There are tons of ways to buy games these days. For PC gamers, physical copies of games are largely a thing of the past, almost completely overshadowed by digital distribution. The myriad sources for peoples games includes Steam, Humble Bundle, GOG, and Origin. On top of those store fronts, on any given day you can find dozens of bundles available online offering a host of games for obscenely low prices.
I've bought numerous Humble Bundles over the years and have occasionally ended up with a key or two that I don't want/need. I've always given those extra codes to friends and family members, but there are many people who sell them through sites like G2A. G2A offers keys in what is essentially an Ebay like storefront allowing people to make a few bucks off the keys they sell. It all seems harmless enough on the surface, but there are some really shady parts of this structure you may not be aware of.
Let me lay this out in a story. TinyBUILD games, makers of Speedrunners, Party Hard, and the upcoming Mr. Shifty posted an article yesterday about their troubling dealings with G2A. The short version is that G2A sellers used stolen credit cards to buy up heaps of keys to tinyBuild's games from Steam, Humble Bundle and others and resold the keys on G2A. That sounds shady enough, but the ramifications of that activity are worse.
It is easy to forget that when we buy a game, the developer's actually get paid a portion of that sale. It's one of the troubling parts of nearly invisible commerce that online sales and digital distribution created. Regardless, developers rely on their games making money in order to make more games. The income from one helps fund the next and so on. So when a ton of keys are bought with stolen card info, what happens when those card numbers are reported stolen? The developer gets hit with chargebacks. In tinyBUILD's case, the losses total out to just over $450K. That's no small change no matter how successful you are.
What's worse, G2A's response to tinyBUILD's request for some kind of compensation was more of a veiled threat than an offer to help. To quote the response posted in tinyBUILD's article:
I can tell you that no compensation will be given. If you suspect that these codes were all chargebacks aka fraud/stolen credit card purchases I would be happy to look into that however I will say this requires TinyBuild to want to work with G2A. Both in that you need to revoke the keys you will be claiming as stolen from the players who now own them and supply myself with the codes you suspect being a part of this. We will check to see if that is the case but I doubt that codes with such large numbers would be that way.The G2A letter goes on to blame the sale of the keys on tinyBUILD's own resale partners Humble Bundle and GOG. I can't fathom how they expect anyone to buy that line, but I am equally flummoxed by their outright refusal to compensate tinyBUILD for losses due to fraud. Their denial is doubly troubling because this is not the first time they have been in the news for issues like this.
Numerous gamers who purchased keys through G2A have claimed that the keys were invalid and G2A and other sites that follow similar business models have been taken to task by developers over the years over nearly identical issues.
Humble Bundle has acknowledged the problem they've had with people reselling keys from their bundles. In an article on Polygon last year, COO John Graham said "Because it is a sore spot for some developers, we have created a growing number of humble ways to curb reselling like rate-limiting bundle purchases," adding that the best way to curb this sort of activity is ultimately for players to be careful about where they buy their games from.
TinyBUILD has seen what happened when Ubisoft revoked a bunch of keys last year when it discovered that the keys were purchased with stolen cards and resold on Kinguin, another site like G2A. Players were outraged that they were being punished for buying what they thought were good codes. TinyBUILD has stated that even if they wanted to, revoking the keys isn't as easy as pressing a button. There is almost no way to track which batches each of the keys came from or which ones were fraudulently purchased and which were bought legally. If they were to deactivate a batch of say, 200 keys, they can't be sure that all the ones they deactivated were among those purchased with stolen card data. Even if they did revoke the codes, there is no way for them to then recoup the funds they lost.
The big issue really comes down to who is really going to pay tinyBUILD for these keys? G2A has already stated that they will not compensate the developers for their loss, despite the fraudulent activity having taken place on their site. We need a real solution to this problem. No developer can afford to hemorrhage that amount of money. I think John Graham is right, we all need to be careful about where we buy our games from. I decided long ago to stop buying used games from Gamestop because the developer didn't see any of the money from those sales. I see no reason to treat G2A or any of its ilk differently.