Follow Slashdot blog updates by subscribing to our blog RSS feed

 



Forgot your password?
typodupeerror
×
Businesses The Almighty Buck Communications Network Networking Security The Internet Games News Entertainment Technology

Indie Dev TinyBuild Lost $450K To Fraudulent Sales Facilitated By G2A (pastemagazine.com) 104

An anonymous reader quotes a report from Paste Magazine: Indie developer TinyBuild, the studio behind Punch Club, Party Hard and SpeedRunners, had thousands of their game codes stolen through fraudulent credit card purchases, which then wound up on G2A.com, a site that allows people to resell game codes. The basic idea behind G2A is straightforward and pretty harmless: with the amount of game codes sold through Steam, the Humble Store/Bundle, and more, the site gives consumers a place to sell unwanted game codes. However, in doing so, G2A has created a huge black market for game codes sales. As TinyBuild described in their blog post on the matter, the common practice for scammers is to "get ahold of a database of stolen credit cards on the dark web. Go to a bundle/3rd party key reseller and buy a ton of game keys. Put them up onto G2A and sell them at half the retail price." This allows scammers to make thousands of dollars while preventing any profit from reaching the game developers because, once the stolen credit cards are processed, the payments will be denied. G2A states that TinyBuild's retail partners are the ones selling the codes on G2A, not scammers, despite the thousands of codes they lost through their online store to fraudulent credit card purchases. In 2011, TinyBuild was in the news for uploading their own game, a platformer called No Time To Explain, to the Pirate Bay.
This discussion has been archived. No new comments can be posted.

Indie Dev TinyBuild Lost $450K To Fraudulent Sales Facilitated By G2A

Comments Filter:
  • by dohzer ( 867770 ) on Tuesday June 21, 2016 @08:27PM (#52363749)

    Wait... stolen or purchased illegally?
    There's a difference, isn't there?

    • Re:Stolen? (Score:5, Informative)

      by Fire_Wraith ( 1460385 ) on Tuesday June 21, 2016 @08:32PM (#52363775)
      Likely this is just another angle in internet crime. Stealing credit card information is easy, monetizing that is harder than you think. You can't just use a US credit card to make a bunch of charges in Russia/China/etc. You'd need a way to turn that into money you can use. One of the ways they've done it in the past is to recruit accomplices in the US, usually through those work at home schemes you see spammed into comments in various places. When the accomplice gets busted, all they're out is a patsy. This sounds like it's easier though - buy game codes with stolen cards, resell the game codes for money that goes straight to you with no direct tie to the stolen card.
    • * Scammers get stolen credit card data.
      * Scammers buy lots of CDkeys from tinybuild.
      * Scammers put keys up on G2A.
      * Legit cardholders chargeback unauthorized purchase
      * tinybuild out money and a cd key.

      • Re:Stolen? (Score:5, Informative)

        by Kjella ( 173770 ) on Tuesday June 21, 2016 @09:12PM (#52363975) Homepage

        * tinybuild out money and a cd key.

        Well apart from fees and administration they're just back to zero. The more interesting part is what follows:

        * tinybuild are too dumb to link chargebacks to game keys
        * tinybuild doesn't deactivate any keys
        * G2A customers happy, G2A happy, tinybuild unhappy

        Instead of:
        * tinybuild links transaction id and game key on sale
        * tinybuild invalidates game keys with chargeback
        * G2A customers go mental
        * tinybuild says too bad, take it up with seller
        * G2A customers chargeback their purchase
        * G2A ends up in trouble

        They're complaining because they're too dumb to solve their own problem, particularly if this happens on a mass scale.

        • Re: Stolen? (Score:2, Informative)

          by Anonymous Coward

          Exactly, this. Tinybuild keys are between the original purchaser and Tinybuild. If the purchase is charged back, Tinybuild should immediately revoke the key that went with that purchase. Nobody should give a crap about the middleman reseller and the secondhand buyers -- this had nothing to do with them.

          • > , Tinybuild should immediately revoke the key that went with that purchase.

            Companies have tried this before and customers went postal. Since they paid money for those keys, how dare they deactivate them.

        • by Anonymous Coward

          tinybuild says too bad, take it up with seller

          And a large percentage of buyers still hold it against tinybuild. Of the people I've seen that had keys invalidated for one reason or another (and know offline, so not just some kid bitching in a forum), the vast majority hold it against the publisher that invalidated the key. This is regardless of who much it is not the publisher's fault, including people who were blatantly cheating on a server that gave them warnings before banning them to even people who used a keygen and didn't actually lose any money

        • tinybuild invalidates game keys with chargeback

          Can Steam even do that? I know that they can revoke games purchased within the Steam ecosystem, but I've never heard anything about revoking a copy that comes via a key.

          Since Valve isn't involved with how that key is sold, I could certainly see them not allowing vendors to revoke games. The last thing Valve wants is customers bitching to them about losing access to a game, and of course Valve can't do a thing since they aren't the original seller and can't refu

          • by eWarz ( 610883 )
            Yes, they can. I've had it happen on about 1% of the purchases that I've bought from G2A (publishers DO report chargebacks, which filter up to valve). G2A refunds the money for sure, but they are left holding the bag. You don't get notification when valve revokes your license, nor will you with other publishers such as blizzard. Took me 2 months to get an issue resolved with blizzard (didn't notice until after the revocation had occurred). While G2A resolved it amicably (after I reported it), I've not
          • They absolutely can. In late 2011, one of the graphics card manufacturers did a promotion where they bundled Steam keys for Dirt 3 (which was a $60 game at the time) with their cards. The exact delivery system involved something like entering a code from a piece of paper inside the card box into a thing on the manufacturer's site, which would then spit out a Steam key.

            Somewhere along the line, someone figured out that you could access a directory on the manufacturer's website that had a single .txt file wit

        • by Wizarth ( 785742 )

          Interestingly, this requires DRM (dialling home to validate keys periodically). So if the company does the "good" thing and releases their game without DRM, they are set up for exactly this kind of rip off.

        • In such a scheme as described there are two ways :
          1) ream the end buyer and get it hostile to BOTH G2A and tinybuild because let us get real end buyer would also be unhappy with the developer
          2) do what they did and eat the loss knowing this would be better PR rather than remove keys.

          Frankly in their position I would do the same, and make sure the PR is out that they did not remove the keys from the end user.... Which is exactly what they did since we are getting them on slashdot and other outfit. Tha
        • by AmiMoJo ( 196126 )

          They aren't dumb, they spun this situation into some great and almost free publicity. As you point out, the "lost" codes actually cost them almost nothing since it's likely just an automated back-end and key generation server. If they revoked all those codes it would create additional cost (admin, the need to create a key revocation system) and misdirected rage towards them.

          This way they get some nearly free publicity for their games, much like they did when they uploaded a previous title to The Pirate Bay.

          • by flink ( 18449 )

            As you point out, the "lost" codes actually cost them almost nothing since it's likely just an automated back-end and key generation server.

            There's some cost because some percentage of the customers that bought keys through G2A would have been willing to pay the higher cost on Steam if there weren't keys being dumped at artificially lower prices financed by credit card fraud. That number is probably not the full $450k, because some number of those customers don't value the game at the full retail price, but it's probably nowhere near $0 either.

        • by Xest ( 935314 )

          It's probably worth noting that G2A shouldn't be treated as some kind of saint, the organisation is in itself as dodgy as they come. They engage in all sorts of illegal practices such as advertising instant delivery on purchase of game keys and then demanding you hand over your phone number, or e-mail them a scan of your passport inevitably resulting in deliver of your key being far from instant.

          Furthermore, in the past they've been outed as one of the biggest abusers of paid reviews to give their company a

        • Except that isn't what happens. Companies have tried this before and all this does is get those customers pissed at the developer, instead of their shady sellers.

        • > They're complaining because they're too dumb to solve their own problem, particularly if this happens on a mass scale.

          You really have no clue what you're talking about do you? Companies have tried this before and people go postal. Instead of going "Well I should stop buying from G2A" they'll go "Well fuck you tinybuild"

  • And I want the pirate bay version now :). While we're on the subject what ever happened with Green Man Gaming and those gog Witcher 3 keys?
  • Game Dev here. (Score:3, Interesting)

    by Anonymous Coward on Tuesday June 21, 2016 @09:01PM (#52363907)

    As a mid-tier indie Game Dev, with two titles on Steam, the key system is something I've never quite understood.

    It is a hold-over from box copy days. The box industry is still around in the third world, but outside of those few select counties why do keys still exist?

    My publisher hands out about five figures worth of keys to about 6 different legit places. After a year, hundreds of "retailers" have my game, all selling them for under Steam price. (Well under discount margin too.)

    Leaving out the credit card scamming. Someone can just purchase keys in Yuan or Bhat's or Rupiahs for 40-50% (Or more if the game is discounted) and resell them for 25% less than the steam price. Luckily they closed off Russian keys from being used by anyone but Russians.

    On top of this, Steam makes no money on keys. Zero. It's just a distro lock for them.

    The key system needs to be done away with. Replace it with an API that legit and official stores can use to grant users copies of games. Extend this API into the client for "gifting." If steam wants, charge a tiny fee for each API transaction from a vendor. More money in their pockets and the system doesn't really change. Allow ownership of multiple copies of a title and allow you to transfer these to other users (But you must always keep 1 copy.) This will allow bundles to still function as they did. If they just did that, it would close up the key black market and make everyone more money. (Except the folks buying on these black markets of course.)

    But knowing Steam. This won't ever happen. Hell I can't even send out an update without having 50-100 people having corrupt files issues which file verification doesn't fix. I hate telling people to uninstall my product (and reinstalling) to fix their problems.

    • Re:Game Dev here. (Score:4, Informative)

      by ensignyu ( 417022 ) on Tuesday June 21, 2016 @09:29PM (#52364053)

      Humble Bundle used to require you to sign into your Steam account and they would add the game directly to your account instead of giving you a key. It was originally keys, then the linking system, and then back to keys.

      I'm guessing that Valve disabled that API because they don't want to make the process of buying games outside of Steam as seamless as their own store.

      • Changes in Steam key redemption

        A little over a year ago, we launched OAuth Steam key redemption, creating one-click Steam key redemption for games purchased through Humble Bundle. However, Steam is removing support for OAuth, so we’ll be returning to the system we used before, which requires you to manually redeem your Steam keys.

        http://blog.humblebundle.com/p... [humblebundle.com]

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      "Someone can just purchase keys in Yuan or Bhat's or Rupiahs for 40-50% (Or more if the game is discounted) and resell them for 25% less than the steam price."

      Oh noes! Someone bought the game for a price you were willing to sell it for, and then sold it on.

      Why is it when companies/corporation take advantage of globalisation it's good. But when consumers take advantage via parallel imports, it's bad?

      Besides, steam has a region system (it's not just Russia) for preventing this if you really wanted to.

    • by kav2k ( 1545689 )

      Luckily they closed off Russian keys from being used by anyone but Russians.

      And that's why, as a Russian, I need keys to exist. After the ruble crash happened, Valve decided to region-lock activation of gifts from Russian accounts. And I have many friends outside the geofence.

      As a result, I have to use sources outside Steam to gift games to those friends (Humble, GMG, direct sales).

    • by AmiMoJo ( 196126 )

      Extend this API into the client for "gifting."

      No thanks. This is why players want codes, they want something physical that they can re-sell, gift and lend without having to rely on the good grace of Valve to allow it. If you want to tie games into a system like that you had better reduce your prices appropriately, because your product is worth much less than a physical copy.

  • G2A states that TinyBuild's retail partners are the ones selling the codes on G2A, not scammers, despite the thousands of codes they lost through their online store to fraudulent credit card purchases.

    Since when did "selling stolen property" become legal???

    • You're right, of course, that there is criminal activity here and that getting law enforcement involved would in theory be a better idea than just complaining on the internet.

      However, for quite some time there's been a level of criminality around the margins of games-reselling - and I'm not talking about piracy here. As others above have pointed out, what is likely going on here with G2A is money-laundering; people are probably making "unprofitable" trades using the service to convert "dirty" (and hard to u

  • by Anonymous Coward

    In other news, the entire entertainment industry has lost more money than the GDP of the nations they sell their products to.

  • Well, I've been a G2A customer for about a year, using it for Windows 8 licenses, antivirus licenses, Steam games, and a few other things.

    Their "how do we do this" stuff always seemed a bit fishy but none of the license keys I bought has ever had any issues. I assumed it was legit or it would have been shutdown by now.

    But now I see how G2A is able to stay hands off far enough to say it's not their fault, the same way pawn shops avoid being responsible for stolen goods that they end up reselling. I mean

  • If the charge is cancelled by the bank, just cancel the validity of the code as well.
    The only problem is that they probably didn't design their code system to allow this, but that's their own fault.
    It's not rocket science.

  • by Anonymous Coward on Wednesday June 22, 2016 @03:44AM (#52365045)

    It should be noted that the dev is assuming that the keys were sold on G2A with no proof. The only claimed proof is purely based on coincidental listing timing, but that could be due to several factors.

    Also G2A offered to work with the dev, if they could provide examples of the allegedly stolen keys, and agree to revoke the keys (Which will drop teh devs sales figure). Instead the dev chose to write a blog post accusing G2A of criminal activity (Facilitating the sale of stolen goods).

    Instead the problem here is that the dev failed to link keys to transactions, such that they could revoke keys that were subject to charge backs. This is the equivalent of accepting a promise to pay for goods, delivering those goods, and then blaming ebay because those goods were sold on to other people after the original seller fails to follow through on teh original payment.

    The only failure here is the devs in providing safeguards against credit card fraud. But they sure do like getting a cheap shot in at 3rd parties that they don't like for other reasons.

  • Sounds like these companies need to implement the game code equivalent of CRLs.

  • TinyBuild lost nothing since nothing was stolen. At least that is what I am repeatedly by people on here when they try to justify not paying people for their work (movies or music).

    So which is it? Either TinyBuild lost money because people are using games they haven't paid for or they haven't lost money because nothing was stolen. You can't have it both ways.

Genius is ten percent inspiration and fifty percent capital gains.

Working...