Stored Payment Credentials and ROSCA: Lessons from FTC Uber Case

April 17, 2026

Stored Payment Credentials and ROSCA: Lessons from the FTC’s Uber Case

Shahin Rothermel, Ellen Traupman Berge Venable LLP + Follow Contact LinkedIn Facebook X ;) Embed

From one-click checkouts to autofilled payment fields, the modern payment experience is built on convenience. Consumers have come to expect that apps, websites, and even their mobile devices will seamlessly store and deploy their payment credentials with minimal friction. But beneath this ease lies a growing legal tension, particularly in subscriptions and automatic renewals programs, where sales and marketing laws require clear disclosures before obtaining the consumer’s billing information.

ROSCA Compliance and Subscription Disclosure Timing

The Federal Trade Commission’s (FTC) lawsuit against Uber Technologies illustrates how this tension plays out in practice. The case focuses on Uber’s “Uber One” subscription program and how subscription enrollment is embedded within an app ecosystem where users have already stored payment credentials for one-off transactions. Under the Restore Online Shoppers’ Confidence Act (ROSCA), material subscription terms must be disclosed before obtaining consumers’ billing information.

In denying Uber’s motion to dismiss, the U.S. District Court for the Northern District of California rejected Uber’s argument that ROSCA’s requirements were satisfied because consumers could use autofilled billing information already on file. Instead, the court signaled that the sequencing matters: disclosures must come before the use of billing information, not alongside or after it.

How the FTC Uber Lawsuit Shapes Compliance

The decision builds on prior cases emphasizing that ROSCA is not just about whether disclosures exist, but when and how they are presented. The court pointed to allegations that Uber displayed subscription terms on the same screen that authorized charges to a preexisting payment method and suggested that this “simultaneous” presentation may be insufficient unless companies take additional measures to strengthen disclosures and consent.

The decision does not go so far as to prohibit the use of stored payment credentials in subscription enrollments. But it reinforces the narrow and important point that timing is critical. The Uber case follows a similar ruling in the Western District of Washington, where the court held that presenting disclosures at the same time as obtaining consent to use stored payment information was insufficient under ROSCA.

Drawing on that precedent, the Uber court emphasized that showing subscription terms on the same screen that authorizes charges to a preexisting payment method may not meet the statute’s requirements. At the same time, the court suggested a possible path forward, noting that the analysis “might be different” if consumers were given a clear opportunity to affirmatively opt in to using stored payment credentials after reviewing the required disclosures.

Designing Lower-Risk Subscription Enrollment Flows

• Provide Disclosures Early and Before the Payment Is Selected. It is increasingly risky to present material terms while a pre-selected or default payment method is being used
• Affirmative Choice Matters. A separate step that asks consumers to confirm or select their payment method after reviewing disclosures might reduce risk. The issue seems to turn on whether consumers are given a meaningful opportunity to review disclosures before those credentials are used
• Context Matters. Courts are paying attention to the broader user experience, particularly where subscription offers are embedded in flows designed for one-time transactions These steps can reduce risk but considering courts’ extreme scrutiny and hypertextual reading of the law, any use of stored payment information to enroll someone in a subscription presents risk. And companies should be prepared to apply these requirements to upsells and reactivations

Learn more by checking out a recent webinar presented by Venable’s Autorenewal Solutions Team (VAST).

The Bottom Line

The decision makes clear that convenience features cannot override ROSCA’s sequencing requirements. The use of stored payment credentials remains permissible, but only if the enrollment flow ensures that consumers see—and have a real opportunity to act on—material terms before those credentials are used.

As enforcement and private litigation continue to focus on subscription practices, companies should review their sign-up flows with particular attention to timing, not just disclosure content.

;) ;) Report

Related Posts

• FTC v. Uber: California Court Allows Claims against Uber One Subscription to Proceed
• FTC Lawsuit Targets JustAnswer for Alleged ROSCA and Subscription Disclosure Violations
• FTC Targets “Merchant of Record” for Unlawful Payment Processing, TSR, and ROSCA Violations
• Vonage, Autorenewals, and the FTC’s Ever-Expanding Interpretation of ROSCA

Latest Posts

• Stored Payment Credentials and ROSCA: Lessons from the FTC’s Uber Case See more »

DISCLAIMER: Because of the generality of this update, the information provided herein may not be applicable in all situations and should not be acted upon without specific legal advice based on particular situations.
Attorney Advertising.

©
Venable LLP

Written by:

Venable LLP Contact + Follow Shahin Rothermel + Follow Ellen Traupman Berge + Follow more less

PUBLISH YOUR CONTENT ON JD SUPRA

• ✔ Increased readership
• ✔ Actionable analytics
• ✔ Ongoing writing guidance Join more than 70,000 authors publishing their insights on JD Supra

Start Publishing »

Published In:

Automatic Renewals + Follow Consumer Protection Laws + Follow Disclosure Requirements + Follow E-Commerce + Follow Enforcement Actions + Follow Federal Trade Commission (FTC) + Follow Mobile Payments + Follow Payment Processors + Follow Payment Systems + Follow ROSCA + Follow Subscription Services + Follow Unfair or Deceptive Trade Practices + Follow Antitrust & Trade Regulation + Follow General Business + Follow Consumer Protection + Follow Finance & Banking + Follow more less

Venable LLP on:

"My best business intelligence, in one easy email…"

Your first step to building a free, personalized, morning email brief covering pertinent authors and topics on JD Supra: Sign Up Log in ** By using the service, you signify your acceptance of JD Supra's Privacy Policy.* - hide - hide