CTIA compliance for Shopify stores
If you’re planning to carry out SMS marketing, it’s essential to understand U.S. SMS compliance legislation and rules, namely the TCPA (Telephone Consumer Protection Act) and guidelines set out by CTIA (Cellular Telecommunications Industry Association). These are designed to protect consumers/customers against spam phone calls and text messages.
At Firepush, we cannot provide legal advice on this subject, but we have set out some guidance for you below to help you understand your obligations. Please contact a legal representative who is an expert in SMS compliance law, to ensure your SMS marketing activities are fully compliant.
Note that the information contained in this article relates purely to U.S. SMS compliance laws and doesn’t take into account applicable SMS messaging laws from other countries. If you reside in, or have customers in countries outside of the U.S., you will need to seek separate advice on the SMS compliance laws of those countries.
What is SMS spam?
SMS spam (or text spam) is any message that is unwanted or deemed as intrusive, sent from any individual or company. Many spam messages contain inappropriate or irrelevant content, but any unwanted message can be seen as spam.
You must get consent for your SMS marketing campaigns so that you don’t end up sending unsolicited text messages. It’s important to do this so that you don’t annoy message recipients, but also because it’s illegal to send marketing text messages without obtaining consent. If you breach SMS compliance laws, you could face a hefty fine.
If, for example, you violate TCPA rules, you could receive a fine of between $500 and $1500 for each violation. As you can imagine, this could result in thousands, or even millions of dollars depending on how many subscribers you have within your marketing list. Aside from potential fines, message recipients can also seek an injunction against you.
By making sure you obtain verifiable consent for SMS marketing, you’ll be able to prove that you’re not sending out spam messages, should you get challenged about compliance.
SMS compliance best practice guidelines
Below you’ll find some guidelines to follow to help you meet SMS compliance. As mentioned above, we recommend you seek professional legal advice to ensure your SMS marketing practices are fully compliant before you launch any campaigns.
- Get consent - having a customer supply their phone number during checkout isn’t the same as getting consent to send marketing text messages. You should be clear that your customer knows that they are signing up to receive SMS marketing. You can do this by having an opt-in checkbox (with an explanatory statement) next to where you collect phone numbers. Don’t use automatic opt-ins.
- Use double opt-ins if possible - this provides stronger proof of consent.
- Provide an opt-out method - for every SMS you send, provide a way for your subscriber to opt-out of further marketing messages if they wish. You can do this via an unsubscribe link or ask them to reply with a word like ‘STOP’.
- Send relevant SMS campaigns - if a customer has subscribed to receive back-in-stock alerts via text, don’t send them marketing messages.
- Provide value - avoid unsubscribes by offering your subscribers something of value in every SMS. That could be free shipping, a discount, or a freebie in exchange for placing an order.
- Use easy language - be clear in your messaging and avoid acronyms, as these may be confusing for some subscribers.
- Avoid sending too many campaigns - if you send out text messages too often, your subscribers will get bored of hearing from you. Opt for quality messages over quantity.
- Avoid sending during ‘do not disturb’ hours - don’t send SMS campaigns before 8 am in the morning and after 9 pm at night, according to your subscribers’ local time zones.
- Evaluate your campaigns - analyze your campaign stats regularly to make sure you’re not getting too many unsubscribes and that your campaigns are converting well. Aim for a CTR of 45% or more.
FAQs about TCPA compliance for SMS campaigns (plus TCPA settlement)
What is the TCPA?
The TCPA was enacted back in 1991. It’s a U.S. federal law that sets out how marketers can legally contact people using Automatic Telephone Dialling Systems (ATDS). It covers phone calls, SMS messages, voicemails, robocalls and fax communications.
The TCPA is designed to protect consumers from spam communications. This includes spam text messages. Breaching TCPA rules may result in a fine of between $500 and $1500 per violation. Learn more about TCPA compliance for Shopify stores.
What is the CTIA?
The CTIA is a trade network run by the likes of AT&T, Verizon and other wireless companies. Unlike the TCPA, CTIA isn’t federal law, so you can’t get sued for not following CTIA guidelines.
However, if you don’t follow CTIA rules, there are other consequences to worry about. CTIA can report you to mobile carriers, who in turn, can shut down your SMS marketing campaigns until you rectify any issues.
Is email marketing consent acceptable as SMS marketing consent?
If a subscriber has already consented to receive marketing communications by email, you still can’t send them SMS marketing messages unless they’ve explicitly opted-in to receiving them.
This is the case even if the subscriber submits their phone number at the same time as giving email marketing consent. Your email marketing list and SMS marketing list are two separate entities and the necessary permissions are required for both.
How should you obtain express consent for SMS marketing?
The important thing to remember when it comes to text message marketing consent is that you need express permission from subscribers. If you collect phone numbers as a matter of course at the checkout, that doesn’t mean you have consent to send SMS marketing messages to those numbers.
You must obtain proper consent from your subscribers in relation to the type of messages that you want to send them. To do that, you should explain this at the point of data capture. Once you have consent, you must provide an easy way for your subscribers to withdraw their consent if they wish.
To ensure you’re getting consent in a compliant way, consider doing the following:
1. Obtain verifiable consent
You must be able to prove that subscribers have opted in to receive SMS marketing communications from you. You can do this through an SMS marketing opt-in checkbox.
Here’s an example of a TCPA compliant checkout page. You’ll see that at the point where a customer enters their phone number, they’re also prompted to opt-in to SMS marketing messages by ticking a checkbox. There’s wording next to the checkbox that clearly states that by opting in, the customer will receive marketing text messages and emails (from the brand they’re purchasing from).
If you have enough room, it’s best practice to set out how often your subscribers will likely receive marketing messages from you.
2. Provide two-step verification
As part of the opt-in process, you can trigger an SMS message that asks subscribers to verify their phone number and reconfirm that they want to receive SMS marketing messages from you. Two-step verification provides solid proof that subscribers want to be contacted and haven’t ticked your opt-in checkbox by mistake. Two-step verification isn’t available on Firepush at the moment, but will be added as soon as it becomes mandatory.
3. Provide ways to opt-out in every SMS message
Allow your subscribers to change their mind and withdraw consent from receiving future marketing messages. You can do this by adding an unsubscribe link in your message and instructions on how to opt-out by replying with a keyword like ‘STOP’.
4. Send only relevant SMS marketing messages
Make sure your brand name is clear in every SMS you send, and that the content of your message is aligned with what your subscribers have signed up for.
How should you handle SMS opt-out requests?
If a subscriber replies with ‘STOP’, ‘CANCEL’ or ‘UNSUBSCRIBE’ to any of your SMS messages, Firepush will automatically remove unsubscribe them within your SMS marketing database. This process relates to U.S. subscribers only. Subscribers in other countries can opt out via an unsubscribe URL within your SMS campaign. You may receive opt-out requests by other means, such as by email, or by a subscriber calling you instead. If this happens, contact the Firepush support team asap - within 10 days - and we will remove the subscriber from your SMS marketing list within minutes.
If someone opts-out of your SMS marketing database, you can’t send them marketing text messages again, unless they specifically opt back in to receive them.