Guess what? When you call out one of the world's biggest third-party resellers of keys for digital games, there's a good chance they might not be happy about it.
After the maker of Punch Club and SpeedRunners, tinyBuild, accused the site of profiting at their expense yesterday, G2A hit back. The third-party marketplace has publicly given the devs three days to provide a list of CD keys they believe were fraudulently obtained.
So let's quickly recap the whole timeline.
Back in late March, tinyBuild announced that their latest management sim Punch Club had been pirated more than 1 million times on PC and around 1.6 million times across all platforms (PC, Mac, Linux and mobile, with the majority of mobile piracy on Android devices).
It was pretty straightforward, as far as developers whinging about piracy goes. What wasn't mentioned in tinyBuild's blog post, however, was anything to do with marketplaces, where users had acquired keys from, or anything else.
The original source of this case goes back to March 22nd of 2016. The official tinyBuild Twitter account posted a tweet containing unreliable information regarding the piracy rates of their latest title Punch Club. Naturally our representatives reached out, to educate and offer assistance to the developers.
What followed were email conversations. Many unjustified demands were made by tinyBuild regarding the removal of G2A marketplace merchant stock from the marketplace and compensation for their estimated value of products. All questions asked of G2A were answered, all data requested by tinyBuild was given freely by G2A, including the number of sales and their median value for the life time of the product page (original release dates of the products right up until the 8th of June 2016).
Things boiled over yesterday, when tinyBuild publicly said G2A was like "Ebay for game keys" and key resellers like, and including, G2A were "facilitating a fraud-fuelled economy where key resellers are being hit with tons of stolen credit card transactions".
The demands from both companies at this point, was this. TinyBuild alleged that people were buying copies of their games through their own online store with stolen credit cards, issuing chargebacks and reselling the keys on G2A. Just over 26,000 units of tinyBuild games had been purchased, following sales information provided by the Hong Kong-based reseller, and according to tinyBuild that was equivalent to just under $US200,000.
At full retail value, those keys would have cost over $US450,000. But TinyBuild isn't getting a cent of any of the transactions on G2A, full price or otherwise.
TinyBuild asked G2A whether they could get some form of compensation — it's their game, after all — and were told that "no compensation will be given". Here's a quote from an email from G2A, republished by tinyBuild:
I can tell you that no compensation will be given. If you suspect that these codes where all chargebacks aka fraud/stolen credit card purchases I would be happy to look into that however I will say this requires TinyBuild to want to work with G2A. Both in that you need to revoke the keys you will be claiming as stolen from the players who now own them and supply myself with the codes you suspect being a part of this. We will check to see if that is the case but I doubt that codes with such large numbers would be that way.
And this is where G2A's latest demand comes in. According to them, tinyBuild now has "3 days from the date of this transmission" to provide a "list of suspicious keys" so the website can investigate the activity further. G2A even said that "they identified more than 200 tinyBuild production auctions" on their website before the two parties were in contact, and that all of them were "suspended because they violated G2A.COM Terms and Conditions and security procedures".
In an email to Kotaku Australia, tinyBuild's Alex Nichiporchik said G2A never told tinyBuild that they had removed any keys or merchants in regard to their products.
"We were never told they removed 200 keys/merchants — we wanted them to do it, they told us they weren't going to unless we decide to work with them and we had to provide the keys," Nichiporchik said. "So did they or did they not? Because they just said we didn't give them a list of keys, which is true. So how did they remove these keys/merchants? I'm genuinely curious."
G2A's statement also went on to ask why tinyBuild only quoted "the highest price point in their product history", rather than the cost of their games in various bundles. "Finding a better medium price here would give a true overview. TinyBuild should explain to the media why they omitted their sales data from the revenue projection."
But as far as tinyBuild's concerned, that's entirely irrelevant. "First they said our bundle partners are selling keys directly to them which is absolutely false (verified with Humble, BundleStars, IndieGala, IndieGameStand, etc). Now they're just pointing to bundles as the escape goat [sic]."
"With the information above, I'm not comfortable sharing lists of keys from multiple batches that may or may not be stolen. The way our business works is we work with a ton of partners, and tracking down individual key batches is an insane amount of work. Even if we did that and deactivated certain batches, each one of them will have a bunch of 'legitimate' redemptions. Now imagine winning a key in a giveaway from us or any partner, and then seeing the game deactivated."
And that's still the real crux of the issue for tinyBuild — how do they rescind keys from being sold on sites like G2A without pissing off genuine customers who acquired those keys? As far as the average gamer is concerned, they paid money fair and square for a key. Less than what they might have paid on Steam or elsewhere, but they still paid nevertheless.
TinyBuild's suggestion is to let publishers/developers set a price floor for their products on G2A and for resellers to establish a "minimum cut for all 3rd party sales of said keys". That cut would undoubtedly come out of G2A's pocket, something they're probably a bit reluctant to do.
Nichiporchik then dug the foot in further by saying that he was able to create an account on G2A and "sell a ton of keys" without any verification. "If Ebay allowed you to sell merchandise without verifying sellers' credentials (they ask you for IDs, statements confirming addresses, tie it to your bank account, etc), they'd probably under similar fire right now as they'd facilitate stolen goods trade."
"No developer is going to put their games onto G2A when any other merchant on their site can undercut them," he added. "As a small company we will never create a situation that pisses off our fans ... everybody knows [G2A's] reputation, so why would anyone even consider giving them a list of keys to 'verify'? I believe they'd just resell those keys and make more money off of it."
It's a complete breakdown of trust between the two parties, and it doesn't seem like there is going to be a resolution any time soon. TinyBuild doesn't trust G2A enough to provide them the keys G2A allegedly requires to begin an investigation, and G2A says they can't investigate further without a list of infringing keys.
But the question remains: how did G2A deactivate those 200 merchants and keys in the first place without tinyBuild's help? And what do they think about giving more control to publishers and developers about the sale of their IP on their marketplace?
I've forwarded a string of questions to both parties, and will update as the story progresses.