• Hey, guest user. Hope you're enjoying NeoGAF! Have you considered registering for an account? Come join us and add your take to the daily discourse.

tinyBuild GAMES: G2A sold $450k worth of our game keys

http://tinybuild.com/g2a-sold-450k-worth-of-our-game-keys

his quick summary of what g2a is for the uneducated:
tl;dr websites like G2A are facilitating a fraud-fueled economy where key resellers are being hit with tons of stolen credit card transactions and these websites are now growing rapidly due to low pricing of game keys

The financial impact is actually huge

I’ve been dismissing the issue for a long time. Sure, a few game keys leak here and there – nothing major. For a few months we supported our own little store on tinyBuild.com – just so we can give some discounts to our fans, and do creative giveaways that’d include scavenging for codes.

The shop collapsed when we started to get hit by chargebacks. I’d start seeing thousands of transactions, and our payment provider would shut us down within days. Moments later you’d see G2A being populated by cheap keys of games we had just sold on our shop.

Coincidentally, this is when we were having discussions about partnering up with G2A and how that’d work. I really wanted to find out what kind of financial impact this marketplace can have, and after asking for sales stats in 3 separate discussions, I finally have them.

From the e-mail:

SpeedRunners Early Access Global: 24,517 units sold with an average price of €6.26 per unit.

Punch Club Global: 1,251 units sold with an average price of €8.72 per unit.

Party Hard Global: 890 units sold with an average price of €7.95 per unit.

If I do some simple calculations, it comes down to this:

Km1004C.png


With this information in hand, my obvious question was where did the keys come from, and can we get compensation for that?

Here’s the reply I got.

“So the issue you have pointed to is related to keys you have already sold. They are your partners that have sold the keys on G2A, which they purchased directly from you. If anything this should give you an idea on the reach that G2A has, instead of your partners selling here you could do that directly.

I can tell you that no compensation will be given. If you suspect that these codes where all chargebacks aka fraud/stolen credit card purchases I would be happy to look into that however I will say this requires TinyBuild to want to work with G2A. Both in that you need to revoke the keys you will be claiming as stolen from the players who now own them and supply myself with the codes you suspect being a part of this. We will check to see if that is the case but I doubt that codes with such large numbers would be that way.

Honestly I think you will be surprised in that it is not fraud, but your resale partners doing what they do best, selling keys. They just happen to be selling them on G2A. It is also worth pointing out that we do not take a share of these prices, our part comes from the kickback our payment providers.”

In short, G2A claims that our distribution partners are scamming us and simply selling keys on G2A. They won’t help us unless we are willing to work with them. We are not going to get compensated, and they expect us to undercut our own retail partners (and Steam!) to compete with the unauthorized resellers.

There’s no real way to know which keys leaked or not, and deactivating full batches of game keys would make a ton of fans angry, be it keys bought from official sellers or not.

Make your own conclusions.

included the majority of this since the site seems to be hammered (won't load for me anymore) and i didn't see a single ad on the page

this is incredibly shitty. g2a doesn't give a fuck.
 

nynt9

Member
Iirc g2a are a marketplace and we should differentiate between talking about keys sold by the company and by sellers on their marketplace. The summary makes them seem like 100% fraud which I believe is not the case. Their own keys are reseller obtained keys just like GMG's not-publisher-partnered keys.

Unfortunately unlike other marketplaces (eBay) they don't seem very involved in where the keys come from, but they do have buyer protection from what I understand? Not sure how it really works. Shitty that they don't step in to protect the developers. They probably don't give a shit.
 

Ikuu

Had his dog run over by Blizzard's CEO
I'm none the wiser. What is happening?

G2A is both a store and a marketplace, they sell keys and let others sell them through G2A. People are buying the keys to sell on G2A and then original purchase is being chargedback.
 
http://tinybuild.com/g2a-sold-450k-worth-of-our-game-keys

his quick summary of what g2a is for the uneducated:




included the majority of this since the site seems to be hammered (won't load for me anymore) and i didn't see a single ad on the page

this is incredibly shitty. g2a doesn't give a fuck.

The claim is that their partners are selling to G2A. If they're selling to their partners, then isn't the price they sold to their partners at something of a floor for those keys? Certainly their partners wouldn't buy a bunch of keys from them and then sell them on G2A for less, would they? I don't exactly understand the argument here. Is the problem less with these keys specifically, as what these keys do to the sale value of their keys elsewhere? Help. Make it make sense.

Its right there in the second quote. They got hit by chargebacks

Why can't they associate the chargebacks to the buyer and the keys, then? Are these supposed to be huge batch purchases, or a large number of small time scam artists?
 

KingV

Member
So, Tinybuild games gets owned by fraud on their private store because they have shitty merchant practices, claims G2A is selling fraudulent keys without direct proof (I.e. Proving that key #9999 is from a transaction that was charged back AND was later sold on G2A)

Then refuses to
1) cancel the fraudulent keys sold that were charged back
2) refuses to provide the fraudulent keys to G2A so that G2A can do an investigation and find the sellers selling fraudulent keys.
3) demands payment... for reasons, again without providing proof.

This is Tinybuilds fault, they 1) set up a storefront that was vulnerable to fraud (probably because they have little experience in this) and 2) won't take the basic steps to invalidate said keys and prove to G2A that their sellers are selling fraudulent keys.
 

nynt9

Member
I don't think they're all scammers, but it's not worth having markets like this if that's who they'll benefit the most, and very easily.

Yeah g2a need to police their marketplace better to keep scammers away, but they probably see a profit from that and don't give a shit.
 
There’s no real way to know which keys leaked or not, and deactivating full batches of game keys would make a ton of fans angry, be it keys bought from official sellers or not.

Are they not keeping track of which purchase had given out which key? They should be deactivating any charged back purchase.

Of course a G2A purchaser is going to get hit by a deactivated game but they didn't pay all that much and they'll learn to never use G2A again.
 
PC gamers like buying cheap games

If G2A goes down, there's a bunch of other similar sites, and there's even key sellers on GAF that sell as cheap as G2A. I doubt this "grey market" will go away any time soon, it's too convenient for wallets.
 

Hasney

Member
PC gamers like buying cheap games

If G2A goes down, there's a bunch of other similar sites, and there's even key sellers on GAF that sell as cheap as G2A. I doubt this "grey market" will go away any time soon, it's too convenient for wallets.

Right, but there's a lot of sites that just unbox legit bought retail copies. That's different to a marketplace where it's easy to sell fraudulently bought keys.
 

Stumpokapow

listen to the mad man
I'm none the wiser. What is happening?

Steam does not charge developers money to generate keys for their own games. As a result, they can offer a 30% discount on their own games on their own websites without losing any revenue. Nice developers pass this along to their prospective customers, either in perpetuity, or through specific discount events. So if something is 25% off on Steam, it can be 50% off on the developer's website without loss of revenue.

Key resellers bulk-buy these discounted keys to resell later, taking advantage of arbitrage between the price now and the price later, and also the developer's ability to offer the discount. Many of these key resellers buy using stolen credit cards--so that the payments eventually bounce. Alternatively, the key resellers can do large bulk chargebacks, knowing that the person negatively impacted will be the developer, not them.

G2A offers an eBay style marketplace listing service where key resellers can list the tens of thousands of keys they've bought. They profit on this. They also typically sell insurance, so if you're a buyer and buy a bum key, you have to pay an extortion fee to G2A to get a refund. Consumers are suckered in because the price of these keys are cheaper. If the key resellers resell fast enough, the hot potato is passed to the consumer before the chargeback or fraud dispute from the original purchase--like someone stealing a cell phone and reselling it before the phone is disabled.

The developer in this case was hit for $200k worth of sales, the keys for which were later resold on G2A. They reached out to G2A to get help, and G2A responded by negotiating with them into supplying cheap keys directly to G2A and supporting G2A if they want G2A's help shutting down illicit sales.

This is part of the broader, gross role that G2A, Kinguin, and other high profile key reselling services play in hurting indie developers.
 

MUnited83

For you.
G2A's entire business and profit is based on the scammers. They actively cater to them and let them run wild(since, you know, profits) Shit should be closed and nobody should be buying games there.


So, Tinybuild games gets owned by fraud on their private store because they have shitty merchant practices, claims G2A is selling fraudulent keys without direct proof (I.e. Proving that key #9999 is from a transaction that was charged back AND was later sold on G2A)

Then refuses to
1) cancel the fraudulent keys sold that were charged back
2) refuses to provide the fraudulent keys to G2A so that G2A can do an investigation and find the sellers selling fraudulent keys.
3) demands payment... for reasons, again without providing proof.

This is Tinybuilds fault, they 1) set up a storefront that was vulnerable to fraud (probably because they have little experience in this) and 2) won't take the basic steps to invalidate said keys and prove to G2A that their sellers are selling fraudulent keys.

lmao
There are no online storefronts that are invulnerable to fraud. If you found a magical solution feel free to share it. Even Humble Bundle is routinely hit by it.
 

Glix

Member
PC gamers like buying cheap games

If G2A goes down, there's a bunch of other similar sites, and there's even key sellers on GAF that sell as cheap as G2A. I doubt this "grey market" will go away any time soon, it's too convenient for wallets.

Thats fine as long as they are not stealing the keys. In this case the keys are bought, sold to/through G2A, and then they do a chargeback with the credit card company. Not a couple of incidents, but thousands of times.
 

BennyBlanco

aka IMurRIVAL69
Yeah, open market sites like G2A I won't bother with. Too much room for shady shit. GMG, CDKeys, etc are fine with me because they're sourcing and supplying keys themselves.
 

Necro900

Member
Steam does not charge developers money to generate keys for their own games. As a result, they can offer a 30% discount on their own games on their own websites without losing any revenue. Nice developers pass this along to their prospective customers, either in perpetuity, or through specific discount events. So if something is 25% off on Steam, it can be 50% off on the developer's website without loss of revenue.

Key resellers bulk-buy these discounted keys to resell later, taking advantage of arbitrage between the price now and the price later, and also the developer's ability to offer the discount. Many of these key resellers buy using stolen credit cards--so that the payments eventually bounce. Alternatively, the key resellers can do large bulk chargebacks, knowing that the person negatively impacted will be the developer, not them.

G2A offers an eBay style marketplace listing service where key resellers can list the tens of thousands of keys they've bought. They profit on this. They also typically sell insurance, so if you're a buyer and buy a bum key, you have to pay an extortion fee to G2A to get a refund. Consumers are suckered in because the price of these keys are cheaper. If the key resellers resell fast enough, the hot potato is passed to the consumer before the chargeback or fraud dispute from the original purchase--like someone stealing a cell phone and reselling it before the phone is disabled.

The developer in this case was hit for $200k worth of sales, the keys for which were later resold on G2A. They reached out to G2A to get help, and G2A responded by negotiating with them into supplying cheap keys directly to G2A and supporting G2A if they want G2A's help shutting down illicit sales.

This is part of the broader, gross role that G2A, Kinguin, and other high profile key reselling services play in hurting indie developers.

But isn't there any way to deactivate keys that have been charged back/whose payment bounced because of a stolen credit card? I mean even after they've been redeemed.
That way g2a customers would find their games unusable and would have to ask for refunds (if they've done the shady insurance-stuff).
 
So, Tinybuild games gets owned by fraud on their private store because they have shitty merchant practices, claims G2A is selling fraudulent keys without direct proof (I.e. Proving that key #9999 is from a transaction that was charged back AND was later sold on G2A)

Then refuses to
1) cancel the fraudulent keys sold that were charged back
2) refuses to provide the fraudulent keys to G2A so that G2A can do an investigation and find the sellers selling fraudulent keys.
3) demands payment... for reasons, again without providing proof.

This is Tinybuilds fault, they 1) set up a storefront that was vulnerable to fraud (probably because they have little experience in this) and 2) won't take the basic steps to invalidate said keys and prove to G2A that their sellers are selling fraudulent keys.

If Tinybuild invalidates the keys after someone's already activated them, it can shut down a user's Steam account. Tinybuild didn't want to deal with the PR nightmare from causing thousands of users to have their Steam accounts locked down.
 

JCG

Member
I've only used G2A twice and it was simply for the sake of purchasing two relatively inexpensive games that weren't available to me through other stores at the time. The issue was availability, period, not because of any real or perceived savings. It was either that or outright pirating the games and I just didn't want to do such a thing.
 
Ban those keys. G2A marketplace members get hammered with negative feedback because games are de-activated and further keys don't even work.

So many G2A powersellers have consistently high feedback. I have bought several times without protections, 12+ successful transactions.

It feels like an inaction of the Tinybuild. There will always be fraudsters in public marketplace and G2A is in no position to police it without the assistance from whoever issues those keys. You also cannot quickly cash-out from G2A.

Yeah g2a need to police their marketplace better to keep scammers away, but they probably see a profit from that and don't give a shit.

Have you ever sold something on G2A? They have some of the most ludicrous requirements that have to be manually approved before the key is up for sale. G2A has both higher requirements for sellers and more protection for buyers than ebay does.

If Tinybuild invalidates the keys after someone's already activated them, it can shut down a user's Steam account. Tinybuild didn't want to deal with the PR nightmare from causing thousands of users to have their Steam accounts locked down.

It doesn't shut down the account. If the key is revoked, you get a message in the Steam client that the key was revoked. Why does the Tinybuild have to deal with any kind of PR nightmare even if those accounts could get in trouble? They didn't sell keys, it is G2A's nightmare if that happens.
 
So, Tinybuild games gets owned by fraud on their private store because they have shitty merchant practices, claims G2A is selling fraudulent keys without direct proof (I.e. Proving that key #9999 is from a transaction that was charged back AND was later sold on G2A)

Then refuses to
1) cancel the fraudulent keys sold that were charged back
2) refuses to provide the fraudulent keys to G2A so that G2A can do an investigation and find the sellers selling fraudulent keys.
3) demands payment... for reasons, again without providing proof.

This is Tinybuilds fault, they 1) set up a storefront that was vulnerable to fraud (probably because they have little experience in this) and 2) won't take the basic steps to invalidate said keys and prove to G2A that their sellers are selling fraudulent keys.

Bartosz, is that you?
 

MUnited83

For you.
If Tinybuild invalidates the keys after someone's already activated them, it can shut down a user's Steam account. Tinybuild didn't want to deal with the PR nightmare from causing thousands of users to have their Steam accounts locked down.

That's not actually a thing. What it happens is you get a notice from Steam that the game is removed and that's it.
 

KingV

Member
lmao
There are no online storefronts that are invulnerable to fraud. If you found a magical solution feel free to share it. Even Humble Bundle is routinely hit by it.

I worked in fraud strategy for one of the largest credit card issuers in the US for quite a few years. Major online retailers have fraud departments for a reason. Throwing up some sort of simple store when you are three or four people and you are selling goods is asking for trouble.

Yes, iTunes, and PayPal, and whoever else also has fraud but they also put a lot of effort into figuring out how to prevent fraud and how to make it so that it doesn't pay off. A big part of that is cooperating with other companies to investigate fraud and catch scammers, something that they haven't done here.

It sounds to me like Tinybuild's fraud prevention strategy is basically to whine in a blog post. At the minimum, they should consider some mix of the following:

- shutting down any key sold that later has a chargeback, and doing so quickly
- implementing something like MasterCard secure code to take advantage of the liability shift that occurs on secure code transactions
- check location of ip addresses to be consistent with the cardholders address
-limit the speed and total amount that an individual IP number or customer can spend in their store in a given time period.


I would point out that steamdb says lowest price ever on speedrunners is like $2.50... So, an average price of 6 Euros doesn't seem all that low really.
 

ChryZ

Member
I almost bought something there, then I saw their "insurance" offer aka G2A Shield ... and I was like "nope" and closed the tab.
 

Tunesmith

formerly "chigiri"
So, Tinybuild games gets owned by fraud on their private store because they have shitty merchant practices, claims G2A is selling fraudulent keys without direct proof (I.e. Proving that key #9999 is from a transaction that was charged back AND was later sold on G2A)

Then refuses to
1) cancel the fraudulent keys sold that were charged back
2) refuses to provide the fraudulent keys to G2A so that G2A can do an investigation and find the sellers selling fraudulent keys.
3) demands payment... for reasons, again without providing proof.

This is Tinybuilds fault, they 1) set up a storefront that was vulnerable to fraud (probably because they have little experience in this) and 2) won't take the basic steps to invalidate said keys and prove to G2A that their sellers are selling fraudulent keys.

What? Are you an affiliate of G2A or something?

I guarantee it, every single online storefront is hit by attempted credit card fraud from organizations that aim to re-sell their goods on grey market sites like G2A several thousands of times 24/7, 365 days a year (less so during Chinese New Year's week mind you) be it Steam, Origin, Uplay, Amazon, Humble Bundle or tinyBuild - no one is not vulnerable to this. G2A all but openly facilitates credit card fraud, they know exactly how to skirt the edges of what they can get away with without their customer base at large catching on that their real business model is fraud.
 
But isn't there any way to deactivate keys that have been charged back/whose payment bounced because of a stolen credit card? I mean even after they've been redeemed.
That way g2a customers would find their games unusable and would have to ask for refunds (if they've done the shady insurance-stuff).

Yes, there is. I think Valve even has an automated system for this, so there is no reason at all to not deactivate keys. If a G2A buyer gets hit by it, they shouldn't be buying at G2A any more.
 

Momentary

Banned
Evertime I see people on neogaf suggest going to G2A it just pisses me off. It's even worse when they try to defend sites like these.
 
D

Deleted member 325805

Unconfirmed Member
I always use CDKeys as they're a store and not a marketplace, with G2A it's hit or miss.
 
I wonder how long it will be until Valve disallows G2A to sponsor Dota 2 and CS:GO teams attending major events. Starting to feel like a head ache for everyone except G2A and their partners.
 

KingV

Member
What? Are you an affiliate of G2A or something?

I guarantee it, every single online storefront is hit by attempted credit card fraud from organizations that aim to re-sell their goods on grey market sites like G2A several thousands of times 24/7, 365 days a year (less so during Chinese New Year's week mind you) be it Steam, Origin, Uplay, Amazon, Humble Bundle or tinyBuild - no one is not vulnerable to this. G2A all but openly facilitates credit card fraud, they know exactly how to skirt the edges of what they can get away with without their customer base at large catching on that their real business model is fraud.

I do sell spare or duplicatebundle keys on G2A, but only a few per month, so I'm not a super-seller.

There's room to complain about G2A's system, but they do hold seller funds for 2 weeks to protect against fraud. The idea being, Tinybuild invalidates keys that get charged back, then G2A gets complaints from buyers, and then the fraudulent seller never gets paid.

Edit: And yes everyone gets hit by fraud attempts, but if Publishers do nothing about it in terms of making the fraud attempts more difficult AND quickly invalidating stolen keys, then there is no incentive for anything to change.

I'm not sure what else G2A can do to verify sellers, and if publishers and developers won't even supply the stolen keys so G2A can investigate the sale, what do you expect them to do? Shutting down isn't really going to change it.
 
For an indie developer, having someone chase down fraudulent keys is verging on an entire job they can't afford to do. Two weeks may not be enough.
 

_machine

Member
There's room to complain about G2A's system, but they do hold seller funds for 2 weeks to protect against fraud. The idea being, Tinybuild invalidates keys that get charged back, then G2A gets complaints from buyers, and then the fraudulent seller never gets paid.
Key invalidation with Valve/Steam is by no means an easy process and it community-wise extremely risky. It risks an immense backlash (as seen with other games before). There is no "quick" process for eliminating keys on any platform's side, nor support to do so continuously.

It's a really sad state of affairs though; I've met some of the tinyBuilders and they have been really great at re-investing into indie developers and helping others, but despite their success with few titles, it's by no means a stable are of business.
 

10k

Banned
I avoid G2A like the plague. If it's not sold by Steam, Origin, UPlay, Microsoft Store, battle.net, GOG, or GreenManGaming I ain't buying no matter how cheap.
 

ksan

Member
It feels like an inaction of the Tinybuild. There will always be fraudsters in public marketplace and G2A is in no position to police it without the assistance from whoever issues those keys. You also cannot quickly cash-out from G2A.

Yeah, and let's remove aml laws for banks while we are at it!
 

Dipper145

Member
Seems like something that should be handled as soon as a charge back occurs so that an investigation of fraud can be done, not turning a blind eye to and dismissing the issue until you decide to look into it and realize you lost yourself a bunch of money. I guess it's something that the company has learned though and moving forward will hopefully work better at preventing future loss of sales.
 

Tunesmith

formerly "chigiri"
I do sell spare or duplicatebundle keys on G2A, but only a few per month, so I'm not a super-seller.

There's room to complain about G2A's system, but they do hold seller funds for 2 weeks to protect against fraud. The idea being, Tinybuild invalidates keys that get charged back, then G2A gets complaints from buyers, and then the fraudulent seller never gets paid.

Edit: And yes everyone gets hit by fraud attempts, but if Publishers do nothing about it in terms of making the fraud attempts more difficult AND quickly invalidating stolen keys, then there is no incentive for anything to change.

I'm not sure what else G2A can do to verify sellers, and if publishers and developers won't even supply the stolen keys so G2A can investigate the sale, what do you expect them to do? Shutting down isn't really going to change it.

Key invalidation is not an instant process as you seem to suspect. For Chargeback retrieval requests to even reach the original seller of a product to notify of a fraudulent sale can in itself take several weeks, upwards to 6 months, it depends entirely on the processes of the issuing banks and vigilance of the card holders of said payments.

Why would Publishers ever give out proprietary information (like keys) to an unauthorized re-seller like G2A which they know are deliberately defrauding them directly and indirectly by facilitating their customer-based marketplace? Sharing financial impacting information with a completely unrelated third party? What? Yeah that would go down well with your shareholders.
 

Kolx

Member
I can't understand: why can't the company deactivated these keys? This will lead to people losing trust in G2A which will lead to eventually either them fixing their shit or losing everything.

Key invalidation is not an instant process as you seem to suspect. For Chargeback retrieval requests to even reach the original seller of a product to notify of a fraudulent sale can in itself take several weeks, upwards to 6 months, it depends entirely on the processes of the issuing banks and vigilance of the card holders of said payments.

Why would Publishers ever give out proprietary information (like keys) to an unauthorized re-seller like G2A which they know are deliberately defrauding them directly and indirectly by facilitating their customer-based marketplace? Sharing financial impacting information that hit your bottom line with a completely unrelated third party? What? Yeah that would go down well with your shareholders.

Even if it was after weeks, the idea that if you buy from G2A your game will be deactivated within weeks can stop many people buying from them specially for online focused games.
 

AndrewPL

Member
Developers need to cancel any keys that are stolen...that's all there is to this, people will stop using G2A after losing out on money, its not on the developer to take that loss.
 

dramaticslowmo

Neo Member
TinyBuild sent out a follow-up email, now claiming they've been DDOS'd

I apologize for the double e-mail, it seems like our website got DDOS'd shortly after publishing the blog post. While we're dealing with that, I figured it's worth replicating the content of the post in this e-mail.
 
Top Bottom