Are e-commerce store owners responsible for dark patterns in third-party apps?

Yes. Under ACL section 18, the overall impression of your website matters — including elements introduced by third-party Shopify apps, WooCommerce plugins, or BigCommerce integrations. If a third-party urgency timer app displays fabricated stock levels on your store, that's your compliance problem.

Is pre-selected shipping insurance a dark pattern under Australian law?

Pre-selecting any paid add-on at checkout — including shipping insurance — creates misleading conduct risk under ACL s18 and potential unconscionability under s21. The proposed UTP Bill's unreasonable manipulation prohibition explicitly targets this pattern. All add-ons should be opt-in, not opt-out.

Do drip pricing rules apply to shipping costs in Australian e-commerce?

Section 48 of the ACL requires that any price component which is quantifiable at the time a price is displayed must be included. If shipping is a flat rate or calculable from the product page, it should be disclosed there. Variable shipping that depends on the customer's address is generally permissible to show later, but any mandatory flat-rate handling or processing fees must be included upfront.

How can I check if my online store has dark patterns?

Run a free TrustScan compliance scan on your store URL. It checks all 10 dark pattern categories and maps findings to specific ACL sections. Additionally, walk through your checkout flow as a new customer in an incognito browser — look for surprise fees, pre-checked boxes, urgency claims, and hidden cancellation options.

Which e-commerce platform has the most dark pattern risk?

All three major platforms — Shopify, WooCommerce, and BigCommerce — have dark pattern risks, but the source differs. Shopify risk comes primarily from its third-party app ecosystem. WooCommerce risk comes from plugin sprawl and custom checkout modifications. BigCommerce risk comes from built-in promotional tools and abandoned cart recovery features.

Dark Patterns in Australian E-Commerce: Shopify, WooCommerce & BigCommerce

Australian e-commerce is a $63 billion market — and the ACCC is increasingly focused on the dark patterns embedded in online retail checkout flows, subscription models, and pricing pages. If you run an online store on Shopify, WooCommerce, or BigCommerce, your platform's default settings and third-party apps may be creating compliance risks you don't know about.

This guide covers the most common dark patterns in Australian e-commerce, the platform-specific risks for each major platform, and what you need to fix before the Unfair Trading Practices Bill takes effect in July 2027.

Drip Pricing at Checkout: The Most Common E-Commerce Dark Pattern

Drip pricing is the practice of advertising a headline price, then adding mandatory fees progressively through the checkout process. In Australian e-commerce, this typically appears as:

Booking or processing fees added at the payment step
Mandatory “handling” charges that only appear after the consumer has entered their shipping address
Credit card surcharges that aren't disclosed on the product page
Environmental or packaging fees added as a line item at checkout

Section 48 of the ACL has required total price disclosure since 2011. If a fee is mandatory and quantifiable at the time the price is displayed, it must be included in the displayed price. The Dendy Cinemas infringement notice demonstrates that the ACCC is actively enforcing this — even for fees as small as $1.50 per transaction.

For e-commerce specifically, this means: if every customer who buys from your store pays a processing fee, that fee must be included in the price shown on the product page. Revealing it at checkout is a drip pricing violation under s48.

Pre-Selected Shipping Insurance and Add-Ons

Many Australian online stores pre-select shipping insurance, extended warranties, or product add-ons at checkout. The customer has to notice and manually uncheck these items to avoid paying for them.

This is a classic sneaking/pre-selected add-on dark pattern. Under the ACL:

Section 18: Pre-selecting a paid add-on creates a misleading impression about the total price the consumer agreed to pay
Section 21: A system that adds costs the consumer didn't actively choose can be unconscionable, particularly when combined with other manipulative design elements

The proposed UTP Bill explicitly targets this pattern. Under the new “unreasonable manipulation” prohibition, pre-selecting a paid add-on and relying on consumer inattention to generate revenue is precisely the kind of conduct the Bill is designed to catch.

The fix: All add-ons must be opt-in, not opt-out. No checkbox should be pre-selected. The consumer should affirmatively choose to add any item or service beyond what they put in their cart.

Urgency Timers and False Scarcity

Countdown timers, “only 3 left in stock” warnings, and “12 people are looking at this right now” notifications are pervasive in Australian e-commerce. When they reflect genuine stock levels or time-limited offers, they're legitimate. When they don't, they're dark patterns.

Fabricated urgency violates ACL section 29 (false or misleading representations) when:

A countdown timer resets when it reaches zero
“Limited stock” claims don't reflect actual inventory levels
“X people are viewing this” numbers are inflated or fabricated
A “sale ends today” banner runs indefinitely

The test is straightforward: is the urgency real? If the countdown reflects a genuine offer deadline tied to a real event, it's legitimate. If it's a design element intended to create artificial time pressure, it's a false urgency dark pattern.

The ACCC has specifically flagged urgency and scarcity claims as a priority area for e-commerce enforcement. Businesses should be prepared to evidence their stock level claims and sale deadlines if challenged.

Forced Account Creation

Requiring consumers to create an account before completing a purchase is a friction point that some Australian retailers use to capture data. While not inherently illegal, forced account creation becomes a dark pattern when:

The account creation wall appears after the consumer has filled their cart and entered payment details — creating sunk cost pressure to continue
The account creation form pre-checks marketing consent boxes
Guest checkout exists but is deliberately hidden or de-emphasised through visual hierarchy
The account creation flow collects data far beyond what's needed for the transaction

Under the Privacy Act 1988, data collection must be limited to what is “reasonably necessary” for the transaction. And as our compliance facts article explains, the Privacy Act creates a second enforcement front alongside the ACL — a manipulative account creation flow risks both ACCC and OAIC enforcement.

Sneaky Checkout Add-Ons

Beyond pre-selected insurance, Australian e-commerce stores frequently add items to the cart that the consumer didn't select:

Donation add-ons pre-selected at checkout (“Add $2 for charity”)
Gift wrapping automatically applied with a charge
Express shipping pre-selected as the default when standard shipping is available
Product protection plans bundled into the total

Each of these increases the total price beyond what the consumer expected to pay. Under ACL s18, the overall impression of the checkout flow is that the consumer has chosen these items — when in reality, the system added them automatically. Under s21, a checkout system that systematically inflates the total through pre-selected add-ons can be unconscionable when considered as a system.

Platform Risks: Shopify

Shopify is the most popular e-commerce platform in Australia, powering tens of thousands of online stores. Shopify-specific dark pattern risks include:

App ecosystem: Third-party Shopify apps frequently introduce dark patterns — urgency timer apps, “recently purchased” notification popups, and upsell apps that pre-select add-ons. The store owner is responsible for compliance, even if the dark pattern was introduced by a third-party app.
Default checkout behaviour: Shopify's default checkout may display shipping costs only at the final step if not configured properly, creating a drip pricing risk under s48.
Subscription apps: Shopify subscription apps (ReCharge, Bold, etc.) may not implement cancellation flows that meet the forthcoming UTP Bill requirements for cancellation parity.
Dynamic pricing apps: Apps that adjust pricing based on customer location, browsing history, or cart abandonment behaviour create ACL risk around misleading pricing representations.

What Shopify merchants should do: Audit every installed app for dark pattern behaviour. Review your checkout flow end-to-end. Ensure all fees are disclosed on the product page. Test your subscription cancellation flow from a customer's perspective.

Platform Risks: WooCommerce

WooCommerce powers a significant share of Australian online retail, particularly among medium-sized businesses. WooCommerce-specific risks include:

Plugin sprawl: WooCommerce's plugin ecosystem is even more fragmented than Shopify's. Plugins for upselling, cross-selling, urgency timers, and exit-intent popups are commonly installed without compliance review.
Custom checkout modifications: WooCommerce's flexibility means stores often have heavily customised checkout flows. Each customisation is an opportunity to introduce dark patterns — pre-checked fields, hidden fees, misleading copy.
Cookie consent plugins: Many WooCommerce cookie consent plugins use dark pattern designs — highlighting “Accept All” while making “Reject” difficult to find. This creates dual ACL/Privacy Act exposure.
Pricing display inconsistency: WooCommerce's tax and shipping calculation settings can result in prices displayed excluding GST on product pages but including GST at checkout, or vice versa — creating unintentional drip pricing.

What WooCommerce merchants should do: Review every active plugin for dark pattern behaviour. Standardise your pricing display (GST-inclusive throughout). Test your checkout flow in a logged-out browser to see what new customers experience.

Platform Risks: BigCommerce

BigCommerce serves many larger Australian retailers. Platform-specific risks include:

Built-in promotional tools: BigCommerce's native promotional features include banners and countdown timers that, if misconfigured, can create false urgency claims that violate ACL s29.
Abandoned cart recovery: BigCommerce's abandoned cart email sequences can create pressure to complete purchases. If the emails include false urgency (“your cart expires in 24 hours” when carts don't actually expire), this is a misleading representation.
Multi-channel pricing: Stores selling on BigCommerce plus marketplaces (eBay, Amazon AU) may display different prices across channels. If the lowest price is advertised but only available on one channel, this can constitute misleading conduct.
B2B/B2C dual pricing: BigCommerce stores serving both business and consumer customers need to ensure consumer-facing pricing complies with s48 component pricing requirements, even if B2B pricing is structured differently.

What BigCommerce merchants should do: Audit promotional tools for false urgency claims. Review abandoned cart email copy for misleading time pressure. Ensure pricing consistency across all sales channels.

The ACCC's E-Commerce Enforcement Track Record

The ACCC has a growing track record of enforcement against Australian e-commerce businesses:

Kogan.com: The ACCC took action against Kogan for misleading representations about a tax-time promotion. The case established that online pricing representations are held to the same standard as any other advertising under s18 and s29.
Woolworths and Coles: While grocery rather than e-commerce, the illusory discount cases set important precedent for online pricing. Displaying a “was” price that was never genuinely charged is misleading conduct — and this applies equally to online stores using crossed-out price comparisons.

These cases establish a clear pattern: the ACCC holds online retailers to the same consumer law standards as brick-and-mortar businesses. The digital environment doesn't provide a compliance exemption — if anything, the ACCC scrutinises online practices more closely because dark patterns are more prevalent in digital interfaces.

E-Commerce Dark Pattern Compliance Checklist

Use this checklist to assess your Australian e-commerce store:

Pricing: Does the product page price include all mandatory fees? (s48 compliance)
Add-ons: Are all optional add-ons unchecked by default? (sneaking/pre-selection)
Urgency: Do all countdown timers and stock warnings reflect genuine data? (s29 compliance)
Shipping: Are shipping costs visible before the checkout payment step? (drip pricing)
Account creation: Can customers check out as guests without friction? (obstruction)
Subscriptions: Is cancellation as easy as sign-up? (subscription trap compliance)
Cookie consent: Does your consent banner give equal prominence to accept and reject? (Privacy Act)
Third-party apps: Have you audited all installed apps and plugins for dark patterns?
Discount claims: Are all “was/now” prices based on genuine prior pricing? (s29 compliance)
Marketing consent: Are marketing opt-ins unchecked by default at checkout?

Scan Your Store

Your e-commerce platform's default settings, third-party apps, and checkout customisations may have introduced dark patterns you don't know about. The fastest way to find out is to scan.

Run a free TrustScan compliance scan on your online store. It checks your website against all 10 dark pattern categories and maps findings to specific ACL sections — in minutes. Whether you're on Shopify, WooCommerce, BigCommerce, or any other platform, the scan identifies the patterns that create enforcement risk under Australian Consumer Law.

For the step-by-step audit methodology, read our Unfair Trading Practices Audit guide. For background on penalties, see our ACCC penalty escalation analysis.