Your CTIA & TCPA Compliance Guide and 10-Step SMS Compliance Checklist

In 2021, 54% of total eCommerce sales will be attributed to mobile commerce. More people are spending more time—and money on their mobile phones than ever before.

With high returns and a low margin for errors, you're probably looking at SMS marketing to be the next viable channel for your business to scale effortlessly this year. But you haven't had the time to get your hands dirty with the two major compliance laws: TCPA and CTIA.

Not to worry, we did it for you. Staying compliant to both the TCPA — and CTIA, are pretty easy when you've crossed your T's and dotted your i's. And it becomes even easier when you know exactly what to look for if you ever want to choose a compliant and effective SMS marketing platform for your business.

Let's take a deep dive.

What is TCPA and how does it apply to SMS Compliance?

If your business or your customer base is currently located within the US or Canada, you'll want to ensure you follow the applicable laws and legal requirements below.

The Telephone Consumer Protect Act (TCPA) came into effect in 1991. The main objective is to avoid SPAM violations, protect the recipients' data and privacy—applicable to unsolicited calls and texts to cell phones.

Fast forward to 2021, and brands are looking towards SMS marketing as the new channel to stay engaged with their customers and top of mind.

With statistics that look like these in the graphic below, it's no wonder SMS marketing is set to be the power channel for 2021.

Roughly three times more people are reading your text messages than opening their email newsletters. And with a near 100% open rate, you've got a message that's hard to ignore.

If this doesn't faze you, how many unread text messages do you have right now on your phone compared to unread emails in your inbox? We're guilty too.

So if you're thinking of adding an SMS channel to your business or doubling down on your efforts,  it's imperative to obtain consent to who you're about to send out text messages to.

For brands looking into using SMS marketing this year, Section 4 and 5 of the TCPA are where you'll need to zone in.

Here's what they are:

  • (4) The term “telephone solicitation” means the initiation of a telephone callor message for the purpose of encouraging the purchase or rental of, or investment in, property, goods, or services, which is transmitted to any person, but such term does not include a call or message (A) to any person with that person's prior express invitation or permission, (B) to any person with whom the caller has an established businessrelationship, or (C) by a tax-exempt nonprofit organization.
  • (5) The term “unsolicited advertisement” means any material advertising the commercial availability or quality of any property, goods, or services which is transmitted to any person without that person's prior express invitation or permission, in writing or otherwise.

In summary, the Telephone Consumer Protection Act is a piece of federal legislation designed to protect consumers’ right to privacy and effectively curb  "annoying"—and more specifically unwanted— telephone calls and texts.

You'll have to take note that the keyword here is "annoying". But first, let's understand the repercussions of non-compliant text messaging.

Alongside the risk of non-compliance, the cost of it to your business is high.

How much can you be fined for violating the TCPA?

There's no better way to say this but you will be fined a lot of money. The penalties for violating the TCPA can be severe.

Breaking the law can expose you to fines that range anywhere from $500 per violation to $1,500 per willful violation— this means you knew what you were doing was wrong. But you still did it anyway.

And these fines count per text message that you sent to each customer who:

  • Did not opt-in to receive your marketing text messages
  • Unsubscribed, but you did not honor it by taking them off your list

We don't mean to scare you, but some settlements have reached into the tens of millions of dollars. This is because these violations can add up pretty fast.

If you think of the ballpark number of subscribers that you currently have on your list, and you texted all of them without first gaining their express consent. Multiply that number with $500. Yikes. This is why having concrete processes in place is imperative if you're set on using SMS marketing for your store.

Violations can come from all types of companies at any stage of their business as long as you're sending out promotional text messages to customers.

Take these names for example:

  • In 2013, Domino's Pizza agreed to pay close to $10 million dollars when their consumers allegedly were receiving unsolicited marketing calls and promotional texts without consent.
  • In 2017, Dish Network was fined $341 million in damages for violating the TCPA and allegedly calling numbers listed in the Do Not Call registry.
  • Even Microsoft in 2015 which the court ruled in favor of the company.

After Microsoft's case, the ruling ushered in a new era that brands must make it crystal clear to consumers that:

  1. In the future, they will be receiving promotional text marketing messages from you
  2. Disclose this each time you collect information on mobile or phone number from your customers

Don't panic just yet. If you're struggling to remember if one or two text messages might have slipped through, it's technically not a high volume enough to count as a TCPA violation. Beyond that, you might.

Don't quote us here. But we do know enough to make sure we stay TCPA and CTIA compliant.

If everything sounds important to you right now, don't worry. We've got a clear and concise checklist at the end of this article. But first, let's move on to the subject of shortcodes.

What you need to know about CTIA

You may have heard of the term shortcodes and wondered what they are. Shortcodes allow consumers to clearly opt-in by texting a short string of 5-6 alphabets or digits to a specific number.

From the repercussions we discussed above, it's no wonder some companies have opted in favor of the use of shortcodes.

Shortcodes were created by the Cellular Telecommunications Industry Association (CTIA) and come with guidelines of their own. Unlike the TCPA, no fines are involved under the CTIA because their function is to serve as guidelines.

The CTIA regulates and enforces these rules through regular audits. And if you're found to be non-compliant, you'll be reported to the mobile carriers and risk your SMS marketing program being suspended or shut down until the issues are resolved.

In 2020, major mobile carriers like T-Mobile and AT&T removed the support of shared shortcodes in their terms and conditions. You can check out this 6-minute guide to walk you through the best usage for shortcodes and what the future of shortcodes looks like.

How do you become TCPA and CTIA compliant?

So let's get to how you can make sure none of these fines or service suspensions ever happen to you and your business.

3 Things You'll Need Before You Text Your Customers:

  1. General Customer Consent: There are three instances you'll need to obtain their consent before you send them conversational, informational, and transactional messages.
  2. Express Written Consent: You will need their express written consent only if you're sending them automated marketing and promotional text messages.
  3. An Option to Opt-Out anytime:  Allow your customers the autonomy to opt-out by revoking their consent, and stop receiving text messages from your business at any time they choose.

If you're using a fully conversational SMS platform means you'll need implied consent, which means more advantages to you and your business.

Conversational text messaging is defined through 1:1, two-way conversations that when a customer responds to your text or texts you first, then there is "reason to believe" that they've given you permission to contact them. Having a "conversation" over text means you won't need the more formalized express permission for automated marketing and promotional text messages.

The rule of thumb is, as long as you respond with relevant information and it's based on an already established casual relationship between you and your customer— you'll be able to send conversational messages to them on the basis of implied consent.

So let's go through how you can become TCPA and CTIA compliant below.

1. How to Collect Express Consent

According to TCPA compliance, it's imperative that the recipient of a message has given you prior express written consent in response to a clear and conspicuous disclosure that they are agreeing to receive:

  • (a) marketing/promotional messages from you
  • (b) messages sent by an autodialer
  • (c) their agreement to receive the message is not conditioned on any purchase

You must only send a text message only with prior Express Written Consent. And express consent can be obtained in writing via a physically signed agreement, a digitally signed agreement, or most commonly— an SMS opt-in.

This is when the user provides you with their number with the understanding that they will receive text messages. As a best practice, you can send them a text message to confirm that their number is real and that they consent to receive future text messages from your business.

For brands, you'll have a few ways you can collect your shoppers' phone numbers. So you'll need to make sure that for each of these opt-in points, you're aligned with the TCPA and you're clearly informing them of how you will use their information.

Importing Contacts

Express Written consent is not just for new contacts, it's for all contacts. So you'll need to make sure that each subscriber you have in your list had provided you with their phone number and given you their permission to text them.

Which brings us to our next point.

Don't Mistake Email Consent for SMS Consent

Can you text someone if you've already been sending them promotional emails with their consent? Absolutely not. Your email list and text list are two completely different channels of communication and consent are treated separately.

If somebody is on your email list, it does not necessarily mean you have consent to send them text messages as well. And this applies even if they provide their phone number when they subscribe to your emails.

In another scenario, if they've opted out of your email list but supplied their phone number. You still can't count this as gaining their express consent to send them text messages.

And the same goes for email consent, even if they've given you their mobile number with consent, it's not the same as implied email consent.

Remind them of their consent frequently

It's human nature to forget. Even if you've been texting them on the fly every other week. So in the subsequent text messages, it's always best practice to remind them:

  • Which company you're texting from
  • The content or promotional deals they've opted in for
  • The frequency of your incoming messages
  • Any additional carrier cost and fees
  • The option for them to request for help or opt-out of future texts

You should always store records of the Express Written Consent you collected for at least 4 years. This is the statute of limitations given by the TCPA.

Optimizing Your eCommerce Checkout

For eCommerce platforms like Shopify, collecting SMS numbers at the checkout in a way that complies with the TCPA is extremely easy. Consumers usually opt-in at the checkout of your eCommerce store because they expect to receive shipping and delivery updates over SMS.

So it's super important that you end up using their mobile numbers to do exactly just that.

Here's what you should include:

  • Display clear calls to action that you're requesting their phone number information
  • You're telling them exactly what they're signing up to receive

The language here is crucial as you'll need to explain to your subscribers what their number will be used for. So it's important that you're extremely clear here, here's an example of how to do it:

This guide provides step-by-step instructions to ensure you optimize your Shopify checkout to allow your customers to accept future marketing messages. Just follow these steps to make sure that you are operating within accepted guidelines, regardless of the number you are using to send SMS messages.

Optimizing Your Website Pop-Ups

Website pop-ups offer a really quick and easy way for your customers to opt-in as your subscribers. Here's where you can usually incentivize their opt-ins by offering them a welcome discount or even a great piece of content in exchange for their mobile information.

To set it up and start collecting your customers' consent, make sure you have these in your pop-up:

  • A link to your updated terms and conditions
  • Updated information on SMS marketing practices in your T&C's
  • A clear disclosure of what you'll be using their phone number for
  • Reassure them that their personal information will not be shared with anyone
  • A disclaimer that states that they can opt-out at any time in the future

Here's what you should do if anyone actually does opt-out from your subscriber list.

2. Automate and Honor Opt-Outs

Again, we stress that you should always provide an easy option for them to opt-out of receiving future text messages from you. This can be as simple as adding, "Reply 'STOP' to this text message if you no longer wish to receive messages from us" at the end of a text message.

It's similar to an "unsubscribe" in email marketing. But unlike emails, there's no link that customers can click on to seal the deal. You'll often be on the receiving end of mixed signals.

And this can spell stressful times ahead since honoring opt-outs is crucial to TCPA compliance.

You're communicating with real people on the other end of all the text messages you send so typos are bound to happen. Be prepared to recognize some of these less-than-clear replies you'll receive:

  • St0P
  • Stpo
  • Top
  • No
  • 🙅🏻
  • Remove my number, pls

Once you've determined that your customer truly wishes to stop receiving all future text messages from you, the next step is even more important.

Don't take too long to honor opt-out requests

You'll need to have the process in place to remove all "unsubscribers" from your text messaging lists as quickly as possible. The ideal turn around time is any time within 10 days is fine.

And unless a customer specifically opts back in by giving their express written consent once again, you can't send them any text messages in the future.

You'll also need to be aware that some customers will resort to other channels and request to remove their consent either by emailing, calling your support team, or commenting on and messaging you on your social media channels. Unlikely, but hey it happens.

To avoid paying a serious fine over mixed signals from your customers, why not reach out to your customers and ask them? Always choose an intuitive text marketing tool or platform that can ensure your customers' wishes are honored in a timely and concise manner in alignment with the TCPA and CTIA.

3. Long codes vs. Short Codes

In our brief explanation of what the CTIA stands for, we know that:

  • The TCPA doesn't have any involvement with SMS shortcodes
  • Shortcodes are regulated and governed by the CTIA through regular audits
  • The CTIA is made up of the top board of telecommunications companies and mobile carriers.

The CTIA represents the interests of the wireless mobile industry from a legislative standpoint.

What is an SMS short code?

Both shortcodes and long codes must be registered with the CTIA, and it takes about 24-48 hours for your registration to reflect in compliance with both the CTIA and TCPA.

There's an ongoing debate on the benefits and usages of long codes compared to shortcodes. At Cartloop, each brand has dedicated local phone numbers so your customers can reach out and have a single point of contact with you at any point of time.

4. Enable Full Disclosure

According to the TCPA guidelines, you'll need to be extremely clear on what their mobile or phone number information will be used for. Based on the CTIA guideliness, you're also required to let your shoppers know that data rates and additional carrier fees may apply to the text messages from your brand.

So here's the information you'll need to have:

  • Disclose the type of content they will receive and the frequency of text messages you'll be sending them
  • Be clear of what they're opting into
  • If they’re opting in to receive shipping confirmations, don’t send them marketing collateral about unrelated products they haven’t purchased
  • Make sure to inform them of any additional data rates and career fees in your text messages: Message and data rates may apply
  • Make sure to include and update this information in your website footer and privacy policy

5. Observe your customer's Quiet Hours

Do you remember the keyword we asked you to remember earlier, "annoying"? The objective of TCPA is to protect consumers, so don't annoy them. You'll need to make sure to only text them during their active hours.

The golden rule here is that if you don't want to receive a text at a certain hour chances are your customers won't either. Things get a little sticky when you have customers across different time zones.

Some text marketing platforms automate this for you by allowing you to set "Quiet Hours". So if you send a text message at 12 noon Pacific Time, it'll skip your customers in New York so they won't receive it at their witching hour of 3 a.m.

Cartloop merchants have the Quiet Period option enabled which prevents subscribers from receiving messages anytime between 9 PM to 10 AM.

If a message is triggered during these hours, its delivery will be delayed until quiet hours are over. And you won't end up in court by annoying them.

6. Always provide value, and avoid spam

So you've gotten this far to collect your customers' consent, they're subscribed and you want to start sending out your SMS marketing campaigns and recovering those abandoned carts!

There are a lot of ways to stay "top of mind". Spamming your customers is not the way to go about it. It just ruins your newly hard-earned trust and hurts your brand.

Here's one great example of how an Australian skincare brand gave their customers a friendly heads up that their favorite products were back in stock. Read the full case study here of how this single restock campaign made up to $174k in revenue and earned 30x in ROI for their brand.

What is Text Spam

Spam, spam texts or plain spamming can be classified as:

  • Unwanted text messages from an individual or company
  • Text messages containing irrelevant, inappropriate, or untimely content
  • Unsolicited text messages to people without consent, we already know by now that this is illegal

In short, any unwanted text message can be classified as spam. So always aim to provide value and forge closer relationships with your customers by providing instant support and keep a conversation alive.

Here are 5 conversational content ideas to try outside the usual sales campaign:

  • Personal recommendations
  • Up-sells and cross-sells
  • Welcome texts
  • Kind reminders
  • Reaching out to see if you can help

Which SMS tools and platforms can help you stay compliant?

Phew, we're nearing the end of this SMS compliance guide. But not to worry, there are SMS marketing platforms and tools that can do most of the legwork you'll need to stay TCPA and CTIA compliant.

Out of everything that's been said in this guide, here are the two areas you really should be focusing on:

  • How to gain more subscribers by collecting more phone numbers
  • How to keep them subscribed

Ideally, you'll need an SMS marketing platform that will allow you to focus on the good stuff for your business while taking care of the important stuff that keeps you compliant.

At Cartloop, we don't just make sure your SMS marketing stays TCPA and CTIA compliant, and more:

  1. Keeping it conversational
  2. Engaging with your shoppers with two-way campaigns
  3. A dedicated phone number for each of your customers
  4. Compliant and intuitive website pop-ups to collect subscribers
  5. Smart sending and Quiet Hours enabled to prevent sending texts at odd hours

When compliance is handled for you by a fully-serviced SMS marketing platform, you'll be able to avoid landing in hot soup with your customers and smacked with a huge sum in non-compliance fees.

You can always schedule a demo to see how we do things at Cartloop, and the best practices of SMS marketing that we practice below.

Observe the SMS Marketing Best Practices

  • Keep it short and always provide value
  • Choose a fully integrated and compliant SMS Marketing Service/Platform
  • Cap your SMS Frequency
  • Text During Normal Hours by Setting Quiet Hours
  • Text like a human

The power of SMS lies in how you wield it, and humanizing your customer journey doesn't have to be rocket science. It's about being adaptable to the times we're in.

We wrote a guide about how you can take your SMS marketing from invasive to personal here.

Your 10-Point Checklist for TCPA and CTIA compliance

If you're interested in SMS marketing for your business, here's a useful checklist that includes a quick round up of all the important points we mentioned throughout the guide:

  1. Never purchase a list of phone numbers.
  2. Follow the TCPA; get express written consent from every individual contact. Written permission may include electronic or digital forms of signature from a website or pop-up form, text message or email.
  3. Tell people what they’re signing up for, and how often you’ll text them in your Call to Action, at the Checkout, and in your Terms and Conditions. Remind them again over a text message
  4. Always aim to provide value in your messaging. Don’t send texts about illegal behaviour or substances like hate speech, nudity, or violence— you get the idea.
  5. Allowing your subscribers to opt-out of future SMS text messages and remove them from your list within a reasonable time frame
  6. Text during normal hours of 9 AM to 10 PM, and within the frequency you stated, i.e: "weekly updates".
  7. Confirm the phone number provided by the recipient is legitimate and correct.
  8. Capture an electronic record of the recipient’s consent. And maintain a record for up to 4 years.
  9. Follow the CTIA and disclose any additional message or data charges that may apply in your text message
  10. If faced between a more expensive SMS marketing platform and a cheaper one, always choose the TCPA and CTIA compliant SMS service

Right, so that's it! Whether you decide on taking on CTIA and TCPA compliance by yourself or looking to choose a trusted and compliant SMS marketing platform to help you, checklists are always helpful.

Jun-Li is a content person at Cartloop. When she's not writing a blog article, you can find her collecting a new hobby or doing yoga.

Get the conversational newsletter

Get the last blog posts the ecommerce industry directly in your inbox once a week.

Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.