G2A: How they say they’re cleaning up their act


They know, you know. G2A are aware of how they’re perceived, and they want to fix it. This was the message from G2A’s media day earlier this month, where we got the chance to speak with staff and PRs. So let’s talk about exactly what their image problem is, how it arose, and how G2A are trying to solve it.

After some cheap games for the holidays? How about the best free games on PC?

The business model

G2A are a marketplace for videogame keys, where third parties can post keys they have for sale and you, the consumer, can buy them. They are a secondhand market, like eBay, and in this they differ from, say, GreenManGaming, who are a key reseller – they buy keys themselves and sell them on, looking for deals which enable them to make a small profit. Then there are direct merchants like Steam and GOG, who have developers’ and publishers’ approval to sell you their games at market prices.

One question you might already have is: how can G2A possibly gather enough codes to make a business out of this? According to then-PR projects coordinator Will Fox, some come from individuals, like you or I, who might get a bunch of keys in a Humble Bundle, a giveaway or some other promotion. If we’re not interested in some of those games, we could list them on G2A and make some money. PR coordinatorKatarzyna Szymczak-Skalska says “the majority of [G2A’s] sellers” are individuals like this, but they tend not to sell keys in large volumes.

“The sellers who typically sell large amounts of keys are businesses who distribute keys and sell them on G2A because our marketplace allows them to spread their business and sell in new regions,” says Szymczak-Skalska. Fox says there are those who “scour the internet looking for bargains, looking for good discounts”, and then relist those keys on G2A to sell them for a profit.

These sound like slightly evasive descriptions of merchants who exploit regional price variations. Since game prices vary hugely across the world, games that aren’t region-locked represent a particularly good opportunity to buy low and sell higher, while still undercutting official, primary-source prices. It’s not illegal, though it’s typically not what devs or publishers intend, and can hurt their profits by draining money from lucrative markets. We’ll come back to this.

There’s one last category of merchant who really draw the ire of anyone that’s been following G2A in the news: thieves.

According to indie devs TinyBuild, who were the highest-profile victims of theft in recent months, the business model goes like this:

  • Get hold of a database of stolen credit cards on the darkweb
  • Go to a bundle/3rd party key reseller and buy a ton of game keys
  • Put them up onto G2A and sell them at half the retail price

It’s this that has caused G2A the most reputational damage. TinyBuild lost $450,000 worth of games (if valued at full price), and these figures make a real difference to indies.

Worse, it wasn’t an isolated incident, but rather the culmination of a trend of similar, smaller stories that G2A have done far too little about, and allowed to snowball into a serious image crisis. It’s not long after any mention of G2A on the internet that they are accused of facilitating or even being scammers, fraudsters or outright thieves.

G2A's professional relationships

G2A’s solutions

Regional pricing and identifying fraudulent keys

At G2A’s media day, we spoke with their director of strategic development, Patryk Kadlec. Our first questions concerned the process of registering as a seller on G2A, and what measures are applied to detect fraud.

“When you start selling, you go through a lot of analysis in the backend,” says Kadlec. He says G2A use SteamSpy, their own internal database, and other sources to look for differences between the suggested retail price (SRP) of a game, and the price at which you’re trying to sell a key for it. “Let’s say the SRP is $60 and somebody’s uploading 20,000 codes for $1 or $2 or something like this, there’s obviously something wrong.”

G2A head of PR Maciej Kuc, contacted separately by email, also said “we check everything we possibly can check before we allow sellers to put a specific key on the auction, including making sure they do not match any keys that have been black-listed by developers.”

To algorithms like this, G2A add “the human factor”, says Kadlec. They have experts, “people who really know what the industry looks like”, who join the computers in identifying suspicious listings, such as those which break release dates. “If the game is not released yet officially, how come we have it? So this all contributes to flagging a particular merchant if it’s a fraudster, or if it’s even suspicious or not.”

If a merchant is flagged as suspicious, then a procedure for further investigation is triggered. “We might ask for the invoice of purchasing those codes,” says Kadlec, as an example, to determine if the seller’s source is legitimate.

To get the other side, we reached out to Scott Hartsman, the CEO of Trion Worlds, an independent but large studio. One senses he has a different idea of ‘legitimacy’. Hartsman says that whenever his company saw a batch of keys go up on what he called “the fraud sites”, they bought one. “Once we have the key in hand we know exactly which partner we issued it to, when, and what the price should have been. And then we can see what actually happened with it. Invariably, that key was purchased with either a hacked paypal, stolen CC, or region exploit.”

And Hartsman really does mean that word, ‘invariably’: “Every key we’ve audited that was being sold for under-market price was obtained by either payment fraud or regional pricing fraud,” he says. “The mythical ‘dedicated gamer who just wants to sell a spare key’ doesn’t appear to exist. It’s a smokescreen that’s not happening at any scale.”

This is somewhat at odds with G2A’s assertion that “the majority” of their merchants are individuals, but it could just mean that a smaller number of region exploiters (or thieves) are listing an overwhelming number of keys.

For his part, Kadlec claims “there was not a single case when a developer came to us, or a publisher, saying ‘the codes are not from a legit source’ and they had real proof of that.” Some examples he offers of “real proof” are police statements to the effect that hacking or theft were involved in acquiring the keys, or even a report from the payment service provider. G2A include Hartsman in this, and said in response to his comments that he never made any attempt to contact them or share his findings (and also that they “highly doubt” their truthfulness).

So Hartsman says every bargain-priced key for a Trion game which his company checked was obtained with payment fraud or by exploiting regional pricing. G2A say no developer or publisher has been able to prove their listed keys were sourced illegally. If neither is mistaken (or lying), the conclusion would seem to be that most keys on G2A are listed by large merchants looking to pocket the difference between regional prices.

Note that Hartsman mentions this practice in the same breath as payment fraud. It’s hasty to conflate the two: they are very different, and while regional pricing exploitation can be criticised, it isn’t illegal (though, while we’re on the subject, don’t ever buy a key from anywhere that asks you to use a VPN to get around a game’s region lock – that wouldbe illegal, and it’d be youcommitting the crime).

Asked for their position, G2A’s PR team point out that they “in no way decide what region a key is for. Only the developers, publishers, or IP rights holders of games have the power to decide what region their product is for,” and “if a key is region-locked, all sellers using G2A.com have to provide this information, and it is always clearly shown on the product page.” If a game is marked ‘global’, then G2A “do not see any problem selling global keys in the exact way they are meant to be sold – globally.”

So if developers or publishers have a problem with G2A merchants exploiting regional price variations, they can also do something about it by region-locking their keys. G2A don’t see any ethical (much less a legal) obligation to ensure the listed price of a ‘global’ key matches that of the region in which it was originally purchased.

G2A Direct

G2A Direct and G2A Pay

This brings us back to payment fraud, and so to G2A Direct, the developer partnership scheme which was announced in July this year, several weeks after the TinyBuild scandal. Developers who sign up can sell their games directly on G2A, much as they would on Steam, but they can also query any keys listed on the G2A marketplace which they suspect of having been obtained fraudulently.

The implication is that this feature is exclusive to Direct, which Hartsman compares to a protection racket. Responding, Kuc says no developer needs to belong to Direct “in order for G2A to help them track down any stolen keys. They just have to actually cooperate with us, and provide us with the keys in question… if the key was never black-listed by the developer, nor reported, how can we – or anyone for that matter – know not to sell that specific key?” Szymczak-Skalska says that “we do not want to leave anyone in the dust but if you claim there are stolen keys on our marketplace, and then give us no further information, then there is little we can do to help you.”

G2A Direct simply makes the querying process easier by giving partners access to the G2A database. G2A say they’ve been overwhelmed by applications, and are having to streamline their onboarding process to handle them all. Direct has signed up 50 developers in the four months since its announcement, including some big names in the indie scene, such as the SuperHOT team; Hi-Rez, who make Paladins, Tribes: Ascend and Smite; and Playrise Digital, who make Table Top Racing.

Whether the queue of applicants is due to the perks of Direct (which include an 89/11 revenue split compared to Steam’s 70/30, among other things), or because it makes it easier for devs to query their codes, is moot. Membership is free, at least; all the developer has to do “is basically decide to join”, says Direct account manager Mario Mirek. (Anyone interested should send an email to [email protected])

One of our readers made the point that the query feature could be abused to kill legitimate codes by developers who simply don’t want their keys relisted on G2A, so we asked Mirek about that. Here’s what he said:

“Developers have the right to cancel their keys but cancelling legally obtained keys may backfire. Imagine a customer purchases a key on another platform and decides to re-sell it on our marketplace. If the developer cancels such a key without valid reason, and the customer can provide proof of purchase, then the developer will be charged back by their original payment provider. This will result in a financial loss, in the long run might generate bad publicity for the developer and confirm the lack of oversight on developer’s end.”

G2A also argue that issues with fraudulent keys on their marketplace originate with the sources of those keys – often, developers’ own online stores. “Unless developers secure their own websites, they will continue to fall victim to credit card fraud, and it has nothing to do with G2A,” says Kuc. This is why G2A developed their own payment system, G2A Pay, which offers 100% chargeback and fraud protection. “We have a lot of experience in securing game key sales because of our marketplace, and this is exactly what Pay was created to do. We do not offer G2A Pay (nor G2A Direct) to developers as some sort of ultimatum that they will never be secure and that we won’t work with them until they use our system; it really is just the best solution we can offer.”

G2A Shield

Customer guarantees and G2A Shield

It’s perhaps a tacit admission of the limitations of their business model that one of G2A’s earliest products was Shield, which began life as a kind of insurance against keys that don’t work, for whatever reason. Kadlec says “in every marketplace you can have wrong or fake stuff, when you have thousands of merchants and buyers, you cannot control ultimately all of it.”

Shield drew G2A some more negative publicity when a redditor posted a thread about how difficult it was to cancel, and G2A’s CEO admitted this was a problem at his company’s Winter Party, where guests included Polish politicians. So it seems G2A will be making Shield more user-friendly, and they’ve recently announced a new, premium version with more features.

Its essential role remains the same, however: if you, as a consumer, subscribe to Shield for one euro a month, or pay three euros to apply Shield to a single purchase, G2A’s ‘100% satisfaction guarantee’ means you either get a working game or your money back, no questions asked.

Again, one might wonder why G2A only feels able to extend that guarantee to people who subscribe to one of its products. We asked Kadlec whether G2A promised to refund customers with or without Shield. This was his reply:

“Yes, because it’s also for us, if for some reason such a situation happens, it’s also not a good situation for us, because if you as a customer are not happy then you claim back to your payment service provider and we get hit anyway. So we place the customer in the first place always, but even from economical thinking, it’s justified for us to work in favour of the end user, of the customer.”

That’s good from a consumer perspective, but why the payment for Shield? To Kadlec, this is compensation to G2A for policing transactions on its own market. As online marketplaces move away from escrow systems and toward refunds or chargebacks in the case of a shady transaction, Kadlec says “we know that this process is taking a lot of time for the consumer, so we wanted to make this process faster, more smooth, so we take this, let’s say, hassle of finding out who’s wrong and who’s right on ourselves.”

It also turns out that that ‘no questions asked’ part of the guarantee may be important. According to a piece by Polygon, “There are absolutely different regulations between marketplaces and retailers. We are obliged to ask questions when customers come to us with a return policy – except with G2A Shield – because there is a seller who needs to know why a customer wants to give the product back.” So Shield may also be a legal dodge: its price is tokenistically low because G2A need to be able to say they’ve sold you something, otherwise they have to put you through some hassle before they can offer you a refund.

A product of G2A's forthcoming 3D printing service

Regulation and the future

Technology moves quickly, and politicians move slowly. Digital distribution is still unheard-of in certain parts of the world, and the regulation of it is barely adequate even in the developed world. The fact is that G2A operate in many of those developing markets, and you can take different perspectives on that fact.

Kadlec pleads for the charitable perspective, arguing that no-one knows yet how to do what they do without encountering the problems they have. “We want to open a kind of dialogue with the industry first, and secondly with legislation, about what is good practice,” he says. “Sometimes we need to ask for some interpretations of good practice, law and other stuff, to be really in line in what we are doing… when you are really leading some business, especially in technology, the law doesn’t always follow it. So there might be gaps, there are many unregulated markets.”

Essentially, G2A are saying: ‘Ok, if we’re doing this wrong, tell us how to do it better.’

Hartsman offers the uncharitable view. “Fraud and pricing exploitation is what they’ve intentionally built a business on top of,” he says. “The only thing that keeps them out of jail is that they’re operating in countries where there’s no ability for law enforcement to touch them.”

Hartsman’s advice for G2A, if they’re sincere in wanting legitimacy, is to “exit the business for secondhand keys. If they want to sell keys in a way that helps ensure developers can afford to keep making games, they should become a primary source partner only and compete on their merits.”

Kuc was defiant in response to this suggestion. “Re-selling things, whether virtual or physical, has always been part of the free market, and it will always be part of the free market – there is absolutely no way around that. You cannot ban something that is completely legal.”

Nonetheless, G2A Direct is a move toward primary source, and their many new products (G2A Gear, G2A 3D and 3D Plus, VR game development) open plenty of revenue streams beyond their marketplace. If regulation ever clamps down on the grey market for game keys, G2A will probably have something else to offer.

Blunt Force, G2A's in-development VR game

The verdict: are G2A ‘legit’?

“We really want to improve, and to contribute to the industry,” says Kadlec. G2A are working very hard to appear legitimate, and they insist that all they want is to deliver value to the consumer and to be a good partner for the industry. In response to feedback, they have changed their systems and designed new services, such as Direct and Pay, to protect against some of the hazards of a grey market.

If they’re still screwing up, they claim it’s because no-one knows any better yet, and because people are still reluctant to work with them to help them improve. They’ve unveiled many new product concepts which, to be fair, do sound pretty cool, and which I as a gamer would happily make use of (I’d love to rip a figurine of Knight Artorias straight out of Dark Souls if it came at a decent price). Kuc points to all these services and asks why G2A would bother creating them if they were only interested in making money off of fraudulent goods.

From a consumer perspective, if all you want is a cheap game key, we believe G2A sincerely wants to give that to you without it failing. And we believe they can, especially if you’re willing to get Shield.

However, if you’re considering using them, keep aware of the implications. Whether it is or isn’t G2A’s intention, a grey market for game keys will, by its nature, hurt some people in the industry.

Despite their best efforts to reassure, it’s still not certain that G2A can consistently identify fraudulent keys, especially if the non-compliance of developers is as big an issue as they say. We’re not at all sure that anyone else would be able to do a better job, but that doesn’t change the fact that some fraudulent keys will probably continue to slip through.

Then there are the cheap keys that exploit regional price variations, and if Hartsman is correct, these two types of keys make up a huge proportion of G2A’s inventory. Region-exploiting keys move consumer spending toward the lowest prices available worldwide, and though we understand games are getting more expensive these days, so is development.

So when it comes to indie games at least, consider buying from primary source partners. If that’s G2A via their Direct scheme, then fine, but between chargebacks for theft and fraud and loss of revenue from regional exploits, indies need and deserve better. G2A may be trying to make working with them as hassle-free as possible, but from our perspective as consumers, the easiest way to give indies our support is still to buy direct.

As a final thought, it does seem futile to simply wish away the existence of any and all grey markets; Kuc isn’t wrong when he says they are, and ever have been, legal. “We believe the best thing we can do is all work together to ensure that this part of the free market is as secure as possible,” he says. “G2A are absolutely willing to hear more feedback about how we can improve, so please talk to us”.

Developers have the option to protect themselves by region-locking their keys or moving away from keys altogether (as Trion Worlds has tried to do). But unless this happens across the industry,someonewill always offer what G2A are offering, and they may be less receptive to advice. With Shield, Direct, and 100% chargeback and fraud protection for sellers, G2A are doing more than most to protect merchants and customers from the intrinsic harms of a grey market. Maybe one large company who are trying to clean up an inherently dodgy business model is better than the alternative.