G2A Fires Back At Developer, Gives Them Three Days To Provide ‘Suspicious Keys’

G2A Fires Back At Developer, Gives Them Three Days To Provide ‘Suspicious Keys’

Guess what? When you call out one of the world’s biggest third-party resellers of keys for digital games, there’s a good chance they might not be happy about it.

After the maker of Punch Club and SpeedRunners, tinyBuild, accused the site of profiting at their expense yesterday, G2A hit back. The third-party marketplace has publicly given the devs three days to provide a list of CD keys they believe were fraudulently obtained.

So let’s quickly recap the whole timeline.

Back in late March, tinyBuild announced that their latest management sim Punch Club had been pirated more than 1 million times on PC and around 1.6 million times across all platforms (PC, Mac, Linux and mobile, with the majority of mobile piracy on Android devices).

It was pretty straightforward, as far as developers whinging about piracy goes. What wasn’t mentioned in tinyBuild’s blog post, however, was anything to do with marketplaces, where users had acquired keys from, or anything else.

Nevertheless that post, along with an earlier story on IndieGameStand, kicked off a string of email communications between G2A and tinyBuild. Here’s a statement from G2A, released today:

The original source of this case goes back to March 22nd of 2016. The official tinyBuild Twitter account posted a tweet containing unreliable information regarding the piracy rates of their latest title Punch Club. Naturally our representatives reached out, to educate and offer assistance to the developers.

What followed were email conversations. Many unjustified demands were made by tinyBuild regarding the removal of G2A marketplace merchant stock from the marketplace and compensation for their estimated value of products. All questions asked of G2A were answered, all data requested by tinyBuild was given freely by G2A, including the number of sales and their median value for the life time of the product page (original release dates of the products right up until the 8th of June 2016).

Things boiled over yesterday, when tinyBuild publicly said G2A was like “Ebay for game keys” and key resellers like, and including, G2A were “facilitating a fraud-fuelled economy where key resellers are being hit with tons of stolen credit card transactions”.

The demands from both companies at this point, was this. TinyBuild alleged that people were buying copies of their games through their own online store with stolen credit cards, issuing chargebacks and reselling the keys on G2A. Just over 26,000 units of tinyBuild games had been purchased, following sales information provided by the Hong Kong-based reseller, and according to tinyBuild that was equivalent to just under $US200,000.

At full retail value, those keys would have cost over $US450,000. But TinyBuild isn’t getting a cent of any of the transactions on G2A, full price or otherwise.

TinyBuild asked G2A whether they could get some form of compensation — it’s their game, after all — and were told that “no compensation will be given”. Here’s a quote from an email from G2A, republished by tinyBuild:

I can tell you that no compensation will be given. If you suspect that these codes where all chargebacks aka fraud/stolen credit card purchases I would be happy to look into that however I will say this requires TinyBuild to want to work with G2A. Both in that you need to revoke the keys you will be claiming as stolen from the players who now own them and supply myself with the codes you suspect being a part of this. We will check to see if that is the case but I doubt that codes with such large numbers would be that way.

And this is where G2A’s latest demand comes in. According to them, tinyBuild now has “3 days from the date of this transmission” to provide a “list of suspicious keys” so the website can investigate the activity further. G2A even said that “they identified more than 200 tinyBuild production auctions” on their website before the two parties were in contact, and that all of them were “suspended because they violated G2A.COM Terms and Conditions and security procedures”.

In an email to Kotaku Australia, tinyBuild’s Alex Nichiporchik said G2A never told tinyBuild that they had removed any keys or merchants in regard to their products.

“We were never told they removed 200 keys/merchants — we wanted them to do it, they told us they weren’t going to unless we decide to work with them and we had to provide the keys,” Nichiporchik said. “So did they or did they not? Because they just said we didn’t give them a list of keys, which is true. So how did they remove these keys/merchants? I’m genuinely curious.”

G2A’s statement also went on to ask why tinyBuild only quoted “the highest price point in their product history”, rather than the cost of their games in various bundles. “Finding a better medium price here would give a true overview. TinyBuild should explain to the media why they omitted their sales data from the revenue projection.”

But as far as tinyBuild’s concerned, that’s entirely irrelevant. “First they said our bundle partners are selling keys directly to them which is absolutely false (verified with Humble, BundleStars, IndieGala, IndieGameStand, etc). Now they’re just pointing to bundles as the escape goat [sic].”

“With the information above, I’m not comfortable sharing lists of keys from multiple batches that may or may not be stolen. The way our business works is we work with a ton of partners, and tracking down individual key batches is an insane amount of work. Even if we did that and deactivated certain batches, each one of them will have a bunch of ‘legitimate’ redemptions. Now imagine winning a key in a giveaway from us or any partner, and then seeing the game deactivated.”

And that’s still the real crux of the issue for tinyBuild — how do they rescind keys from being sold on sites like G2A without pissing off genuine customers who acquired those keys? As far as the average gamer is concerned, they paid money fair and square for a key. Less than what they might have paid on Steam or elsewhere, but they still paid nevertheless.

TinyBuild’s suggestion is to let publishers/developers set a price floor for their products on G2A and for resellers to establish a “minimum cut for all 3rd party sales of said keys”. That cut would undoubtedly come out of G2A’s pocket, something they’re probably a bit reluctant to do.

Nichiporchik then dug the foot in further by saying that he was able to create an account on G2A and “sell a ton of keys” without any verification. “If Ebay allowed you to sell merchandise without verifying sellers’ credentials (they ask you for IDs, statements confirming addresses, tie it to your bank account, etc), they’d probably under similar fire right now as they’d facilitate stolen goods trade.”

“No developer is going to put their games onto G2A when any other merchant on their site can undercut them,” he added. “As a small company we will never create a situation that pisses off our fans … everybody knows [G2A’s] reputation, so why would anyone even consider giving them a list of keys to ‘verify’? I believe they’d just resell those keys and make more money off of it.”

It’s a complete breakdown of trust between the two parties, and it doesn’t seem like there is going to be a resolution any time soon. TinyBuild doesn’t trust G2A enough to provide them the keys G2A allegedly requires to begin an investigation, and G2A says they can’t investigate further without a list of infringing keys.

But the question remains: how did G2A deactivate those 200 merchants and keys in the first place without tinyBuild’s help? And what do they think about giving more control to publishers and developers about the sale of their IP on their marketplace?

I’ve forwarded a string of questions to both parties, and will update as the story progresses.


  • G2A is dodgy here. I’m with tinyBuild.

    It’s a shame so many Twitch streamers and Youtubers take their sponsorship

    • Oh yeah, G2A is dodgy for sure. There are plenty of reputable auction sites out there that put effort into seller verification and delisting/reporting stolen goods to authorities. G2A has repeatedly fallen back on the ‘we’re just innocent middlemen’ excuse too many times to be believed at this point. If you know others are using your service for crime and make no effort to stop it, you’re an accessory.

      They don’t just sell stolen keys, they sell non-transferrable accounts and boost services for games where those are expressly forbidden. They were banned from sponsoring League of Legends teams last year and hopefully that kind of thing will continue.

      • Last year I found that someone had changed my Minecraft password. Turns out the account had been hacked and sold to some poor Portuguese kid through G2A. Thanksfully the hackers hadn’t bothered to change my recovery details and I was able to get the account back through Mojang’s normal password recovery process. G2A is dodgy as hell.

        • ROFL someone would actually be bothered to hack a minecraft account and on-sell it via G2A for half a dozen pesos. Brilliant.

  • As a game dev this isn’t even something I’ve considered. I definitely don’t want to be selling my own keys and bearing the burden of chargebacks/fraud.

    • If you’re going to sell anything as a business then you need to be ready to deal with refunds/chargebacks/fraud etc or get burned by it.

      It seems like TinyBuild just aren’t equipped or prepared to manage it yet they’ve setup their own store in addition to working with bundle partners, Steam etc. For a start they need to be able to relate an individual key to an individual sale so the key can be cancelled if/when the sale falls through.

      • Out of the three parties here, you seem to be fixating on the one with the least responsibility for the sale of stolen keys. Yes, it’s reasonable that TinyBuild should take precautions, but the primary responsible party are the credit fraudsters, followed by the service that facilitates the sale of those stolen goods with no seller check or verification.

        • … or @xenoun replied directly to me in context. I get where you’re going with this, but we’re not talking about blaming someone here, we’re talking about business risk management.

          • Exactly. If you take it upon yourself to sell game keys directly rather than through Steam, Humble etc then you have to be prepared to deal with fraud. It’s going to happen, that’s a fact. Steam etc deal with that every day and yet usable keys aren’t siphoned from them due to chargebacks.

            TinyBuild were either very shortsighted or just simply didn’t prepare properly when they started selling keys.

          • I’ve detailed elsewhere why there’s nothing TinyBuild (or any of the other sources of keys here, such as bundle sites) can do to stop this from happening. What would you propose TinyBuild does, given Steam keys can’t be individually revoked? What kind of risk management steps do you suggest?

          • Don’t sell the keys in a way that means you’re assuming the risk for fraud and chargebacks. ie:

            – Only sell on Steam
            – Sell keys to 3rd party resellers wholesale

          • That doesn’t solve the problem, it just removes TinyBuild’s own store from the equation. Instead, the keys are obtained through retail channels with stolen cards or through bundle sites. Chargebacks still happen, G2A still deals in stolen keys, the original sellers (regardless of who they are) still suffer the cost of the chargeback.

          • … it solves MY problem, look at my original comment. As a dev I want to sell my keys in a way that I don’t have to deal with it, and that’s how I’d do it. I’m not trying to solve chargebacks as a problem, that’s obviously impossible. I just don’t want the risk for myself.

            Is it TinyBuild’s problem as well? Yes. Sure, we can blame the bad actors, but eventually TinyBuild is going to run out of money, and at that point you can’t pay people with ButImTheVictimDollars.

          • @vanit If I was replying to your problem, I’d have replied to you. My initial reply in this thread was to xenoun, and particularly to this statement he made:

            It seems like TinyBuild just aren’t equipped or prepared to manage it yet they’ve setup their own store

            The argument I’ve made here is that there isn’t any equipment or preparation you can have/make that will solve this problem. The only way to avoid it altogether is to not sell keys at all, which is a bandaid at best and does nothing to solve the underlying cause. Xenoun seems to argue throughout this article that TinyBuild’s store itself is the root cause, and that’s simply not the case.

  • But the question remains: how did G2A deactivate those 200 merchants and keys in the first place without tinyBuild’s help?
    I’m not even willing to believe they did that. He just threw it out half way in with no evidence, sounds like another bullshit excuse.
    This part is more telling:
    Nichiporchik then dug the foot in further by saying that he was able to create an account on G2A and “sell a ton of keys” without any verification.
    G2A say they’re suspending sales of Tinybuild keys but someone from Tinybuild themself manages to sell a bunch without needing verification. Seems legit.

  • So TinyBuild are only able to track their keys in batches and can’t identify individual keys from those batches as legitimately purchased or having been refunded due to fraud.

    This is TinyBuild’s problem, not G2A.

    When a chargeback is made the key related to that purchase should be cancelled immediately. If TinyBuild are unable to track their own keys sufficiently to enable this then it’s their problem.

    If TinyBuild had the capability to cancel keys where there has been a chargeback then that key being sold through G2A would become G2A’s problem as whoever bought it from them would be unable to use it.

    G2A should never owe TinyBuild anything as it’s a marketplace for people to sell a key that has already been paid for (TinyBuild already have their cut). It’s like selling a second hand game except the seller hasn’t ever played it.

    • This is TinyBuild’s problem, not G2A.

      It isn’t in TinyBuild’s control. The system for Steam key generation is run by Valve, in part to ensure each key is unique system-wide so there’s no overlap between different games. Large publishers can access it directly via Steamworks but small and indie sellers request them from the system. It’s been a few years since I dealt with Steamworks so I’m not sure if it’s changed since, but last I used it you couldn’t revoke individual keys, only the batch they came in.

      • It really is TinyBuild’s problem, lets forget the whole G2A involvement for a moment, if someone were to buy a whole heap of keys direct from TinyBuild, give them out to all their mates, then chargeback, TinyBuild loses. If they’re going to sell Steam-enabled keys from their website, they need to have some accountability, whether this be larger negotiations with Valve in order to block specific keys that have been refunded, or by having their store refuse to accept forms of payment that charge back.

        It all just screams like a school kid that has just been burned and lashes out on anyone they can find rather than take the blame themselves. This clearly needs to be a lesson to TinyBuild and hire better staff to look after your own store (which I presume they’re using to gain greater sales profit than just using Steam’s marketplace?) or bite the bullet and leave “Buy it from Steam” on your advertising campaign.

        Whether or not places like G2A, eBay, Gumtree, Cash Converters are facilitating the sale of fraudulently acquired games is irrelevant.

        • Actually, no it’s not. If they were in THAT scenario they would likely have more direct transactional data and be able to deactivate keys (even if they were in batches)… but because of how many varied sellers key portals like G2A have and how little actual transaction information TinyBuild could get about each key being sold (as, again, they don’t know the initial source), then you can’t expect this to all be on TinyBuild.

          • The keys being sold on G2A are keys that have already been purchased elsewhere. G2A is not the direct portal acting as a key seller in this case.

            If you read the article from yesterday TinyBuild had their own store which fell apart when they got hit with hundreds of thousands of chargebacks. They weren’t prepared to deal with it and due to that there’s a lot of keys out there that haven’t been paid for.

            The root cause of the problem is TinyBuild, not a key reseller.

          • If you read both articles you’d see the keys involved come from many sources including bundle sites, not just from their own store. The problem simply isn’t something that can be solved at the original seller’s stage of the process.

            The root cause of the problem is TinyBuild, not a key reseller.

            You really don’t understand how this stuff works. How do you propose TinyBuild fixes this ‘root problem’ given individual keys can’t be revoked?

          • I have indeed read both articles, the following two quotes make it fairly clear what I’m talking about.

            From yesterday’s article:

            The shop collapsed when we started to get hit by chargebacks. I’d start seeing thousands of transactions, and our payment provider would shut us down within days. Moments later you’d see G2A being populated by cheap keys of games we had just sold on our shop.

            From today’s article:

            TinyBuild alleged that people were buying copies of their games through their own online store with stolen credit cards, issuing chargebacks and reselling the keys on G2A. Just over 26,000 units of tinyBuild games had been purchased, following sales information provided by the Hong Kong-based reseller, and according to tinyBuild that was equivalent to just under $US200,000.

            The ultimate source of these keys is TinyBuild. The only reason bundles were brought up was G2A suggesting that the keys were from the resale partners of TinyBuild.

            That is the source, not Valve, not bundles, not G2A, it is TinyBuild. Steam and bundle sites manage to deal with this same issue without thousands of keys being obtained for free through chargebacks. TinyBuild didn’t do their due diligence as a business to ensure that they couldn’t be hit with fraud through chargebacks, stolen cards etc.

            Like I said, TinyBuild is the root cause.

          • I’ll help you out then because you’ve been selectively reading. From yesterday’s article (emphasis mine):

            The problem is that this business model is fundamentally flawed and facilitates a black market economy. I’ve spoken to a merchant on G2A about how he’s making $3-4k a month, and he outlined the core business model:
            • Get ahold of a database of stolen credit cards on the darkweb
            Go to a bundle/3rd party key reseller and buy a ton of game keys
            • Put them up onto G2A and sell them at half the retail price

            The ultimate source of these keys is TinyBuild.

            No it wasn’t. The ultimate source of these keys are authorised key sellers, regardless of who they are, and there are more than one. This problem isn’t limited to TinyBuild, it exists across all games where keys are available through authorised key sellers. The actual root problem is the same across all of them.

            TinyBuild didn’t do their due diligence as a business to ensure that they couldn’t be hit with fraud through chargebacks, stolen cards etc.

            You’re not listening. There is nothing they can do to stop this from happening. There is no diligence they can take. This problem affects every authorised key seller, it’s not an isolated problem. The only option is to not sell keys, which is a bandaid, not a solution.

            I’m sorry, but you really are mistaken here. I don’t think you understand how the game key grey market works. In this specific instance they were one contributor, perhaps even the biggest individual contributor, but they are not the cause of the problem. The problem goes beyond just this particular case.

          • Holy shit so much debate on this topic.

            Deactivate all the keys. Fuck G2A over for buying stolen goods. And fuck the customers over for buying from that dirty website. I think half of TinyBuilds plan was to raise awareness at how corrupt that site is.

          • This again goes back to how all the keys were obtained in the first place and what @xenoun says below. TinyBuild weren’t prepared to deal with fraud. By the sounds of it, they wouldn’t be able to deal with my scenario, as they can’t deactivate individual keys that have been charged back, regardless of what happens to them after they’ve been provided by TinyBuild.

            I’m certain EB Games don’t give a royalty/reimbursement to Activision on every preowned copy of Call of Duty they sell, even if they’ve all been stolen.

          • Yeah, devs get exactly $0 from any second hand game sale. In terms of keys it’s the same thing except the seller hasn’t played the game before selling it. G2A owe TinyBuild nothing from sales. TinyBuild can’t even trace where the keys on G2A came from, they’re out of their depth here and clutching at straws.

        • The stolen keys aren’t just from TinyBuild’s own store, they come from anywhere, such as Humble Bundles and other bundle sites. It doesn’t really matter who originally sold the key if it can’t be individually revoked, whoever cops the chargeback ends up wearing the cost and still end up down a key.

          Keys in Steam weren’t designed to be revoked individually, the reason they’re sold in identifiable batches is so keys sent to a particular seller can be revoked in bulk if the need arises. Batch revocation was designed to deal with dodgy second-party resellers, like Russian keys being sold to other regions against the original terms of sale.

          Facilitating criminal behaviour is absolutely relevant, I don’t see how you can justify that they aren’t. There’s a reason pawn shops are heavily regulated, why eBay conducts identity checks when you sell items. G2A doesn’t do their due diligence, they are absolutely part of the problem.

          • May as well get down to basics here, the problem really is: the internet. Its not G2A, Cdkeys, Instant Gaming, its the internet that lets these sites with such fraudulent potential come to be. Shutdown the internet, its condoning criminal activity.

            There really is only 2 options.

            1. Blame the internet or whoever is the biggest name you can find. Blame them. Its actually cheaper to buy Punch Club from Instant Gaming, but they’re not as big as G2A.

            2. Take responsibility and precautions for what you make available online.

            Its extremely naive to think a small company like TinyBuild could create an online marketplace to rival Steam to make a bit of extra cash. It would be awesome to live in a world without criminal activity, there would be no need for lawyers and insurance companies, but sadly thats not the case. Theres no point singling out one entity for allowing it to happen. If G2A closes, G3A will already be up and running before the site goes down. If you’re going to put yourself out there, you need to make sure you’re protected. Crying on social media isn’t the way to go, unless its to provide warning for anyone else thinking of doing the same.

          • You could go to that extreme, but that would be like shutting down every shop because certain pawn shops are involved in fencing stolen goods. There are more options than you outlined, which I mentioned in another post here.

            You wouldn’t shut down every shop because some pawn shops were fencing stolen goods, but you wouldn’t shrug and do nothing about it either. You could shut down all pawn shops, or you could push pawn shops to take reasonable measures to ensure goods they resell aren’t stolen and that if they are, you have adequate records of the person who sold it to you so it can be pursued if need be.

            Other auction sites do this, and it’s not particularly difficult. Yes, people still list stolen goods on eBay, but a lot of people who do get arrested too because eBay doesn’t let them sell anything without identity details on record first. Pawn shops do the same thing, taking copies of your drivers licence or passport before they buy what you’re offering. G2A is reluctant to do this because they profit from thieves just as much as they profit from legitimate sellers.

            I hardly think these expectations are unreasonable, and they go a long way to reducing the number of places thieves can go to sell stolen goods. Keep in mind we’re not talking about flogging off a dozen keys on backwater forums, we’re talking about moving tens of thousands of stolen keys. That kind of activity isn’t profitable or worthwhile unless you have a way to move them quickly, and sites like G2A who don’t do any diligence on their sellers offer exactly that.

            Sure, going after the fence sites doesn’t fix the problem completely, and of course TinyBuild should take steps to protect themselves as well, but at the end of the day this isn’t a problem that only affects TinyBuild, and effort spent trying to reduce the problem is better spent addressing the cause than the symptoms.

          • Agree on all of your things. I’m just saying theres far too much of the blame-game going on, and none of the personal responsibility. Yes, G2A and all of the other thousand sites should be more vigilant with seller identity, but TinyBuild also need better accountability on their sales. If people were able to buy on Steam, Humble, Sony or Paypal, get their key then chargeback without penalty, then this sort of activity would be pretty commonplace about now. They should be on Valve’s back about deactivating any key associated with a chargeback. If they did this and G2A did sell the keys, that would be pretty bad publicity all on its own without the social media outcry.

            Edit: Apologies for making it all confusing with the posts, saw your post in another area. You say there is no hard solution, yet you state it in the same post. Valve needs to implement individual revocation of keys for third party sales. Nothing will hurt illegitimate sites more than their clients having their purchase taken away.

          • Ha, you’re all good mate. This comment area has forked into a whole lot of different threads saying very similar things and I got distracted trying to keep track of it all. I should have just kept things under a single thread myself, it’s just a topic I have sympathy for and some indirect personal experiences with so I probably got a bit over-eager to make my case. I think I’ve made the arguments I wanted to at this point, any more would just be trying to beat people over the head until they thought the same way =)

      • If it isn’t in TinyBuild’s control then why have they taken it upon themselves to sell keys on their own site? The article yesterday indicated that was the main cause of the problem here. Their shop collapsed when they started getting hit by chargebacks.

        The whole problem has occurred because they weren’t prepared to deal with fraud on their own store. G2A provides a means for people to sell keys, sure, but even without that TinyBuild would still have had the same problems with their own store.

        People bought keys from them, hit them with a chargeback and get to keep the key! That’s the root cause of the problem, not what happened with the keys after that.

        • Your question makes no sense. It’s not in anyone’s control to revoke individual Steam keys. That goes for big publishers just as much as indie studios. Are you implying that nobody should be selling keys through their own store because they can’t be individually revoked?

          I’m getting tired of playing cat and mouse across multiple comment threads. I’ll be as clear as I can be: individual keys can’t be revoked. It doesn’t matter whether TinyBuild sold them or they came from bundles or from retail sales. Shutting their store wouldn’t solve the problem, it would just shift the key source to bundles. There are no steps that TinyBuild can take to solve the problem, it doesn’t exist at the original seller’s level of operation.

          • If individual keys can’t be cancelled then how do Steam and every other Steam key seller avoid hemorrhaging keys for free due to chargebacks and fraud?

            Both today’s article and yesterdays state that these particular keys were sold by TinyBuild through their own store front.

          • Do me a favour, pick one thread and reply in that. It’s a waste of time and effort for you to keep restating the same arguments in every thread.

            Steam avoids problems by revoking access to the game itself on the Steam account that issued the chargeback. They can do that because the key is immediately and automatically activated when the sale is made, so the key is bound to an account at that point. The key is never revoked, the activating account’s access is revoked. Keys sold through resellers aren’t activated until the key is claimed, and the person doing the activation is the ultimate buyer, not the fraudster middleman.

            Every other authorised key seller does deal with this problem. Some have ways to mitigate it (like only accepting credit cards from certain countries, or requiring Paypal payments under certain conditions) but they can’t solve the problem.

          • Ok, I’ll reply here only- you haven’t helped keep it in one spot by responding to all of my other comments though.

            Alright, you’ve proved my point for me then. TinyBuild are upset over the large amount of keys obtained through their own store that have ended up on G2A.

            If this happened regularly and in large amounts for other key resellers then they’d go out of business pretty fast. They also get hit with chargebacks and have to deal with them. Like you said, they have ways to mitigate this, anything they can’t stop they have to wear themselves as a cost.

            TinyBuild didn’t do their due diligence in preparing for fraud and chargebacks and now they’ve been burned for it. If G2A wasn’t an avenue for illegitimate keys to be sold then there’d be another one instead – doubtless there already are.

            My point is that key resellers exist because they make a profit. They don’t hemorrhage illegitimate keys every time someone issues a chargeback. TinyBuild on the other hand have lost a large amount of keys due to chargebacks so they’ve missed something when setting up their own store.

          • Key resellers tend to have broad data on fraud patterns to draw from because they sell hundreds of products. TinyBuild doesn’t have that data or experience to draw on, they’re only selling their own three-odd games. Even knowing fraud is going to happen I don’t see what they could have done to prepare for it. Further, key resellers tend to have quite large turnover and are better able to absorb losses through brute profits than a smaller store is.

            I think we’ve both said our parts here so I’ll wrap my argument up here and we can agree to disagree:

            The issue here isn’t ‘TinyBuild vs G2A’, or even ‘sell own keys vs use reseller’, they’re just one bout out of many. The root problem is that fraudsters are able to sell stolen keys without hindrance. There are two ways to attack that problem; one, by hindering their ability to sell stolen keys; and two, by making stolen keys worthless. The first method can be addressed by cracking down on digital fences, sites that knowingly facilitate the trade of illegitimate goods, removing options. The second can be done by Valve implementing individual key revocation into Steamworks.

            There is no hard solution to this problem, the same way there’s no hard solution to piracy. But there are ways you can mitigate the symptoms (like them not selling keys themselves) and there are ways to address the cause. As I’m sure any software developer will attest, effort spent addressing symptoms is wasted because it just pushes them elsewhere. Addressing the cause is where all effort should be focused.

  • Eh. I tend to find Steam is a bit too expensive. I’ve been buying on G2A because (1) Prices encourage me to purchase more items, and (2) They have exceptional customer service. Very easy to get in touch with them over online chat to process orders (or refund bad keys).

    Having said that, I think I might also start shopping at ozgameshop. Just had a quick look at their steam key section and their prices are very reasonable.

    • So you’re all about price and not at all about whether they might be selling keys obtained in shady ways?

      • He may not have known how dodgy G2A was and went there for cheap prices like many others. He’s since read this article and decided to look elsewhere….give the guy a break.

        • True, though if he’s ever refunded a bad key I’m sure he’s googled “g2a bad key” and seen things said? Would be hard to escape it really.

  • I would be happy to look into that however I will say this requires TinyBuild to want to work with G2A. Both in that you need to revoke the keys you will be claiming as stolen from the players who now own them and supply myself with the codes you suspect being a part of this.
    This, to me, doesn’t actually sound unreasonable. Unless it turns out that they CAN’T do that because they had to agree to certain limitations to play ball with Steam’s key system, in which case who wants to bet that G2A already knows that this is unreasonable/unrealistic?

    • Sounds like that’s how it is, but TinyBuild were the original sellers of these keys to begin with through their own store. It’s TinyBuild’s responsibility as a business to be prepared for fraud because it can and will happen and happens every day.

      They’re now taking aim at G2A because they’re the gateway where the illegit keys are being sold. If TinyBuild could trace individual keys to individual sales they would have cancelled them already and this wouldn’t be an issue.

      Steam, Humble etc deal with the same problems every day yet somehow they don’t leak usable keys to be sold on G2A. TinyBuild is the root cause here, G2A’s request is perfectly reasonable.

      It’s a bit unreasonable for TinyBuild to expect compensation anyway since they can’t identify the keys that are being sold through G2A. Those keys could have been purchased in bundles etc for low prices legitimately which allows sellers to put them on G2A for profit. Since TinyBuild can’t prove one way or the other where those keys came from they shouldn’t be asking for compensation.

    • I suspect they can’t give a list of keys because the problem ones are mixed in with batches that include legitimate ones. TinyBuild noted in the article above that they were concerned if they gave a list of keys to G2A they’d just resell them, which certainly reinforces the batch notion. Here’s my guess on the situation, with simplified numbers:

      – Batch of 100 keys are sent to the TinyBuild store (all starting with 1), sells all of them
      – Batch of 100 keys are sent to the Humble Bundle store (all starting with 2), sells 50
      – Batch of 100 keys are sent somewhere else (all starting with 3), sells 50

      TinyBuild finds keys on G2A beginning with all three numbers, knows through what means they have that some or all are stolen. They can’t revoke their own store batch because out of the 100 they sold, only 20 were chargebacked and the other 80 are legit, so revoking the whole batch would punish 80 genuine buyers. They can’t revoke the Humble or other batch for the same reason. And they can’t give G2A a list of the contents of each batch because for the second two batches they’re not fully sold and a batch list will include unsold keys that G2A can just steal and resell them, and they don’t trust G2A.

  • Been using G2A for around 2 years, Not once have i had a fraudulent key. Other sites ive used ive had repeated fraudulent keys.

    To imply that G2A only exists to facilitate fraud is blatantly false.

    • I agree, I certainly wouldn’t say they only exist to facilitate fraud. But illegitimate trades make up a decent chunk of their business model, whether that’s stolen game keys, non-tradeable game accounts (eg. MMOs, League of Legends, etc), boost services that require account sharing, in-game currency sales against TOS, that kind of thing.

      Good past experiences aside, are you sure you want to trust or give patronage to a gold farming company?

      • illegitimate trades make up a decent chunk of their business model? I assume you have documented statistics to back up such an assertion?

        Also, Things such as account sharing and selling of in game goods is not against the law, Only against the games terms and conditions

        • You can visit their website and browse the products on offer. Every listing for Runescape gold or Star Wars: The Old Republic credits or most of the other currencies they sell are against the terms of service of their respective games, hence illegitimate. All the Steam items (the things tradeable on the community marketplace) are against Steam’s terms of service, hence illegitimate. Add TinyBuild’s numbers in these articles for stolen items found on G2A, plus similar stories from other sources through Google searches, plus the many personal accounts of people buying invalid keys from G2A, and it makes for a strong case.

          Are you saying you don’t mind buying from a company that deliberately break the terms of service of other games and services, as long as it’s not illegal?

          • I dont give two shits if G2A sells in game items. Its the responsibility of the game companies to either stop or counter gold selling (E.g blizzard selling gold themselves a lot cheaper than traditional gold sellers)

            Again, Do you have documented statistics to back up your claims?

          • If you care to read my reply, I told you how you can find the evidence first-hand – by visiting their site and noting the different items I indicated. All of the things I mentioned are illegitimate. If you’re caught buying them, your game or Steam account will be suspended, no matter how many shits you give.

            Are you sure you don’t care that G2A is a dodgy company, or are you feeling defensive about having bought from them before by pretending they’re not dodgy?

          • No i dont care, Its not G2A’s fault there is a huge market for gold selling. You and a few others here seem to be overly butthurt about G2A and are picking it apart to have a sooky la la about it.

          • Right. So you have no ethical standards, the law alone dictates your sense of right and wrong. Just wanted to make sure I hadn’t misunderstood that that’s the kind of person you are, most people wouldn’t exactly be proud to admit to something detrimental like that.

    • Note that this article is not talking about people selling fake keys on G2A: instead the problem is the sale of legitimate keys that were obtained by fraud.

      You could very well have received such a key, and might never know it (given the apparent difficulty in revoking individual keys).

  • While I sympathise with tinyBuild, the idea of introducing a price floor is terrible. Can you imagine what the market would be like if EB, JB Hi-Fi, Target, Big W, etc all had identical prices for physical games? We saw this kind of thing get introduced for e-book sales, and the end result is that the market for paper books is more competitive than the one for electronic ones.

    If the aim is to stop people selling stolen goods on G2A and sites like that, a better answer would be to regulate it similar to how pawn shops are.

    • Agreed, the developer should have no influence on sales prices at all. If people want to sell it for 5% of retail, that’s their choice, as long as it’s a legal copy. There are better options for combating black and grey market sales.

    • In Australia it’s against the consumer law anyway. A manufacturer/developer etc can set a recommended retail price. This price is the _limit_ of how much they can sell that item for. Retailers can discount items as much as they like though, give it away for free if they feel like it.

Show more comments

Comments are closed.

Log in to comment on this story!