Valve recently introduced ‘trade hold’ waiting periods for people swapping virtual guns and hats trading cards and whatnot on Steam, intended both as a roadblock for people hijacking accounts to steal items and simply to get folks using the Steam Authenticator – which can bypass the waiting period. Responses were not wholly enthusiastic, so Valve have now tweaked the system a little and also explained more of the reasoning behind their decision. This includes the staggering statement: “We see around 77,000 accounts hijacked and pillaged each month.” Dang!
Valve say that account theft “has increased twenty-fold as the number one complaint from our users” since they introduced Steam Trading. It sucks for people to suffer, and their method of restoring stolen things also created duplicates, devaluing rare items (which can be remarkably valuable, you know). They say it’s a concern for everyone:
“First, enough money now moves around the system that stealing virtual Steam goods has become a real business for skilled hackers. Second, practically every active Steam account is now involved in the economy, via items or trading cards, with enough value to be worth a hacker’s time. Essentially all Steam accounts are now targets.”
While some have grumbled that only the new and naive are hit, so all traders suffered for their sweet innocence (cherish it, you beauties, oh cherish it), Valve say it ain’t so:
“These are not new or naïve users; these are professional CS:GO players, reddit contributors, item traders, etc. Users can be targeted randomly as part of a larger group or even individually. Hackers can wait months for a payoff, all the while relentlessly attempting to gain access. It’s a losing battle to protect your items against someone who steals them for a living.”
But they recognise that their first crack at trade holds was a bit of a nuisance, so they’ve revised it a little. The new rules are a lot friendlier to folks who trade with, and give things to, their pals. If you’ve been Steam Friends with the other trader for a year, the waiting period’s only one day. The three-day waiting period now only applies if the person losing item doesn’t have the Authenticator; previously both people needed to be using it to confirm trades and push them through instantly. New devices added to an already-Authenticated account don’t need to wait seven days to become legit either.
Anyway, Valve have plenty more to say, if you’re curious. They do also go into things like why folks need to use the Steam Authenticator rather than a generic one.
Of course, cheats and thieves are already trying to trick Steamers with malware masquerading as trade authentication software.