● HIGH#DW-008Sneaking

Sneak Into Basket

Automatically adding items, insurance, donations, or services to a user's shopping cart without their explicit consent.

What Is Sneak Into Basket?

Sneak Into Basket occurs when items or services are automatically added to a user's shopping cart or order without their explicit action. The user only discovers these additions if they carefully review their cart before checkout — which many don't, especially on mobile devices with smaller screens that may hide the added items below the fold.

This pattern exploits the trust users place in e-commerce platforms to accurately reflect only the items they've chosen. It transforms the checkout from a confirmation of user intent into a trap for the inattentive.

Common Implementations

Travel insurance — Budget airlines like Ryanair and Spirit historically pre-selected travel insurance during booking. Users who didn't notice and uncheck a pre-ticked box would find insurance charges on their credit card. Ryanair was fined for this practice in 2011.
Extended warranties — Electronics retailers adding "protection plans" as pre-selected options during checkout. The warranty appears in the cart summary in small text, often styled to look like a natural part of the order total.
Priority shipping upgrades — Selecting a faster (more expensive) shipping option by default, even when the user hasn't indicated urgency. The standard shipping option requires actively changing the selection.
Charitable donations — Some retailers add small donation amounts ($1-$5) to the cart as pre-selected, relying on social pressure (who would uncheck a charity donation?) and inattention to increase the order total.
Magazine subscriptions — GoDaddy was notorious for pre-adding domain privacy, email hosting, and website builder products when users purchased domain names. Users buying a $12 domain could end up with $50+ of unwanted add-ons.

Severity Assessment

8.0

High — This pattern causes direct financial harm by charging users for products and services they never intended to buy. It's particularly insidious because the amounts are often small enough that users don't notice them on credit card statements, allowing the practice to continue indefinitely. The aggregate financial impact across millions of transactions is enormous.

Legal Status

🇪🇺 Consumer Rights Directive

Article 22 explicitly prohibits pre-ticked boxes for additional payments. Any extra charges require active, affirmative consent from the consumer. Violators face significant fines.

🇺🇸 FTC Enforcement

The FTC considers sneaking items into baskets a deceptive trade practice under Section 5 of the FTC Act. GoDaddy's add-on practices were specifically cited in FTC complaints.

🇬🇧 Consumer Contracts Regs

UK Consumer Contracts Regulations 2013 require explicit "opt-in" consent for all additional charges. Pre-selected extras are not considered valid consent.

Detection Checklist

Does the cart contain items the user didn't explicitly add? Are add-on services pre-selected (opt-out instead of opt-in)? Is the cart total higher than expected from the items explicitly chosen? Are additional items styled to blend into the normal order summary? Does removing unwanted items require finding small or hidden controls?

Remediation

Opt-in only — Additional items and services must require explicit user action to add to cart.
Clear cart display — Every item in the cart should be visually distinct and individually removable.
Confirmation on add-ons — Show a clear confirmation when suggesting add-ons: "Would you like to add X for $Y?"
Cart audit trail — Show users how items ended up in their cart (user-added vs. suggested).

Checkout flow audit for hidden add-ons? Book a UX audit →