Throughout the past few years, criticism has risen regarding the method of how game key storefront G2A obtains its competitively-priced codes. In an attempt to quell rumors of G2A being behind illegal chargebacks, the reseller made a promise: they would pay out ten times the amount of money that a developer had lost due to illegally stolen game keys. The only caveat was that the developer would need to, through impartial investigation, prove that G2A sold stolen game codes, and that they had also been gotten as a result of fraudulent activity through the game owner's storefront.

In July of 2019, one game studio actually took G2A up on their promised offer: Wube Software, the team behind the indie game Factorio. The studio claimed that 321 keys had been stolen from them, and thus illegally sold through G2A's marketplace. G2A then went through a process of looking for an auditor who could investigate further, but was unable to find one that would agree to both their and Wube's terms of being able to publicly disclose the results of the audit. That led to G2A starting its own internal investigation, in which it discovered that they had indeed been unaware but responsible for the sale of 198 out of the 321 stolen keys from Wube. The keys were sold by third-party sellers throughout the year of 2016.

And, just as promised, G2A paid out exactly ten times the amount that Wube Software had lost for those 198 keys--a grand total of $39,600. G2A has also reiterated that they want to be clear that they understand that fraud can hurt independent studios, and that it hurts G2A as well, as they weren't directly responsible for the theft. They also stress the fact that if other game companies can prove that G2A has sold illegally obtained keys, they are free to contact G2A in order to look into compensation.

Prague-based Wube Software became the only developer to take G2A up on this limited-time offer to the gaming developer community in July 2019, after discovering that illegitimate keys to its construction and management simulation game Factorio had been sold online.

Wube reported to G2A a list of 321 keys that it believed had been sold online illegitimately. After assessing a number of independent auditing companies and finding none that would meet our agreed requirements, Wube and G2A decided that G2A should proceed with an internal investigation. This investigation confirmed that 198 of Wube’s keys had been sold via its Marketplace between March 2016 – June 2016. It is assumed by both parties that the remaining 123 illegitimate keys were sold via other online marketplaces or other online stores.

Per the terms of the pledge made in the blog post here, G2A has agreed to compensate Wube ten times the value of any bank-initiated refund costs that Factorio paid in relation to each of the 198 illegitimate keys sold via its Marketplace.

When we launched this offer, we wanted to send a clear message to the gaming community that fraud hurts all parties. As we spell out in this blog, fraud directly hurts individuals who buy illegitimate keys, it hurts gaming developers and it ultimately hurts G2A because we are forced – as the transaction facilitator – to cover costs related to the sale. We wanted to amplify that message and capture people’s attention, so pledged to compensate developers ten times the value of any chargeback fees they incurred, despite the fact that we had nothing to with the illegal acquisition of these keys.

The gaming developer community has our solidarity and sympathies on this issue, and we want to continue building bridges. With our main point being made, about the seriousness of fraud in the industry, from now on we will compensate developers the full value of any chargeback fees they incurred for any keys sold via G2A Marketplace, if they are able to prove they were illegitimate.

Source

 

[campbell0505]

Interesting that they actually paid out. Knowing it's G2A I can only be surprised they compensated developers, doesn't mean I'll buy from them anytime soon.

 

[TunaKetchup]

Good guy G2A

 

[Deleted User]

aaaaaand that's why i use instant gaming

 

[FAST6191]

Curious why the auditors would not care to share results with the public.

They might charge a bit more for custom work and there are a few scenarios where something may fall under trade secrets (not sure how that applies to auditing) but generally for most professional services I engage with you pay me for my report and I don't care if you share it via a megaphone and interpretive dance in the middle of all the big cities in a nationwide tour.

Counter audit and disclosure of methods maybe? Plain old institutional secrecy tradition without anybody stopping to consider the reason why (I am sure we have all dealt with "it is just done that way" type people, methods and policies)?

 

[Mikemk]

I'm guessing it wasn't the auditor themselves that had issues with disclosure, it was each company disagreeing about what needed to be disclosed

 

[The Catboy]

My main concern is that they don’t seem to have any real plans on stopping fraudulent keys from being sold on their site. If anything, this just seems like a slimy way to prevent their site from actually going to court and being held accountable for their negligence.

 

[the_randomizer]

Someone tried to scam me when they held my Steam account was hijacked with this site, heh

 

[FAST6191]

My main concern is that they don’t seem to have any real plans on stopping fraudulent keys from being sold on their site. If anything, this just seems like a slimy way to prevent their site from actually going to court and being held accountable for their negligence.

Assuming fraud in this case means devs being bothered (and not sellers typing in random numbers and calling it a key or reselling the same key multiple times, which if I take their own numbers is absolutely fractional of an already small number of trouble transactions) then the article linked details a bunch of measures they took.

Service appears to be a standard information escrow type deal (seller inputs the key which is kept secret until time of sale completion, don't know if they have verification for all or some of them on their host services).
If devs detect a leak of their keys on their end they can request a both check for keys on the site and blacklist keys from the leak, or those given to people pretending to be press or the like. Devs/pubs doing it themselves even if they sign up to their service, which is apparently free and presumably no harder than having to remember to make a post on various social meeja sites that your game is out.

That seems like a pretty decent option to have/measure to take. I am not sure I can think of more that would not make the service that much of a burden to use for sellers or buyers (cooldown for seller withdrawal, collateral preauthorisation of funds from something else by all parties) outside of having devs having an automated feature to blacklist keys at time of creation (a pretty minor thing).

 

[Bedel]

Not gonna make me use it even if they pay everything they should. Still using instant gaming and cdkeys.

 

[diggeloid]

My guess is that other devs aren't taking them up on their offer because they're worried customers will perceive it as an endorsement of some kind or add legitimacy to this criminal organization. Also, their decision to perform the audit themselves is shady as hell. I wouldn't be surprised if that $40k figure was far below what an external auditor would have found.

Fuck G2A.

 

[Apex]

I'm kind of surprised they paid.

There are two types of people who use G2A:
1. People who don't know it's a gray market site that can have keys obtained through fraudulent activity like stolen credit cards.
2. People who know, and just don't care.

It's not going to win any points with group 2, and it might inform people in group 1 that their site has sketchy activity.

 

[FAST6191]

1. People who don't know it's a gray market site that can have keys obtained through fraudulent activity like stolen credit cards.

Is it common enough to worry about? Their provided numbers (could be false or stats tweaked, however I can go good faith for this one) make it seem like a vanishingly small occurrence and mathematically hard to do even if you are determined.
Any site that has any kind of volume will probably find someone troubled by something somewhere, scams on them or otherwise, and most of those are probably still better than the companies we pay for the phone lines and internet access.
Do these guys, either by means of being complicit with an act or omitting security enough that they might be if not legally liable then ethically, fall beyond the pale?

 

[TehCupcakes]

My main concern is that they don’t seem to have any real plans on stopping fraudulent keys from being sold on their site. If anything, this just seems like a slimy way to prevent their site from actually going to court and being held accountable for their negligence.

That's exactly it; G2A banks on the fact that most cases of fraud won't be reported.

I have bought a few keys through G2A that ended up being revoked a few days after I redeemed them (on Origin). I looked into file a case for their money-back guarantee, and they require that you first submit a police report for the fraud. It was only a few dollars so I didn't bother... But I didn't feel like a police report would have gotten anywhere. G2A makes it easier for sellers to be basically anonymous with no name or address, so my report would have looked like "Some guy online sold me a fraudulent key for digital content. I don't know who or where or how. Nag G2A for records kthx." How much can local law enforcement really do about petty online fraud?

 

[JFizDaWiz]

[redacted]

 

[Hells Malice]

It's a PR stunt, they know most developers won't have the time or resources to actually hunt down stolen keys. The money they make selling stolen goods far surpasses any possible payouts they need to make and you'd have to be an idiot to think this is them trying to make amends.

G2A is still completely scummy and banks on the fact that you pay them to ensure you don't get scammed by their own sellers. That alone should say all you need to know about how garbage G2A is.

If you ever consider using G2A, just pirate the game. It's literally more moral than buying a stolen key. You're paying some asshole to scam the people who created the game and pocket their hard earned money. That's fucked up.

 

[Jayro]

My only beef with G2A is how they try to sneak their shield protection into your cart TWICE at check-out. They're some sneaky fucks, honestly. I refuse to do business there ever again, and I'm pretty sure they sold my information too. Right after I bought a game key, I started getting spam calls for a while. Same goes for GameStop. Tons of spam calls the next morning after a transaction with them.

 

[slimbizzy]

I've never heard of G2A.

 

[Mythical]

I use G2A, and I'm glad to see them keeping their promises. Makes me feel even stronger about reccomending it to people especially those people who make a big deal out of resellers being asshats. Any reseller can use a stolen credit card. It happens on Amazon, Ebay, etc.... too but noone talks about it

 

[64bitmodels]

I've never heard of G2A.

You're so lucky tbh
Knowing that G2A exists is a horrible thing to know and you'll be depressed the rest of your life