Over the past few days, the games industry has taken a new stand against grey-market game code reselling. The practice is accused of being linked to credit card theft and excessive chargebacks that can cripple smaller companies.
Grey market sales are defined as those that are technically legal, but not a distribution vehicle intended by the original seller. The codes originate with TinyBuild or an authorized partner, but problems arise when criminals use stolen credit cards to buy in bulk and sell on auction sites at prices that undercut the primary seller.
The confrontation has involved many players over the years, but this latest flare-up was initiated by small publisher TinyBuild. The company has accused G2A, a third-party resale clearinghouse, of selling $450,000 worth of the publisher’s keys obtained through illicit methods. When the owner of the stolen payment method discovers what’s happened, their credit card company reverses the charges, the developer is charged back, and the keys are still floating in the market.
Too many chargebacks can cause a financial institution to shut down a developer’s storefront. You can read our previous coverage for the full details.
In an interview today, G2A CEO Bartosz Skwarczek again contested TinyBuild’s assertion, touted his company’s security protocols, and disputed a widely held belief that the retailer is harmful to the gaming industry. In order to understand why some have an issue with G2A’s practices, it’s important to know how the company operates.
In TinyBuild’s original post, company CEO Alex Nichiporchik likens G2A to eBay. Skwarczek agreed that the comparison is accurate, though as we probed, it became clear there are some marked differences.
When selling on eBay, members are required to provide verified payment information. This ensures that eBay has a means to intervene in the event that a buyer doesn’t receive an item. G2A doesn’t have a comparable mechanism in place to protect itself and developers from fraud or bad transactions.
Punch Club sells for $9.99 at regular price.
“On our platform, there are more than 200,000 sellers and over 10 million buyers,” Skwarczek says. “At G2A, there are more than 25 different departments and more than 600 people creating the whole platform. We have departments like anti-money laundering, with people who are dedicated to check the seller and transactions. We have an anti-risk department. We have a legal department, financial department, and customer service department.”
The company would not disclose how effective its anti-money laundering department is. We inquired about the number of investigations conducted and amount of money protected by these efforts, but Skwarczek declined to answer on the grounds of confidentiality.
The company also wouldn’t tell us how many transactions its top seller conducts on average per month. We inquired about an aggregated, ballpark average for the top 10 percent of sellers, and were declined, also. G2A claims even anonymized and aggregated data is confidential.
“What I can say with this particular example with TinyBuild is that before this all started, we did our research,” Skwarczek explained. “We identified more than 200 TinyBuild product auctions on our marketplace and we suspended all of them, because they violated our terms and conditions or ‘know your customer’ (KYC) procedures.”
He says that more than 50 sellers were responsible for those 200 auctions. However, because no identifying information is collected up front, G2A must contact each of those sellers in hopes that they will respond to the suspension of their accounts.
“When there is a suspicion that the seller is not fully compliant or legal, then we ask for ID.” Skwarczek explained. “We ask for proof of purchase for the product. The sellers haven’t gotten back to us. They didn’t stay in touch with us. We are chasing them, but they have to contact us.”
Counter-Stroke: Global Offensive is regularly priced at $14.99.
G2A is unlikely to hear back from an illicit seller caught in the act of selling stolen game codes. The company only has their IP address, with no other identifying information.
“We have IPs, but we don’t have IDs, because they didn’t get back to us after we suspended the account,” Skwarczek says. “If you set up an account on our marketplace, and you want to sell a product, you are allowed to do it. You are creating an auction. If we discover that there is something wrong with the auction or the product or there is something suspicious, we suspend the account. The customer will have to provide an explanation, including proof of purchase and ID. It’s your move. If you want to have your account active again, you have to provide us all these documents. The sellers didn’t get back to us, so these accounts are still blocked and the auctions still suspended.”
Unfortunately, there is nothing to stop a seller from starting over with a new account. G2A doesn’t have security mechanisms in place to prevent a suspended seller from changing his digital identity and beginning the practice all over again with more stolen keys. However, the company says it does try to block multiple accounts created in such a situation.
“Customers should comply with the terms and conditions,” Skwarczek states, though a person trafficking in stolen credit cards and pilfered codes isn’t an individual who will see terms and conditions as a barrier to illicit entry.
“This is what the police department is for,” he says when I pose a situation in which someone starts fresh, continuing fraudulent activity under another email address and account. “What we have to do is protect our customers and block every suspicious account and ask for additional information. What we can do is alarm the officials only when it happens, and we have the foundation to do that.”
One of things G2A says it needs in order to evidence theft or fraud is cooperation from developers and publishers that believe they are affected. “We need cooperation from their side,” Skwarczek says. “When TinyBuild asked us to deliver data, we gave them all the data immediately and freely. We answered every question they had. The only thing we wanted from them is to cooperate with us to identify the keys. They never got back to us with a proper answer or gave us a chance to finalize the process.”
G2A says it has helped other developers with the same kind of problem successfully. The company says it wants to educate developers that there is a “mutual benefit” in protecting the customers.
When we spoke with TinyBuild CEO Alex Nichiprochik, he was extremely reluctant to provide any batch data to G2A because of the retailer’s reputation. “Everybody knows their reputation, so why would anyone even consider giving them a list of keys to ‘verify’?” Nichiporchik told me. “I believe they’d just resell those keys and make more money off of it.”
Read on for more about the ongoing conflict over grey market sales.