New guidance on consent to charge aims to build consumers’ trust and confidence in the market

13 February 2020, Simon Towler, Director of Policy and External Relations


Today, we’ve introduced revised guidance to ensure that providers obtain robust and informed consumer consent to be charged, and that payment platforms operate to a high standard.

Building consumer trust in the market

We put consumer interests at the heart of everything we do – and we expect providers of phone-paid services to take the same approach, especially when charging consumers.

Our Code of Practice, specifically rule 2.3.3, makes clear that consumers must only be charged for phone-paid services with their consent, and that Level 2 providers must be able to provide evidence which establishes that consent. We will take enforcement action against providers who flout this rule – for examples of this see here, or see our most recent adjudication here.

Our latest guidance aims to make clear to providers what they need to do to ensure that breaches don’t occur in the first place. As is true with all our work, we also hope this guidance will help build consumer trust in the market and make consumers feel more confident when purchasing phone-paid services.

Making sure our new guidance meets its aims

The Guidance incorporates recommendations made by an independent security expert on technical standards, staffing and training, risk control, and about the security of providers’ platforms, to ensure consumers’ consent is collected and stored appropriately.

We used these recommendations and other considerations to draft guidance, which we then consulted on. To ensure our new guidance is fit for purpose and meets its aims, we looked to the evidence-based regulatory changes we’ve made in other areas to meet consumer expectations, build trust and ensure they’re protected from harm in the market.

Our revised guidance

As part of our consultation, we received a number of responses that suggested that we needed to be more flexible in certain areas (such as around staffing and training expectations) and to be clearer that some of the technical standards we set out could be met in a number of different ways. We carefully considered these responses and made changes to the final guidance which respond to the points raised. The Guidance now offers greater flexibility in how providers can meet the expectations, while making it clear that industry needs to meet high standards in relation to security and obtaining robust and informed consent to be charged from consumers.

Following this full consultation, we’ve today released our updated guidance. This sets out: 

  • clear definitions of informed and robust consent, and how this should be obtained
  • the platform security measures that we recommend providers have in place
  • recommendations and examples of the types of skills and experience that security staff working in this area should have.

We hope this new guidance brings clarity and builds consumers’ confidence in the market. We will continue to monitor the market closely to ensure our regulation is operating effectively.