Legal Brief: Changes to FTC's Negative Option Rule may Impact Security

June 7, 2023
FTC considers consumer protection enhancements when it comes to recurring payments

This article originally appeared in the June 2023 issue of Security Business magazine. When sharing, don’t forget to mention Security Business magazine on LinkedIn and @SecBusinessMag on Twitter.


John and his wife have been loyal customers of Security Company X for nearly 20 years; however, a few months ago, John commenced a major renovation to his home that resulted in substantial disruption to the functionality of the monitored security system. This prompted John to contact Security Company X and cancel the service.

Hoping to retain their customer, Security Company X suggested that John not cancel his service, but instead suspend it for a six-month period. John agreed, resolving that he could defer the decision to continue with Security Company X after the renovation was complete.

Six months later, the renovation was far from complete. A few days after the six-month point, John contacted Security Company X to cancel or at least extend the suspension. To his great surprise and dismay, he was advised that, because he called after the suspension was lifted (it was set for six months precisely), he was responsible for a quarterly payment to Security Company X. The home was not in a condition to receive the service. John got no advance notice or warning from the security company that this was happening.

Should John have called Security Company X before the expiration of the suspension? Ideally, yes; however, the more pertinent question from a legal and consumer protection perspective, is whether Security Company X should have given John advance notice that the suspension was set to be lifted. At a minimum, that would have inspired John to extend the suspension and avoid the cost.

FTC Looks to Update the Negative Option Rule

You know who might be interested in John’s experience? The Federal Trade Commission (FTC). The FTC’s mission is “protecting the public from deceptive or unfair business practices and from unfair methods of competition through law enforcement, advocacy, research, and education.”

Since 1973, the FTC has been regulating the so-called “negative option” – a common practice used by businesses to earn revenue by acquiescence. Automatic renewals and free-to-pay conversions are two common examples of a negative option – where the consumer must affirmatively cancel, or the payment obligation will continue.

While this can be convenient for consumers, the negative option can also be abused.

The current Negative Option Rule applies only to pre-notification plans – which are far less common today. A pre-notification plan is like those old record clubs that sent advance notice that it intends to send the member a certain album. If the member did not want the album, they had a limited time to return a negative reply. If they were late, they were stuck with the album and the cost.

Now, the FTC is considering changes to modernize the Negative Option Rule. The proposed amendments can be viewed in their entirety on a Federal Register Notice published by the FTC, but here are three of the key proposals:

1. Companies would be required to spell out the details of the deal. This would include items such as: Payments will be recurring, if applicable; the deadline for stopping charges; exactly what consumers will have to pay; the date the charge will be submitted for payment; and information about how consumers can cancel.

2. Companies would be required to obtain express informed consent from consumers before recurring payments are authorized. 

3. Companies would be required to implement click-to-cancel. This makes it as easy to cancel as it is to enroll.

Impact on Security Companies

This begs the question whether the FTC will extend the Negative Option Rule to security companies. The answer is likely yes. Just like any other business, a security company that engages in a prohibited business practice is subject to regulation by the FTC.

At the same time, many players in the security industry require contracts with their customers. Assuming the contract spells out the basic terms and complies with FTC rules, then security companies may be able to insulate themselves from potential liability.

However, in the case where the contract has expired and the customer pays recurring charges month to month, a security company – like Security Company X – that makes it hard to cancel the service or otherwise fails to disclose important details of the deal may find itself on the wrong end of an FTC enforcement action.

Security Company X made it very difficult for John to cancel his service and even resumed charging him without notice. In the example, the company acquiesced to John’s objections and removed the charge; otherwise, when these proposed rule changes inevitably take effect, the FTC will come knocking.

Timothy J. Pastore, Esq., is a Partner in the New York office of Montgomery McCracken Walker & Rhoads LLP (www.mmwr.com), where he is Vice-Chair of the Litigation Department. Before entering private practice, Mr. Pastore was an officer and Judge Advocate General (JAG) in the U.S. Air Force and a Special Assistant U.S. Attorney with the U.S. Department of Justice. Reach him at (212) 551-7707 or by e-mail at [email protected].