The Complete SMS Compliance Guide.

SMS Compliance Guide

Overview

SMS marketing and mass texting has become a foundational component for businesses and organizations looking to engage with their audiences. Laws and regulations governing text messaging are also far different than those of other channels. Penalties for non-compliance are much greater which is why understanding SMS compliance is critical.

While maintaining a compliant text messaging program may seem difficult, it’s really not. The purpose of this guide is to provide a detailed overview of text messaging compliance and lay the foundation for a solid SMS marketing strategy.

Please note that all information found in this guide is for informational purposes only and is not intended to constitute legal advice.

Who Makes The Rules

Before diving into the texting laws and compliance guidelines, it’s helpful to understand where they come from and who’s responsible for maintaining them. In the United States, there are two core entities that you should be aware of.

The TCPA

The TCPA stands for “Telephone Consumer Protection Act” and is the federal legislation (originally written in 1991) that governs telemarketing, text messaging, and the Do-Not-Call list. While these laws don’t explicitly mention anything about SMS, it’s been ruled that texts are treated as phone calls under the TCPA. These laws exist to protect people from unsolicited text messages and phone calls.

The CTIA

The CTIA stands for “Cellular Telecommunications Industry Association” and is a trade group that represents wireless carriers and others in the telecom industry. The CTIA maintains the Short Code Monitoring Handbook which lays out additional guidelines for SMS marketing. The CTIA’s guidelines align with TCPA laws to protect people from unwanted text messages but extend further to help marketers create a better experience for consumers.

Text Message Laws

While both TCPA and CTIA guidelines should be strictly followed, it’s important to draw the distinction between what’s law and what’s regulation. There’s a lot of overlap between the two however you can view the TCPA as federal laws preventing unsolicited text messages and CTIA guidelines as carrier regulations further protecting consumers.

When it comes to texting laws, however, TCPA legislation is what matters. The major theme of the TCPA is that you must obtain express written consent from people before sending them promotional text messages. Failure to do so can trigger large class-action lawsuits and penalties of up to $500 per text. The good news is that getting consent isn’t that hard.

Key Takeaway

TCPA compliance is following texting laws and CTIA compliance is following the guidelines set forth by the cellular carriers.

Express Written Consent

As defined in the TCPA, express written consent is permission given by someone on paper or electronically to receive promotional messages via an autodialer.

Now you might be thinking, “What’s an autodialer? I’m not using an autodialer?” Our perspective is that there’s too much hands-on involvement when using SMS marketing software like SlickText for it to be considered an autodialer. The problem is that TCPA legislation was written over 20 years ago and courts today struggle to understand how software like SlickText applies to such an old definition. For this reason, it’s generally recommended to err on the side of caution and assume that whatever service you’re using to send text messages is an autodialer and that you need express written consent.

Obtaining Express Written Consent

Obtaining express written consent really isn't that hard. Remember, the TCPA definition allows for permission to be given electronically. This could be in the form of recorded verbal consent, checking a box on a web form, or simply texting a keyword to a phone number (provided the keyword call to action has some specific verbiage.) This opens up several options for capturing consent in a compliant way.

Collecting opt-ins via text to join and web forms are the two most popular ways to obtain express written consent. We’ll cover those opt-in methods in more detail below.

Key Takeaway

Express written consent can be given electronically which makes text to join and web forms two easy ways to collect opt-ins in a compliant manner.

Messaging Types

Now that we understand basic texting laws and the concept of express written consent, we’ll cover the three types of text messaging content. These are important concepts as each requires a different level of consent provided by the consumer.

Conversational Messaging

Conversational messaging is exactly what you might think. It’s the back-and-forth texting between a consumer and a business in real time. If the consumer starts the conversation by sending an initial SMS to a business and they reply, this is considered to be conversational.

The consent level associated with conversation text messaging is what’s known as implied consent. Since the consumer is initiating the conversation, it’s implied that they are expecting a dialog and no real permission is required.

Informational Messaging

Informational, also referred to as “transactional” messages, are non-promotional text messages that communicate important information. Some examples of transactional messages include appointment reminders, welcome texts and shipping notifications.

Informational messages require express consent. Because these types of messages are non-promotional, the consumer must still give consent but it doesn’t need to be express written consent. Permission can be granted by replying to a text message, filling out a form or even verbally.

It’s worth noting that in many cases, it’s unclear whether a text message is considered to be informational or promotional. For that reason, we recommend that you obtain express written consent even in cases where you’ll be sending informational or transactional messages.

Promotional Messaging

Promotional text messages are ones that contain sales or marketing-related content. Typically, if there’s a link or call to action in the message, it’s considered to be promotional, however that’s not always the case.

Promotional text messages, as mentioned above, require express written consent. This is the highest level of consent that you can capture from the consumer and puts you in the best position for defense if a lawsuit ever arose.

Key Takeaway

Oftentimes it may be unclear whether a text message is informational or promotional so you should obtain express written consent in both cases.

Collecting Opt-Ins

Now that we understand the various types of messaging and the required consent level associated with each, we can dive into how to collect opt-ins in a lawful and compliant manner. As mentioned above, it’s best to assume all of your text messaging to be promotional and that you need express written consent.

Let’s take a look at the two most common ways that SMS marketers collect opt-ins and the best practices for doing so in a compliant way.

Text to Join

Text to join is one of the popular ways to collect opt-ins for a SMS marketing program. It works by texting a word or a phrase known as a “keyword” to a short code or phone number. When someone texts your keyword, they are opted into your SMS program. In order for the text to join process to be TCPA and CTIA compliant, a few things must be in place.

For TCPA compliance, your call to action must disclose that people will be receiving future promotional messages. It should also inform them that messages will come from and autodialer and that their agreement to receive said messages isn’t a condition of purchase. Furthermore, you’ll also need to provide a link to your program’s terms and conditions. That’s covered in more detail below.

For CTIA compliance, your call to action must conspicuously inform consumers about the purpose of your campaign and what they can expect to receive. Additionally, you must include how often you’ll be texting them, some information about messaging and data rates, a link to terms and privacy and how to opt out if they choose to do so.

Example of a compliant text to join CTA...

Text SlickText to 888111 to join our VIP text list and receive weekly specials.

You agree to receive automated promotional messages. This agreement is not a condition of purchase. Receive up to 4 messages per month. Reply STOP to opt out or HELP for help. Message & data rates apply. Terms and privacy policy can be found at slicktext.com/tc.php.

The last component for CTIA compliance is that people who text your keyword should receive an immediate auto-response that confirms their subscription. This text must include the name of your business, message & data rates may apply, opt-out instructions and a link to your terms and privacy.

Example of a compliant auto-response...

SlickText: Thanks for joining our VIP text list! Stay tuned for future deals.

Up to 4 msgs/month. Reply STOP to opt out or HELP for help. Msg & Data rates may apply. Terms & privacy: slicktext.com/tc.php

Key Takeaways

  1. Text to join is only compliant if your CTA is accompanied by the required verbiage.
  2. After opting in, people should receive an immediate, automated response confirming subscription.
  3. SlickText has all of the required compliance measures built in.

Web Forms

Another great way to capture SMS opt-ins and express written consent is with web forms. Most good mass texting services offer web forms as a way to grow your list. These are simple forms on your website or landing pages that give users the ability to input their information and sign up for your texting program. Similarly to text to join, there are specific requirements needed for a form to be TCPA and CTIA compliant.

Your form, at the very least, will have a field where people can input their phone number. Most businesses also offer a field or two for them to provide their name.

For TCPA compliance and capturing express written consent, your form must have a checkbox that contains verbiage explaining that people are agreeing to receive automated promotional messages and that consent is not a condition of purchase. It’s also important that the checkbox is not checked by default.

For CTIA compliance, the text accompanying the checkbox must also include the messaging frequency, that message and data rates may apply, opt-out instructions, help instructions and links to your terms and privacy policies.

Example of a compliant web form...

Join the SlickText VIP text list and receive weekly specials!

By checking this box I agree to receive automated promotional messages. This agreement is not a condition of purchase. Receive up to 4 messages per month. Reply STOP to opt out or HELP for help. Message & data rates apply. Terms and privacy policy found at slicktext.com/tc.php

Additionally, to be CTIA compliant, immediately after submitting your form, the consumer should receive an automated text message confirming their subscription. That confirmation text should include the name of your business, message and data rates may apply, opt-out instructions and a link to your terms and privacy just like with texting to join.

Example of a compliant confirmation text...

SlickText: Thanks for joining our VIP text list! Stay tuned for future deals.

Up to 4 msgs/month. Reply STOP to opt out or HELP for help. Msg & Data rates may apply. Terms & privacy: slicktext.com/tc.php

A very important thing to note is that while this flow is technically CTIA compliant, it still opens up opportunities for bad actors to create problems. In this scenario, someone could input any phone number they want into your form and subscribe random people to your text messaging program. For this reason, we highly recommend a double opt-in process when using web forms.

Double opt-in requires an additional confirmation text message to be sent by the consumer after filling out the web form. This confirms that the person is who they say they are. The final opt-in flow looks like this…

  1. Consumer fills out the form, checks the box, and submits.
  2. Consumer is sent a text message asking to confirm their subscription.
  3. Consumer replies YES to confirm.
  4. Consumer is subscribed and receives the final confirmation text message.

Key Takeaways

  1. Web forms require a checkbox with specific compliance verbiage.
  2. The checkbox must be unchecked by default.
  3. You should always use a double opt-in process when subscribing people via web forms. This forces people to prove who they are before being opted in.
  4. SlickText has all of the required compliance measures built in.

Required Verbiage

Now that you’ve read through the guidelines for collecting opt-ins, you’ve probably noticed some common verbiage used throughout. Each is key to ensuring compliance with the TCPA, CTIA and obtaining proper express written consent.

Each of the following components are required wherever you’re collecting opt-ins. Let’s take a deeper look at each and how they all come together.

Business Name & Purpose

Wherever you advertise your text messaging program, you must make it abundantly clear who the sender is and the nature of the messages that will be sent.

Text SlickText to 888111 to join our VIP text list and receive weekly specials ...

Automated Promotional Messages

When advertising your call to action, you also need to disclose that messages will be sent via an automated method. This is key for capturing express written consent.

... You agree to receive automated promotional messages ...

Not a Condition of Purchase

In addition to the agreement of receiving automated promotional messages, you must also disclose that their agreement to opt-in is not a condition of purchase. This means that a consumer doesn’t have to make a purchase in order to be eligible to subscribe.

... This agreement is not a condition of purchase ...

Message Frequency

This is where you inform consumers about how often you’ll be texting them. While it’s best to let them know how many texts they can expect to receive, you can also simply tell them that your messages will be recurring.

... Up to 4 msgs/month ...

Opt-Out Instructions

This is the snippet of text where you inform consumers on how they can opt out of your text program in the case that they’d like to. All SMS marketing and mass texting services process special opt out keywords that handle this process. Those keywords are: STOP, CANCEL, QUIT, UNSUBSCRIBE and END. When someone responds with one of those keywords, they should immediately be unsubscribed and sent one last response confirming their opt out was successful.

... Reply STOP to opt out ...

Help Instructions

Following the opt out instructions, you should include some text that informs consumers how to get help should they need it. Just like the opt out keywords, texting services should also respond to the keyword HELP. This should return a message with a phone number, email address and website that consumers can use to get help with the text messaging program.

... Reply HELP for help ...

Msg & Data rates may apply

This disclosure simply communicates to consumers that their cellular carrier may charge them the standard messaging and data rates for sending and receiving SMS / MMS. Today, most cellular plans offer unlimited texting & data so this is not normally an issue.

... Msg & Data rates may apply ...

Terms & Privacy

The final component of the verbiage required to collect TCPA and CTIA compliant opt-ins is having a valid set of terms and conditions and privacy policy and including links to them. While they don’t normally have to be pages and pages long, there are some key requirements to ensure they’re satisfactory. Let’s dive into those.

... Terms & privacy @ slicktext.com/tc.php ...

Full Compliance Verbiage

You agree to receive automated promotional messages. This agreement is not a condition of purchase. Receive up to {messages per month} messages per month. Reply STOP to opt out or HELP for help. Message & data rates apply. Terms and privacy policy found at {terms and privacy link here}.

Terms & Conditions Requirements

In order to be compliant with TCPA and CTIA guidelines, you’ll need to have a set of terms and conditions for your text messaging program. Yes, we know what you’re thinking… “Nobody ever reads this stuff.” While you’re probably right, it’s still required.

The link to your terms and conditions must be clearly visible and not buried where they’ll never be found. This is what’s considered by the TCPA as the “written agreement” between you and the consumer.

When it comes to the actual content of the terms and conditions, the CTIA requires specific information to be disclosed. This information includes:

  • Business name
  • Text Program name
  • The number used for the program
  • Opt-in instructions
  • Opt-out instructions
  • Help instructions
  • A list of supported wireless carriers
  • Messaging frequency
  • Message and data rates disclosure
  • Link to privacy policy

Privacy Policy Requirements

Unlike your terms and conditions, the TCPA nor the CTIA have specific requirements for the content although there needs to be some material content within. While most people don’t read privacy policies, it puts consumers at ease knowing that the business they're interacting with maintains one.

We recommend, at the very least, making a statement about the protection of consumer information and your company’s perspective on it. Additionally, for your protection, you should also include some information about the limits of your abilities and liability.

Controlled Content

The CTIA has additional requirements for SMS programs that pertain to adult content or controlled substances. While content of this nature is normally subject to scrutiny by the wireless carriers, some is allowed with proper functionality in place; particularly age-gating.

An age gate is functionality that requires and confirms a person’s age at the point of opt in. For example, when texting to join, after texting the keyword, instead of immediately receiving the confirmation auto-response, you’d receive a message asking for your date of birth. Once the person has replied with their age and they meet the age requirements, they would then be opted in.

Note that the CTIA has a zero-tolerance policy for referencing the abuse of controlled substances and will take action on any text programs that are in violation.

Key Takeaway

Some controlled and adult content is allowed however people are required to provide their date of birth. Only those of age can be opted in.

Prohibited Content

The CTIA and cellular carriers bluntly disallow certain types of messaging content. There’s also content types that while not specifically called out, are also disallowed.

SHAFT Content

SHAFT is an acronym that stands for “Sex, Hate, Alcohol, Firearms and Tobbacco”. Most messaging programs related to these types of content are prohibited however there are exceptions. As an example, messaging related to sex, hate and the sale of firearms is disallowed, however the sale of alcohol and tobbacco requires an age gate.

Other Prohibited Content

While the CTIA has called out specific types of content that’s prohibited, it’s not inclusive of all messaging content that they or the carriers disallow. Some examples of additional prohibited content include messaging related to cannabis, CBD, loans, debt collection, get rich quick schemes, gambling, deceptive marketing, and credit repair.

Violations & Audits

There are a few different things that can happen if you’re in violation of the TCPA or CTIA guidelines. Remember, TCPA legislation is law and violations are punishable by the federal government. CTIA guidelines, while not law, can result in the suspension or termination of your short code, phone number and text messaging program.

TCPA Violations

As mentioned above, the TCPA exists to prevent unwanted text messages and phone calls. A violation normally occurs because of unsolicited text messages, phone calls or calls made to those on the national Do Not Call Registry.

TCPA violations can be massive with penalties of up to $500 per message / call and willful violations up to $1,500 per offense. There’s no cap on damages so if a lawsuit is class-action, total fines could wind up costing millions of dollars and it’s happened. Additionally, citizens aren’t the only ones that can bring actions for TCPA violations. The FCC, FTC and state attorney generals can do so as well.

These violations can be business-ending so the bottom line is to make sure you’re capturing express written consent with every opt-in.

Short Code Audits

On a regular basis, the CTIA, cellular carriers, and other auditing bodies test SMS short code programs for compliance with the Short Code Monitoring Handbook. An SMS program can be in violation for several reasons and with a varying degree of severity. This can range from a lack of opt out instructions with a call to action to sending spam or prohibited content. When a program is deemed to be out of compliance, it triggers a short code audit.

When an audit is opened, the short code owner is notified and given instructions on how to bring the program back into compliance. Depending on the severity level of the audit, the owner will have a specific period of time to correct the given issues. If corrections aren’t made within the specified amount of time, the short code will be suspended or potentially terminated.

Number Shutdowns

If you’re using a toll-free or 10DLC number for your SMS program it’s still imperative that you follow TCPA and CTIA guidelines. While there’s no official audit process for these types of numbers like there are for short codes, cellular carriers, SMS aggregators, and service providers require the same level of compliance. Carriers and service providers have automated and manual processes in place to check SMS programs for compliance and shut numbers down regularly for violations.

Conculsion

At the very end of the day, SMS compliance is not that hard. The golden rule above all else is to obtain express written consent before sending text messages to people. Furthermore, be transparent about what people can expect to receive when joining your text program and how they can opt out if they choose to do so.

SlickText offers everything you need to launch a compliant SMS marketing program and has all the required things built right in. From opt-in compliance verbiage to pre-built terms and privacy policies, we’re trusted by tens of thousands and power some of the world's largest text messaging programs.

If you have additional questions or want to learn more, don’t hesitate to reach out to your team. We’d love to chat.

Please note that all information found in this guide is for informational purposes only and is not intended to constitute legal advice.

Have questions about SMS complaince?

We've got answers.

You're in excellent hands. We work with some of the world's greatest companies.

iHop ESPN FedEx Virginia Tech  Universal Music American Cancer Society