[Update] TinyBuild And G2A Spar Over $450,000 Of Lost Grey Market Key Sale Revenue

Update #2: “No developer is going to put their games onto G2A when any other merchant on their site can undercut them,” TinyBuild CEO Alex Nichiporchik told me via email. The small publisher has been sparring for the past day with online key reseller G2A over fraudulent purchases and nearly half a million dollars in lost revenue.

It all started with a post on the company’s site yesterday accusing G2A of trafficking in codes purchased with stolen credit cards. The TinyBuild post cites a story on IndieGameStand that details the danger of fraudulent credit cards and massive chargebacks to smaller companies.

In addition to reminding that G2A was involved in the wave of Ubisoft stolen key deactivations last year, the post includes a tweet from Devolver Digital indicating the company aggressively pursues stolen keys sold on the site. We reached out to TinyBuild following our receipt of G2A’s lengthy response (below).

Nichiporchik reiterated to me that his company doesn’t want to go through the process of key mining to identify stolen batches because of the likelihood of false positives. “The way our business works is we work with a ton of partners, and tracking down individual key batches is an insane amount of work. Even if we did that and deactivated certain batches, each one of them will have a bunch of ‘legitimate’ redemptions,” he explained. “Now imagine winning a key in a giveaway from us or any partner, and then seeing the game deactivated.”

TinyBuild says it has reconfirmed with all of its authorized partners, including Humble Bundle, BundleStars, IndieGala, and IndieGameStand, that none of them sell keys on G2A. This is counter to the retailer’s assertion that TinyBuild codes originated from authorized, legitimate sources. “They're just pointing to bundles as the scapegoat,” Nichiporchik said. 

He is also reluctant to share the batch data with G2A because of the likelihood of including unredeemed keys. He bluntly stated he simply does not trust G2A to conduct itself ethically and legally.

“Everybody knows their reputation, so why would anyone even consider giving them a list of keys to ‘verify’?” Nichiporchik explained. “I believe they'd just resell those keys and make more money off of it.”

However, TinyBuild recognizes the dispute here is over symptoms and not solutions. The company has proposals, two of which it says it discussed with G2A, that would protect developers and publishers from key theft.

Nichiporchik says he proposed to G2A a method by which developers could set minimum pricing. He also suggested a minimum distribution to developers and publishers of third party sales, which would come from the retailer’s cut. Additionally, TinyBuild is calling for G2A to engage in a proper vetting process, similar to how eBay handles seller accounts (proof of identification, billing address, and bank account information).

“If there was an admin I could login to and set a minimum price for our games, that'd already be a very good start,” he told me. “But G2A understand this would hurt their business.”

Nichiporchik also provided us with another statement G2A made in Russian. Note that this was translated by Nichiporchik and we cannot vouch for a precise or unbiased conversion to English.

At G2A we believe in being innocent until proven guilty, meaning we believe that all of our 200k merchants are legit until proven otherwise. We support merchants and assume they operate within the law. Of course, unfair “players” appear in any business, which unfortunately includes our system. Nonetheless, G2A does not hold any liability for vulnerabilities in someone’s billing system. We are sorry that tinyBuild’s shop was attacked and that it impacted their negotiations with G2A. We hope to restore a good relationship, because our door is always open for cooperation.

G2A has lots of experience working directly with developers and publishers of different sizes. For example, recently we had a promotion where 21 developers and publishers from post-soviet countries participated in. During the promotion G2A did marketing pushes for the partners without taking additional revenue for itself. This promotion was supported by known companies, like Gaijin, Bitbox, Herocraft, Nekki, Nival and many others. G2A is always open to working with developers and publishers. We are working together to make the Marketplace better for gamers.

Not only that, but we also invite all developers and publishers experiencing problems with chargebacks to use our G2A.Pay payment solution for their stores. It’s free and we guarantee 100% security of payments and cover all expenses associated with chargebacks, preventing any losses from our partners’ side.

We have reached out to G2A for additional information and the opportunity to ask questions directly. We’ll update on this story as more develops.

Update #1 (June 21, 2016 @ 4:25 p.m. Central): G2A has responded to our request for comment with a lengthy statement. In short, the company says it attempted to work with TinyBuild, but that the publisher made "many unjustified demands."

The retailer also disputes the $450,000 valuation on the keys sold, suggesting that it was not based on real market value and instead was calculated based on the highest recorded price. G2A also says it is willing to work with TinyBuild, but has laid out an ultimatum requiring the publisher to provide a list of codes it believes have been stolen within three days.

G2A.COM would like to inform partners, gamers, developers, publishers and other interested parties that there is a back story on the current issue with tinyBuild. G2A recently asked for cooperation with tinyBuild to investigate the matter and to get a quick and solid resolution.

It is important to note that G2A is a marketplace where everyone is allowed to start selling all types of digital gaming goods. G2A is a common and legitimate point of sale for many developers to sell keys outside of retail distribution, with more than 200 thousand sellers in total. Before tinyBuild reached out to G2A, we identified more than 200 tinyBuild product auctions on the G2A Marketplace and suspended all of them because they violated G2A.COM Terms and Conditions and security procedures.

The original source of this case goes back to March 22nd of 2016. The official tinyBuild Twitter account posted a tweet containing unreliable information regarding the piracy rates of their latest title Punch Club. Naturally our representatives reached out, to educate and offer assistance to the developers.

What followed were email conversations. Many unjustified demands were made by tinyBuild regarding the removal of G2A marketplace merchant stock from the marketplace and compensation for their estimated value of products. All questions asked of G2A were answered, all data requested by tinyBuild was given freely by G2A, including the number of sales and their median value for the life time of the product page (original release dates of the products right up until the 8th of June 2016).

All G2A asked, was to cooperate with tinyBuild to rectify the issue, which is the list of the keys they deemed without any verification that they are stolen. Only then G2A can compare these keys against the G2A marketplace database and report those findings back to tinyBuild. Unfortunately tinyBuild never came back with the answers to resolve the issue.

In reference to the 450 thousand dollars potential lost for tinyBuild:

Why did tinyBuild refer only to the highest price point in their product history? While on the real market you can buy their products in a bundle on an 85% off discount as sourced https://steamdb.info/app/207140/, https://isthereanydeal.com/. Finding a better medium price here would give a true overview. TinyBuild should explain to the media why they omitted their sales data from the revenue projection.

The questions the gaming industry should be asking is, why did tinyBuild never come back to us with a list of codes that should be taken down from the G2A’s Marketplace?

In conclusion, G2A stands to provide support to developers by providing them prompt communication channels, advance tools (exchanging blacklist, identifying suspicious merchants and auctions and ‘KYC’-Know Your Customers procedures) and security award winning payment solution with G2A Pay.

TinyBuild should connect back with us and provide us with the list of suspicious keys for further investigation. Thereafter, G2A will be happy to publicly release the results of the investigation of this tinyBuild case.

G2A.COM calls for tinyBuild to provide their list of suspicious keys within 3 days from the date of this transmission.

We have reached out to TinyBuild for a response to this latest development. We'll update should the publisher respond.

Original Story (June 21, 2016 @ 2:40 p.m. Central):

The topic of grey market game key resellers isn’t a new one. In 2014, we reported on a retailer scam that profited off Humble Bundle’s charity efforts. In 2015, Ubisoft took action to deactivate stolen keys appearing on reseller sites.

Now, one company has quantified the impact of grey market sellers on its bottom line. In a post on its website, small publisher TinyBuild says that G2A (one of the companies targeted by Ubisoft for key deactivation in 2015) is directly responsible for $450,000 of lost revenue.

G2A (and others like it) function like an auction site for game keys. If you’ve ever purchased a bundle and gotten one or two keys for games you already own, you might consider selling them. However, the system is ripe for abuse.

According to TinyBuild, it’s quite easy to use stolen credit cards to buy bundles en masse and then sell the keys on the grey market for a steep discount versus retail pricing.

The retailer sold keys for TinyBuild games, reaping revenue of $200,000, none of which will make its way to the publisher. The retail value of those keys would have grossed TinyBuild $450,000.

The problem is compounded when the rightful owner of those stolen credit cards report the fraud and the vendors suffer significant chargebacks. The sellers are then out the keys and the revenue related to them. With those additional copies flooding the market, revenue is diverted away from the creator entirely.

When TinyBuild reached out to G2A, the retailer suggested it was the publisher’s own partners that were listing the keys. There is an implication in the correspondence from G2A to TinyBuild that the only way the retailer would look into whether the keys were stolen is if a partnership deal were struck.

TinyBuild says it is in a difficult position. It could deactivate huge batches of keys, but those might very well impact legitimate buyers. The other option is to eat the loss and move on. G2A won’t compensate TinyBuild, and the retailer expects the publisher to play ball and, in turn, undercut its own authorized partners.

We’ve reached out to G2A for its side of the story. The company was unable to be reached for comment by publication.

[Source: TinyBuild]

Our Take
There is an established pattern with third-party key resellers, making them a clearinghouse for illegal activity. It’s all well and good for G2A to wash its hands of the activities of its community sellers, but the impact on developers and publishers is clear. The implication that authorized partners are scamming TinyBuild is ludicrous, and seems like a flimsy excuse in the face of overwhelming evidence of illicit transactions. Especially given G2A's previous involvement with stolen keys, it's clear this is a growing issue in the industry.