CTIA Compliance

Industry Standards for U.S. Short Code Advertisements and Opt-in forms

To make your short code campaign compliant with Smart Lead Capture requirements, your company is required to comply with carrier compliance requirements, industry standards, and applicable law.

Industry standards require specific information be included wherever the short code is advertised, or where individuals are invited to sign up for short code messages. This can be paper forms, web pages or any other method through which the individual submits their phone number and will receive a message from a short code as a result.

Advertisements and opt-in forms are also known as Calls to Action, or CTAs. The wording of your short code CTA will vary depending on the sign-up method, since it tells users how to opt in to a short code campaign.  In developing your CTA, you should review the CTIA Short Code Monitoring Handbook, and the MMA’s Global Code of Conduct and Best Practices Guide.  As a courtesy, we’ve provide some example CTAs below.

An SMS Smart Capture Code Call to Action, for example, might look like this:

TEXT {Smart Capture Code} TO ##### TO SIGN UP FOR ALERTS.

For all sign up methods, the following language (with your information in the blanks) must appear wherever the short code is advertised (on the web, in print, etc):

MESSAGE AND DATA RATES MAY APPLY. {MESSAGE FREQUENCY}. TEXT HELP TO 54561 FOR HELP. TEXT STOP TO 54561 TO CANCEL. FOR TERMS: {URL TO SMS TERMS OF SERVICE}. FOR PRIVACY: {URL TO PRIVACY POLICY}

Keep the following points in mind when writing your Call to Action:

  • Message frequency must be specific, for example: “1 message/day” or “4 messages/month.” If the message frequency is dependent on the user, use “1 message/user request”.
  • You should have a privacy policy that applies to and addresses your text messaging campaign.  It should include an accurate description of your campaign and how you will handle data in connection with that campaign.  You should make that privacy policy accessible from your CTA and the privacy policy link should be labeled clearly. You should consult with your legal counsel to ensure that your privacy policy includes all legally-required notices with respect to your campaign.
  • You should also link to the terms and conditions that apply to your text messaging campaign in your CTA.  The terms should be provide accurate information details about your text messaging campaign and how it will work.  You should consult with your legal counsel to ensure that the terms and conditions provide the proper disclosures with respect to your particular campaign.
  • STOP” must appear in bold anywhere it is displayed.
  • Depending on the nature of your text messaging campaign, your CTA may require additional language to be compliant with applicable law.

The above is based on industry standards for short code service.  You should expect that your short code campaign will be audited at some point by a carrier or industry organization.  In our experience, U.S. short code campaigns are typically audited for compliance with the CTIA Short Code Monitoring Handbook.  Nonetheless, please note that each carrier reserves the right to suspend short code service for any user at any time, so compliance with the above guidelines is not a guarantee against suspension of service by a carrier.

In addition, there may be requirements for your CTA under applicable laws and regulations.  Which laws and regulations apply will depend on the particulars of your text messaging campaign.  You should consult with your legal counsel regarding any  legal compliance requirements, as well as any question regarding how the industry standards apply to your text messaging campaign.

Industry standards for opt-ins for U.S. short codes

One key compliance requirement is ensuring that the recipients of your text messages (your recipients) have expressly consented or “opted-in” to receiving text messages as part of your campaign. There are several ways that your recipients  can opt-in to receiving messages from you as part of your text messaging campaign. In each case, however, your campaign’s opt-in message flow must meet compliance standards set by the law, industry standards, and wireless carriers. The industry compliance standards for U.S. short code opt-ins can be found in the CTIA Short Code Monitoring Handbook.  As a courtesy, we’ve outlined them below.

Handset Opt-In: Sending a text message from a mobile phone to a short code

When a recipient signs up from a mobile handset, a double opt-in process is advised, but not required. The message flow might look like this:

Recipient: {Smart Capture Code}
Short code: Welcome to {Campaign Name} {Description} Alerts! Msg&data rates may apply.  {Message frequency} Reply HELP for help, STOP to cancel.

  • The “description” should be a single word to define the kind of alerts, e.g. “Account Alerts,” “News Alerts,” “Promo Alerts,” etc.
  • The message frequency must be specific, but can be any interval, for example: “1 message per day,” “4 messages per month,” “2 messages per transaction,” etc. If the message frequency will vary based on user interaction, “1 message/user request” is standard.

Non-Handset Opt-in: Asking to receive text messages and giving your mobile number to a website, mobile app, paper form, via verbal agreement, or otherwise opting in without using a handset.

When a recipient initially signs up by any means other than from a mobile handset, a double opt-in process may be used but is no longer required for recurring message programs.  The message flow might look like this:

(Recipient signs up without using mobile handset, and receives a text message from the short code asking to confirm opt-in)

Short code: Text YES to join {Campaign Name} {Description} Alerts. Msg&data rates may apply. {Message frequency} Reply HELP for help, STOP to cancel.
Recipient:YES
Short code: Welcome to {Campaign Name} {Description} Alerts! Msg&data rates may apply.  {Message frequency} Reply HELP for help, STOP to cancel.

Note: Rather than confirming opt-in with a text message Smart Capture Code such as YES, recipients may confirm by entering a verification code online instead. Once the verification code has been entered, a compliant welcome message must be sent to the handset.

These guidelines are based on industry standards. We recommend that your review the full set of standards outlined in the CTIA Short Code Monitoring Handbook.  You should expect that your short code campaign will be audited at some point by a carrier or industry organization.  In our experience, U.S. short code campaigns are typically audited for compliance with the CTIA Short Code Monitoring Handbook.  Nonetheless, please note that each carrier reserves the right to suspend short code service for any user at any time, so compliance with the above guidelines is not a guarantee against suspension of service by a carrier.

In addition to the wireless carrier compliance standards, there may be compliance requirements under U.S. law, including the Telephone Consumers Protection Act of 1991 (TCPA) or the Healthcare Insurance Portability and Accountability Act (HIPAA), depending on the nature of your text messaging campaign.  These requirements may include things such as ensuring that the consent you receive from your recipients is in writing or ensuring that use of your services is not conditioned upon consenting to receive your text messages, or both. The specific legal compliance requirements will depend on the details of your text message campaign, and you should consult with your legal counsel to ensure that your text messaging campaign complies with the wireless carriers standards, industry standards, and with the law applicable to your campaign.