SMS Compliance for Ecommerce

sms compliance checklist

Editor’s Note: This article was originally published on October 18th, 2020. This post is not meant to be taken as legal advice. Whenever beginning a new text messaging program, you should always consult with legal counsel to ensure you’re in compliance with all laws in the areas you do business (and where your customers live).

According to RescueTime, people spend an average of 45 ½ days each year looking at their phones. To put that into context, today is . Imagine being on your phone straight until . That’s how long, on average, people look at their phones each year.

Because of this, reaching your customers—and potential customers—through owned marketing channels like email and text messaging is more important than ever. In fact, text messages have an open rate of over 98%! The chances are extremely high that your text message will be read by your audience.

Knowing this, it’s unsurprising how many online businesses are turning to SMS messaging as a new marketing medium. Yet with great power comes great responsibility. If you’re thinking about adding this new communication channel, you need to understand the options, rules, regulations, consequences and personalization principles. We’ve detailed how to successfully adopt SMS for your business below. First, let’s level set on the types of SMS and the rules and regulations around sending text messages to your customers.

Types of SMS Messages

If you’re considering adding text messaging to your marketing strategy, you should learn more about the different types of messages you can send, and how they compare.

P2P Text Messaging

P2P text message stands for “person-to-person” text messaging, and is the most common form of text messaging between individuals. This could be anything from you texting your friend dinner plans, to a customer support rep at your company texting an ‘issue resolved’ message to a customer. P2P text messages send from one mobile phone to another. It is important to note that wireless carriers will treat P2P traffic differently from A2P traffic (more on this below.) P2P typically has a limit of one message per second per phone number.

A2P Text Messaging

A2P stands for “Application-to-person” text messaging. This is any kind of text message that is sent from an application, such as Klaviyo. These text messages are subject to local rules and regulations. Commonly, short codes are used to send these types of text messages. Some examples of A2P SMS include shipping notifications, critical alerts, SMS-based two-factor authentication, booking confirmations, and marketing notifications. This can include automated messages set to send as part of a marketing campaign, or can be triggered by a user such as a password reset request code. A2P allows for a higher volume of messages to be sent per second.

US SMS Compliance Law FAQs

Text messaging laws vary by country, and the laws covered in this article are specifically around US laws. If your business is located in another country, or you have customers in other countries, you will want to ensure you follow all applicable laws and SMS legal requirements in the areas where you do business. In order to avoid SPAM violations, it’s important to understand what spam is, as well as the laws that regulate telemarketing spam (TCPA) and the organizations that help protect consumers from spam (CTIA).

What is Text Spam?

Spam texts are any unwanted messages sent from an individual or company, often containing irrelevant, inappropriate, or untimely content. They are often sent to a large number of recipients, but don’t need to be; any unwanted message can be classified as spam. In addition to being annoying, it is also illegal to send unsolicited text messages to people without their consent, and the fines can be heavy. This is why obtaining consent is so important.

What is TCPA?

TCPA stands for the Telephone Consumer Protection Act. The telemarketing law dates back to 1991 and covers the use of automated telephone communications, including phone calls, voicemails, fax machines (does anybody still use these?), as well as text messages. Text messages are considered transactions similar to phone calls, which is why they are covered under the TCPA. Under TCPA, sending spam text messages is illegal and can result in fines starting at $500 per infringement, and reaching as high as $1,500 (more on this below in the penalties and violations section).

TCPA defines spam text messages as any “unsolicited advertisement” that communicates the commercial availability of a product, good, or service to a person without their prior express approval or permission, whether in writing or otherwise. This is why the double opt-in process is so important. Double opt-in text messages help:
– Confirm the phone number provided by the recipient is legitimate and correct.
– Capture an electronic record of the recipient’s consent.
– Provide a way for the person to opt out.

What is CTIA?

CTIA is the Cellular Telecommunications Industry Association. The CTIA is a trade organization run by wireless companies such as AT&T, Verizon, and many more. It is not a law or government-run organization like the FCC, and has no legal authority. You cannot be sued for not following CTIA guidelines.

In addition, the CTIA established the common short code system, which is how the majority of businesses send marketing text messages to their customers and prospects. They also established a list of rules that businesses must follow. If found to be in violation of these rules, the CTIA will report you to the mobile carriers, who may shut down or suspend your access to their customers until you resolve the issue.

What is the best way to acquire proper consent?

Now that you know the rules, it’s time to discuss how to successfully, and legally, implement SMS. First off—you cannot and should not text anybody without their express permission to receive text messages from you. So, if you have their phone number, but do not have their explicit consent to receive messages from you, then you should NOT send them text messages. Once you have their permission, you should always send a message confirming their opt-in status, and provide an explanation for how they can opt out. This can be as simple as telling them to reply “STOP” if they ever choose to stop receiving texts from you.

Here are five steps you can follow to ensure you are always collecting phone numbers and communicating via SMS in a compliant manner.

1. Consent must be obtained in writing via a physically signed agreement, a digitally signed agreement, or most commonly, an SMS opt-in. An opt-in text message is one in which the user provides you with their number with the understanding that they will receive text messages. During this process, you then send them a text message to confirm that their number is real and that they consent to receive future text messages from your business.

2. Disclose that the person will be contacted in the future by text messaging of a certain type of content.

3. It is helpful to disclose the type of content they will receive and the frequency.

4. Store consent for at least four years, which is the statute of limitations given by TCPA.

5. In subsequent text messages, it is considered a best practice to mention your company by name, the content/offer aligned with what they opted in for, the frequency of messages, possible carrier costs and fees, and an option for them to request help or opt out of future texts.

If my customers already consent to receive email, can I skip this?

No. If somebody is on your email list, it does not necessarily mean you have consent to send them text messages as well—even if they provide their phone number when they subscribe to your emails. Vice versa, if somebody consents to receive text messages from you, it does not necessarily imply email consent. Your email list and text list consent should be kept separate.

What if my customers opt out of future SMS text messages? How long do I have to honor opt-out requests?

It’s important to note that the most common way for people to remove consent is to reply “stop” to any text message you send. However, you should be aware that some people may request to remove consent via other avenues, such as by emailing or calling your customer support team, or even contacting you via social media channels.

You should have processes in place to remove these people from your text messaging lists as quickly as possible, ideally within 10 days. Unless somebody specifically opts back in, you should not send them text messages at all in the future.

Why You Need to Understand SMS Compliance

Anytime you communicate with a customer or potential customer, your customer will form an impression of your brand in their mind. Wouldn’t you rather they associate your brand with being friendly, helpful, and informative vs. needy, overbearing, and annoying? Yeah, that’s what we thought…

Aside from representing your brand in the way you want to be perceived, following the SMS compliance guidelines is important, because the fines and penalties can cost you tens of thousands of dollars.

Penalties & Fines for Violations

The penalties for violating the TCPA can be severe. This can range anywhere from $500 per violation to $1,500 per willful violation (meaning you knew what you were doing was wrong, yet did it anyways). Some settlements have reached into the tens of millions of dollars. These violations can add up fast, which is why having concrete processes in place is of paramount importance. If you think of how many people you have on your list, imagine if you texted all of them without express consent at $500 per person. That would be quite a large fine to pay!

You should always have an attorney review your entire texting policy and process. This will help ensure you remain in compliance. In addition, it’s important to invest in training for any employees who engage with customers via texting. This should cover staff dealing with customers both directly (think of a 1:1 communication between a user and your support rep) and indirectly (think marketing team members sending promotional texting campaigns). Of course, you’ll also want a reliable software provider (like Klaviyo!) that can manage the backend and maintain your compliance. Your provider should capture and store records of those who consent, opt out, and much more.

SMS Compliance Best Practices Checklist

We’ve covered a lot in this post so to make it easy on you—here are eight rules of thumb when maintaining SMS compliance:

1. Always obtain express consent before texting anybody. Even if they have opted into your email list and you have their phone number from a signup form, it does not mean they consent to receive text messages from you.
2. Always provide an automated way for them to opt out at anytime: This can be as simple as replying ‘stop’ to a text message that you sent them.
3. Be clear about what they’re opting into. If they’re opting in to receive shipping confirmations, don’t send them marketing collateral about unrelated products they haven’t purchased.
4. Provide value: If your text messages aren’t helpful, your subscribers will probably opt out. Provide something of value, whether it’s a discount code, a link to helpful content, or notifications relevant to something they’ve purchased.
5. Avoid acronyms and shorthand: Not everyone will be savvy to common acronyms like lol or ty. In addition, it could make your brand look unprofessional.
6. Cap your frequency: Ensure you have mechanisms in place to prevent recipients from receiving too many text messages within a short timeframe. If you’re sending individuals more than one or two texts per day, or 4-5 a week, you’re likely sending too many and risk that person opting out.
7. Text during normal hours: Nobody wants to receive a marketing text message at 2am on a Wednesday or 9pm on a Saturday night. In addition, if you have customers in different time zones, you’ll want to take timezone into consideration. A “Good Morning, [name]” text sent at 11am Pacific Time won’t make sense to somebody reading it on the east coast at 2pm!
8. Always be measuring: Every text campaign or automation should be continuously measured to ensure you’re not losing subscribers and that they’re taking the desired action. While you can’t measure open rates like you can with email, aim for your click rates (for text messages that have links) to be at or above the average of 45%.


How Klaviyo Handles Text Message Consent

Klaviyo automatically collects and stores consent on a customer’s profile. Any time a person subscribes or unsubscribes, it’s tracked and displayed prominently on their customer profile. The profile will show when and how the action took place. For example, when someone subscribes to your SMS updates on Tuesday at 3:23 PM via your BigCommerce checkout page and then unsubscribes 3 months later on a Wednesday at 11:08 AM, those actions will both be tracked and stored on the profile. As a result, you have a continually-up-to-date subscriber list along with the necessary information to know who and how people are joining your SMS list. You can then use segmentation to send text messages to only those who have asked to receive them. In the end, each individual subscriber profile keeps a running tally, displaying when and how they decided to subscribe and unsubscribe from your SMS messages.

Additionally, Klaviyo provides the Klaviyo Form Builder to help you collect phone numbers from your customer base. When building the form, you can quickly drag in a phone number field and Klaviyo will ensure the number is formatted correctly. You then have the freedom to add messaging to explain what the customer should expect from future text messages. For example, you may choose to use SMS to let people know in advance about new products coming out or you may want to use it more for order and shipping tracking. No matter what you choose to do, you can be clear with your intentions before anyone signs up.

The Klaviyo SMS Advantage

There are a few advantages of using Klaviyo for your SMS sending. First, Klaviyo gets you set up quickly. Once you sign up, you can start sending SMS in just a few clicks. Klaviyo will handle all the back-end setup provisioning of a long number (you can also set up a short code but that will take a little longer) so you can begin sending text messages without the wait. Secondly, many ecommerce stores use a separate point solution to send text messages. Klaviyo offers a solution for you to send both emails and texts from one platform—allowing you to consolidate communications and reduce costs. Third, Klaviyo is well-known for a best-in-class segmentation feature that allows you to pinpoint the exact right audience for every message. The best part about SMS in Klaviyo is you’ll be able to leverage the same powerful segmentation engine to send super-targeted text messages to your customers.

Final thoughts

SMS is a great way to reach your audience in a timely and efficient manner, when done properly. By following the steps outlined in this article, you should be well on your way to a successful text messaging cadence for your business.

Not currently texting your customers? Learn more about Klaviyo’s new SMS offering by clicking the link below. Take ownership of your customer communication through highly targeted and personalized text messaging and email campaigns.



Glossary and Acronyms

Text message: A message, typically limited to 160 characters, sent from a mobile phone or web application to a recipients mobile device.
SMS: Short Message Service, this is the same thing as a “text message” in the context of this article.
MMS: Multimedia messaging service. This is a type of text message that can also include non-text data, such as pictures, audio, or video.
P2P messaging: Peer to peer messaging, such as an SMS sent from one mobile phone directly to another mobile phone
A2P messaging: Application to peer messaging, such as sending an automated shipping confirmation text from Klaviyo to a customer who placed an order.
TCPA: Telecommunication Consumer Protection Act. A law enacted in 1991 to regulate telemarketing, including phone, voicemail, and text message communications.
CTIA: Cellular Telecommunications Industry Association. A trade association made up of mobile carriers such as AT&T, Verizon, T-Mobile, and many more.
Opt-In: A mechanism for a customer to indicate that they wish to receive communications from you in a particular format, such as SMS. Opt-in pages should include frequency, type of content, and an explanation of how to opt-out.
Opt-Out: A mechanism for a customer to indicate that they no longer wish to receive communications from you.
MMA: Mobile marketing association. A group whose mission is to enable marketers to drive innovation and enduring business value in an increasingly mobile connected world. They published their own set of guidelines which runs in close parallel to the CTIA.
CSC: Common short code. A five or six digit long number which is unique to the individual operator. Example: “Text “WIN” to 94812 for a chance to win a trip to Spain”)
CTA: Call to action, such as to click a link or respond to a text.
Short URL / URL Shortener: A URL that redirects to a longer url, such as a link redirecting to your full website domain with subdirectories. This is useful for SMS where characters are limited to 160.
Consent: An explicit affirmation from a customer to receive communications from your business.
Wireless Carrier: A company such as AT&T or Verizon that provides mobile calling and texting services.

Back to Blog Home
Get email marketing insights delivered straight to your inbox.