CITIA Latest Short Code Monitoring Handbook 3/27/2017
CITIA
Short Code Monitoring Program
Short Code Monitoring Handbook
Version 1.7
Effective Date March 27, 2017
INTRODUCTION
CTIA and its member companies work to protect consumers while fostering a competitive environment for shortcode programs. We aim to
■ Provide consumers the best possible user experience;
■ Honor consumer choices and prevent abuse of messaging platforms;
■ Deliver flexible guidelines that communicate compliance values clearly;
■ Enable the short code industry to self-regulate; and
■ Facilitate enforcement measures, if necessary, to protect consumers quickly and consistently.
The Short Code Compliance Handbook (Handbook) guidelines lay the framework for achieving these goals, butCTIA reserves the right to take action against any short code program deemed to cause consumer harm.
The Handbook is not intended as a comprehensive guide to compliance with laws and regulations that apply toshort code programs. Service providers are responsible for meeting legal requirements that apply to short codeprograms they offer, and CTIA and its members make no representation that meeting the guidelines in this
Handbook is sufficient to assure legal compliance. Consultation with legal counsel is recommended stronglly.
ABOUT THIS HANDBOOK
This Handbook describes best practices for standard rate messaging services (SMS), multimedia messagingservices (MMS), and free-to-end user (FTEU) short code programs with the primary goal of providing the best
customer experience for users. Handbook guidelines do not define rules for programs that bill consumers.
Guidelines are organized according to use cases that apply. Examples of compliant programs are organized byuse case in the appendice
Carriers reserve the right to implement their own short code program requirements beyond the scope of this Handbook. However, all carriers have reviewed and accepted the Handbook’s content.
This Handbook is divided into the following sections: Compliance Framework, In-Market Monitoring Guide, Audit
Standards Guide, and Audit Standards. In addition, Appendix A and Appendix B detail sample compliant
programs, and Appendix C describes common terms.
REFERENCES
Drawing from experience working with short code programs, the guidelines evolve continually. Handbook vl .7 is
based on the following:
■ Mobile Marketing Association’s Consumer Best Practices v7.0,
■ CTIA Mobile Compliance Assurance Handbook vl .3,
■ California Attorney General Kamala D. Harris’s “Privacy on the Go: Recommendations for the Mobile
Ecosystem” best practices,
■ Telephone Consumer Protection Act (TCPA),2
■ Florida Attorney General’s requirements for mobile content,
■ A2P (application-to-person) community feedback, and
■ Carrier requirements
COMPLIANCE FRAMEWORK
This section offers direction regarding compliance of short code programs, including guidelines and requirements.
Nonetheless, following this handbook is no guarantee that a short code program is compliant. Short code
programs might also need to comply with individual carrier requirements.
UNIVERSAL COMPLIANCE PRINCIPLES
CTIA requires all short code programs to comply with a basic code of conduct that promotes the best possible
user experience. As new uses for short codes emerge, the guiding principles in section A.1 should be considered
when defining applicable rules. Short code programs that comply technically with the letter of a specific rule but
violate the letter or spirit of these principles might be subject to enforcement action.
A.1 GUIDING PRINCIPLES
Four principles provide the baseline for all requirements listed below
1. Display clear calls-to-action. All programs must display a clear call-to-action. Customers must be made
aware of what exactly they are signing up to receive.
2. Offer clear opt-in mechanisms. Customers must consent clearly to opt into all recurring-messages
programs. Requiring a customer to enter a mobile phone number does not constitute a compliant opt-in.
Instead, customers must understand they will receive messages and consent to receive them.
3. Send opt-in confirmation messages. A confirmation message must be sent to customers always. For
recurring-messages programs, confirmation messages must include clear opt-out instructions.
4. Acknowledge opt-out requests. Short code service providers must acknowledge and act on all opt-out
requests. Monitoring procedures confirm successful opt-out.
A.2 CHOICE AND CONSENT
Short code programs are expected to deliver sufficient value so consumers elect to participate with full
transparency into the delivery conditions.
A.2.01 UNSOLICITED MESSAGES
Unsolicited messages may not be transmitted using short codes. Unsolicited messages are defined as follows:
■ Messages delivered without prior express consent from the user or account holder, and
■ Messages sent after a user has opted out.
A.2.02 MARKETING CONTEXT
No component of program advertising or messaging may be deceptive about the underlying program’s
functionality, features, or content. All disclosures present in pre-purchase calls-to-action, advertisements, terms
and conditions, and messages must remain clear and consistent throughout the user experience.
A.2.03 OPT-IN
Messages must be delivered to a consumer’s mobile device only after the user has opted in to receive them. A
user might indicate interest in a program in several ways. For example, a user might
■ Enter a phone number online,
■ Click a button on a mobile webpage,
■ Send an MO message containing an advertising keyword,
3 Sending the user a single opt-out message acknowledging the opt-out request is the only exception to this rule.
■ Sign up at a point-of-sale (POS) location, or
■ Opt in over the phone using interactive voice response (IVR) technology.
Calls-to-action must be clear and accurate; consent must not be obtained through deceptive means. For example,
opt-in details cannot be displayed obscurely in terms and conditions related to other services. Enrolling a user in
multiple short code programs based on a single in is prohibited, even when all programs operate on the same
short code.
Recurring-messages short code programs should send a single opt-in confirmation message that displays
information verifying the customer’s enrollment in the identified program. The opt-in confirmation message must
be delivered immediately after the customer opts into the program. For POS and hardcopy opt-ins, the opt-in
confirmation message must be delivered as soon as is reasonably possible after the customer opts into the
program. Additionally, opt-in messages must contain the program (brand) name or product description, customer
care contact information, opt-out instructions, product quantity or recurring-messages program disclosure, and the
“message and data rates may apply” disclosure.
The opt-in for all short code programs must comply with all legal and regulatory requirements, including the
Telephone Consumer Protection Act, 47 U.S.C. § 227, and the Federal Communication Commission’s rules under
47 C.F.R. § 64.1200. For example, the express written consent obtained for any program that is “telemarketing”
[as defined by 47 C.F.R. § 64.1200(f)(14)] must, unless exempt from the requirement, include the elements of
“prior express written consent” set forth in 47 C.F.R. § 64.1200(f)(8). That rule requires a clear and conspicuous
disclosure informing the user that:
■ By opting in, the user authorizes the seller to deliver or cause to be delivered to the user marketing
messages using an automatic telephone dialing system; and
■ The user is not required to opt in (directly or indirectly) as a condition of purchasing any property, goods,
or services.
Legacy double optin (i.e., mobile device confirmation) methods remain acceptable options to obtain express consumer consent.
A.2.04 OPT-OUT
Functioning opt-out mechanisms are crucial for all text messaging programs. Programs must always acknowledge
and respect customers’ requests to opt out of programs. However, depending on the use case, some short code
programs are not required to advertise opt-out instructions. Short code programs must respond to, at a minimum,
the universal keywords STOP, END, CANCEL, UNSUBSCRIBE, and OUIT by sending an opt-out message and, if
the user is subscribed, by opting the user out of the program. Subsequent text, punctuation, capitalization, or
some combination thereof must not interfere with opt-out keyword functionality.
Recurring-messages programs must also display opt-out instructions at program opt-in and at regular intervals in
content or service messages, at least once per month. Opt-out information must be displayed on the
advertisement or within the terms and conditions.4 A program may deliver one final message to confirm a user
has opted out successfully, but no additional messages may be sent after the user indicates a desire to cancel a
short code program.
A.3 CUSTOMER CARE
Customer care contact information must be clear and readily available to help users understand program details
as well as their status with the program. Customer care information should result in users’ receiving help.
Programs must always respond to customer care requests, regardless of whether the requestor is subscribed to
the program. At a minimum, the HELP keyword must return the program name and further information about howto contact service providers. Short code programs should promote customer care contact instructions at
program opt-in and at regular intervals in content or service messages, at least once per mon4 Opt-out information no longer need appear in bold typeface.
A.4 PROGRAM CONTENT
All content associated with short code programs must promote a positive user experience. Carriers regulate
certain types of content, including those listed in this section
A.4.01 UNAPPROVED OR ILLICIT CONTENT
No programs associated with carrier brands or operating on the carrier networks may promote unapproved or
illicit content, including the following:
■ Depictions or endorsements of violence,
■ Adult or otherwise inappropriate content,
■ Profanity or hate speech, and
■ Endorsement of illegal or illicit drugs.
Programs must operate according to all applicable federal and state laws and regulations. All content must be
appropriate for the intended audience. Additional legal and ethical obligations apply when marketing to children
under age 13, and such programs might be subject to additional review by carriers.
A.4.02 CONTROLLED SUBSTANCES
Promotions of controlled substances might be subject to additional review by carriers. Service providers must
receive explicit carrier approval before launching these program types. Marketing of hard alcohol and tobacco
brands must either include robust age verification (e.g., electronic confirmation of age and identity) at opt-in orestrict promotions to ageverified locations (e.g., points of sale in bars). Mobile programs must not promote theuse of controlled substances directly. Reference to the abuse of controlled substances is prohibited.
A.4.03 SWEEPSTAKES AND CONTESTS
Sweepstakes are characterized by the element of chance and the outcome of a prize. Both state and federal laws
regulate sweepstakes. Organizations considering a sweepstakes program are urged to consult with their legal
counsel before submitting a program for carrier approval. Carriers review sweepstakes individually and reserve
the right to approve or reject them at their discretion. Note that sweepstakes program review might take longer
than reviews of other program types. At a minimum, sweepstakes program providers should
■ Follow each carrier’s process and guidelines,
■ Provide the carrier with the sweepstakes rules for review,
■ Include a free method of entry, and
■ Consult with legal counsel.
A.4.04 CONTENT DELIVERY
Users should be informed of the next steps to download and store new content immediately after opt-in. Content
must be delivered correctly and must function as advertised.
A.5 PRIVACY POLICY AND TERMS AND CONDITIONS
Service providers are responsible for protecting the privacy of user information and must comply with applicable
privacy law. Service providers should maintain a privacy policy for all programs and make it accessible from the
initial call-to-action. When a privacy policy link is displayed, it should be labeled clearly.
Use cases might require different disclosures in the full terms and conditions. In all cases, terms and conditi and privacy policy disclosures must provide up-todate, accurate information about program details and
date, accurate information about program details and functionality.
A.6 PROGRAM NAME AND PRODUCT DESCRIPTION
Consistent program names and product descriptions in advertisements and messages help consumers connect
all parts of the short code experience. All short code programs are required to disclose program names, product
description, or both in service messages, on the call-to-action, and in the terms and conditions. The program
name is the sponsor of the short code program, often the brand name or company name associated with the short code. The product description describes the product advertised by the program.
A.7 PROGRAM RECORDS AND FUNCTIONALITY
Service providers assume responsibility for maintaining accurate records in carrier systems and the Common
Short Code Administration (CSCA) registry. Service providers wishing to modify a program must submit changes
to the carriers for review and must update relevant carrier records. Programs promoted in the market must matcthe programs approved.
A.7.01 CUSTOMER RECORDS
All opt-in and opt-out requests should be retained from the time a user initiates opt-in until a minimum of six
months after the user has opted out of a program. Service providers assume responsibility for managing
information about deactivated and recycled mobile phone numbers and must process this information within three business days of receipt. After porting a mobile phone number between carriers, the user must opt in again to
desired programs.
Service providers must track opt-in information by individual users. Selling mobile opt-in lists is prohibited.
A.7.02 MO MESSAGE PROCESSING
All mandatory keywords must be processed correctly, regardless of MO message format (e.g., keywords must
function whether sent by MMS or SMS). Service providers must scan MO message logs regularly to identify opt-
out attempts and must terminate those subscriptions, regardless of whether the subscribers used the correct opt-
out keywords or methods.
USE CASES
Because short code programs vary greatly, depending on their intended purpose, Handbook vl .5.0 was designed
with different use cases in mind. All short code programs based on the displayed use cases must comply with the
Universal Compliance Principles in addition to the specific guidelines described in this section.
A.8 SINGLE-MESSAGE PROGRAMS
Single-message programs, or “one-off programs, deliver a one-time message in response to user opt-in
requests. Examples of single-message programs include but are not limited to the following:
■ Informational alert,
■ Purchase receipt,
■ Delivery notification, and
■ Two-factor authentication.
An example of a compliant single-message program and associated message flow appears in Append6
Description Requirements Call-to-Action The call-to-action for a singlemessageprogram can be simple. The primary
messageprogram can be simple. The primary program can be simple. The primary program can be simple. The primary purpose of disclosures is to ensure a consumer consents to receive a text message and understands the nature of the program.
Product description Complete terms and conditions, link to terms and conditionsPrivacy policy or link to privacy policy
Privacy policy or link to privacy policy “Message and data rates may apply” disclosure Terms and Conditions
Comprehensive terms and conditions may
be presented in full beneath the call-to- action, or they be may accessible from a link in proximity to the call-to-action.5
Program (brand) identification
Product description
Customer care contact information
“Message and data rates may apply”
disclosure Opt-ln
The consumer must actively opt into single¬message programs.
Consumer’s affirmative opt-in Message Flow Although single-message programs are not
required to display HELP and STOPkeywords, they should support HELP and
STOP commands, as described in the Universal Compliance Principles.
Opt-ln Confirmation MT
■ Program (brand) name OR product description
HELP MT
■ Program (brand) name OR product description
■ Additional customer care contact information
Opt-Out MT
■ Program (brand) name OR product description
■ Confirmation that no further messages will be delivered
Exhibit 1: SINGLE-MESSAGE PROGRAM USE CASE QUICK REFERENCE GUIDE
A.9 RECURRING-MESSAGES PROGRAMS
A user opts into a recurring-messages program by texting a keyword to the program’s short code, entering his or
her mobile phone number online or agreeing in apps or in person to receive text messages. Examples of
recurring-messages programs include but are not limited to the following:
■ Content or informational alert subscriptions (e.g., horoscopes, news, weather),
■ Flight status notifications (multiple messages), and
■ Marketing and loyalty promotions.
An example of a compliant recurring-messages program call-to-action and associated message flow appears in
Appendix B.
Description
Requirements Call-to- Because of their ongoing touch points with
■ Product descriptionAction
consumers, recurring-messages programs
require the most disclosures among use
cases. The primary purpose of disclosures is
to ensure the consumer consents to receive
text messages and understands the nature
of the program.
■
■
■
Service delivery frequency or recurring-
messages disclosure
Complete terms and conditions, link to
complete terms and conditions
Privacy policy or link to privacy policy
■
STOP keyword
■
“Message and data rates may apply”
disclosure
Terms and
Conditions
Comprehensive terms and conditions might
be presented in full beneath the call-to-
action, or they might be accessible from a
link in proximity to the call-to-action.7
■
■
■
■
■
Program (brand) name
Service delivery frequency or recurring-
messages disclosure
Product description
Customer care contact information
Opt-out instructions
■
“Message and data rates may apply”
disclosure
Opt-ln
Consumers must provide prior express
written consent to enroll in all text message
programs (i.e., single-message programs or
recurring-messages programs). Recurring-
messages programs must send one
message confirming opt-in consent. Double
opt-in is optional.
■
Consumer’s affirmative opt-in
Message
Flow
Recurring-messages programs confirming
opt-in with a single text message MUST
state explicitly to which program the user
enrolled and provide clear opt-out
instructions in the Opt-ln Confirmation MT.
Opt-ln Confirmation MT
■ Program (brand) name OR product description
■ Opt-out information
■ Customer care contact information
■
Product quantity or recurring-messages
disclosure
■
“Message and data rates may apply”
disclosure
HELP MT
■
■
Program (brand) name OR product description
Additional customer care contact information
Opt-Out MT
■
Program (brand) name OR product description
■
Confirmation that no further messages will be
delivered
Exhibit 2: RECURRING-MESSAGES PROGRAM USE CASE QUICK REFERENCE GUIDE
Out-Out information may appear on a separate page in the terms and conditions.
Popups have been removed as a method for displaying terms and conditA.10
MACHINE-TO-MACHINE PROGRAMS
For machine-to-machine (M2M) short code programs, which should never interact with consumers, service
providers need only an updated program brief on file with the CSCA and the carriers.
A.11 PREMIUM RATE POLITICAL DONATION PROGRAMS
Premium rate short code programs that solicit political donations are subject to additional regulations, available at
http://www.ctia.org/policv-initiatives/voluntarv-guidelines/federal-political-campaign-contributions-wireless-carrier-
bill. Premium political donation programs also must conform to the premium SMS guidelines and audit standards
in the CTIA Mobile Commerce Compliance Handbook, vl.3.
A.12 PREMIUM RATE CHARITABLE DONATION PROGRAMS
Premium rate short code programs that solicit charitable donations are subject to additional regulations, available
at http://www.ctia.org/policv-initiatives/voluntarv-guidelines/mobile-giving-via-wireless-carrier%27s-bill. In addition,
premium charitable donation programs must to conform to the premium SMS guidelines and audit standards in
CTIA Mobile Commerce Compliance Handbook, vl.3.
A.13 FREE-TO-END-USER PROGRAMS
FTEU programs are subject to almost all of the same requirements as SMS short code programs. FTEU
programs must display a clear call-to-action, capture consumers’ affirmative opt-in, send an opt-in confirmation
message, and abide by customers’ requests to opt-out. However, all FTEU programs are exempt from displaying
“message and data rates may apply” in advertisements, terms and conditions, and messages.
A.14 MMS PROGRAMS
MMS programs are subject to the same requirements per use case as SMS short code programs. All mandatory
keywords must be processed correctly, regardless of MO format (e.g., keywords must function whether sent by
MMS or SMS). Service providers must scan MO logs regularly to identify opt-out attempts and must terminate
associated subscriptions, regardless of whether the subscribers used the correct opt-out keywords or methods.
A.15 INTERACTIVE CUSTOMER CARE CHAT PROGRAMS
Because rapid and direct communication between customers and customer care representatives is important,
many organizations now offer interactive customer care chat programs. Such communication makes obtaining
assistance with minimal delay easier and more convenient for customers. For example, customers replying with
the HELP keyword to a short code can be routed quickly to customer care, where they can chat directly with a
representative, without ever leaving their messaging application. Increasing prevalence of this communication
practice makes understanding the guidelines and limitations surrounding such programs more important than ever
for carriers. For organizations wishing to implement interactive customer care chat, such programs
■ May operate on dedicated short codes only;
■ May be used for communication with customer care representatives only; and
■ May not be used for marketing.
CARRIER ONBOARDING
CTIA is most concerned with short code programs as they interact with consumers through advertising and
service messaging. However, several facets of SMS programs happen behind the scenes. Recommended best
practices for onboarding new programs follow.9Carriers may maintain individual playbooks tailored to their customers’ needs and must sometimes respond to
emerging risks that fall outside the Handbook. Refer to carriers’ playbooks for onboarding information regarding
■ Program certification and migration processes,
■ Program brief details,
■ Advertising of controlled substances,
■ Sweepstakes approval processes, and
■ Marketing to children.
10 Definition
Cure Date
Penalties
Severity 0
Extreme consumer harm
Immediate
CTIA: Immediate registry suspension
Carriers: Vary by case; immediate suspension or termination possible
Severity 1 Serious consumer
harm
5 business days
CTIA: Unresolved audits; possible registry
suspension
Carriers: Vary by case
Severity 2
Moderate
consumer harm
5 business days
CTIA: Vary by case
Carriers: Vary by case
IN-MARKET MONITORING GUIDE
In this section, in-market monitoring, including details about audit notices, communication, retests, and appeals, is
explained.
COMPLIANCE AUDITS
The CTIA Compliance Assurance Solution employs data gathered via in-market monitoring. When programs are
deployed in market, the live programs are captured and audited. This method is more effective than program brief review or routine keyword testing because compliance audits reflect the user experience that actual consumers
encounter when they interact with short code programs in market.
CTIA issues compliance audits weekly for standard rate short codes leased with the CSCA. Compliance audits
performed by CTIA are available to all major U.S. carriers, and CTIA compliance metrics can be incorporated into
individual carrier compliance policies.
A.16 AUDIT NOTICES
CTIA distributes Audit Notices each week. Each audit notice displays a unique audit number, short code, service
provider, aggregator or aggregators, notice date, and cure date at the top. Individual violations are classified as
Severity 0, Severity 1, or Severity 2, based on their potential for consumer harm, with Severity 0 representing the
most extreme violations. Violations are based on the compliance guidelines outlined in the Compliance
Framework section of the Handbook. Taking the severity level of the gravest violation cited, a failed audit must be
resolved in the appropriate timeframe (i.e., before or on the cure date).
A.17 SCHEDULE
CTIA compiles and generates audit notices each Monday for audits performed the previous week, and audits are
published Tuesday at 2:00 A.M. EST. Although audits might be available for review earlier, the official notice date
from which the cure date is calculated is 12:00 P.M. EST each Tuesday.
A.18 SEVERITY LEVELS
All audit notices are assigned severity levels based on the extent to which the associated findings might harm
consumers. Cure dates and penalties vary based on severity, as detailed in Exhibit 3.
EXHIBIT 3: AUDIT NOTICE SEVERITIES DESCRIPTION
A.19 CTIA COMPLIANCE CARE TEAM COMMUNICATION
On receiving an audit notice, service providers may communicate with the CTIA compliance care team by leaving
a comment on the audit notice or contacting us.support@wmcglobal.com. The CTIA Compliance Care Team
(Care Team) responds promptly to all messages. Although Care Team specialists are unable to preapprove
compliant designs, they assist service providers as much as possible with understanding how to resolve violations
and close their audits.
A.20 RETESTS
Within the prescribed period following issuance of an audit notice, the responsible aggregator or service provider
must confirm on the audit notice that it has made changes to or has removed from market the offending
advertisement or message flow. Should the CTIA Compliance Care Team fail to receive confirmation or should
the service provider fail to take the actions required, the short code is subject to further action.
In the case of TV and print advertisements with longer run cycles, aggregators and service providers may submit
a retest request for a rerelease date. Retest requests must be made in good faith, with a clear explanation of the
changes implemented. Audits at this status are categorized as Pending Retest.
A.21 APPEALS
Aggregators and service providers that believe they have a valid claim may challenge an audit by contacting
us.support@wmcglobal.com before the cure date noted on the audit notice. The email message should explain
why the service provider deems the audit incorrect. Appeals must pertain to the application of violations cited on
the specific audit in question.
12
AUDIT STANDARDS GUIDE
The following pages display tables of audit standards by use case. Advertising audit standards apply to all
advertisements hosting calls-to-action for short code programs; message flow audit standards apply to required
service messages.
Message categories for which specific standards apply are marked with an “x” in the tables. Refer to the glossary
below for help with unfamiliar terms.
Opt-ln
Confirmation
Short code programs should send a single opt-in confirmation message displaying
information verifying the customer’s enrollment in the identified program and describing
how to opt out. The opt-in confirmation message must be delivered immediately after the
customer opts into the short code program. Additionally, opt-in messages must contain
the program (brand) name or product description, customer care contact information,
product quantity or recurring-messages program disclosure, and the “message and data
rates may apply” disclosure.
HELP
Message service providers send a HELP message after customers text the HELP
keyword. Short codes should reply with additional contact information to customer
requests for help.
Opt-Out
Message service providers send an opt-out message after customers text the STOP
keyword. The opt-out message confirms that the customer has been opted out of the
program.
Violation
Specific breach of the Universal Compliance Principles. Auditors check program
advertisements and service messages against lists of violations to identify
noncompliance.
Severity
Number representing the customer impact associated with a violation. Severity 0
violations impact customers most. Severity 2 violations are least customer impacting.
Action Required
Action or actions the responsible service provider must take to correct the associated
violation.
AUDIT STANDARDS
The audit standards listed below distill the principles listed in the narrative portion of the Handbook into test
scripts for monitoring. Advertising audit standards apply to media displaying short code calls-to-action. Message
flow audit standards apply to required service messages.
SINGLE-MESSAGE PROGRAMS
A.22 SINGLE-MESSAGE PROGRAM ADVERTISING AUDIT STANDARDS
A.23 SINGLE-MESSAGE PROGRAM MESSAGE FLOW AUDIT STANDARDS
14
Violation
Severity
Action Required
Contains or promotes SHAFT (sex, hate, alcohol, firearms,
or tobacco) content
0
Remove call-to-action associated with SHAFT (sex, hate,
alcohol, firearms, or tobacco) content
Fails to match approved program in CSC registry
1
Remove unapproved program elements or update CSC registry
No clear indication of privacy policy
1
Display privacy policy or clearly labeled link to privacy policy
No link to comprehensive T&Cs
1
Display link to comprehensive T&Cs
No product or service description
1
Describe product or service
Improper use of the term free
1
Remove the term free
Failure to display STOP keyword
1
Display STOP keyword8
No mention that messages are recurring
2
State that messages are recurring
No mention that message and data rates may apply
2
Disclose that message and data rates may apply
No customer care contact information9
2
Display toll-free helpline, email address, or HELP keyword
Violation
Severity
Action Required
Applicable Message
Opt-ln
Conf.
HELP
Opt-
Out
Contains or promotes SHAFT (sex,
hate, alcohol, firearms, or tobacco)
content
0
Remove call-to-action associated with
SHAFT (sex, hate, alcohol, firearms, or
tobacco) content
X
X
X
Fails to match approved program in
CSC registry
1
Remove unapproved program elements or
update CSC registry
X
X
X
Unsolicited message delivered
1
Cease all messaging associated with
program
X
X
X
Failure to display STOP keyword
1
Display STOP keyword
X
Incorrect response to STOP command
1
Terminate all of customer’s active programs
after he or she texts STOP, and send one
opt-out message
X
No indication that program is recurring
2
State that program is recurring
X
No product or program name
2
Display program or product name
X
X
X
No mention that message and data
rates may apply
2
Disclose that message and data rates may
apply
X
No customer care contact information
2
Display toll-free helpline, email address, or
HELP keyword10
X
Failure to reply to HELP keyword
2
Reply to HELP keyword with additional
contact information (e.g., a toll-free helpline
or email address)
X
RECURRING-MESSAGES PROGRAMS
A.24 RECURRING-MESSAGES PROGRAM ADVERTISING AUDIT STANDARDS
A.25 RECURRING-MESSAGES PROGRAM MESSAGE FLOW AUDIT STANDARDS
15
Violation
Severity
Action Required
Failure to match approved program in CSC registry
1
Remove unapproved program elements or update program
details in CSC registry
A.26 MACHINE-TO-MACHINE PROGRAM AUDIT STANDARDS
M2M programs, which should never interact with consumers, only need keep an updated program brief on file
with the CSCA and the carriers. If an M2M program is found advertising to consumers, it is subject to immediate
enforcement action.
16
APPENDIX A:
SAMPLE COMPLIANT SINGLE-MESSAGE PROGRAM
Exhibit Al: Sample Compliant Single-Message Advertisement
and Service Messages
Opt-ln Confirmation Message:
“Coupon King: Show this text at the register for 50%
off your next purchase!”
HELP Message:
“Thanks for texting Coupon King! Call 1-800-123-
4567 for support.”
Opt-Out Message:
“Coupon King: You will receive no further messages.”
Exhibit A2: Sample Compliant Single-Message Advertisement
and Service Messages
Opt-ln Confirmation Message:
“Mobile Confirm: Your passcode is 9876. Enter it
online to confirm your account.”
HELP Message:
“You recently created or modified an account online.
Enter your passcode to confirm. Call 1-800-123-4567
for Mobile Confirm support.”
Opt-Out Message:
“Mobile Confirm: You will receive no further
messages from short code 12345.”
17
Exhibit A3: Sample Compliant Single-Message Print Advertisement
and Service Messages
Opt-ln Confirmation Message:
“Best Realty: Go to bestrealty.com/housel for more
info on this property.”
HELP Message:
“For Best Realty property info help, contact
smshelp@bestrealty.com.”
Text HOUSE1 to get more info on
this property from Best Reolty
Msg&dota rotes moy apply Go to
website.com/sms for privacy and
terms info.
Opt-Out Message:
“You’re opted out and will no longer receive Best
Realty property info alerts.”
Exhibit A4: Sample Compliant Single-Message Verbal Opt-ln
and Service Messages
>-
Would you like a one-time reminder of your upcoming flight? We’ll
text the mobile number you provide with the flight status 24 hours
before your scheduled departure. Message and data rates may
apply. You can visit our website at flights.com/sms for privacy and
terms information.
✓
V__
Opt-ln Confirmation Message:
“Reminder: Your flight leaves tomorrow at 4:05 P.M.
from Gate 1.”
HELP Message:
“For assistance with Flight Reminder messages, call
1-888-123-4567.”
Opt-Out Message:
“You are now opted out and will receive no further
Flight Reminder messages.”
18
Exhibit A5: Sample Compliant Single-Message Hardcopy Opt-ln
and Service Messages
Lifetime Trip – Enrollment Form
Enter your name ond mobile number to receive o one-time
alert when o spot opens up on our waiting list
Message and data rates may apply Go to website com/sms for
privacy and terms info
Name_
Mobile Number_
Opt-ln Confirmation Message:
“A spot just opened up on the Lifetime Trip waiting
list. Contact your travel agent to sign up today!”
HELP Message:
“For Lifetime Trip waiting list help, call 1-888-123-
4567.”
Opt-Out Message:
“You’re now opted out and will no longer receive
Lifetime Trip wait list alerts.”
19
APPENDIX B:
SAMPLE COMPLIANT RECURRING-MESSAGES PROGRAM
Exhibit Bl: Sample Compliant Recurring-Messages Web Advertisement
and Service Messages11
Opt-ln Confirmation Message:
“You’re now subscribed to daily Weather Alerts.
Reply STOP to cancel at any time. Call 1-800-123-
4567 for support. Message and data rates may
apply.”
HELP Message:
“Contact us at 1-800-123-4567 with questions about
Weather Alerts.”
Opt-Out Message:
“You have opted out of Weather Alerts and will
Advertisement
Although opt-out instructions are not required on
the advertisement itself, they must appear in the
terms and conditions.
Terms and Conditions
Complete terms and conditions should include
customer care contact information; complete opt-
out instructions; a recurring message disclosure,
a product description and a program (brand)
name. Some program types (e.g., sweepstakes)
have additional requirements carrier by carrier.
receive no further messages.”
Opt-out information no longer need appear in bold typeface.
20
v__
Although opt-out instructions are not required on
Exhibit B2: Sample Compliant Recurring-Messages TV Advertisement
and Service Messages
Opt-ln Confirmation Message:
Sign up for Good Brands special offers!
Text OFFERS to 12345 for ongoing offer alerts “You’ll now receive special offers from Good Brands!
Reply STOP to opt-out. Email
help@goodbrands.com with questions. Msg&Data
Message and data rates may apply
rates may apply.”
Text STOP to cancel or HELP for help
Go to offerscom/terms for privacy and terms
HELP Message:
©1 10» X “Good Brands Special Offers. Email
help@goodbrands.com or call 1-888-123-4567 for
support.”
Advertisement
Opt-Out Message:
the advertisement itself, they must appear in the
“Good Brands. You will receive no further messages
terms and conditions.
from short code 12345.”
Terms and Conditions
Complete terms and conditions should include
customer care contact information, complete opt-
out instructions, a recurring message disclosure,
a product description, and a program (brand)
name. Some program types (e.g., sweepstakes)
have additional requirements carrier by carrier.
Exhibit B3: Sample Compliant Non-Marketing Recurring-Messages Opt-ln
and Service Messages
>- Opt-ln Confirmation Message:
Wont to sign up for appointment reminder
“Doctor Message thanks you for enrolling! You’ll now
texts? We’ll send you on opt-in message
receive appointment reminders. Text HELP for help.
Message and data rotes may apply
Reply STOP to cancel. Msg&Data Rates May Apply.”
Recurring-Messages Appointment Reminder
Service representative records customer’s request
for messages and customer’s phone number.
Program terms and conditions, including complete
opt-out information, and privacy policy are available
from the representative.
HELP Message:
“Email help@doctormessage.com for support with
appointment reminders service. Reply STOP to
cancel.”
Opt-Out Message:
“You are now opted out of Doctor Message
appointment reminders. You will receive no further
messages.”
21
Exhibit B4: Sample Compliant Recurring-Messages Web Keyword Advertisement
and Service Messages
Opt-ln Confirmation Message:
“You’re now subscribed to weekly deal alerts from
Good Brands! Reply STOP to cancel. Msg&data
rates may apply. Contact help@goodbrands.com for
customer support.”
HELP Message:
“For Good Brands weekly deal alerts support, email
help@goodbrands.com or call 1-888-123-4567.”
Opt-Out Message:
“You’re opted out and will no longer receive Good
Brands deal alerts.”
Exhibit B5: Sample Compliant Single-Message POS Advertisement
and Service Messages
Opt-ln Confirmation Message:
“For a copy of your receipt, click here:
shorturl.com/eu38re8w.”
To receive o message with a link to your receipt,
enter your mobile number:
Sign Up1 |
Messoge and data rotes may apply
Visit websitecom/sms for privacy and terms info
HELP Message:
“For Store Receipt help, call 1-888-123-4567.”
Opt-Out Message:
“You’re opted out and won’t receive any more Store
Receipt messages.”
22
Exhibit B6: Sample Compliant Recurring-Messages POS Advertisement
and Service Messages
Opt-ln Confirmation Message:
“You’re subscribed to Good Brand sale alerts!
Msg&data rates may apply. Reply STOP to opt out.
To receive periodic Good Brand sale alert messages,
enter your mobile number
Sign Up!~)
Message and data rates may apply
Text STOP to opt out and HELP for help
Visit website com/sms for privacy ond terms info.
Contact help@goodbrands.com with questions.”
HELP Message:
“For Good Brands sale alerts support, email
help@goodbrands.com or call 1-888-123-4567.”
Opt-Out Message:
“You’re opted out and will no longer receive Good
Brands sale alerts.”
Exhibit B7: Sample Compliant Recurring-Messages Hardcopy Advertisement
and Service Messages
Opt-ln Confirmation Message:
“You’re now subscribed to receive Best Realty
Best Realty Sign-In Form
Please enter your name and mobile number to receive weekly
open house alerts.
Message and data rates may apply Go to website com/sms tor
privacy and terms info Text STOP to opt oat and HELP for
help
Name_
Mobile Number_
weekly open house alerts. Msg&data rates may
apply. Text STOP to opt out. Text HELP for more
info.”
HELP Message:
“For Best Realty open house alerts help, email
help@bestrealty.com or call 1-888-123-4567.”
Opt-Out Message:
“You’re opted out of open house alerts and will no
longer receive messages from Best Realty.”
23
Term
Description
Audit Notice
Report issued to noncompliant short code programs detailing the specific violations
and actions required to bring the program into compliance
Call-to-Action
Language urging a customer to opt into a short code program, and the mechanism
(e.g., button displaying “buy now”) allowing them to do so
Compliance Audit
Test performed to determine the compliance of a short code program
Consent
Act of agreeing to opt into a short code program and the terms and conditions
associated with the purchase
Content Message
Text message delivering purchased content or displaying instructions for how to
access purchased content
Message Platform
Application through which messages are received and sent
Mobile Originated
(MO)
Text message sent from a user’s mobile device
Mobile Terminated
(MT)
Text message sent to user in response to user texting a keyword
Service Message
Text message offering details about the short code program, including opt-in
instructions, opt-out instructions, summary terms and conditions, and support
information (e.g., helpline)
Short Code Program
Program to which a user opts in by entering a short code
APPENDIX C: COMMON TERMS
TABLE OF CONTENTS
VERSION HISTORY 1
INTRODUCTION 2
About This Handbook 2
References 2
COMPLIANCE FRAMEWORK 3
Universal Compliance Principles 3
A.1 Guiding Principles 3
A.2 Choice and Consent 3
A.2.01 Unsolicited Messages 3
A.2.02 Marketing Context 3
A.2.03 Opt-ln 3
A.2.04 Opt-Out 4
A.3 Customer Care 4
A.4 Program Content 5
A.4.01 Unapproved or Illicit Content 5
A.4.02 Controlled Substances 5
A.4.03 Sweepstakes and Contests 5
A.4.04 Content Delivery 5
A.5 Privacy Policy and Terms and Conditions 5
A.6 Program Name and Product Description 6
A.7 Program Records and Functionality 6
A.7.01 Customer Records 6
A.7.02 MO Message Processing 6
Use Cases 6
A.8 Single-Message Programs 6
A.9 Recurring-Messages Programs 7
A.10 Machine-to-Machine Programs 9
A.11 Premium Rate Political Donation Programs 9
A.12 Premium Rate Charitable Donation Programs 9
A.13 Free-to-End-User Programs 9
A.14 MMS Programs 9
A.15 Interactive Customer Care Chat Programs 9
Carrier Onboarding
9
IN-MARKET MONITORING GUIDE 11
Compliance Audits 11
A.16 Audit Notices 11
A.17 Schedule 11
- 18 Severity Levels 11
A.19 CTIA Compliance Care Team Communication 12
A.20 Retests 12
A.21 Appeals 12
AUDIT STANDARDS GUIDE 13
AUDIT STANDARDS 14
Single-Message Programs 14
A.22 Single-Message Program Advertising Audit Standards 14
A.23 Single-Message Program Message Flow Audit Standards 14
Recurring-Messages Programs 15
A.24 Recurring-Messages Program Advertising Audit Standards 15
A.25 Recurring-Messages Program Message Flow Audit Standards 15
A.26 Machine-to-Machine Program Audit Standards 16
APPENDIX A: SAMPLE COMPLIANT SINGLE-MESSAGE PROGRAM 17
APPENDIX B: SAMPLE COMPLIANT RECURRING-MESSAGES PROGRAM 20
APPENDIX C: COMMON TERMS
24
Version | Release Date | Details | |
1.5.2 | October 1,2015 | The CTIA Short Code Monitoring Handbook was updated with the
following: ■ Guiding Principles section; ■ Unsolicited messages definition update; ■ Recurring-messages short code program opt-in guideline update; ■ Program name and product description guidelines; ■ Free-to-end-user program requirements; and ■ Appendix C: Common Terms. |
|
1.6 | July 15, 2016 | The CTIA Short Code Monitoring Handbook was updated with the
following: ■ Version history for handbook updates; ■ Sweepstakes and contests guidelines; ■ Opt-out information formatting update; ■ Interactive customer care chat programs guidelines; ■ New SHAFT (sex, hate, alcohol, firearms, or tobacco) content audit standard; and ■ Additional compliant program samples in Appendix A and in Appendix B. |
|
1.7 | March 27, 2017 | The CTIA Short Code Monitoring Handbook was updated with the
following: • Version history for handbook updates; • STOP keyword for recurring-message advertisements update; • Positioning of the terms and conditions disclosure update; |
|
.
1
INTRODUCTION
CTIA and its member companies work to protect consumers while fostering a competitive environment for short
code programs. We aim to
■ Provide consumers the best possible user experience;
■ Honor consumer choices and prevent abuse of messaging platforms;
■ Deliver flexible guidelines that communicate compliance values clearly;
■ Enable the short code industry to self-regulate; and
■ Facilitate enforcement measures, if necessary, to protect consumers quickly and consistently.
The Short Code Compliance Handbook (Handbook) guidelines lay the framework for achieving these goals, but
CTIA reserves the right to take action against any short code program deemed to cause consumer harm.
The Handbook is not intended as a comprehensive guide to compliance with laws and regulations that apply to
short code programs. Service providers are responsible for meeting legal requirements that apply to short code
programs they offer, and CTIA and its members make no representation that meeting the guidelines in this
Handbook is sufficient to assure legal compliance. Consultation with legal counsel is recommended strongly.
ABOUT THIS HANDBOOK
This Handbook describes best practices for standard rate messaging services (SMS), multimedia messaging
services (MMS), and free-to-end-user (FTEU) short code programs with the primary goal of providing the best
customer experience for users. Handbook guidelines do not define rules for programs that bill consumers.
Guidelines are organized according to use cases that apply. Examples of compliant programs are organized by
use case in the appendices.
Carriers reserve the right to implement their own short code program requirements beyond the scope of this
Handbook. However, all carriers have reviewed and accepted the Handbook’s content.
This Handbook is divided into the following sections: Compliance Framework, In-Market Monitoring Guide, Audit
Standards Guide, and Audit Standards. In addition, Appendix A and Appendix B detail sample compliant
programs, and Appendix C describes common terms.
REFERENCES
Drawing from experience working with short code programs, the guidelines evolve continually. Handbook vl .7 is
based on the following:
■ Mobile Marketing Association’s Consumer Best Practices v7.0,
■ CTIA Mobile Compliance Assurance Handbook vl .3,
■ California Attorney General Kamala D. Harris’s “Privacy on the Go: Recommendations for the Mobile
Ecosystem” best practices,
■ Telephone Consumer Protection Act (TCPA),2
■ Florida Attorney General’s requirements for mobile content,
■ A2P (application-to-person) community feedback, and
■ Carrier requirements.
2 http://www.qpo.gov/fdsvs/pkq/USCODE-2011-title47/pdf/USCODE-2Q11-title47-chap5-subchapll.pdf
2
COMPLIANCE FRAMEWORK
This section offers direction regarding compliance of short code programs, including guidelines and requirements.
Nonetheless, following this handbook is no guarantee that a short code program is compliant. Short code
programs might also need to comply with individual carrier requirements.
UNIVERSAL COMPLIANCE PRINCIPLES
CTIA requires all short code programs to comply with a basic code of conduct that promotes the best possible
user experience. As new uses for short codes emerge, the guiding principles in section A.1 should be considered
when defining applicable rules. Short code programs that comply technically with the letter of a specific rule but
violate the letter or spirit of these principles might be subject to enforcement action.
A.1 GUIDING PRINCIPLES
Four principles provide the baseline for all requirements listed below:
- Displayclear calls-to-action. All programs must display a clear call-to-action. Customers must be made
aware of what exactly they are signing up to receive.
- Offerclear opt-in mechanisms. Customers must consent clearly to opt into all recurring-messages
programs. Requiring a customer to enter a mobile phone number does not constitute a compliant opt-in.
Instead, customers must understand they will receive messages and consent to receive them.
- Sendopt-in confirmation messages. A confirmation message must be sent to customers always. For
recurring-messages programs, confirmation messages must include clear opt-out instructions.
- Acknowledgeopt-out requests. Short code service providers must acknowledge and act on all opt-out
requests. Monitoring procedures confirm successful opt-out.
A.2 CHOICE AND CONSENT
Short code programs are expected to deliver sufficient value so consumers elect to participate with full
transparency into the delivery conditions.
A.2.01 UNSOLICITED MESSAGES
Unsolicited messages may not be transmitted using short codes. Unsolicited messages are defined as follows:
■ Messages delivered without prior express consent from the user or account holder, and
■ Messages sent after a user has opted out.
A.2.02 MARKETING CONTEXT
No component of program advertising or messaging may be deceptive about the underlying program’s
functionality, features, or content. All disclosures present in pre-purchase calls-to-action, advertisements, terms
and conditions, and messages must remain clear and consistent throughout the user experience.
A.2.03 OPT-IN
Messages must be delivered to a consumer’s mobile device only after the user has opted in to receive them. A
user might indicate interest in a program in several ways. For example, a user might
■ Enter a phone number online,
■ Click a button on a mobile webpage,
■ Send an MO message containing an advertising keyword,
3 Sending the user a single opt-out message acknowledging the opt-out request is the only exception to this rule.
■ Sign up at a point-of-sale (POS) location, or
■ Opt in over the phone using interactive voice response (IVR) technology.
Calls-to-action must be clear and accurate; consent must not be obtained through deceptive means. For example,
opt-in details cannot be displayed obscurely in terms and conditions related to other services. Enrolling a user in
multiple short code programs based on a single opt-in is prohibited, even when all programs operate on the same
short code.
Recurring-messages short code programs should send a single opt-in confirmation message that displays
information verifying the customer’s enrollment in the identified program. The opt-in confirmation message must
be delivered immediately after the customer opts into the program. For POS and hardcopy opt-ins, the opt-in
confirmation message must be delivered as soon as is reasonably possible after the customer opts into the
program. Additionally, opt-in messages must contain the program (brand) name or product description, customer
care contact information, opt-out instructions, product quantity or recurring-messages program disclosure, and the
“message and data rates may apply” disclosure.
The opt-in for all short code programs must comply with all legal and regulatory requirements, including the
Telephone Consumer Protection Act, 47 U.S.C. § 227, and the Federal Communication Commission’s rules under
47 C.F.R. § 64.1200. For example, the express written consent obtained for any program that is “telemarketing”
[as defined by 47 C.F.R. § 64.1200(f)(14)] must, unless exempt from the requirement, include the elements of
“prior express written consent” set forth in 47 C.F.R. § 64.1200(f)(8). That rule requires a clear and conspicuous
disclosure informing the user that:
■ By opting in, the user authorizes the seller to deliver or cause to be delivered to the user marketing
messages using an automatic telephone dialing system; and
■ The user is not required to opt in (directly or indirectly) as a condition of purchasing any property, goods,
or services.
Legacy double opt-in (i.e., mobile device confirmation) methods remain acceptable options to obtain express
consumer consent.
A.2.04 OPT-OUT
Functioning opt-out mechanisms are crucial for all text messaging programs. Programs must always acknowledge
and respect customers’ requests to opt out of programs. However, depending on the use case, some short code
programs are not required to advertise opt-out instructions. Short code programs must respond to, at a minimum,
the universal keywords STOP, END, CANCEL, UNSUBSCRIBE, and OUIT by sending an opt-out message and, if
the user is subscribed, by opting the user out of the program. Subsequent text, punctuation, capitalization, or
some combination thereof must not interfere with opt-out keyword functionality.
Recurring-messages programs must also display opt-out instructions at program opt-in and at regular intervals in
content or service messages, at least once per month. Opt-out information must be displayed on the
advertisement or within the terms and conditions.4 A program may deliver one final message to confirm a user
has opted out successfully, but no additional messages may be sent after the user indicates a desire to cancel a
short code program.
A.3 CUSTOMER CARE
Customer care contact information must be clear and readily available to help users understand program details
as well as their status with the program. Customer care information should result in users’ receiving help.
Programs must always respond to customer care requests, regardless of whether the requestor is subscribed to
the program. At a minimum, the HELP keyword must return the program name and further information about how
to contact service providers. Short code programs should promote customer care contact instructions at program
opt-in and at regular intervals in content or service messages, at least once per month.
4 Opt-out information no longer need appear in bold typeface.
4
A.4 PROGRAM CONTENT
All content associated with short code programs must promote a positive user experience. Carriers regulate
certain types of content, including those listed in this section.
A.4.01 UNAPPROVED OR ILLICIT CONTENT
No programs associated with carrier brands or operating on the carrier networks may promote unapproved or
illicit content, including the following:
■ Depictions or endorsements of violence,
■ Adult or otherwise inappropriate content,
■ Profanity or hate speech, and
■ Endorsement of illegal or illicit drugs.
Programs must operate according to all applicable federal and state laws and regulations. All content must be
appropriate for the intended audience. Additional legal and ethical obligations apply when marketing to children
under age 13, and such programs might be subject to additional review by carriers.
A.4.02 CONTROLLED SUBSTANCES
Promotions of controlled substances might be subject to additional review by carriers. Service providers must
receive explicit carrier approval before launching these program types. Marketing of hard alcohol and tobacco
brands must either include robust age verification (e.g., electronic confirmation of age and identity) at opt-in or
restrict promotions to age-verified locations (e.g., points of sale in bars). Mobile programs must not promote the
use of controlled substances directly. Reference to the abuse of controlled substances is prohibited.
A.4.03 SWEEPSTAKES AND CONTESTS
Sweepstakes are characterized by the element of chance and the outcome of a prize. Both state and federal laws
regulate sweepstakes. Organizations considering a sweepstakes program are urged to consult with their legal
counsel before submitting a program for carrier approval. Carriers review sweepstakes individually and reserve
the right to approve or reject them at their discretion. Note that sweepstakes program review might take longer
than reviews of other program types. At a minimum, sweepstakes program providers should
■ Follow each carrier’s process and guidelines,
■ Provide the carrier with the sweepstakes rules for review,
■ Include a free method of entry, and
■ Consult with legal counsel.
A.4.04 CONTENT DELIVERY
Users should be informed of the next steps to download and store new content immediately after opt-in. Content
must be delivered correctly and must function as advertised.
A.5 PRIVACY POLICY AND TERMS AND CONDITIONS
Service providers are responsible for protecting the privacy of user information and must comply with applicable
privacy law. Service providers should maintain a privacy policy for all programs and make it accessible from the
initial call-to-action. When a privacy policy link is displayed, it should be labeled clearly.
Use cases might require different disclosures in the full terms and conditions. In all cases, terms and conditions
and privacy policy disclosures must provide up-to-date, accurate information about program details and
functionality.
5
A.6 PROGRAM NAME AND PRODUCT DESCRIPTION
Consistent program names and product descriptions in advertisements and messages help consumers connect
all parts of the short code experience. All short code programs are required to disclose program names, product
description, or both in service messages, on the call-to-action, and in the terms and conditions. The program
name is the sponsor of the short code program, often the brand name or company name associated with the short
code. The product description describes the product advertised by the program.
A.7 PROGRAM RECORDS AND FUNCTIONALITY
Service providers assume responsibility for maintaining accurate records in carrier systems and the Common
Short Code Administration (CSCA) registry. Service providers wishing to modify a program must submit changes
to the carriers for review and must update relevant carrier records. Programs promoted in the market must match
the programs approved.
A.7.01 CUSTOMER RECORDS
All opt-in and opt-out requests should be retained from the time a user initiates opt-in until a minimum of six
months after the user has opted out of a program. Service providers assume responsibility for managing
information about deactivated and recycled mobile phone numbers and must process this information within three
business days of receipt. After porting a mobile phone number between carriers, the user must opt in again to
desired programs.
Service providers must track opt-in information by individual users. Selling mobile opt-in lists is prohibited.
A.7.02 MO MESSAGE PROCESSING
All mandatory keywords must be processed correctly, regardless of MO message format (e.g., keywords must
function whether sent by MMS or SMS). Service providers must scan MO message logs regularly to identify opt-
out attempts and must terminate those subscriptions, regardless of whether the subscribers used the correct opt-
out keywords or methods.
USE CASES
Because short code programs vary greatly, depending on their intended purpose, Handbook vl .5.0 was designed
with different use cases in mind. All short code programs based on the displayed use cases must comply with the
Universal Compliance Principles in addition to the specific guidelines described in this section.
A.8 SINGLE-MESSAGE PROGRAMS
Single-message programs, or “one-off programs, deliver a one-time message in response to user opt-in
requests. Examples of single-message programs include but are not limited to the following:
■ Informational alert,
■ Purchase receipt,
■ Delivery notification, and
■ Two-factor authentication.
An example of a compliant single-message program and associated message flow appears in Appendix A.
6
Description | Requirements | ||
Call-to-Action | The call-to-action for a single-message
program can be simple. The primary purpose of disclosures is to ensure a consumer consents to receive a text message and understands the nature of the program. |
■
■
■ ■ |
Product description
Complete terms and conditions, link to terms and conditions Privacy policy or link to privacy policy “Message and data rates may apply” disclosure |
Terms and
Conditions |
Comprehensive terms and conditions may
be presented in full beneath the call-to- action, or they be may accessible from a link in proximity to the call-to-action.5 |
■
■ ■ ■ |
Program (brand) identification
Product description Customer care contact information “Message and data rates may apply” disclosure |
Opt-ln | The consumer must actively opt into single¬
message programs. |
■ | Consumer’s affirmative opt-in |
Message Flow | Although single-message programs are not
required to display HELP and STOP keywords, they should support HELP and STOP commands, as described in the Universal Compliance Principles. |
Opt-ln Confirmation MT
■ Program (brand) name OR product description HELP MT ■ Program (brand) name OR product description ■ Additional customer care contact information Opt-Out MT ■ Program (brand) name OR product description ■ Confirmation that no further messages will be delivered |
Exhibit 1: SINGLE-MESSAGE PROGRAM USE CASE QUICK REFERENCE GUIDE
A.9 RECURRING-MESSAGES PROGRAMS
A user opts into a recurring-messages program by texting a keyword to the program’s short code, entering his or
her mobile phone number online or agreeing in apps or in person to receive text messages. Examples of
recurring-messages programs include but are not limited to the following:
■ Content or informational alert subscriptions (e.g., horoscopes, news, weather),
■ Flight status notifications (multiple messages), and
■ Marketing and loyalty promotions.
An example of a compliant recurring-messages program call-to-action and associated message flow appears in
Appendix B.
7
Description | Requirements | ||
Call-to- | Because of their ongoing touch points with | ■ | Product description |
Action | consumers, recurring-messages programs
require the most disclosures among use cases. The primary purpose of disclosures is to ensure the consumer consents to receive text messages and understands the nature of the program. |
■
■
■ |
Service delivery frequency or recurring-
messages disclosure Complete terms and conditions, link to complete terms and conditions Privacy policy or link to privacy policy |
■ | STOP keyword | ||
■ | “Message and data rates may apply”
disclosure |
||
Terms and
Conditions |
Comprehensive terms and conditions might
be presented in full beneath the call-to- action, or they might be accessible from a link in proximity to the call-to-action.7 |
■
■
■ ■ ■ |
Program (brand) name
Service delivery frequency or recurring- messages disclosure Product description Customer care contact information Opt-out instructions |
■ | “Message and data rates may apply”
disclosure |
||
Opt-ln | Consumers must provide prior express
written consent to enroll in all text message programs (i.e., single-message programs or recurring-messages programs). Recurring- messages programs must send one message confirming opt-in consent. Double opt-in is optional. |
■ | Consumer’s affirmative opt-in |
Message
Flow |
Recurring-messages programs confirming
opt-in with a single text message MUST state explicitly to which program the user enrolled and provide clear opt-out instructions in the Opt-ln Confirmation MT. |
Opt-ln Confirmation MT
■ Program (brand) name OR product description ■ Opt-out information ■ Customer care contact information |
|
■ | Product quantity or recurring-messages
disclosure |
||
■ | “Message and data rates may apply”
disclosure |
||
HELP MT | |||
■
■ |
Program (brand) name OR product description
Additional customer care contact information |
||
Opt-Out MT | |||
■ | Program (brand) name OR product description | ||
■ | Confirmation that no further messages will be
delivered |
Exhibit 2: RECURRING-MESSAGES PROGRAM USE CASE QUICK REFERENCE GUIDE
Out-Out information may appear on a separate page in the terms and conditions.
Popups have been removed as a method for displaying terms and conditions
8
A.10 MACHINE-TO-MACHINE PROGRAMS
For machine-to-machine (M2M) short code programs, which should never interact with consumers, service
providers need only an updated program brief on file with the CSCA and the carriers.
A.11 PREMIUM RATE POLITICAL DONATION PROGRAMS
Premium rate short code programs that solicit political donations are subject to additional regulations, available at
http://www.ctia.org/policv-initiatives/voluntarv-guidelines/federal-political-campaign-contributions-wireless-carrier-
bill. Premium political donation programs also must conform to the premium SMS guidelines and audit standards
in the CTIA Mobile Commerce Compliance Handbook, vl.3.
A.12 PREMIUM RATE CHARITABLE DONATION PROGRAMS
Premium rate short code programs that solicit charitable donations are subject to additional regulations, available
at http://www.ctia.org/policv-initiatives/voluntarv-guidelines/mobile-giving-via-wireless-carrier%27s-bill. In addition,
premium charitable donation programs must to conform to the premium SMS guidelines and audit standards in
CTIA Mobile Commerce Compliance Handbook, vl.3.
A.13 FREE-TO-END-USER PROGRAMS
FTEU programs are subject to almost all of the same requirements as SMS short code programs. FTEU
programs must display a clear call-to-action, capture consumers’ affirmative opt-in, send an opt-in confirmation
message, and abide by customers’ requests to opt-out. However, all FTEU programs are exempt from displaying
“message and data rates may apply” in advertisements, terms and conditions, and messages.
A.14 MMS PROGRAMS
MMS programs are subject to the same requirements per use case as SMS short code programs. All mandatory
keywords must be processed correctly, regardless of MO format (e.g., keywords must function whether sent by
MMS or SMS). Service providers must scan MO logs regularly to identify opt-out attempts and must terminate
associated subscriptions, regardless of whether the subscribers used the correct opt-out keywords or methods.
A.15 INTERACTIVE CUSTOMER CARE CHAT PROGRAMS
Because rapid and direct communication between customers and customer care representatives is important,
many organizations now offer interactive customer care chat programs. Such communication makes obtaining
assistance with minimal delay easier and more convenient for customers. For example, customers replying with
the HELP keyword to a short code can be routed quickly to customer care, where they can chat directly with a
representative, without ever leaving their messaging application. Increasing prevalence of this communication
practice makes understanding the guidelines and limitations surrounding such programs more important than ever
for carriers. For organizations wishing to implement interactive customer care chat, such programs
■ May operate on dedicated short codes only;
■ May be used for communication with customer care representatives only; and
■ May not be used for marketing.
CARRIER ONBOARDING
CTIA is most concerned with short code programs as they interact with consumers through advertising and
service messaging. However, several facets of SMS programs happen behind the scenes. Recommended best
practices for onboarding new programs follow.
9
Carriers may maintain individual playbooks tailored to their customers’ needs and must sometimes respond to
emerging risks that fall outside the Handbook. Refer to carriers’ playbooks for onboarding information regarding
■ Program certification and migration processes,
■ Program brief details,
■ Advertising of controlled substances,
■ Sweepstakes approval processes, and
■ Marketing to children.
10
Definition | Cure Date | Penalties | |
Severity 0 | Extreme consumer
harm |
Immediate | CTIA: Immediate registry suspension
Carriers: Vary by case; immediate suspension or termination possible |
Severity 1 | Serious consumer
harm |
5 business days | CTIA: Unresolved audits; possible registry
suspension Carriers: Vary by case |
Severity 2 | Moderate
consumer harm |
5 business days | CTIA: Vary by case
Carriers: Vary by case |
IN-MARKET MONITORING GUIDE
In this section, in-market monitoring, including details about audit notices, communication, retests, and appeals, is
explained.
COMPLIANCE AUDITS
The CTIA Compliance Assurance Solution employs data gathered via in-market monitoring. When programs are
deployed in market, the live programs are captured and audited. This method is more effective than program brief
review or routine keyword testing because compliance audits reflect the user experience that actual consumers
encounter when they interact with short code programs in market.
CTIA issues compliance audits weekly for standard rate short codes leased with the CSCA. Compliance audits
performed by CTIA are available to all major U.S. carriers, and CTIA compliance metrics can be incorporated into
individual carrier compliance policies.
A.16 AUDIT NOTICES
CTIA distributes Audit Notices each week. Each audit notice displays a unique audit number, short code, service
provider, aggregator or aggregators, notice date, and cure date at the top. Individual violations are classified as
Severity 0, Severity 1, or Severity 2, based on their potential for consumer harm, with Severity 0 representing the
most extreme violations. Violations are based on the compliance guidelines outlined in the Compliance
Framework section of the Handbook. Taking the severity level of the gravest violation cited, a failed audit must be
resolved in the appropriate timeframe (i.e., before or on the cure date).
A.17 SCHEDULE
CTIA compiles and generates audit notices each Monday for audits performed the previous week, and audits are
published Tuesday at 2:00 A.M. EST. Although audits might be available for review earlier, the official notice date
from which the cure date is calculated is 12:00 P.M. EST each Tuesday.
A.18 SEVERITY LEVELS
All audit notices are assigned severity levels based on the extent to which the associated findings might harm
consumers. Cure dates and penalties vary based on severity, as detailed in Exhibit 3.
EXHIBIT 3: AUDIT NOTICE SEVERITIES DESCRIPTION
11
A.19 CTIA COMPLIANCE CARE TEAM COMMUNICATION
On receiving an audit notice, service providers may communicate with the CTIA compliance care team by leaving
a comment on the audit notice or contacting us.support@wmcglobal.com. The CTIA Compliance Care Team
(Care Team) responds promptly to all messages. Although Care Team specialists are unable to preapprove
compliant designs, they assist service providers as much as possible with understanding how to resolve violations
and close their audits.
A.20 RETESTS
Within the prescribed period following issuance of an audit notice, the responsible aggregator or service provider
must confirm on the audit notice that it has made changes to or has removed from market the offending
advertisement or message flow. Should the CTIA Compliance Care Team fail to receive confirmation or should
the service provider fail to take the actions required, the short code is subject to further action.
In the case of TV and print advertisements with longer run cycles, aggregators and service providers may submit
a retest request for a rerelease date. Retest requests must be made in good faith, with a clear explanation of the
changes implemented. Audits at this status are categorized as Pending Retest.
A.21 APPEALS
Aggregators and service providers that believe they have a valid claim may challenge an audit by contacting
us.support@wmcglobal.com before the cure date noted on the audit notice. The email message should explain
why the service provider deems the audit incorrect. Appeals must pertain to the application of violations cited on
the specific audit in question.
12
AUDIT STANDARDS GUIDE
The following pages display tables of audit standards by use case. Advertising audit standards apply to all
advertisements hosting calls-to-action for short code programs; message flow audit standards apply to required
service messages.
Message categories for which specific standards apply are marked with an “x” in the tables. Refer to the glossary
below for help with unfamiliar terms.
Opt-ln
Confirmation |
Short code programs should send a single opt-in confirmation message displaying
information verifying the customer’s enrollment in the identified program and describing how to opt out. The opt-in confirmation message must be delivered immediately after the customer opts into the short code program. Additionally, opt-in messages must contain the program (brand) name or product description, customer care contact information, product quantity or recurring-messages program disclosure, and the “message and data rates may apply” disclosure. |
HELP | Message service providers send a HELP message after customers text the HELP
keyword. Short codes should reply with additional contact information to customer requests for help. |
Opt-Out | Message service providers send an opt-out message after customers text the STOP
keyword. The opt-out message confirms that the customer has been opted out of the program. |
Violation | Specific breach of the Universal Compliance Principles. Auditors check program
advertisements and service messages against lists of violations to identify noncompliance. |
Severity | Number representing the customer impact associated with a violation. Severity 0
violations impact customers most. Severity 2 violations are least customer impacting. |
Action Required | Action or actions the responsible service provider must take to correct the associated
violation. |
AUDIT STANDARDS
The audit standards listed below distill the principles listed in the narrative portion of the Handbook into test
scripts for monitoring. Advertising audit standards apply to media displaying short code calls-to-action. Message
flow audit standards apply to required service messages.
SINGLE-MESSAGE PROGRAMS
A.22 SINGLE-MESSAGE PROGRAM ADVERTISING AUDIT STANDARDS
A.23 SINGLE-MESSAGE PROGRAM MESSAGE FLOW AUDIT STANDARDS
14
Violation | Severity | Action Required |
Contains or promotes SHAFT (sex, hate, alcohol, firearms,
or tobacco) content |
0 | Remove call-to-action associated with SHAFT (sex, hate,
alcohol, firearms, or tobacco) content |
Fails to match approved program in CSC registry | 1 | Remove unapproved program elements or update CSC registry |
No clear indication of privacy policy | 1 | Display privacy policy or clearly labeled link to privacy policy |
No link to comprehensive T&Cs | 1 | Display link to comprehensive T&Cs |
No product or service description | 1 | Describe product or service |
Improper use of the term free | 1 | Remove the term free |
Failure to display STOP keyword | 1 | Display STOP keyword8 |
No mention that messages are recurring | 2 | State that messages are recurring |
No mention that message and data rates may apply | 2 | Disclose that message and data rates may apply |
No customer care contact information9 | 2 | Display toll-free helpline, email address, or HELP keyword |
Violation | Severity | Action Required | Applicable Message | ||
Opt-ln
Conf. |
HELP | Opt-
Out |
|||
Contains or promotes SHAFT (sex,
hate, alcohol, firearms, or tobacco) content |
0 | Remove call-to-action associated with
SHAFT (sex, hate, alcohol, firearms, or tobacco) content |
X | X | X |
Fails to match approved program in
CSC registry |
1 | Remove unapproved program elements or
update CSC registry |
X | X | X |
Unsolicited message delivered | 1 | Cease all messaging associated with
program |
X | X | X |
Failure to display STOP keyword | 1 | Display STOP keyword | X | ||
Incorrect response to STOP command | 1 | Terminate all of customer’s active programs
after he or she texts STOP, and send one opt-out message |
X | ||
No indication that program is recurring | 2 | State that program is recurring | X | ||
No product or program name | 2 | Display program or product name | X | X | X |
No mention that message and data
rates may apply |
2 | Disclose that message and data rates may
apply |
X | ||
No customer care contact information | 2 | Display toll-free helpline, email address, or
HELP keyword10 |
X | ||
Failure to reply to HELP keyword | 2 | Reply to HELP keyword with additional
contact information (e.g., a toll-free helpline or email address) |
X |
RECURRING-MESSAGES PROGRAMS
A.24 RECURRING-MESSAGES PROGRAM ADVERTISING AUDIT STANDARDS
A.25 RECURRING-MESSAGES PROGRAM MESSAGE FLOW AUDIT STANDARDS
15
Violation | Severity | Action Required |
Failure to match approved program in CSC registry | 1 | Remove unapproved program elements or update program
details in CSC registry |
A.26 MACHINE-TO-MACHINE PROGRAM AUDIT STANDARDS
M2M programs, which should never interact with consumers, only need keep an updated program brief on file
with the CSCA and the carriers. If an M2M program is found advertising to consumers, it is subject to immediate
enforcement action.
16
APPENDIX A:
SAMPLE COMPLIANT SINGLE-MESSAGE PROGRAM
Exhibit Al: Sample Compliant Single-Message Advertisement
and Service Messages
Opt-ln Confirmation Message:
“Coupon King: Show this text at the register for 50%
off your next purchase!”
HELP Message:
“Thanks for texting Coupon King! Call 1-800-123-
4567 for support.”
Opt-Out Message:
“Coupon King: You will receive no further messages.”
Exhibit A2: Sample Compliant Single-Message Advertisement
and Service Messages
Opt-ln Confirmation Message:
“Mobile Confirm: Your passcode is 9876. Enter it
online to confirm your account.”
HELP Message:
“You recently created or modified an account online.
Enter your passcode to confirm. Call 1-800-123-4567
for Mobile Confirm support.”
Opt-Out Message:
“Mobile Confirm: You will receive no further
messages from short code 12345.”
17
Exhibit A3: Sample Compliant Single-Message Print Advertisement
and Service Messages
Opt-ln Confirmation Message:
“Best Realty: Go to bestrealty.com/housel for more
info on this property.”
HELP Message:
“For Best Realty property info help, contact
smshelp@bestrealty.com.”
Text HOUSE1 to get more info on
this property from Best Reolty
Msg&dota rotes moy apply Go to
website.com/sms for privacy and
terms info.
Opt-Out Message:
“You’re opted out and will no longer receive Best
Realty property info alerts.”
Exhibit A4: Sample Compliant Single-Message Verbal Opt-ln
and Service Messages
>-
Would you like a one-time reminder of your upcoming flight? We’ll
text the mobile number you provide with the flight status 24 hours
before your scheduled departure. Message and data rates may
apply. You can visit our website at flights.com/sms for privacy and
terms information.
|
V__
Opt-ln Confirmation Message:
“Reminder: Your flight leaves tomorrow at 4:05 P.M.
from Gate 1.”
HELP Message:
“For assistance with Flight Reminder messages, call
1-888-123-4567.”
Opt-Out Message:
“You are now opted out and will receive no further
Flight Reminder messages.”
18
Exhibit A5: Sample Compliant Single-Message Hardcopy Opt-ln
and Service Messages
Lifetime Trip – Enrollment Form
Enter your name ond mobile number to receive o one-time
alert when o spot opens up on our waiting list
Message and data rates may apply Go to website com/sms for
privacy and terms info
Name_
Mobile Number_
Opt-ln Confirmation Message:
“A spot just opened up on the Lifetime Trip waiting
list. Contact your travel agent to sign up today!”
HELP Message:
“For Lifetime Trip waiting list help, call 1-888-123-
4567.”
Opt-Out Message:
“You’re now opted out and will no longer receive
Lifetime Trip wait list alerts.”
19
APPENDIX B:
SAMPLE COMPLIANT RECURRING-MESSAGES PROGRAM
Exhibit Bl: Sample Compliant Recurring-Messages Web Advertisement
and Service Messages11
Opt-ln Confirmation Message:
“You’re now subscribed to daily Weather Alerts.
Reply STOP to cancel at any time. Call 1-800-123-
4567 for support. Message and data rates may
apply.”
HELP Message:
“Contact us at 1-800-123-4567 with questions about
Weather Alerts.”
Opt-Out Message:
“You have opted out of Weather Alerts and will
Advertisement
Although opt-out instructions are not required on
the advertisement itself, they must appear in the
terms and conditions.
Terms and Conditions
Complete terms and conditions should include
customer care contact information; complete opt-
out instructions; a recurring message disclosure,
a product description and a program (brand)
name. Some program types (e.g., sweepstakes)
have additional requirements carrier by carrier.
receive no further messages.”
Opt-out information no longer need appear in bold typeface.
20
|
|
Exhibit B2: Sample Compliant Recurring-Messages TV Advertisement
and Service Messages
Opt-ln Confirmation Message:
Sign up for Good Brands special offers!
Text OFFERS to 12345 for ongoing offer alerts “You’ll now receive special offers from Good Brands!
Reply STOP to opt-out. Email
help@goodbrands.com with questions. Msg&Data
Message and data rates may apply
rates may apply.”
Text STOP to cancel or HELP for help
Go to offerscom/terms for privacy and terms
HELP Message:
©1 10» X “Good Brands Special Offers. Email
help@goodbrands.com or call 1-888-123-4567 for
support.”
Advertisement
Opt-Out Message:
the advertisement itself, they must appear in the
“Good Brands. You will receive no further messages
terms and conditions.
from short code 12345.”
Terms and Conditions
Complete terms and conditions should include
customer care contact information, complete opt-
out instructions, a recurring message disclosure,
a product description, and a program (brand)
name. Some program types (e.g., sweepstakes)
have additional requirements carrier by carrier.
Exhibit B3: Sample Compliant Non-Marketing Recurring-Messages Opt-ln
and Service Messages
>- Opt-ln Confirmation Message:
Wont to sign up for appointment reminder
“Doctor Message thanks you for enrolling! You’ll now
texts? We’ll send you on opt-in message
receive appointment reminders. Text HELP for help.
Message and data rotes may apply
Reply STOP to cancel. Msg&Data Rates May Apply.”
Recurring-Messages Appointment Reminder
Service representative records customer’s request
for messages and customer’s phone number.
Program terms and conditions, including complete
opt-out information, and privacy policy are available
from the representative.
HELP Message:
“Email help@doctormessage.com for support with
appointment reminders service. Reply STOP to
cancel.”
Opt-Out Message:
“You are now opted out of Doctor Message
appointment reminders. You will receive no further
messages.”
21
Exhibit B4: Sample Compliant Recurring-Messages Web Keyword Advertisement
and Service Messages
Opt-ln Confirmation Message:
“You’re now subscribed to weekly deal alerts from
Good Brands! Reply STOP to cancel. Msg&data
rates may apply. Contact help@goodbrands.com for
customer support.”
HELP Message:
“For Good Brands weekly deal alerts support, email
help@goodbrands.com or call 1-888-123-4567.”
Opt-Out Message:
“You’re opted out and will no longer receive Good
Brands deal alerts.”
Exhibit B5: Sample Compliant Single-Message POS Advertisement
and Service Messages
Opt-ln Confirmation Message:
“For a copy of your receipt, click here:
shorturl.com/eu38re8w.”
To receive o message with a link to your receipt,
enter your mobile number:
Sign Up1 |
Messoge and data rotes may apply
Visit websitecom/sms for privacy and terms info
HELP Message:
“For Store Receipt help, call 1-888-123-4567.”
Opt-Out Message:
“You’re opted out and won’t receive any more Store
Receipt messages.”
22
Exhibit B6: Sample Compliant Recurring-Messages POS Advertisement
and Service Messages
Opt-ln Confirmation Message:
“You’re subscribed to Good Brand sale alerts!
Msg&data rates may apply. Reply STOP to opt out.
To receive periodic Good Brand sale alert messages,
enter your mobile number
Sign Up!~)
Message and data rates may apply
Text STOP to opt out and HELP for help
Visit website com/sms for privacy ond terms info.
Contact help@goodbrands.com with questions.”
HELP Message:
“For Good Brands sale alerts support, email
help@goodbrands.com or call 1-888-123-4567.”
Opt-Out Message:
“You’re opted out and will no longer receive Good
Brands sale alerts.”
Exhibit B7: Sample Compliant Recurring-Messages Hardcopy Advertisement
and Service Messages
Opt-ln Confirmation Message:
“You’re now subscribed to receive Best Realty
Best Realty Sign-In Form
Please enter your name and mobile number to receive weekly
open house alerts.
Message and data rates may apply Go to website com/sms tor
privacy and terms info Text STOP to opt oat and HELP for
help
Name_
Mobile Number_
weekly open house alerts. Msg&data rates may
apply. Text STOP to opt out. Text HELP for more
info.”
HELP Message:
“For Best Realty open house alerts help, email
help@bestrealty.com or call 1-888-123-4567.”
Opt-Out Message:
“You’re opted out of open house alerts and will no
longer receive messages from Best Realty.”
23
Term | Description |
Audit Notice | Report issued to noncompliant short code programs detailing the specific violations
and actions required to bring the program into compliance |
Call-to-Action | Language urging a customer to opt into a short code program, and the mechanism
(e.g., button displaying “buy now”) allowing them to do so |
Compliance Audit | Test performed to determine the compliance of a short code program |
Consent | Act of agreeing to opt into a short code program and the terms and conditions
associated with the purchase |
Content Message | Text message delivering purchased content or displaying instructions for how to
access purchased content |
Message Platform | Application through which messages are received and sent |
Mobile Originated
(MO) |
Text message sent from a user’s mobile device |
Mobile Terminated
(MT) |
Text message sent to user in response to user texting a keyword |
Service Message | Text message offering details about the short code program, including opt-in
instructions, opt-out instructions, summary terms and conditions, and support information (e.g., helpline) |
Short Code Program | Program to which a user opts in by entering a short code |
|
Court House First Floor Map

Map of first floor.