After years of controversy, gray-market game key marketplace G2A has admitted to what it has long been accused of by angry game developers: profiting from the sale of illegitimate download keys—at least in one specific instance.
In a blog post yesterday, G2A confirmed that 198 copies of Factorio sold on G2A in early 2016 were indeed obtained illegitimately. G2A says it will pay Factorio developer Wube 10 times the “bank-initiated refund costs” it incurred for those fraudulent purchases, or roughly $40,000.
But the discovery and confirmation of the fraudulent keys in this one specific case come only after years of controversy and argument over the role of the marketplace.
A long history of alleged fraud
G2A allows its users to take game keys obtained from outside sources—such as bundles or third-party online stores—and resell them for a price they set themselves. But developers have long said that many of those games’ keys come from purchases made on other platforms with stolen credit cards.
These users then allegedly use G2A to sell those keys for cash (usually at well below the going rate), effectively laundering the purchases before the illicit charges are discovered. While G2A pockets a portion of these illegitimate sales, the original developer is stuck paying for the credit card “chargeback” fees associated with them.
The issue of stolen-key reselling started gaining prominence in the industry in 2016, when indie game developer TinyBuild said it had lost $450,000 in sales to fraudsters abetted by G2A. “Websites like G2A are facilitating a fraud-fueled economy where key resellers are being hit with tons of stolen credit card transactions and these websites are now growing rapidly due to low pricing of game keys,” TinyBuild CEO Alex Nichiporchik wrote at the time.
G2A responded strongly, asking Tiny Build to provide “the list of the keys they deemed without any verification as stolen.” But TinyBuild said it would take “a ton of time on micromanaging this” to separate out all the illicit keys from legitimate keys purchased through bundles and giveaways. And Nichiporchik said he didn’t trust G2A enough to work with them on the case anyway.
“Everybody knows their reputation,” he told Polygon in 2016. “Why would anyone even consider giving them a list of keys to ‘verify’? I believe they’d just resell those keys and make more money off of it.” That reputation was a big part of the reason Gearbox ended its partnership with G2A in 2017.
If you can’t afford or don’t want to buy our games full-price, please pirate them rather than buying them from a key reseller. These sites cost us so much potential dev time in customer service, investigating fake key requests, figuring out credit card chargebacks, and more. https://t.co/25NWxrj8f8
— Rami Ismail (@tha_rami) June 30, 2019
Vlambeer founder Rami Ismail summed up the general industry consensus around G2A in a 2019 tweet: “If you can’t afford or don’t want to buy our games full-price, please pirate them rather than buying them from a key reseller,” he wrote. “These sites cost us so much potential dev time in customer service, investigating fake key requests, figuring out credit card chargebacks, and more.”
Wube “satisfied with the results”
In the years since TinyBuild’s accusation, G2A has offered a few potential solutions for developers to deal with alleged fraud problems. These include G2A Direct—a program that gives developers additional monitoring capabilities and a 10% cut of each sale—and G2A Pay—a retailer-controlled payment processor that offers “chargeback protection.” But these solutions have gotten little traction with developers who still don’t trust the site and are wary to work with it more closely (and offer it credibility) just to be protected from fraud.
So we come to last year, when G2A made a limited time offer that it said was “[putting] all cards on the table. We will pay developers 10 times the money they lost on chargebacks after their illegally obtained keys were sold on G2A. The idea is simple: developers just need to prove such a thing actually happened on their stores.”
Factorio developer Wube was the only company to take G2A up on that offer, the retailer said. And though G2A initially offered to pay the full costs for a “reputable and independent auditing company” to conduct that investigation, it eventually decided to conduct the investigation itself after none of the auditors it approached “would meet our agreed requirements.”
“Major auditors, as a matter of general policy, are unwilling to communicate the findings of their private audits in public,” G2A said in a statement to Kotaku. “Clearly, it was imperative for both G2A and Wube to make the results of this investigation public. Therefore, in the interests of reaching a resolution as quickly as possible, we offered to conduct the investigation ourselves.”
Wube, for its part, told GamesIndustry.biz that it was happy with the process. “They produced quite a detailed report of the keys, who sold them, what dates and times they were sold,” Wube PR, Community and Support Manager Scott Klonan told the site. “I thought they probably wouldn’t fake it, especially since it’s still over half of the keys we sent. We are satisfied with the results.”
That said, Klonan said going through such a cumbersome audit process was only worth it because of the temporary ten-times multiplier G2A offered for such confirmed fraud last year. “The amount of time it takes and administrative dealings to get this refund, it’s probably not worth the monetary compensation if it was not 10x,” he said.
Wube also owned up to its own role in the fraudulent sales to GI.biz, saying that direct sales through its site in 2016 were less secure than those on other platforms. Since Wube switched to using the Humble Store widget for its direct sales and started restricting its once-prolific key giveaways, Klonan said fraudulent sales on G2A “stopped completely.”
“In the end, contacting G2A is treating a symptom of people stealing keys,” he says. “The best way to combat that is to cut it at the source.”