Friday Facts #303 - Under 100 bugs (but still not stable)

[mmmPI]

Charge-back fees for stolen credit cards should be way less but i dont think the cc companys have any incentive to change that so the only good way seems to be to use a payment processor which protects the dealer from fraud.

I don't know crytpos are here for more than a decade now, maybe that's an incentive for cc companys/bank to actually do their job of securing transaction.

In the public opinion G2A is already a burnt cow. With companys like STEAM, EPIC, EA and Ubisoft just doing what the hell they want i dont think it seems viable for G2A to even try hard to become a clean platform because they have no support for beeing such thing. After all, G2A is just a platform for key sellers much like ebay and they earn money by processing transactions - exactly like the credit card companys
Also chinese companys (G2A) seem to have a problem to adapt to western standards fast enough. I'm very interested in how the story about those chargebacks continues.

I think G2A adapted quite fast to the worst western standard, making money selling stuff they don't own. Wether being a platform vampirizing a fix % of a variable economy that increase or decrease based on others creativity like steam, appstore, carpool platform even ebay in a way. Or just privatising common good like science article, education, open source software, water selling company, those that sells seeds, medicines/drug ect. That doesn't make them burnt cow for everyone, since lots of people are perfectly fine or ignorant about those things and we barely know other way to do so cheap.

What I don't get is why Wube is the one paying the fee in this context. The text of law in my country states that if as a seller you ask for "strong authentification" during a purchase, then you are not responsible if the cardholder is not the legit cardowner. And as so there shouldn't be any fee as it should be the legal responsability of the cc company or the bank that emited it for its legit customer to cover the cost of them not properly securing the transaction.

In this case the victim's bank should cover the loss. ( Or not depending on how much time the victim took to declare the loss, wether the victim let all the password and ID of all account on a piece of paper in the same lost waller or not stuff like that as " not cautious" ).

Now it seems that the cardowner's bank or CC company ask the seller's bank the money. Which might not be directly asked to Wube but cost them at least a fix fee per occurence that they probably pay to their own bank.( i imagine)

Some advices that are on legal websites are that the seller should proove that he delivered a functionnal product, after following the CC company procedure of authentification before the payment, this means you can claim to your bank that it was not your faulty product or attitude the cause of canceling. If the CC company doesn't/ can't provide you with a way to do the authentification, the seller cannot be held responsible.

This in case you want to contest your own bank increasing your fee ( which shouldn't exist in the first place !!). As stated, the law is part of the consumer protection after some readings; initially the fees were to prevent sellers to sell crap, the more problem the higher the fee.

This requires geofencing to work, which is another highly problematic idea.

You cannot sell digital goods for diffrent prices as it makes no sense...

or do you have diffrent logistic problems to solve, if you sell a key in the us or in europe, or somewhere else? I dont think so.

Agree ; Agree ; well not logistic but potential legal costs

[BlueTemplar]

Online stores have to have store-DRM : a customer account so that the store knows what he bought and when.
They could ask for localization identification, for instance provide your passport (or equivalent), and electricity/water/Internet bills for the past few months - then set your rate accordingly.
Game keys are a bonus and pretty optional (Does GoG even have any?), and even though they're used a lot these days, they're also kind of a relic dating to CD keys (not-really-)"DRM"...

Now, removing game keys means that, for instance, Steam games could only be sold on Steam - though I guess that game developers could always give you a game on a platform for free if you proved that an account on that platform belonged to you ?
A bit like the Factorio website (and Factorio mods website?) does now with the Steam account link...

Sure, this is a heavier system than the current one, but it looks like it would "solve" the geofencing issue ?
(So, looks like Steam is partially to blame here ?)

[BlueTemplar]

I don't know crytpos are here for more than a decade now, maybe that's an incentive for cc companys/bank to actually do their job of securing transaction.

Humble Bundle and Steam have accepted bitcoins for a while, before stopping, allegedly when transaction fees became too high :
https://bitcoinfees.info/
(Which actually does make sense for Humble Bundle, but not for for Humble Store & Steam, one would just top up the wallet less frequently with larger amounts...)

[slippycheeze]

But how is making less money worse than making no money if people would pirate the game instead?

There's a cost in administrative time to deal with the chargebacks and cancel bad keys.

It is far, far worse than this: every chargeback means that the microscopic number of credit card networks write up a note in your permanent record, and they use that record to determine how much it costs you to use the network. Too many and it gets really bad, including kicked out entirely, but even without that you start getting forced to do more (expensive) fraud stuff, etc, etc.

If you have a third party (or two) between you and visa, those pain land on the third party and will literally destroy their business if they get too bad, so they tend to be even more harsh about it. When selling stuff, chargebacks are super-awful if they happen too much, even without accounting for the internal costs.

Oh, and the rule of thumb I learned: a chargeback is going to cost you between 5x and 10x the monetary value by the time you finish dealing with it. One isn't that bad, but there is a huge amount of, uh, financial logistics, I guess, associated. Monitoring them, handling payment issues because money vanished from your accounts, fees and charges associated, spending a bunch of people-hours meeting about them... all adds up pretty fast, so that $30 chargeback on ten purchases turns into $300 of time spent figuring out what to do, and if you have a systematic problem...

[slippycheeze]

I don't know crytpos are here for more than a decade now, maybe that's an incentive for cc companys/bank to actually do their job of securing transaction.

Humble Bundle and Steam have accepted bitcoins for a while, before stopping, allegedly when transaction fees became too high :
https://bitcoinfees.info/
(Which actually does make sense for Humble Bundle, but not for for Humble Store & Steam, one would just top up the wallet less frequently with larger amounts...)

Transaction fees are lost revenue, because people get very, very annoyed if you price something at $30 normal money, or $35 in dunning-krugerands. They don't feel being punished for using their bitcoint is fair, so either you don't sell that way, or you absorb the higher fees. See also why American Express credit cards are far less accepted than the rest: they charge a higher per-transaction fee...

[netmand]

From my perspective, Factorio experimental releases are far more stable than other beta/experimental programs I've used in the past. I would never use a productivity application in a beta or experimental state unless I was willing to lose data and time. I would think people are waiting for devs to mark 0.17 stable because their experiences with other programs/applications, and are willing to wait (or play the currently stable version). On a side note, I would think that since the northern hemisphere is currently going through summer any game may see reduced use is a factor?

It's sad to see that they had the same difficulties with dealing with Factorio game keys being used in a fraudent manner. It reminded me of an NPR article about similar situation. Listen to, Cat Scam. I'm amazed that there are so many people that don't understand that this is taking time and money away from a good software developer. A pirated copy doesn't cost them any money and probably no time either.

[Hellioob]

Why is there no regional limitation for Bulgarians? 25 € are a lot to me.
I hope it in steam sale to have a discount on the variety 8-10 €
Sorry for Bad English.

[BlueTemplar]

Sorry, Wube has a no discounts policy... and the game is only going to get more expensive at it comes close to 1.0.
(It was first 10€ in 2013, then 20€ in 2016, now 26.58€ in 2018... well for Western Europeans at least ?)

[Chaoseed]

We have been asked a few times when stable will be released, but my question is, why does it matter exactly which version we call stable? Are you waiting for stable to play a new playthrough?

Well...yeah? Obviously? How many of the players who own Factorio on Steam are willing to right-click the game, select Properties, go to the Betas tab, then opt-in to releases labeled "experimental"? How many ordinary players know how to do that?

You guys can release whatever and whenever you want, it's your decision. Just don't be surprised when players don't hunt down the experimental releases.

[Loewchen]

Well...yeah? Obviously? How many of the players who own Factorio on Steam are willing to right-click the game, select Properties, go to the Betas tab, then opt-in to releases labeled "experimental"? How many ordinary players know how to do that?

This information is one google or forum search away, if someone honestly needs to have the game declared stable to not have to do that, staying on the stable release might not be a bad thing.

[BlueTemplar]

Another reason for wanting to know when it's close to stable that Klonan seems to have missed is that updates often break mods which can completely halt the ability to play on a modded map.

Sure you can revert the version, but updates tend to break mods often enough that it's best to wait until being closer to stable so you know it won't be as likely to occur. Depending on the change it can take a while for authors to correct their mods, assuming they're even aware of the change in a timely manner.

If some form of notice was provided before a major mod affecting change is made then authors could deploy fixes right away without needing source access to achieve the same result. This is why Bob's mods are often patched within minutes of an update and people can keep playing with them without waiting, which given the size of his mod suite is very much a good thing.

That has been my minor frustration with 0.17 thus far with regards to the updates and I'm sure I'm not alone.

Well, it's not like I've warned you all about it !
viewtopic.php?p=418466#p418466
(I've actually talked about not using mods in experimental since 0.17.0 hit, but perhaps mostly on IRC ?)
(Have you stayed on 0.17.22 though, like you said you would?)

Though, well, this week I finished by caving in too :
viewtopic.php?p=440312#p440312
(thinking that at least I won't have issues with the map generator or biters in Sea Block ! )

If some form of notice was provided before a major mod affecting change is made then authors could deploy fixes right away without needing source access to achieve the same result. This is why Bob's mods are often patched within minutes of an update and people can keep playing with them without waiting, which given the size of his mod suite is very much a good thing.

That has been my minor frustration with 0.17 thus far with regards to the updates and I'm sure I'm not alone.

We have that already: 70603. Bob is just more dedicated to updating his mods immediately when they break.

I'm going to put on my ungrateful bastard hat and say :
Thanks a lot, but that's, like, 5 weeks / 14 subversions after that first(?) major(?) kerfuffle with mods, and 13 weeks / 37 subversions after first experimental release ?
( <3 )

As for the stable/experimental in general :
I'd guess that most(?) players have no or only a minor contact with the "community", and 99% of them use Steam, so a lot of them are either not going to be aware of 0.17 (they might not read Steam news for instance), or be worried about using a "beta" version of the game.
Exhibit A :
https://old.reddit.com/r/gaming/comment ... t/etkrm8k/
(This also perhaps gives us an idea about how many people are playing MP 0.16 vs 0.17 :
17% on 0.16
vs
83% on 0.17
(note that I ignored potential 0.15- games there, and neither did count any people in passworded or full games)
(also, the start of Gridlock Cluster might have skewed numbers somewhat?)
And I'd also expect people playing multiplayer to be a lot more integrated in the "community", and also use experimental versions and mods a lot more !
Has Wube no way to find out what respective versions are people playing / downloading ?

P.S.:

We have been asked a few times when stable will be released, but my question is, why does it matter exactly which version we call stable? Are you waiting for stable to play a new playthrough? The thing is, this stable is only going to be the 'first' stable. Our plan is to have a number of short experimental phases after the first stable, where we will add new GUI's and such, which will add bugs and technical debt. After fixing the bugs in a 'small' experimental content release, we will then mark that as the 'new' 0.17 stable.

I've kept my games on the 0.16.36 stable for a while... even after the 0.16.51 stable hit (though I probably wouldn't take this precaution these days).

[Bilka]

We have that already: 70603. Bob is just more dedicated to updating his mods immediately when they break.

I'm going to put on my ungrateful bastard hat and say :
Thanks a lot, but that's, like, 5 weeks / 14 subversions after that first(?) major(?) kerfuffle with mods, and 13 weeks / 37 subversions after first experimental release ?
( <3 )

The player -> character rename was also announced before release: 70188
The first 0.17 mod api changes were pre-announced for more than half a year, the thread got updated with the new stuff about every month: 61239
If you want to complain about something, choose something where you are actually right, like the announcements being only on the forums when they maybe should also be on twitter or similar "social media" :p

[BlueTemplar]

My bad !

[Tricorius]

Arguing that they are the problem is like arguing that ebay is problem because someone stole your phone and sells through it.

So...

Let's say you sell cars. If someone drove a car up to your lot wanting to sell it to you (for you to then resell it to another), you consider it perfectly fine to just buy it...no questions asked...and tell the new purchaser "hey, dude...sorry it was stolen ... we had NO idea."

[SkiCarver]

I bought legit factorio via steam back in 2016 .... and I feel kinda bad that I haven't paid anything since, considering I have 2282 hours played!!

[Tricorius]

What I don't get is why Wube is the one paying the fee in this context. The text of law in my country states that if as a seller you ask for "strong authentification" during a purchase, then you are not responsible if the cardholder is not the legit cardowner. And as so there shouldn't be any fee as it should be the legal responsability of the cc company or the bank that emited it for its legit customer to cover the cost of them not properly securing the transaction.

In this case the victim's bank should cover the loss. ( Or not depending on how much time the victim took to declare the loss, wether the victim let all the password and ID of all account on a piece of paper in the same lost waller or not stuff like that as " not cautious" ).

Sure, it would be great if the bank covered the loss (and, actually, they usually do; but *only* to their customer...the cardholder of the "stolen" card). The only time they *might* refund the dispute charge is if the merchant (Wube) can prove it's a legitimate purchase (which is never, in the case of fraud...even if Wube did everything they possibly could do at "checkout" to verify it as a legitimate purchase).

However, in reality it's a lot more complex. I'm not sure if it works 100% the same in all countries, but here's essentially the flow of what would happen in most cases in the US.

I (maybe) wasn't as careful as I should have been (or got skimmed at a fuel pump, or whatever). Someone got enough of my credit/debit card information to make a fraudulent purchase. The criminals purchase a key through a legitimate method (possibly even Wube's site) with the stolen card info. This results in a "valid" but "fraudulent" key (as it wasn't a legal purchase by the owner of the card: me).

This transaction has likely gone through some sort of third-party payment processor (such as Stripe). (This is important later.)

I, as a cardholder, saw some $20 charge show up from "WUBE*" (or whatever) which I didn't recognize. I call my bank and say "I have no idea who the hell WUBE is and I want my money back." (I may still not even know my card was stolen at this point...and honestly...very likely don't. As far as I know, this "WUBE" person somehow got ahold of my card information and are trying to do one over on me.)

The card issuer (my bank, more specifically the card network my bank uses: VISA, MasterCard, etc) places a formal "dispute" on this transaction. This flows back through the payment processor (Stripe) and triggers a dispute on Wube's account. This also, automatically, reverses the purchase amount *AND* also charges a fixed "dispute" fee (which varies, but in my example here with Stripe is $15).

So...now, the original sale was reversed, AND Wube was charged an additional $15 (which, as you'll notice, is nearly the cost of the game--this fraudulent transaction has now cost Wube $35).

*SOME* card networks will instead file Early Fraud Warnings (EFWs). *IF* the card network was nice enough to do this (spoiler alert: they usually aren't) Wube might often be able to catch this with an API webhook and determine if they feel it's a likely fraudulent charge (which will eventually come back through as a formal dispute in the future--80%+ of EFWs eventually become formal disputes).

As a couple others have mentioned, it's even worse than that. The card networks keep track of the amount of chargebacks that happen with every merchant. And they aggressively hold it against you. They measure the number of disputes you get, how they are resolved (accepted, withdrawn, etc), and a few other measures.

If your dispute activity exceeds thresholds that the card networks deem appropriate; they can implement fines, increased transaction fees for your transactions, and sometimes even outright refusal to accept transactions through their networks for your products or services (though this is rare, they'd rather make money from you so they generally just use fines and higher rates).

The better payment gateways provide excellent assistance in this realm. For instance, I consider Stripe to be quite good; they'll even proactively reach out if your dispute activity raises into a warning zone, and they'll help you as best they can. They are also quite generous if you're able to prove you're in the right, instead of the customer (some people are just jerks, and want to get stuff for free, so they utilize chargebacks to do it).

I like their policy, in this regard; but again, this is just a small nicety on their behalf as all the damage has already been done earlier in the process. And *MOST* chargebacks are not able to be resolved in a favorable manner for the merchant (especially since most of them--at least for reputable merchants--are fraud).

When a cardholder disputes a payment you’ve processed, you are charged a $15.00 dispute fee (for users in the United States) by the card network. This amount is withdrawn from your account balance along with the disputed amount.

If you submit evidence against the dispute and it is found in your favor, Stripe reimburses you for the dispute fee. The card network does not actually refund the dispute fee but we feel our users should not be financially impacted by an invalid dispute.

If a dispute is accepted or unsuccessfully challenged, you are still responsible for both the dispute fee and the Stripe processing fee on the original payment. It’s important that you take steps to best prevent against disputes, and to submit as much information as possible in a response.

TL;DR: the card networks have a lot of power. And it's unlikely Wube (or even a huge banding together of merchants) could do anything about it. They need sales, and customers like using VISA, MasterCard, etc.

And for digital goods purchases, due to the additional $15 fine (and still being responsible for the transaction fee--usually something like $0.30 + 3% of the transaction total), it's actually cheaper for Wube if the game were pirated. (In that scenario they did no work, and only lost a potential sale and didn't get a ding on some pretty essential business metrics.)

[Mernom]

Arguing that they are the problem is like arguing that ebay is problem because someone stole your phone and sells through it.

So...

Let's say you sell cars. If someone drove a car up to your lot wanting to sell it to you (for you to then resell it to another), you consider it perfectly fine to just buy it...no questions asked...and tell the new purchaser "hey, dude...sorry it was stolen ... we had NO idea."

That sounds exactly how G2A conducts buisness. How did you know?

[FuryoftheStars]

What I don't get is why do the CC companies charge the receiver of the funds a fee for the CC holder issuing a charge-back after noticing fraudulent use? It's not their fault that the CC was stolen.

Course, I guess that's right up there with why do CC companies charge the receiver of the funds a fee for the fact that the purchase was even made with a CC.

Greedy buggers....

[mmmPI]

...

If the CC company make it so that to use a card on internet you need a 10 character password, or you confirm with text message before transaction that you are the legit owner, then no stolen card could be used, this is the kind of stuff they should provide every seller, the ability to cover themselves, and a safe system for customers fund, Wube is not operating at a highway toll that doesn't have time for those.

But that cost more money to fight fraud and implement such system that could slow transactions than do nothing and just use fraud as an excuse to make money on fees, and oh well undetected fraud are like normal business,if you look away you don't see.

Companies as Stripe that I had never heard of seems to do the job of those CC company better, => providing better payment services. If the lobby is not enough to make their activity illegal, then time will be for CC company to buy those that's my guess.

If your key is desactivated when you cancel the transaction as a customer, that is hopefully enough to prevent people abusing refund even when satisfied, it didn't seem to harm the big platforms too much to be forced to refund their customers when they bought crappy non functionnal trash during sale, even if they did all they can to explain how injust it was for them, because they did not created the game, just taking 20 25% makes you responsible a little.

This seems injust to me and is a good incentive to look elsewhere.

[mmmPI]

What I don't get is why do the CC companies charge the receiver of the funds a fee for the CC holder issuing a charge-back after noticing fraudulent use? It's not their fault that the CC was stolen.

They do it for the money

they don't need to care, just to wait for someone else to come up with smart solution and then buy the challenger. In the meantime I would lobby as much as possible to tell governements i'm trying hard to find a solution to the new problems caused by internet and those evil thief everywhere and that for now it is pressuring the sellers, not very fair , but necessary.