Confused on Steam Play and Proton? Be sure to check out our guide.
We do often include affiliate links to earn us some pennies. See more here.
In another case of scammers trying to buy keys with often stolen credit cards to sell on websites like G2A, the developers of 'Factorio' have written about their experience with it (and other stuff too).

To recap, here's how it all works:
- A purchase is made on a developers website using a stolen credit card, hacked paypal etc.
- The purchaser sells the key on the grey market within a couple of days.
- Some weeks later the owner of the credit card notices, and issues a chargeback to the developer.

This happens to a lot of developers and more and more are speaking out about it. Those effectively stolen keys end up on grey-market stores like G2A.

Samsai and I have both written about this before, but here's a point we never considered: When the chargebacks happen, the developers end up getting an extra charge. As the Factorio developers have explained:
QuoteOn our side, the cost is very large, each chargeback costs roughly $20 in fines, effectively a negative sale, and we were seeing upwards of 10% chargebacks on our website transactions. Also each chargeback notice had to be handled on a case-by-case basis, at one point I was spending 12 or more hours a week dealing with individual purchases.

That's a lot of time and money wasted because of, for lack of a better word right now, assholes.

This is something I've seen people say constantly about it too "just revoke the keys!", they speak about that as well:
QuoteA common saying I hear is that this isn't a problem, because 'The devs just revoke the keys', well that simply isn't true, we don't get notice of a fraudulent payment right away, it can take upwards of 8 weeks for the chargeback to be issued, at which time the key is obviously going to be already sold for profit and forgotten. We still revoke these keys, often to the dismay of the purchaser.

The developers did find a solution, as they have ended up going with the Humble Store widget as it has built-in fraud prevention.

This is why I only ever buy from itch.io, GOG, Steam or Humble Bundle/Store.

By doing so I ensure the developer and the store service get correctly paid. There's probably a few other legitimate stores out there, but I don't bother with any of them. I don't need to, as all of those sites constantly do massive sales I have no need to go elsewhere. Just the other day I picked up another copy of Mad Max for only about £5 from a Humble Store sale!

Just something again to keep in mind before you go buying those $1 keys from random websites.

If you haven't ever played Factorio, I can highly recommend it. I wrote some previous thoughts up on it here.

Thanks for the link fedso! Article taken from GamingOnLinux.com.
8 Likes
About the author -
author picture
I am the owner of GamingOnLinux. After discovering Linux back in the days of Mandrake in 2003, I constantly came back to check on the progress of Linux until Ubuntu appeared on the scene and it helped me to really love it. You can reach me easily by emailing GamingOnLinux directly.
See more from me
The comments on this article are closed.
22 comments
Page: «3/3
  Go to:

pb Jan 19, 2017
@cprn But that's not the whole truth, is it? The real choice is: have a fraud protection on your side at the expense of turtle-slow payment processing and every-too-often declining of legitimate payments (=constant customer frustration) or have real-time payment processing and be sure that all legitimate payments go through at the expense of occasional chargebacks (=happy customers at an extra cost). *That*s why your clients choose to ignore your fraud protection and instead put their own in place (or just go full monty until they're hit hard and realise it's not worth it).

That said, I don't think paypal even offers such a choice, and at the same time their handling of fraud payments is absolute shit. They always put the blame and the cost on the receiver even though it was their security that failed in the first place. I mean come on, is it the retailer that should guess that a paypal account has been hacked? Shouldn't paypal be the ones to detect the breach and block the payment? It makes some sense with physical goods (for example when the payment is from Italy but the shipping address is in Nigeria) but is absolutely not aligned with the digital goods market. The Internet is full of stories of companies hit had by paypal's absurd policies and blatant ignorance.
cprn Jan 19, 2017
Quoting: EikeBut isn't it the case that G2A doesn't have interest in hard fraud prevention?
Because they're not the ones having to pay when fraud happens?

I'm not talking about G2A implementing fraud prevention. That's not where the fraud happens. Developers have to - that's the reality of CC processing.

Quoting: pbThe real choice is: have a fraud protection on your side at the expense of turtle-slow payment processing and every-too-often declining of legitimate payments (=constant customer frustration) or have real-time payment processing and be sure that all legitimate payments go through at the expense of occasional chargebacks (happy customers at an extra cost). *That*s why your clients choose to ignore your fraud protection and instead put their own in place (or just go full monty until they're hit hard and realise it's not worth it).

The problem is they don't implement anything, not that they ignore part of our service. And yeah, it takes time to assess the risks involved in every payment but not nearly as much as you'd think. I can't say anything (literally) about the inner workings of antifraud mechanisms but I can say we don't like frustrated customers either.

Quoting: pbThat said, I don't think paypal even offers such a choice, and at the same time their handling of fraud payments is absolute shit. They always put the blame and the cost on the receiver even though it was their security that failed in the first place. I mean come on, is it the retailer that should guess that a paypal account has been hacked? Shouldn't paypal be the ones to detect the breach and block the payment? It makes some sense with physical goods (for example when the payment is from Italy but the shipping address is in Nigeria) but is absolutely not aligned with the digital goods market. The Internet is full of stories of companies hit had by paypal's absurd policies and blatant ignorance.

I personally never considered PayPal a good service. But it's way deeper than that and not really a place for what I'd like to say about payment instruments in general, including credit cards. I believe, though, better times are coming. Where there's no place for either.


Last edited by cprn on 21 January 2017 at 5:33 pm UTC
While you're here, please consider supporting GamingOnLinux on:

Reward Tiers: Patreon. Plain Donations: PayPal.

This ensures all of our main content remains totally free for everyone! Patreon supporters can also remove all adverts and sponsors! Supporting us helps bring good, fresh content. Without your continued support, we simply could not continue!

You can find even more ways to support us on this dedicated page any time. If you already are, thank you!
The comments on this article are closed.
Buy Games
Buy games with our affiliate / partner links: