Foundry Law Group Blog

Minors Making Payments: The Cost of Violating COPPA & Easy Fixes to Make Now

A Time Old Tale: A Founder’s (Frenetic) Internal Thoughts

2 weeks to launch date. So many things to do. But first, another cup of coffee. Oh, but before that, let me ping the website designer for a quick status update on that misspelling on the landing page…

1 week to launch date. Should we push this thing out a bit? No, we need to do this now. Perfect is the enemy of good, let’s just get this launched and fix that issue with the product page images later. Should I get coffee now, or just save it for that meeting in half an hour?…

2 days to launch date. 11:26pm. Can kids pay by credit card when they check out? Hold on, do kids these days have their own credit cards? No way. What if they use their parents’ cards…they might not even tell them about the purchase! Hmm…this could be some exposure I don’t want to take on. We should have thought about privacy issues too. I’m sure children are protected differently from adults. I’ll send Zainab an email right now – or maybe it’s too late? – It’s ok, we’ll schedule a call tomorrow. We’re launching in 48 hours…


Founders! Startups! If you are operating an online business, or have a website or mobile application through which you collect data (regardless of whether you then sell it, disclose it, store it or delete it), there are a few basic things to have in place:

  • Privacy Statements: what are you telling your users you do with data?
  • Privacy Policies: what are the internal policies you and your team will follow?
  • Terms of Use, Terms of Service and/or End User License Agreement(s)
  • Basic data security measures your business has and should have in place at launch


One common question I receive from my clients is specifically how to handle children accessing, using, and sometimes even making purchases through their businesses. For a refresher on the Children’s Online Privacy Protection Act (COPPA), this primer is nifty. Many online platforms have responded to COPPA by limiting access to those under the age of 13 (i.e. “minors” as defined and regulated under COPPA).COPPA violations are monitored by the FTC and there are many policies and regulations to follow if your website is directed at kids below 13. You might have come across pop-up boxes to verify age, or birthday information as a required field upon sign-up. If there is no sign-up function to your platform, often your stated Terms of Use will say something to the effect of “This Site is not intended and should not be used by children under the age of 13”.


But 13 year olds cannot pay for services online, unless they have a credit card that an adult is co-signer on. It’s important to recognize that the issue of “payment by minors” really applies to those under 18. The legal minimum age for a credit card in the US is 18, so technically anyone under 18 will need to have a co-signer. It is difficult for a business to know when cards are properly co-signed, or when an adult’s credit card is misused by someone under the age of 18 (knowingly or with permission of adult). Moreover, your business should not bear the responsibility (and liability) for monitoring this.


Given this, the payment issue affects users between the age of 13-17.


I generally recommend the businesses use an age verification tool of their choice, to present two versions of their business – one that allows payment options to those who indicate they are older than 18, and one without payment options to those who indicate that they are younger than 18. Coupled with the other documents I draft, like outward facing privacy statements and terms of use, as well as internal documents outlining privacy and data security protocols your business has in place, ensures a robust framework from which to remain compliant with COPPA if your website or app allows users to make purchases.


Leave a Reply