A Damaging Grey Market
If you've been paying attention to the gaming world, specifically the industry news, you'll no doubt have heard about the rumblings developer and publisher tinyBuild has been making in regards to G2A. Essentially, G2A is a third-party site where anyone can come and sell their unwanted, or extra copies of, game keys, whether it's leftover from some bundle you bought or what have you. On the surface, sounds like a good idea to let us all make a couple bucks back on codes we would otherwise do nothing with. However, what G2A is often used for, very often in fact, is selling illegally obtained keys. Not only illegally obtained, but the way in which they obtain them directly hurts developers/publishers. tinyBuild's issues with G2A are only the most recent in a long line, but they do serve as a great background for a discussion into why G2A is a terrible thing for the gaming industry and consumers.
For further information on G2A, their shady services and shady dealings, check out our article here about their clash with Gearbox.
Here's what tinyBuild alleges about G2A. They say they spoke with a successful merchant on G2A, who makes about $3-4 thousand a month. He said his core business model was thus:
- Get ahold of a database of stolen credit cards on the darkweb
- Go to a bundle/3rd party key reseller and buy a ton of game keys
- Put them up onto G2A and sell them at half the retail price
The result is that nearly all of those fraudulent charges will then end in a chargeback, which forces a retailer to return the money used to buy the keys. Obviously, retailers don't get their product, the keys, back, so any one merchant could potentially cost them thousands of dollars. tinyBuild itself saw this in action when they had their own store for a short while. Thousands of transactions were hit with chargebacks at once, leading to the store's quick closing.
tinyBuild reached out to G2A to figure out if they could get some compensation for the keys, as well as trying to figure out exactly where the keys came from. Here's the full reply from G2A:
So the issue you have pointed to is related to keys you have already sold. They are your partners that have sold the keys on G2A, which they purchased directly from you. If anything this should give you an idea on the reach that G2A has, instead of your partners selling here you could do that directly.
I can tell you that no compensation will be given. If you suspect that these codes where all chargebacks aka fraud/stolen credit card purchases I would be happy to look into that however I will say this requires TinyBuild to want to work with G2A. Both in that you need to revoke the keys you will be claiming as stolen from the players who now own them and supply myself with the codes you suspect being a part of this. We will check to see if that is the case but I doubt that codes with such large numbers would be that way.
Honestly I think you will be surprised in that it is not fraud, but your resale partners doing what they do best, selling keys. They just happen to be selling them on G2A. It is also worth pointing out that we do not take a share of these prices, our part comes from the kickback our payment providers.
tinyBuild added the bold for emphasis, and they allege that, by their interpretation of the reply, G2A is claiming that tinyBuild's distribution partners are scamming them by simply selling the keys on G2A. Further, they took this reply to mean that G2A is not willing to help tinyBuild out, unless tinyBuild is willing to work with them. In Update 2 of this post, tinyBuild says they have reached out to their partners and all of them said they do not resell their keys. Trion Worlds CEO, Scott Hartsman, said the same thing: "In our experience, the number of times that 'other partners' have bought keys and resold them on grey market sites, as G2A uses in their reasoning to TinyBuild, is exactly zero."
After tinyBuild put all of the above out for the world to read, G2A sent out a press release regarding the issue. Basically, the press release states that throughout the process G2A has cooperated fully with tinyBuild by answering all of their questions, giving all of the requested data, etc., and that tinyBuild has been the uncooperative one. G2A asked for a list of codes tinyBuild believed stolen so that they could then check them against what was sold on G2A to find out if fraudulently obtained keys were indeed sold on G2A. tinyBuild never came to them with that list, and then the release ends with G2A "calling" for tinyBuild to provide said list within three days ... with no explanation of what that means.
G2A expanded further when talking to gameinformer, where they revealed that, before tinyBuild had reached out, G2A removed more than 200 auctions from more than 50 sellers, due to violating G2A's terms and conditions. G2A doesn't collect identifying information, so their only hope in talking to them is that the sellers reply to their inquiries. Sellers can just create a new account and start again if they wish—G2A has no mechanism in place to prevent that.
tinyBuild says they never received said information about removing those auctions before and ask that since G2A gave no clear explanation as to why those 200+ auctions were removed, why do they need a list of suspicious keys? What made them come to the conclusion of removing those auctions, if not a list? tinyBuild is reluctant to give a list to G2A due to their shady reputation, on top of the aggressive press release and ultimatum G2A gave them.
Most curious of all is that the same day G2A sent out the press release, they gave a statement to a Russian gaming site, Kanobu, which had an added bit of info (translation used from tinyBuild's site, Update 3):
Not only that, but we also invite all developers and publishers experiencing problems with chargebacks to use our G2A.Pay payment solution for their stores. It’s free and we guarantee 100% security of payments and cover all expenses associated with chargebacks, preventing any losses from our partners’ side.
G2A.Pay is a payment service for retailers that allows customers to pay in various ways—like credit cards, PayPal, etc. Their service has already got all the deals in places from places like Visa, all you do as a retailer is pay to have the service on your site for customers to use. G2A takes a percentage of your sales in payment for using the service. Many, including tinyBuild, see this as an exploitation of a problem G2A has done nothing to prevent.
In summary, tinyBuild doesn't feel like cooperating with G2A for a few reasons. G2A has been very aggressive in trying to discredit tinyBuild's claims, haven't told them the whole story (e.g. the 200 auctions being suspended), tinyBuild feels as though the three day ultimatum is an attempt at blackmail, and G2A has a seedy history. So G2A has been incredibly difficult to work with, making tinyBuild feel less than inclined to work with them (give them a list of suspicious keys). To top it all off, that quote from Kanobu seems to suggest that G2A's only real offer of help is to offer a service, G2A.Pay, which would make G2A some cash, to deal with a problem they've helped create and done nothing to prevent.
It gets worse when you start to think that G2A.Pay is something that, without a doubt, recognizes a problem G2A has with fraudulently obtained keys being sold on their platform. Compound this with the existence of G2A Shield. Essentially, G2A Shield is insurance that if you buy a key from G2A and it doesn't work, they'll refund you the price or get you a working key. If you don't have G2A Shield and buy something from G2A to find the code doesn't work, there's not much you can do—you're stuck with a bad code. Oh, and G2A Shield costs you a monthly subscription fee. Shield is a little more absurd than just that, check out this article for more.
So, just from understanding tinyBuild's situation, as well as a few of the services G2A offers in addition to offering keys, you can see why so many people have issues with G2A. However, this is far from the only instance where retailers and game companies have run into issues with G2A, sites like it, or the issues they bring (like the fraudulent purchases forcing chargebacks).
Ubisoft had an issue with Far Cry 4 and Assassin's Creed Unity keys on G2A, which they then deactivated the keys for, causing a flood of players to ask what happened.
Devolver Digital brought a lot of attention to G2A back in 2014, advising everyone on Twitter that keys purchased through G2A were not legitimate, leading to them deactivating keys as well.
The Elder Scrolls Online deactivated a bunch of keys because they found them to be fraudulently obtained.
Natural Selection 2 deactivated over a thousand keys, while losing around $30,000 due to chargebacks.
7 Entertainment, owner of sites like Kinguin (a G2A competitor), purchased thousands of Humble Bundles and then resold them on their site later for a low price. 7 Entertainment has since changed their policy to specifically prohibit Humble Bundle codes to be sold on Kinguin. That article goes into several developers running into problems with G2A and other sites as well.
IndieGameStand, an online indie game retailer, has lost thousands of dollars to G2A and sites like it, in exactly the same way as tinyBuild with chargebacks.
Due to the widespread issue of fraud, Trion Worlds has invested a lot of time, money, and effort into developing a fraud protection system for themselves to prevent loss.
The Worlds of Magic developer, Wastelands Interactive, ran into an issue where people posed as YouTubers in emails to request keys for preview. They found that roughly 70% of the keys they sent went to the so-called YouTubers and resold later on services like G2A.
Riot Games, developer of League of Legends, had a run in with G2A where they found G2A selling LoL accounts and boosting services, something that is very much against LoL terms of service. Riot says they spent weeks trying to figure something out with G2A but could not find a resolution, which ended in Riot banning G2A from sponsoring any LoL pro team. G2A responded with a press release (which is a similar reaction to tinyBuild in both tone and content), accusing Riot of attacking all of eSports in an attempt to control it. They also accuse Riot of being very difficult to work with and demanding, just like tinyBuild.
So those are just some of the ways in which different companies have had dealings with G2A in the past. That's not everything out there on G2A, however, as several investigations into how it works, and the possibility of stolen keys, have been done. Polygon has an excellent piece from two years ago about sellers on grey market sites, where the keys come from, how some developers feel about it, and more. It also goes into the differences between G2A and other sites. In short, G2A was more difficult to use and offered fewer protections. Destructoid has a great investigative piece into how G2A is involved in the selling of stolen PlayStation Network accounts.
Why You Should Care
Took a bit to get here, but this is the real purpose of this article. I have seen a surprising many people say "why do I care, it's just some big company losing money"; "it's not illegal for me, so I'll continue to buy from there"; "it's not G2A's fault that people use the service illegally, I know a guy who bought a fake Pokemon cartridge on Amazon!" I have read, or heard in-person, all of those things and more. However, the first thing to address is what people fire back with the most, particularly in the case of tinyBuild, "Why not work with G2A by giving them a list of keys?"
Aside from the reasons tinyBuild gave earlier in the article (basically that they don't trust G2A), they say in Update 1 of their blogpost that it is just an insane amount of work to track all of the keys. Large companies, like Ubisoft or Bethesda, who have deactivated fraudulently obtained keys, have the resources to do just that. Smaller companies don't. tinyBuild expands by stating that, even if they started to do all of this, it wouldn't solve the widespread issue of fraud. Greater than that, they'd have to deal with the outcry of those who believed they obtained legitimate keys, as well as deal with the issue of false positives in accidentally deactivating legitimate keys.
The only real recourse is to then develop something like what Trion Worlds has in a fraud protection system, or develop some sort of system to track codes. My first reaction to that is why is the responsibility left up to the developers in this case, regardless if you think they should have these systems in place already? If G2A has knowledge, which we know they do through the existence of G2A.Pay and G2A Shield, shouldn't they be doing something to reduce the problem?
I would hope the answer is obviously yes, but we know that is something that G2A is not doing. Instead of putting in something as simple as requiring sellers to offer some sort of identification, or some sort of verification, G2A is offering predatory services in things like G2A Shield to ensure they profit even more from the fraudulent activities. Instead of acknowledging that there is an issue, which they obviously aren't, G2A offers G2A.Pay as a solution.
Without developers seeing the database for themselves to cross check it, why should they trust G2A? A company accused of allowing fraudulent activity to run rampant surely will give a thoroughly honest investigation into whether or not their own company was involved in the widespread selling of fraudulently obtained keys. Surely.
More than that, G2A doesn't offer real solutions to any problem, so why should a developer feel like they would if given a list of keys? Instead of actively looking to reduce the number of stolen keys sold on G2A, G2A offers band-aids—band-aids they just so happen to be selling as well. Where is the good faith in that to expect a real, tangible change and outcome to the issue?
If developers have to keep coming back to G2A with lists of suspicious keys, wait for them to check them, then go "yep, those were stolen," how does that help the developer exactly? Because of the anonymous nature of merchants, there's no real way for G2A to find out who they are or hold them accountable. So, really all G2A offers is the ability to confirm if the keys were stolen or not. The retailer (which may be the developer itself too) is still out the money lost in the chargeback. So what's the incentive to work with G2A?
Then there's those that say, "why should I care about some big company losing money?" So what if developers and publishers lose money, and retailers. They are all just big corporations with loads of cash that constantly screw the consumer over, so why should I care if I can stick it to them by getting my keys for cheap?
The first reason is that those affected most by the chargebacks are the smaller companies. Looking at tinyBuild, they literally had their own shop shutdown, near immediately, because of a bunch of keys being fraudulently purchased and chargebacks issued. IndieGameStand, as mentioned before, lost thousands of dollars due to grey market sites like G2A. It affects more than that as well:
This has been a huge problem at IndieGameStand this past year. I’ve personally wasted around 6-9 months of development time on security detection rather than building cool new things for our site. I’m sure it’s affected other game marketplaces too since I know larger sites like Humble Bundle build in a refund/chargeback percentage to all their sales payouts and my guess is that this type of scamming has contributed to the closing of smaller sites like ShinyLoot and maybe even Desura.
Other retailers have to inflate their price to cover the expected loss due to chargebacks and refunds, and, at least in IndieGameStand's case, those attempting to lessen the effects waste time that could be used elsewhere. In other words, the chargebacks directly affect the quality of service other platforms could be offering you, the consumer.
However, in the most simple of terms, if you want more, better games to be created, you have to support the developers making those games. Purchasing their game through sites like G2A is the exact opposite of that. If developers don't make money, they can't continue to make games. That's pretty much all this boils down to. If their ability to make a living is threatened, they have to do something else.
If you look at what happens when you purchase from something like G2A, you see why so many developers are against it. For one, sites like G2A undercut the price of developers' games that can be purchased from verified sellers, ones where they know the keys are legit. If the key you purchase from G2A turns out to be one purchased fraudulently, that will likely result in a chargeback, which refunds the victim of fraud, as well as charges the retailer a fee. So, in this case, it actually costs the retailer money. A more speculative reason is that there will be fewer retailers inclined to sell digital versions of games if they see the chargebacks as big enough issue, or it could end up completely destroying some. That means fewer options and competition.
Beyond even just that, if the developer chooses to not deactivate keys, or does not have the means to do it, they can lose money on both the chargeback as well as the services they provide to you as an owner of a game if you end up purchasing a stolen key. More users with what seem to be legit keys can be strains on things like servers, customer support, and more.
Looking away from the developers or the retailers for a second, G2A isn't all that great of a choice for the consumer either. Basically, all it has going for it is that you can purchase keys cheaper than anywhere else. That's pretty much it.
The most obvious reason G2A is worse for you as a consumer is that it is a risk. You could very well purchase a key from G2A and not have it work, which then leaves you without the cash and no key. Maybe you do get a legitimate key.
The service is much worse than approved retailers most of the time too. You have to do some research to find which merchants on G2A are trustworthy (meaning they give out working keys more often than not). You have to deal with the hassle of trying to get a refund, or an actual working key, if you get one that doesn't work. You're not guaranteed to get either. You could pay for something like G2A Shield (a service I will continue to argue is wholly predatory), but why should you need to spend time reading about and considering paying for something that is wholly unnecessary at any other retailer—the protection Shield offers is just standard, free practice at most retailers. When you tack that on, as well as spending all that time looking at different merchants, how much money are you really saving? What about the quality of G2A's customer service?
Why create the hassle when purchasing something from G2A has the potential to cost just as much as it would from another retailer? I say that as you may be forced to buy a game twice if the first key doesn't work, on top of all the hassle of waiting nine days (only five with Shield!) for a refund, if you're getting one. However, if all that matters is you saving cash, there's not much here to convince you.
Piracy > G2A
There is a reason that some developers are coming out right now, like those from Action Henk, saying that they would much prefer it if people would just pirate their games than purchase them from something like G2A. A developer, Lars Doucet, behind Defender's Quest: Valley of the Forgotten, has argued that piracy is better than buying from sites like G2A and explained why.
Essentially, Lars lays out his "four currencies" theory. The four currencies are money, time, pain-in-the-butt dollars, and integrity. Every way in which you purchase a game finds you end up paying in some way into those four currencies. For example, here's what buying a game legitimately looks like to Lars:
You do pay in some money, and of course it takes at least some time and could be a pain-in-the-butt (varying depending on where you legitimately purchase the game). In his eyes, you don't sacrifice any integrity (pay into it) because there's nothing wrong with buying the game. So that's the basic rundown of the theory. Here's what using something like G2A versus piracy looks like in his theory:
Here you see that it is obviously your integrity that Lars sees taking a huge hit. It is in the integrity where G2A hurts developers and they lose money in things like chargebacks. With piracy, developers don't actually lose anything. It costs them nothing for you to pirate their game, and it may very well turn into a potential sale or advertisement if a pirate talks about their game to a friend. In that sense, Lars argues that piracy is not theft, as nothing is really stolen from developers. G2A is theft, as developers do lose money.
In the case of G2A, to illustrate this further, I'd say that this four currencies theory needs a fifth to illustrate the cost to developers. Beyond the obvious cost of developing the game, developers will also have to put in time to create the keys, the activation, as well as work out the various deals with a multitude of retailers to sell their game. There's going to be some cost to the developer if you choose to purchase a game legitimately. Piracy, on the other hand, doesn't really cost a developer anything (past the cost of developing the game) as it is the pirates who upload the game online for others, but they also don't receive any compensation from the pirates for playing their game. G2A, however, has all of the costs that buying a key legitimately has, with the addition of chargebacks, as well as the costs of potentially offering support to a bunch of people who received keys purchased with stolen credit cards, as discussed earlier.
So, when you understand that, it's not hard to imagine why developers would argue that they would rather people pirate their games than purchase them on G2A or something like it. If people really want a cheap game, pirates offer it at their cheapest, and pirating games does significantly less damage to developers.
G2A is Everywhere
The final reason you ought to care is that there is an incredible lack of awareness of what G2A actually is and the harm it causes. All most people know and hear about when it comes to G2A and sites like it is that they offer games at cheap prices. For the vast majority of people, that's all they need to hear and will be off to check it out. Many don't stop to think that if it sounds too good to be true, it probably is.
If you take a look at the above image, you'll understand just how widespread G2A has become. They have partnered with over 300 YouTubers, with total subscribers of over 160 million, to advertise their service to. All told, as the image above shows (which they use to pitch to people to partner with them), they have potentially over 270 million people they reach. That is not an insignificant number by any stretch. This isn't even counting all the sponsorships and advertising they do, like what they used to do with League of Legends until Riot banned them.
Just a heads up, I will not be continuing my relationship with G2A.— Goldy (@GoldGloveTV) June 28, 2016
Even those that they partner with often don't have any clue about the truth behind G2A. They likely only know that G2A is a retailer, and that there is a potential to make a good chunk of money if you partner with them. TotalBiscuit has a good, well, rant about it here. Some are just now understanding and are beginning to terminate agreements with G2A.
Awareness is key to putting the issues of G2A to rest, and it is impossible to do so until people understand the problems G2A causes. They don't know or understand unless issues like tinyBuild are given attention.
A Step Forward?
While reading, writing, and researching, G2A announced their "Game Developer Support System." You can read all of what is offered for yourself, but here are the most important highlights:
- "Royalties on Third-party Auctions: Developers may apply a royalty of up to 10 percent for any of their products sold on the G2A marketplace, which provides a way for developers to monetize third-party transactions."
- "Priority Placement: Developer-managed auctions will be listed first, above third-party sellers, to provide more visibility and transparency. Developers will also be able to create their own custom storefront featuring all of their products and promotions."
- "Chargeback Protection: G2A offers G2A Pay with free integration to developers as a protection on their own websites to mitigate their risk factors (especially beneficial for small developers, beginners and those who feel that their security systems are not sufficient)."
- "Dedicated Database Access: Developers will have access to our database information to verify sales, volume and timing to track the lifecycle of every key and identify illegal practices."
- "Developer Funding Option: Many gamers wish to support their favorite developers. For the first time, they will be able to contribute funds directly through an additional button on the developer’s product page."
All of these are steps in the right direction in trying to help developers with the substantial fraud problem. However, what they offer here are things that should have been there in the first place; they are also more for maintenance in the aftermath of fixing their main issue of illegally obtained keys being sold on their service. In other words, it's like G2A is a doctor giving you the medication you'd need after surgery before it, and then not doing the surgery at all, just telling you to continue with your medication. While these are still steps in the right direction, there are still problems with most of them.
The "Priority Placement" doesn't really offer anything to the developer. Sure, they can go on G2A and try to sell their games, but others can just as easily undercut their price, making the developer-run store irrelevant. Who searches through auctions to purchase the first listing they run across? Nobody.
The "Chargeback Protection" is G2A's way to slip in their service to try to make some cash off the chargeback issue. That's simply what it is, nothing more. The desperate need for it shouldn't really exist in the first place. Fraud will always happen regardless, sure, but it should not be this widespread.
The other things G2A offers to developers are all great on the face of it. Developers make money off any sale in third-party auctions, have access to the database of keys to cross check for those fraudulently obtained, and now there's an option to support developers directly if customers wish to do so. The problem here is that none of this does anything to solve the problem, at all. Again, all G2A offers are band-aids.
None of what they offer here in support does much to curb the problem of G2A allowing the rampant selling of fraudulently obtained keys. Everything they offer deals with the aftermath, treats the symptoms, of which they also make money off of treating ... imagine that. Widespread chargebacks will still happen regardless, big companies feeling the need to deactivate stolen keys will continue, undercutting of developer's prices will continue, and worst of all, this system seems to place the entire onus of researching stolen keys on the developer's shoulders.
If they choose to accept this support by getting the royalties, using G2A.Pay, and all that, they're now on the hook to investigate all the fraud, leaving G2A out of it totally since G2A has given them access to the databases. In G2A's eyes, they are out of that process completely with giving developers access to that information. They've sloughed off any responsibility.
Not only that, offering up their database does absolutely nothing in aiding developers find and investigate individuals participating in the fraud. Due to the anonymous nature of the service and the merchants, all the databases do is confirm whether the key was obtained illegally. What can developers do with that information really? All it allows them to do is deactivate keys. Then a certain seller gets a bad reputation ... so the account is deleted and they make a new one. Again, that offers nothing to solve the problem in any way. I suppose after enough chargebacks and deactivations happen, then maybe the problem will go away? Seems both unlikely and very costly for the companies screwed by the chargebacks.
Not all developers are vocal, but those who are seem to be a little skeptical of this new support that G2A is offering to say the least.
In the end, this still does nothing to solve the problem. As said before, and now again, this treats symptoms and is nothing more than a band-aid, while G2A acts as a parasite feeding off the illegal activity, making money on both the resale and through things like G2A Shield and G2A.Pay.
Some may argue that it is not G2A's responsibility to root out people using their service to sell illegally obtained keys. That what they offer here goes above and beyond what they are required to do. I'd say that all went out the window when G2A started to offer Shield and Pay. Those are, without any shadow of a doubt or argument, a complete acknowledgement that a problem exists and that they have no intention of attempting to curb it whatsoever.
Further, there's a reason places like eBay and Amazon are so rigorous in coming down on people who sell stolen goods or lie about their products: it makes them look really bad if they don't. It's in G2A's best interest, really, to preserve their reputation by offering a good service. They don't offer a good service when they have a constant issue with fake keys and stolen keys being sold on their platform.
Really, truly, the single biggest thing G2A can do to help rid the problem is to require more information from their merchants before they are allowed to sell something. As it is now, you can get something up in a matter of minutes and have it up for auction with no issue at all. As pointed to before, there's no consequence for selling stolen keys. An account may be deleted, but that person is free to then create a new one and begin selling again.
So, G2A is a poor platform for consumers that offers predatory services like G2A Shield; G2A essentially harbors those that obtain illegal keys by continuing to allow them to sell on the platform; G2A, in its current form, actively hurts developers, much more than even something like piracy; and G2A has offered no substantial or tangible promises or actions to solve the problem. They've continually, in every interaction and reaction to their platform being called in to question, offered nothing worthwhile while attacking those who question them—they offer PR statements and PR actions. They acknowledge a problem exists, but only offer solutions in which they also benefit—without fixing the problem in any way whatsoever; it's as if they want it to continue so they can double dip on money in the resale and in offering things like G2A.Pay and Shield.
So that's what you're supporting, and what you're harming, when you go to G2A and other similar sites. Of course, it's still entirely up to you whether you want to, but I'd hope this article helped shed some light on how this is bad for everyone involved. Even if you're not concerned with the moral or ethical portion, G2A has a negative effect across the board for all who participate in the gaming industry.
I'd like to end in adding a note that what is outlined above conveys the overall tone and stance TechRaptor as a publication has taken towards G2A. This does not speak for every individual writer, but as a publication we not only disapprove of G2A but believe it to actively hurt all parties involved in the industry, from the developers to the retailers to the consumers.
Will you purchase things from G2A or sites like it? Why will you or why won't you?