IBA Compliance Connection

Your go to source for compliance!

If we obtain cell phone numbers from our customers, can our core processor send them fraud alerts via text message? Do we need any disclosures referencing text messages and fees the customer’s provider may charge to receive texts from our core processor?

by

admin

We do not recommend sending text messages to your customers without their prior written permission, which generally is required by the Telephone Consumer Protection Act (TCPA).

The TCPA requires “prior express written consent” before texting a consumer’s cellular phone, with limited exceptions. The Federal Communications Commission (FCC) has carved out a narrow exception for texts related to fraud alerts, security breaches, and pending money transfers. However, such texts are subject to several strict requirements, including a requirement that the texts or calls “are not charged to the recipient, including not being counted against any plan limits that apply to the recipient (e.g., number of voice minutes, number of text messages).” Several other requirements also apply, such as a limit of three per day, a length limit of 160 characters, disclosure requirements, the ability to opt out by responding with “STOP,” and more.

In our view, it would be very difficult for your bank or a core processor to ensure that these texts will not result in charges to the recipient and will not be counted against the recipient’s cell phone plan limits. Consequently, we recommend treating this exception as inapplicable, which leaves you with the general rule that customers must provide their prior express written consent before receiving text messages.

For resources related to our guidance, please see:

  • TCPA Regulations, 47 CFR 64.1200(a) (“No person or entity may: . . . (2) Initiate, or cause to be initiated, any telephone call that includes or introduces an advertisement or constitutes telemarketing, using an automatic telephone dialing system or an artificial or prerecorded voice . . . . other than a call made with the prior express written consent of the called party . . . .”)
  • FCC Declaratory Ruling and Order (June 18, 2015), printed page 8023 (“We exempt from the TCPA’s consumer consent requirements, with conditions, certain pro-consumer messages about time-sensitive financial and healthcare issues.”)
  • FCC Declaratory Ruling and Order (June 18, 2015), printed page 8028 (“The exemption applies to robocalls and texts to wireless numbers only if they are not charged to the recipient, including not being counted against any plan limits that apply to the recipient (e.g., number of voice minutes, number of text messages) and the financial institution complies with the enumerated conditions we adopt today.”)
  • FCC Declaratory Ruling and Order (June 18, 2015), printed pages 8023, 8024 (“ABA, on behalf of its member banks and other financial institutions, asks the Commission to exempt calls concerning: (1) ‘transactions and events that suggest a risk of fraud or identity theft; (2) possible breaches of the security of customers’ personal information; (3) steps consumers can take to prevent or remedy harm caused by data security breaches; and (4) actions needed to arrange for receipt of pending money transfers.’ . . . For the reasons set forth below, we exempt these calls.”)
  • FCC Declaratory Ruling and Order (June 18, 2015), printed pages 8027–8028 (“[W]e adopt the following conditions for each exempted call (voice call or text message) made by a financial institution:

1) voice calls and text messages must be sent, if at all, only to the wireless telephone number provided by the customer of the financial institution;

2) voice calls and text messages must state the name and contact information of the financial institution (for voice calls, these disclosures must be made at the beginning of the call);

3) voice calls and text messages are strictly limited to purposes discussed in paras. 129–137 above and must not include any telemarketing, cross-marketing, solicitation, debt collection, or advertising content;

4) voice calls and text messages must be concise, generally one minute or less in length for voice calls (unless more time is needed to obtain customer responses or answer customer questions) and 160 characters or less in length for text messages;

5) a financial institution may initiate no more than three messages (whether by voice call or text message) per event over a three-day period for an affected account;

6) a financial institution must offer recipients within each message an easy means to opt out of future such messages, voice calls that could be answered by a live person must include an automated, interactive voice- and/or key press-activated opt-out mechanism that enables the call recipient to make an opt-out request prior to terminating the call, voice calls that could be answered by an answering machine or voice mail service must include a toll-free number that the consumer can call to opt out of future calls, text messages must inform recipients of the ability to opt out by replying “STOP,” which will be the exclusive means by which consumers may opt out of such messages; and,

7) a financial institution must honor opt-out requests immediately.”)