Another week, another scandal for Facebook. This one comes courtesy of a report from RevealNews , which obtained over 100 pages of court documents from a lawsuit by parents that revealed Facebook knowingly continued to let children buy in-game purchases with their parents’ credit cards without permission from them, which the company made millions in profits off of. As RevealNews reports:

Facebook encouraged game developers to let children spend money without their parents’ permission–something the social media giant called “friendly fraud”–in an effort to maximize revenues, according to a document detailing the company’s game strategy. Sometimes the children did not even know they were spending money, according to another internal Facebook report. Facebook employees knew this. Their own reports showed underage users did not realize their parent’s credit cards were connected to their Facebook accounts and they were spending real money in the games, according to the unsealed documents.

To understand just how bad the problem was, one child mentioned in the papers made $6,500 in in-game purchases on his parents’ credit card in just two weeks. In 2011, Facebook execs noticed its “friendly fraud” problem due to the amount of charge-backs game developers on its platform were reporting. One game developer reported to Facebook that a full 9% of the money it made from in-game purchases was being clawed back through charge-backs.

That percentage is astronomically high considering the average charge-back rate for businesses is just half a percent (0.5%). A charge-back rate of 1% is considered “high” by Visa and Mastercard, and the credit card companies will put any business with a 1% charge-back rate on probation programs. A charge-back rate of 2% was a “red flag” of a “deceptive” business, according to the Federal Trade Commission.

Again, game developers on Facebook were seeing charge-back rates of up to 9%, and they reported this to Facebook, yet the company decided not to act, even after a Facebook employee devised a way for the company to easily block children from racking up charges via in-game purchases. The solution was to require users to enter the first six credit card numbers before they could spend money to confirm they had access to the credit card linked to their account. It worked, and the number of charge-backs fell–the only problem was so did Facebook’s revenue from in-game purchases. As RevealNews says:

So despite their months-long efforts, and results showing they could reduce the problem, and the fact that others tech companies such as Apple were already using some similar form of authorization, Facebook decided to go in another direction. It would not try to block children from unwittingly spending hundreds or even thousands of dollars on its games.

RevealNews says this lawsuit was settled by Facebook in 2016. With that settlement, Facebook agreed “to dedicate an internal queue to refund requests for in-app purchases made by U.S. minors.” It’s not clear if parents in the rest of the world are still getting stiffed by Facebook’s policies.