Update June 22, 2016: G2A have responded to the recent controversy sparked by TinyBuild's accusations of the company allowing fraudulent keys to be sold on their platform.
In a statement released today, G2A claim TinyBuild did not cooperate with their request to get a list of the questionable keys, which they needed to check against their own database.
G2A also call into question TinyBuild's estimated value of $450,000, citing frequent sales of up to 85% off as proof that the estimate is just too high. You can read our full story, along with G2A's statement at that link.
We've also reached out to G2A for comment on the story below.
Original Story June 22, 2016: As we reported yesterday, G2A have recently been under fire for their practice of allowing anyone to sell keys on their service. Indie publishers TinyBuild said that a significant number of keys they believe were purchased with stolen credit cards were sold on the service. Now Trion Worlds CEO Scott Hartsman, someone who has “spent more time combating fraud in the last couple years than making games,” has issued a long statement regarding G2A and their practices to PCGN.
For a look at some of Trion’s works, try the best free PC games.
Hartsman first explains how this actually happens.
“In our ideal world, none of this would matter - let people buy and sell keys as they like. That worked for a long time. Unfortunately, we live in a world with millions of stolen credit cards available for practically nothing, and a world of hundreds of millions of hacked account credentials floating around.
“People frequently reuse those across multiple sites. Sometimes their banks, their Paypals, their Amazon accounts, and so on. Exchangeable keys now come with massive fraud risk. Bad actors [a cyber security term for people who access databases with malicious intent] get stolen credentials/CCs, buy keys from legitimate sources, then list them on grey market sites. Then only later does the owner of the stolen CC notice, call their bank, and a chargeback gets issued.”
It’s at that point where places like TinyBuild are in trouble, as they’re out of money. So, why don’t the banks fix this?
“What most people don't know is that there's no incentive for the banks to take a stand here. Their customers are the credit card holders. If a CC holder with a stolen card says ‘cancel all the transactions,’ the bank's response in taking care of their customer is, ‘You got it, we'll reverse it all,’ as they should.
“Farther up the chain, isolated from both the developer and the CC holder, are the CC companies themselves. To them, for better or worse, it's a numbers game. Small number of chargebacks? Here are some punitive fines you need to pay us. Too many chargebacks for too long? Poof. You can no longer accept credit cards. And the innocent customers who just thought they were getting legitimately cheap keys lose access to games. It's a crap deal for everyone involved.”
‘Poof’ is exactly what happened to TinyBuild’s store, as they explained yesterday. But what about G2A specifically saying that they say legitimate resellers are using their store because of its reach?
“In our experience, the number of times that 'other partners' have bought keys and resold them on grey market sites, as G2A uses in their reasoning to TinyBuild, is exactly zero,” says Hartsman.
In response to this level of fraud, Trion have invested heavily in fraud protection. “We’ve built up what's likely the industry's best fraud protection for online games sales and microtransactions. It's not a problem that can be solved in software alone - it's a combination of data, software, and human effort, with multiple checkpoints along the way for every single transaction. We even pass partners' wallet transactions through our system when we can. It's surprising how many bad actors we catch that they don't. It's not ideal when we have to invest huge amounts of developer and service staff time into efforts other than ‘create and run good games,’ but it's a part of the reality of running a publisher today.”
A sad reality, really. While the guy who designs a prevention system for credit card fraud isn’t necessarily working on the same projects as the woman with a game design degree, it’s still money and resources that could have been spent on something other than preventing crimes. Here’s how Hartsman says potential buyers can help:
“As you're looking to buy a game, if a price looks too good to be true, it probably is. Someone's getting hurt; it's just a question of whom. Game creators of all sizes survive on your support. If you want to make sure they're getting their share and are able to use it to pay their own teams and bills and continue creating great things in the future, support them and buy directly from them or from their primary-source partners like Steam, Amazon, GOG, and others.”
Generally, a developer’s website is your best bet to either buy the game directly or be linked to an approved partner. Buying directly from Steam is also the only way to be able to secure a refund when a game proves not to your liking. Hartsman has also been posting further thoughts on Twitter, if you'd like to read more.