Last week, we published "G2A - Don't Believe Their Half-Truths," where I went through the response G2A gave to Gearbox Software in regards to Gearbox's list of demands for G2A. G2A has responded to that article in an email to TechRaptor, as well as commenting on the original article. I took the opportunity to ask G2A some questions in relation to what was talked about in that article and thought it would be a good idea to go through their response to me in a similar fashion to what I did with their response to Gearbox.

Dear Andrew and the TechRaptor community, Thank you for your article, we appreciate it even though we do not agree with some of your points, and would like to explain them one more time for both you, and for your audience. The great thing about your article is that it is based on concrete examples, and there is a lot of valuable feedback in it. In a company as big as G2A.COM, that reaches millions of customers, we cannot introduce major changes overnight. With that being said, we do our best to keep improving our service. Your critique helps us a lot. We pay close attention to such feedback, as well as to what our users say. This helps us to become better and better, since we know there is still room for improvement. Let’s make one thing clear, however. G2A.COM is one of the biggest, and the fastest growing, digital gaming marketplaces out there for a reason. We could not have achieved this, especially given the fact that our practices are constantly in the public eye, if we were built upon fraud. We run a safe and secure marketplace - our growth, customer reviews, and our partners are proof. The vast majority of our transactions are successful, in the same way the vast majority of transactions on eBay are successful. There is always a small margin for error in which falls well in line with accepted industry standards. Keeping all of this in mind, there are some things from your article on which we’d like to expand upon

I truly do hope that what I wrote helps make G2A a better service. I'd like to take this opportunity to expand on some of the comments I've seen lately in support of sites like G2A: I'd love to support a lot of these third party sites that offer consumers the chance to sell their extra keys they have lying around. If I received a key from something, like a bundle, and I have no plans on using it, why shouldn't I be able to get rid of it?

The problems begin when a service like G2A is not set up in a way that, I believe, helps mitigate harm to the developers/publishers. After all, they were the ones who originally made the product that is now for sale anyway, right?

I don't think G2A is "built upon fraud." However, I can't help but fight the feeling that there is more of it going on on their service than they are willing to admit. G2A does an incredible amount of business with an absolutely astonishing number of keys sold on a daily basis. To believe that a significant portion of those are stolen would be absurd. However, to me it is enough to cause tangible harm to developers and publishers out there.

But that is not my real problem either. It's not G2A's fault that scammers use stolen credit card information to purchase keys and then sell them on their platform. My problem is that not enough is done to make it more difficult for people to sell keys on their platform. With all I've seen said about G2A before, as well as in response to our article last week, I'd like everyone to keep that in mind.

G2A Shield

Before we explain further, we want to reiterate that buying on G2A.COM is always secure, whether or not you have Shield. G2A.COM is a marketplace – meaning we connect buyers and sellers. Our platform is designed to be easy-to-use and reliable, and we believe we do that pretty well. G2A.COM has 13 million customers in total, and the vast majority of them have a positive opinion about G2A.COM and give us high ratings (one example of this is our Trustpilot score). At the very beginning, when digital keys were just becoming a thing, G2A Shield was used by customers as a way to get assistance with key activation on different platforms – for example, not everyone knew that uPlay keys won’t work on Steam (some still do not know this). So it was a kind of insurance – which made certain that customers activated their keys correctly on the right platforms, but in the time since, with the growth of the marketplace and the popularity of digital keys, Shield underwent many changes. We apologize for the wrong statement of what Shield is on our site, that is a vestige of the past that should not be there. Shield has become a premium service and in terms of security, there is only one connection – if something goes wrong, you don’t need to contact the seller, but just go on G2A.COM’s live chat to solve your problem. If you’re not a Shield subscriber you are still protected and are able to file a claim online.Remember G2A.COM is not a store – it is a e-commerce platform. We take it upon ourselves to provide the best customer experience that we can. Although we, as a marketplace, are not obligated by law to guarantee the products, we stive [sic] to ensure our customers are satisfied and will return again. That is why we do a great job in preventing fraudulent activities on our marketplace, verify our sellers via KYC (Know Your Customer) and AML procedures (Anti-Money Laundering) – which you have pointed out, we provide a ratings system etc. Of course, in very rare situations, there can be something wrong with a key. As you write:

Now, G2A moves onto G2A Shield:We'll get to what they quote me on in a moment. The history of G2A Shield is interesting, and I do hope whatever I have brought up does bring some changes. Right now they clarify that G2A Shield offers a higher level of customer service to buyers with the same protection. Making that a lot more clear would be nice and having the security guarantees that are marketed everywhere for G2A Shield should be part of marketing G2A as a platform. In other words, it's still hard to believe G2A Shield does not offer better protection with the way Shield is talked about and presented.

This also brings up an important distinction everyone should remember: "... G2A.COM is not a store — it is a e-commerce platform." G2A as an online marketplace is not the one liable for problems buyers may have because G2A is never in possession of the product. The only thing G2A does is offer a platform to facilitate the sale of a product from a seller to a buyer; in this case they do it with games and keys.

I mention that because while G2A is technically doing things within the law and indeed going above what is required of them, it gets to the root of the problem: there's nothing holding marketplaces accountable for much at all. This includes giants like eBay as well. It's something to keep in mind, and definitely something to look into changing. But, that's another massive topic on its own, so let's move on to what G2A goes into next, quoting a question I had about when a key may be bad and what the difference is for G2A Shield members and those without:

What about in cases where a buyer finds a key does not work, then goes to the seller, moves on up to G2A itself, G2A tries to talk to the seller, and the seller doesn’t answer. Where does the refund or new key come from then?' The answer is simple: G2A bears financial responsibility. And that leads us to two things: G2A.COM strongly opposes and does not profit from stolen goods being sold on our platform – on the contrary, because this carries a financial risk it is in our best interest to ensure the source of the goods. G2A.COM is confident in its practices, because the situations in which fraudulent keys appear on our marketplace are highly uncommon. Every business entity engaged in e-commerce has a strict margin of tolerance for fraudulent transactions, and our margin is one of the lowest in the industry. By the way - whether or not you have Shield, you still must provide proof invalid or used product. - About G2A Shield's future: it's true what we said, big changes are coming soon.

It would be interesting to know what that tolerance for fraudulent transactions is, how it compares elsewhere, and what exactly they would call a fraudulent transaction. Regardless, the fact that they take on the burden of compensating a buyer who was wronged by an invalid key is definitely what marketplaces should offer.

I asked G2A to elaborate on whether they do offer refunds and how often it happens. They say it does not happen all that often and they will sometimes offer refunds to buyers for a quick resolution while they try to figure out the problem or other reasons.

About G2A Shield, they didn't really answer my questions other than to say, again, that changes are coming to it, which they have said for a while now. I asked them why people must wait 28 days to cancel G2A Shield and why it was so difficult to cancel. Their answer is that those things will be changing sometime, and that they are only a few weeks out from debuting those changes.

We'll keep an eye out for what's coming and keep you all updated.

Illegally Obtained Keys

The myth about stolen credit cards: We do not tolerate the sale of fraudulently obtained keys, strongly oppose it and are actively monitoring the marketplace You are not anonymous in the internet. If you want to withdraw the money from your G2A.COM account, you need to provide data thanks to which you can be identified. If you sell more than ten keys on the marketplace, we already have your personal data before you withdraw any money. Our Sellers’ behavior is monitored 24/7 on our marketplace. So, if you are asking me if I can assure you that the story about “earning on G2A.COM from stolen credit card data bought on the darkweb" is not true, then sure: these things do not happen on the G2A.COM Marketplace. We do a lot to make our platform secure from these kinds of activities.

G2A next moves onto illegally obtained keys:The story they are referring is this one I linked in my previous article. There's not much to say here other than G2A is denying that illegally obtained keys appear on their platform. There's a wealth of claims and information out there that seem to show otherwise, much of which is in my previous article and the one I wrote last year . Weighing what G2A says and what others say deciding who they believe more is up to each person individually.

There is more discussion on this in the Developers and G2A Direct section below.

Indiegala and G2A

If it's a matter of belief, there's not much I can do to persuade you to believe me here. All I can say is that when we found out about this error, we changed it not only on IndieGala, but on our entire ecosystem, G2A.COM included. We also compensated users who were affected with a surprise game key.

G2A then responds to mention of the Indiegala situation I sent G2A a question on how the IT error in the Indiegala situation, where the free sign up for G2A Shield was automatically checked, can be reconciled with the fact that they do the same thing on G2A itself. Buyers who do not have G2A Shield have a one-time G2A Shield purchase automatically checked on their purchase page when buying a game. That is essentially the same thing in the Indiegala situation, where buyers had a G2A Shield box already checked to set them up on the free 30 day trial.

G2A answered with the same blanket answer for anything G2A Shield related: it is changing. This, however, wasn't really a G2A Shield related question; it was more about a seedy tactic to get people signed up for a service they may not want. In any case, we will keep an eye out for what should be changing in the next few weeks.

Hidden Fees

Thank you for this feedback. It's far more valuable for us than just saying "G2A has hidden fees!". This time we can see what's not clear for you and we'll try to figure out how to solve this issue. We don't hide fees, but maybe we should consider showing them in a different place. We will roll out a few options in the near future to test which checkout works best and shows fees most clearly. We will gather feedback from our customers and share it once it’s done.

Developers and G2A Direct

First of all: we work with over 100 developers in G2A Direct. You can ask some of them yourself, as Polygon did, to get a firsthand opinion about what it is like to work with us. These developers do not see key reselling as a problem, and do not view the marketplace as a threat but rather an opportunity to present their games to new audiences. And yes, we've heard and read plenty of posts/articles about how reselling keys is ruining the industry, and we totally disagree with that. By the way: please be precise when talking about "evidence". Every example you posted did not provide a single piece of evidence that the claims are true. tinyBuild "had thousands of chargebacks?” We have reached out to them offering our assistance, they have failed to provide factual data in form of chargeback reports accompanied by the keys. They have however given away thousands of free codes without implementing basic mechanisms which could prevent those codes from being distributed further. Guess what: some of them were probably sold on G2A.COM afterwards. Same thing with the rest of the examples you've given - no proof. At least not to our knowledge.

G2A moves on to hidden fees:I hope some changes do come to how purchasing and payment pages are laid out. There are not hidden fees, in the sense that there is no way to see them get tacked on until after purchase, but the fees are incredibly easy to miss, which I show in my previous article (I missed them on my very first G2A purchase). They do not randomly pop up at the landing page after you pay, so G2A does not have hidden fees. They can certainly set the pages up differently so the fees are easier to see and G2A seems to recognize the problem here. Hopefully it results in positive changes.Now the biggest portion of their response, developers and G2A and G2A Direct: This is the Polygon article G2A refers to. In it, Polygon spoke to several G2A Direct developers for their thoughts on the service as well as why they decided to join it. I will certainly be looking into doing the exact same thing, but the article only offers a slim look into developers on G2A Direct, talking to only three of the over 100 partners. Most say it was more for exposure than anything, and G2A makes up a very small portion of their sales. It's still a worthwhile article to take a look at, it's just the small beginning to a much bigger discussion.

As for evidence, I can really only go on what has been reported and what developers have said. We will continue to do our own investigating, but the many different public dealings and reports of cancelled keys, illegally obtained keys, and other interactions between companies and G2A seems like evidence to me. Granted, they have not published or shown hard evidence that the keys were in fact purchased with stolen credit cards, but I find it hard to believe that several different companies would randomly choose to cancel many keys, that happen to be sold from specific places, to manufacture a story about a marketplace like G2A. That seems like the more farfetched scenario to me. Worth digging into? Certainly.

Next G2A begins again with a quote from my previous article:

'Requiring people to tie a social media account and phone number to an account is not really any verification at all' If you want, you can try to set up an account on G2A.COM by adding a fake/new social media account without any history. Then you'll see how our security works. If someone wanted to create several accounts on G2A.COM, he or she would need to obtain existing phone numbers, which is not an easy feat as most countries require phone numbers to be registered with detailed personal info.

I stand by what I said. Faking a social media account is incredibly easy, and I've asked G2A to expand on what they mean with "Then you'll see how our security works." What happens to accounts that have fake social media? How does G2A check those and how are they verified?

The same thing can be said for phone numbers. Scammers have had faking phone numbers figured out for years. There are thousands and thousands of fraud phone calls made on a daily basis. So much so the IRS has a dedicated number for people to call to report them. And do certain numbers get flagged in the G2A system? What's to stop someone from using the same phone number(s) over and over?

When I asked them on further verification, this is what G2A had to say:

We want our marketplace to be as accessible as possible to clients all over the world – therefore, we do not want it to be difficult for our clients to begin using our marketplace. We want to give all of our buyers and sellers convenience, this is why the first couple of transactions do not immediately require a highly-detailed verification. If our sellers choose to sell more than just a few items, a more detailed verification awaits them (and believe us, very few sellers choose to sell just one or two keys). Of course, the case also depends on each seller, we periodically ask for further verification if something raises a red flag or looks fishy to us – and this could happen during someone’s first attempt at selling a key. We have many steps to our verification, which come into play at different points, including requiring a verified address (proven by bank statements or bills). Either way, when the seller goes to withdraw their money (whether it is one who has sold one item or one who has sold 100), they will need to provide a bank account or a verified PayPal, Skrill or Webmoney account, which will be checked by our AML team. So if someone has perpetrated any kind of fraud, they do not just disappear into thin air, we can trace and report this person to the proper authorities if need be. Furthermore, you can only withdraw money from your G2A account 14 days after you have been paid for your product – this is an additional protection, ensuring the product works before the seller can withdraw funds.

My only problem with this remains that the keys most scammers sell are 100% legitimate but purchased with stolen credit card information. Chargebacks may not happen for weeks, so scammers can get past the 14 days mark with relative ease. And these scammers are going to sell something and not stick around for this further verification process to even begin. They lose out on a few keys because they happen to get marked as suspicious by G2A? Oh well, they are already off onto their next account.

Don't get me wrong, requiring further verification for those that come across suspicious or are selling a lot of keys on G2A is a great thing. However, I still see the root of the issue at the very beginning of that process. Those that say that G2A does nothing to curb the fraud, however, are definitely wrong. I just feel the priorities are in the wrong place and do not prevent the average key scammer from getting what they want.

And this initial verification process does not look good if we take a look at a comment from reddit user LuigiTheLord from G2A's AMA in February. It began a series of comments that seem to suggest not much verification goes on before a key can go up for sale, even if the seller is verified. I will have to do more personal digging into this, but the replies from G2A were not very satisfactory at the time of the AMA, either.

G2A then quotes me again, regarding a system for developers to check illegal keys:

'So G2A would set this up in such a way that all developers could do whatever they want?' This is exactly what TotalBiscuit tried to force us to do. What would stop a developer from flagging all their keys as 'stolen' so that even if they were totally legit, they'd be blocked from being sold on G2A.COM?

First, they were Gearbox's demands that came with some advice from TotalBiscuit. In any case, I think any reasonable person would believe that the demand was for some sort of system, not a let developers run amok sort of system. There's a happy medium and compromise hidden somewhere between absolutely no system for developers to use and one that forces them into a partnership with G2A.

Which follows naturally into another quote they have from me:

You say: 'G2A Direct just strong-arms developers into a relationship they don’t really want to be in in the first place.' We strongly oppose this statement.. We have introduces [sic] a value proposition with developers and publishers in mind, that no one else has. We offer, free of charge, a service that gives developers a great opportunity to receive additional revenue from the marketplace - not only by selling their own keys with merely a 10.8% fee to our 13 million customers, but also by adding a 'developer fee' for third-party sellers. We offer that to all developers. Please tell me what's wrong with this, as I really can't find anything. We cannot offer developers who have not signed a NDA with us access to our key database. We are, however, considering developing a solution in the near future which will make it easier for developers and publishers to monitor the keys. Proof from an external/neutral institution would of course be need to be provided for each flagged key. As a side note, you did not need to go on Steam to buy SUPERHOT directly from the Superhot Team, as they are a member of G2A Direct and sell on our marketplace.

The benefits that G2A Direct offer are not at issue here. Those, and nobody can deny this, are really great perks that definitely favor the developer. However, this all comes back to the core disagreement and the most important issue out there: how big the problem of illegally obtained keys sold on G2A actually is. G2A says that it is not a large issue and it falls within "standard" fraud limit within their industry. Myself and others believe otherwise.

Until that disagreement is resolved, any and every "side" of this issue can accuse the other of inaccurate information or confusion, but we'll never get to the heart of the problem. Unfortunately, there has been no clear, undeniable evidence going one way or the other. G2A so far has just said there is no problem with illegally obtained keys, while developers and other critics says there are, reporting thousands of chargebacks due to credit card fraud. So far, G2A is right that it has just been claims. Someone needs to come to the table with hard data and evidence to put the issue to bed once and for all, one way or another. I asked G2A if they had ever considered releasing hard data to help dispel all the accusations against them, and they only said that they will not release hard data "and we do not want to reveal our trade secrets."

With one side already refusing, it's going to be near impossible to get an undeniable, concrete answer to the question of illegally obtained keys. Sharing of data between G2A and developers needs to happen to get to the real answer, as both sides only have one half of the puzzle. Educated guesses can be made, but they are nothing more than guesses without the other side's data to back them up. Any time a developer issues a batch of cancellations due to illegally obtained keys, they can only really guess if they were sold on G2A. G2A has all sorts of customer service problems to deal with daily (being a large business), so who knows the truth invalid or cancelled keys without a list of suspected keys from a developer/publisher. It gets even more difficult when there are other marketplaces out there like Kinguin, G2A's largest competitor, and many more. Like the scammer in that Kotaku article said, G2A isn't the only place he uses to offload illegally obtained keys.

Myself and TechRaptor will continue digging into the issue to get to the truth of the matter. While we have publicly announced that we are on the side that believes G2A does have a problem with illegally obtained keys, I would personally like to be proven wrong. As I began, people have the right to sell off extra keys they already own. But, we also have to be careful in how that is done, so keeping places like G2A to high standards is still worthwhile. Once the question of illegally obtained keys is answered, though, the rest will fall in place and then the discussion simply comes to whether people want to buy third party or directly from the developer.

Here is where G2A ends: