Payment Processors: Are You Prepared to Uncover "Dark Patterns"?

Posted By: Ellen Berge MAC Dispatch, MAC Monitor,

Risk management personnel who underwrite e-commerce merchants should have some basic understanding of the types of online merchant marketing and sales practices that are deceptive and misleading. More than a decade of law enforcement actions by the Federal Trade Commission (FTC) and the Consumer Financial Protection Bureau (CFPB) against payment processors that failed to act on red flags—high chargebacks, consumer complaints, shell companies with straw owners, and other evidence of consumer harm—provide a catalog of merchant activities that regulators do not want processors to support.

The latest buzz in consumer protection has focused on "dark patterns," a term coined by a user experience designer in 2010 to describe manipulative tactics that induce consumers to complete an action that they would not have otherwise completed if they had understood what they were acting on at the time. These actions may drive unwitting consumers to purchase items, share information, and agree to legal terms without intending to do so.

Last year, the FTC gave new life to "dark patterns" by hosting a workshop to examine how dark patterns affect consumer behavior, whether some groups of consumers are unfairly targeted by dark patterns, and ways in which user interfaces can effect decision-making and choice. The FTC then issued a new enforcement policy warning merchants against using illegal dark patterns to "trick or trap" consumers into subscription services. More recently, in September 2022, the FTC issued a comprehensive staff report, Bringing Dark Patterns to Light, that concluded, among other things, that dark patterns are more dangerous to consumer when used in combination. Read our summary here of how the FTC classified design elements that contribute to dark patterns and key takeaways from the FTC's report. The FTC has also asked online advertisers to weigh in on dark patterns with respect to potential updates to the FTCs' "Dot.Com Disclosures."

The FTC is not alone in its mission. The CFPB filed a lawsuit in April 2022 against a national credit reporting agency alleging that website features and designs obscured the nature of the offer—a month-to-month subscription of a credit-monitoring service. Earlier this year, the New York attorney general alleged that Fareportal violated New York law prohibiting unfair and deceptive practices by creating a false sense of urgency with a "tickets left" message accompanying flight search results. Dark pattern allegations are also beginning to appear in private lawsuits, including a case filed last year against Noom, Inc. where the plaintiff described subscription sign-ups as predicated on "deceptive system designs on websites and apps that prey on human cognitive processing frailties."

How to Spot Dark Patterns

If dark patterns have not yet hit your radar, the examples below are among those most likely to cause risk management challenges for processors and payment facilitators because they are among the ones most likely to cause consumers to part with their money.

  • Sneak-into-Basket. This design results in adding an extra item to the consumer's shopping basket upon checkout, or tricking consumers to add the extra item by a default choice. Consumers who race through the checkout process and don't catch the addition will be charged for something they didn't intend to order, or possibly even enrolled in a subscription they didn't intend to try.
  • Roach Motel. This design makes it easy for the consumer to get into a certain situation (such as a subscription billing plan), but very difficult to get out. Note that a recent trend in state laws governing subscriptions, particularly in California, is to require that merchants provide a simple cancellation mechanism that does not obstruct the consumer's ability to stop an automatically renewing billing and shipping program.
  • Forced Continuity. Keeping to the theme of subscriptions and negative options, forced continuity may occur when a consumer provides credit card information to pay for a low-cost or no-cost trial offer and later finds that he or she has been enrolled in a recurring billing program that may be difficult to stop. While this concern has been around for years, it is now labeled a "dark pattern" by regulators.
  • Hidden Costs. Ever wonder why the cheeseburger and fries you ordered was initially priced at $14.99 but cost you $35.99 to have it delivered? Service fees (that may or may not be a tip), delivery fees, "care and handling," and other creative yet vague charges often pop up at the last minute. It may be just a matter of time until a 3% surcharge added to a hefty restaurant bill—especially without proper signage or a notice that you could avoid it by paying cash—is classified as a dark pattern, even if Visa and Mastercard know the merchant is surcharging. Of course, merchants must comply with the card brand rules regarding fees and surcharges.
  • Price Comparison Prevention. What's a better deal: (a) loose apples priced at $0.75 each; (2) a bag of apples priced at $1.25 per pound; or (3) 6 pears priced at $4.45? When you take this concept and apply it to subscriptions for expensive skin care products of varying sizes and types, add potentially confusing savings claims, and lure consumers into picking the most expensive deal because it looks better, regulars will view that as a dark pattern.
  • Intentional Misdirection. This practice occurs when the website is deliberately designed to direct the consumer's attention to one thing to distract from something else. This may cause the consumer to miss added or hidden fees, say yes to a continuity program, or add shipping insurance they didn't want. The gold standard in providing necessary information and making adequate disclosures about a sale has always been to provide such information in a "clear and conspicuous" manner. Intentional misdirection defies that guidance.
  • Trick Questions. Consumers are frequently asked to check boxes to provide consent or agree to terms. But when the merchant designs the question to trick the consumer into giving an answer the consumer didn't intend, that could be a dark pattern. Examples include confusing options to avoid receiving communications or products, such as two side-by-side checkboxes:

    [ ] No, please do not send me marketing information about merchant's sales and promotions.

    [ ] No, please do not unenroll me from the subscription that follows merchant's free trial.

  • Bait and Switch. This tactic involves leading the consumer to believe that his or her action will have one outcome, but instead a different or unwanted outcome occurs. For example, most of us use an "x" button in the top right corner of a window to close the window. However, if clicking the "x" button results in closing the window and authorizing a download or agreement or purchase, that practice would be viewed as a bait and switch.
  • False Sense of Urgency or Scarcity. This marketing technique is as old as time, or at least as old as countdown timers that were first used on e-commerce checkout pages. In today's regulatory climate, it is classified as a dark pattern. Marketers may give consumers a false sense of urgency or scarcity by urging consumers to act quickly for fear of missing out on a price or offer. One example: shopping for airline tickets online and seeing "Only 2 left at this price!" next to some of the options, when such is not the case.

Of course, not all dark patterns may rise to the level of being deceptive or illegal. Consider, for example, "Confirmshaming"—used to describe circumstances when a website tries to pressure individuals to sign up for something by guilting or shaming them, often because the decline answer is phrased in a way that shames people into opting in. Consider this example:

Question: "Would you like our free guide on gardening?"

Response options: "Yes, please!" or "No thanks, I know everything about gardening."

This interaction, by itself, will probably not hurt the feelings of most people who want to pass on the free guide. However, if clicking "yes" to get the free gardening guide deceivingly enrolls the consumer in a subscription program that is barely disclosed in the fine print, then the practice has crossed the line. Risk management and underwriting staff responsible for website reviews should be trained on how to spot dark patterns and evaluate them thoroughly.

What's the Takeaway for Payments Companies?

When "dark patterns" result in consumers making purchases or enrolling in subscription programs, it is an easy leap for the FTC or CFPB to allege that a processor knew or should have known that a merchant was engaged in such manipulative tactics, especially if the merchant's transaction processing history is accompanied by high chargebacks and consumer complaints. The FTC and CFPB have ample experience in opening investigations and filing lawsuits against processors that facilitate payments for merchants engaged in unlawful conduct. Cases involving Electronic Payment Solutions, Transact Pro, and First Data Merchant Services provide just a few examples of how allegations against processors develop.

Finally, an extra word of caution for payment platforms, payment facilitators, and other intermediaries: Consumer protection regulators already have tremendous trepidation about whether the various layers of these models facilitate lax underwriting and more opportunities for deceptive merchants to gain access to payments networks.