In another case of scammers trying to buy keys with often stolen credit cards to sell on websites like G2A, the developers of 'Factorio' have written about their experience with it (and other stuff too).
To recap, here's how it all works:
- A purchase is made on a developers website using a stolen credit card, hacked paypal etc.
- The purchaser sells the key on the grey market within a couple of days.
- Some weeks later the owner of the credit card notices, and issues a chargeback to the developer.
This happens to a lot of developers and more and more are speaking out about it. Those effectively stolen keys end up on grey-market stores like G2A.
Samsai and I have both written about this before, but here's a point we never considered: When the chargebacks happen, the developers end up getting an extra charge. As the Factorio developers have explained:
That's a lot of time and money wasted because of, for lack of a better word right now, assholes.
This is something I've seen people say constantly about it too "just revoke the keys!", they speak about that as well:
The developers did find a solution, as they have ended up going with the Humble Store widget as it has built-in fraud prevention.
This is why I only ever buy from itch.io, GOG, Steam or Humble Bundle/Store.
By doing so I ensure the developer and the store service get correctly paid. There's probably a few other legitimate stores out there, but I don't bother with any of them. I don't need to, as all of those sites constantly do massive sales I have no need to go elsewhere. Just the other day I picked up another copy of Mad Max for only about £5 from a Humble Store sale!
Just something again to keep in mind before you go buying those $1 keys from random websites.
If you haven't ever played Factorio, I can highly recommend it. I wrote some previous thoughts up on it here.
Thanks for the link fedso!
To recap, here's how it all works:
- A purchase is made on a developers website using a stolen credit card, hacked paypal etc.
- The purchaser sells the key on the grey market within a couple of days.
- Some weeks later the owner of the credit card notices, and issues a chargeback to the developer.
This happens to a lot of developers and more and more are speaking out about it. Those effectively stolen keys end up on grey-market stores like G2A.
Samsai and I have both written about this before, but here's a point we never considered: When the chargebacks happen, the developers end up getting an extra charge. As the Factorio developers have explained:
QuoteOn our side, the cost is very large, each chargeback costs roughly $20 in fines, effectively a negative sale, and we were seeing upwards of 10% chargebacks on our website transactions. Also each chargeback notice had to be handled on a case-by-case basis, at one point I was spending 12 or more hours a week dealing with individual purchases.
That's a lot of time and money wasted because of, for lack of a better word right now, assholes.
This is something I've seen people say constantly about it too "just revoke the keys!", they speak about that as well:
QuoteA common saying I hear is that this isn't a problem, because 'The devs just revoke the keys', well that simply isn't true, we don't get notice of a fraudulent payment right away, it can take upwards of 8 weeks for the chargeback to be issued, at which time the key is obviously going to be already sold for profit and forgotten. We still revoke these keys, often to the dismay of the purchaser.
The developers did find a solution, as they have ended up going with the Humble Store widget as it has built-in fraud prevention.
This is why I only ever buy from itch.io, GOG, Steam or Humble Bundle/Store.
By doing so I ensure the developer and the store service get correctly paid. There's probably a few other legitimate stores out there, but I don't bother with any of them. I don't need to, as all of those sites constantly do massive sales I have no need to go elsewhere. Just the other day I picked up another copy of Mad Max for only about £5 from a Humble Store sale!
Just something again to keep in mind before you go buying those $1 keys from random websites.
If you haven't ever played Factorio, I can highly recommend it. I wrote some previous thoughts up on it here.
Thanks for the link fedso!
Some you may have missed, popular articles from the last month:
All posts need to follow our rules. For users logged in: please hit the Report Flag icon on any post that breaks the rules or contains illegal / harmful content. Guest readers can email us for any issues.
Once in a while I also buy from Indie Gala and Bundle Stars. As far as I know, they are legit stores (right?), but I have heard that they don't sell Linux keys, even if they list Linux as a platform. Can anybody shed some light on that?
1 Likes, Who?
Once in a while I also buy from Indie Gala and Bundle Stars. As far as I know, they are legit stores (right?), but I have heard that they don't sell Linux keys, even if they list Linux as a platform. Can anybody shed some light on that?
http://www.epicbundle.com/official-steam-reseller says they are official Steam resellers. Didn't find info from Steam/Valve itself.
But they are selling "Windows keys", which does not mean you can't play under Linux, but does mean that whoever is getting or counting money won't see that you're a Linux customer. This has been explicitly said by Feral:
https://www.gamingonlinux.com/forum/topic/2314?page=1
5 Likes, Who?
Looks like G2A has the keys for about $18. That is only $2 less than the normal price of the game. Not worth the hassle and risk. Both to the buyer and for the game company.
0 Likes
Well, damn. I just assumed that if it says Linux on the package, it's a Linux key. Do we have a whitelist of shops that actually do sell proper Linux keys?
0 Likes
You don't need a whitelist. Just stick to Steam, GOG and Humble or buy direct from dev.
1 Likes, Who?
You don't need a whitelist. Just stick to Steam, GOG and Humble or buy direct from dev.
Thanks for the whitelist ;)
4 Likes, Who?
You don't need a whitelist. Just stick to Steam, GOG and Humble or buy direct from dev.
... like Feral and Aspyr. If you want a game ported by them, optimally buy it from their respective store.
Last edited by Eike on 18 Jan 2017 at 5:42 pm UTC
0 Likes
Aspyr doesn't have a store anymore, right?You don't need a whitelist. Just stick to Steam, GOG and Humble or buy direct from dev.
... like Feral and Aspyr.
0 Likes
Aspyr doesn't have a store anymore, right?
Isn't that MacGameStore and WinGameStore?
0 Likes
No, it was GameAgent.Aspyr doesn't have a store anymore, right?
Isn't that MacGameStore and WinGameStore?
0 Likes
Problem is there are -tons- of YouTube and Twitch streamers who have affiliate links with G2A. People trying to find another small income but not really thinking if the company they deal with is doing the right thing.
0 Likes
... like Feral and Aspyr.Aspyr doesn't have a store anymore, right?
I though the same, but when I looked it up, it seems they had a store on another website, closed this one - but still have their store on their own website.
0 Likes
All the "BUY IT NOW" links seem to point to the Steam store though?... like Feral and Aspyr.Aspyr doesn't have a store anymore, right?
I though the same, but when I looked it up, it seems they had a store on another website, closed this one - but still have their store on their own website.
0 Likes
All the "BUY IT NOW" links seem to point to the Steam store though?... like Feral and Aspyr.Aspyr doesn't have a store anymore, right?
I though the same, but when I looked it up, it seems they had a store on another website, closed this one - but still have their store on their own website.
Hm.
https://blog.aspyr.com/2016/11/15/game-agent-sunsetting/ says "All Aspyr games are available directly at Aspyr.com." But there, the links go to Steam. The Mac App Store link at least looks like it could have some affiliate benefit.
0 Likes
developers keep trying to sell keys by themselves but they really don't know anything about online retail
all I see is a terrible retail system
turns out online retail is an actual job, and if you try to set an online store up without knowing anything about circumventing fraud, you get scammed, I'm stunned!
you'll notice steam, gog, humble don't get hit by chargebacks, that's because they know their stuff
please game developers, if you insist on selling keys yourselves, have a pro build the payment system, if he doesn't know about 3-D Secure at least, get another one
In many cases these people use a automated bot to deal with automatically purchasing the game and trying all of details in their credit card database, and then posting these keys to these 3rd party websites.If you can't detect purchase bruteforcing, you deserve chargebacks (that's literally the reason they're there)
each chargeback notice had to be handled on a case-by-case basis, at one point I was spending 12 or more hours a week dealing with individual purchases.
all I see is a terrible retail system
After some research, we switched from processing payments through braintree and paypal, and instead implemented the incredible Humble widget[www.humblebundle.com]. Specifically Humble widget has a built in fraud prevention, which completely stopped all the chargebacks we were seeing.
turns out online retail is an actual job, and if you try to set an online store up without knowing anything about circumventing fraud, you get scammed, I'm stunned!
you'll notice steam, gog, humble don't get hit by chargebacks, that's because they know their stuff
please game developers, if you insist on selling keys yourselves, have a pro build the payment system, if he doesn't know about 3-D Secure at least, get another one
0 Likes
Were they selling STEAM keys at their website? Because in the humble widget I don't see a steam key, only a drm-free download (or so I presume).
0 Likes
This game ROCKS! The alien part almost made me not try it, but it's really only there to give you something to build towards. Seriously if you like strategy and/or building games its worth every single penny per hour of enjoyment, and it never goes on sale so just buy it when you want to play something new.
0 Likes
All of it isn't as simple as described. I work for an Internet Payment Service Provider in Poland. Users (sellers, people receiving payments in general, i.e. acceptants) have a choice when they subscribe to a service (in our case, they sign an agreement, in some cases registering an account is sufficient). They can either pay extra (higher commission) for fraud prevention or not. If they don't, they have to deal with chargebacks. If they do, great deal of fraudulent operations is rejected before the card is charged and those that went through are charged back (when we get a proper complaint from a cardholder or card issuer, of course), however, there's no fine and the user gets a refund on commission. The problem is, some tiny (seriously, insignificant) percentage of legitimate payments gets rejected in the process... So what does most of acceptants do? They subscribe with the lowest commission possible, i.e. take responsibility for all fraudulent transactions (but 3ds), and they don't subscribe to any other fraud protection service (there are 3rd party risk estimation providers out there, just google maxmind). What happens at G2A is sad. But seriously, people should know all the facts before they form opinions.
Last edited by cprn on 19 Jan 2017 at 1:36 pm UTC
Last edited by cprn on 19 Jan 2017 at 1:36 pm UTC
2 Likes, Who?
All of it isn't as simple as described. I work for an Internet Payment Service Provider in Poland. Users (sellers, people receiving payments in general, i.e. acceptants) have a choice when they subscribe to a service (in our case, they sign an agreement, in some cases registering an account is sufficient). They can either pay extra (higher commission) for fraud prevention or not. If they don't, they have to deal with chargebacks. If they do, great deal of fraudulent operations is rejected before the card is charged and those that went through are charged back (when we get a proper complaint from a cardholder or card issuer, of course), however, there's no fine and the user gets a refund on commission. The problem is, some tiny percentage of legitimate payments gets rejected in the process and users are greedy... they don't like to hear they'll get less payments and they don't understand it isn't something bad. So what they do? They decide to subscribe with the lowest possible commission taking responsibility for all the frauds (but 3ds) and at the same time they don't get any other fraud protection service (there are 3rd party risk estimation providers, just google "maxmind"). What happens at G2A is a sad thing. But seriously, people should know all the facts before they are fed with opinions.
Thanks for your insights!
But isn't it the case that G2A doesn't have interest in hard fraud prevention?
Because they're not the ones having to pay when fraud happens?
0 Likes
See more from me