Gearbox drops partnership with key reseller G2A

Bulletstormers Gearbox have dropped out of a deal to sell their remastered shooter on, following a spat over the key reseller’s business practices. They were selling Bulletstorm: Full Clip [official site] and its expensive, statue-sporting collector’s editions through the site but following complaints and a backlash focusing on the reseller’s less-than-wholesome history of complaints, that has fallen apart.

Last week we saw that Gearbox seemed to listen to those complaints and had openly given G2A a list of demands, including better protection against fraud for both developers and customers. Gearbox have since decided those demands were not met and have now cut ties with the reseller completely, taking their game off the shelf. Obviously, it’s more complex than all this. If you really want to dive into this slurry pit of videogame distribution, come with me and I’ll try my best to explain.

The complaints made to Gearbox, which were spearheaded by videomonger John ‘TotalBiscuit’ Bain, pointed out that the key reseller has historically been lackadaisical about combating “stolen keys”. These come about when, for example, someone uses a stolen credit card number to buy large quantities of game keys direct from a developer’s website. The card will later be flagged as stolen and no money will go to the developer, who’ll also receive a hefty chargeback. Meanwhile, the key is out in the wild and can be quickly re-sold for much cheaper than face value. Fraudsters can use a service like G2A to do that. Publisher tinyBuild last year complained that they had lost $450,000 worth of game sales due to this practice. It has also affected larger publishers, like Ubisoft.

But Gearbox seemed oddly unfazed by any such reputation and went ahead with a deal to sell two special editions of Bulletstorm: Full Clip on the site, costing £99 and £226 respectively, featuring 3D printed statues, t-shirts, dog tags and all the other guff usually found in those things. The deal launched on April 4. But within two days the developer was back-pedalling quite fast, releasing a list of demands to G2A, which you can read in full here. Basically, they wanted G2A to reform much of their website. “Gearbox Publishing won’t support a marketplace that is unwilling to make these commitments and execute on them,” they said. Now that the game has launched on Steam, and G2A hasn’t changed anything about their business, the publisher broke off the deal and Full Clip is no longer for sale on G2A.

Meanwhile, G2A have sent us a statement defending their business practices and insist that they have all measures to stop fraud already in place. They also claim that they have “one of the lowest fraud rates in the industry” but offer no accompanying statistics or figures to back this claim. Essentially, it is their view that they have done nothing wrong. Here’s three separate paragraphs from their lengthy statement which more or less sums up their position (or you can read the full statement here).

The reality is that the keys on G2A.COM come from legitimate sources. Our marketplace is a leader in security and boasts one of the lowest fraud rates in the industry. G2A.COM employs over 100 people whose job is to ensure the legality of keys, transaction security, and compliance with the most stringent anti-fraud regulations.

The problem is that some developers do not want to accept that people resell their games. The developers would like to control the market and all the sales channels within it, imposing higher prices and prohibiting the resale of unused games. G2A.COM does not agree with this – we respect the buyers’ rights, buyers who often unfortunately believe that the rules set forth by developers follow the law.

We respect our critics and believe that they have the good of the industry at heart. Unfortunately, sometimes they do not understand how G2A.COM works and as such this misunderstanding causes them to mislead the public about our company. The best proof of this are the four ultimatums formulated in part by John Bain, which, it turns out that were completely unnecessary as all of the issues raised have long been a part of the G2A.COM marketplace. Most of the allegations levied against us are based on both a lack of knowledge, and a lack of desire to learn the other side of the story.

So that’s where we stand now in the ongoing shitshow that is key reselling. What a cast of colourful characters: A publisher who is trying to save face on an abortive business decision they probably thought they could easily carry out. A YouTuber who called them out. And an eBay for game keys with an unsavoury reputation holding its hands up and pulling an ‘I-didn’t-touch-him’ face to the referee. VIDEOGAMES. Our advice? It’s possible to get cheap games without going through icky channels. Sales pop up like weeds, while more wholesome key sellers such as Humble have their own steps for combating fraud.


  1. Pich says:

  2. Strazyplus says:


    link to

  3. Shinard says:

    “The best proof of this are the four ultimatums formulated in part by John Bain, which, it turns out that were completely unnecessary as all of the issues raised have long been a part of the G2A.COM marketplace.”

    Well, seeing as one of the ultimatums was “give G2A Shield away for free”, and they’re not, that’s a pretty obvious porkie. Go away, G2A.

  4. dangermouse76 says:

    Videomonger? Not a fan of the biscuit?

    • SqueekyMcClean says:

      That doesn’t necessarily have to have a negative connotation, especially in British English.

      • dangermouse76 says:

        I’m British I get that, hence the question. He’s a polarising figure so curious as to the authors meaning.

        Curious as in just curious I have no axe to grind either way.

        • Sian says:

          I understood this to be in the vein of “cheery RPS fanzine, PCGamer”.

          • dangermouse76 says:

            Sorry I don’t get what you mean by that.Can you enlighten me?

        • svge says:

          The author’s meaning is that he is a man who peddles videos. There is no critical opinion of him implied.

          • dangermouse76 says:

            In your opinion. I was just asking. No rabid total biscuit fanboy here. Just curious.

        • Nokturnal says:

          I think the reason people are questioning your understanding of the worder ‘monger’ because you included the questioned word ‘Videomonger?’ then asked about their opinion of Mr Biscuit.
          Could have just said ‘Are you a fan of the Biscuit?’ if you were just curious about their opinion of him, no?

          As a fellow Brit my mind went straight to fishmongers, when I saw the ‘monger’. They are far from anti-fish. Probably anti-biscuit though.

          • dangermouse76 says:

            I asked one person. The author. To simply ask his opinion about a person without context would be odd. But this is going nowhere so I’m done.
            Cheers though.

  5. kalleguld says:

    Any reason why the developers don’t invalidate all the game keys bought with stolen credit cards?

    • mashkeyboardgetusername says:

      If I remember correctly, Ubisoft did that and everyone shouted at them for it.

    • Premium User Badge

      Drib says:

      If I had to hazard a guess, it would be the occasional actually valid key being hit, and the internet whipping up a huge shitstorm over a small mistake.

    • PseudoKnight says:

      They do. The charge-backs can cost them money even if they invalidate the key. It also hurts the customer, who ignorantly bought from a shitty service, but will often attribute the blame on the developer when THEIR game is taken away.

    • Nauallis says:

      Because it’s neither easy nor simple , and doing that could effectively be a full-time job for the person doing it, or a for a group of people. Some medium and large publishers might actually have the manpower and budget to make that worthwhile, but oftentimes a developer does not. Keep in mind that developer frequently does not equal publisher, even if the developer is indie.

      I do recommend that you actually read the linked articles that Brendan cited.

      Here’s a relatively simplistic example of why your question has a more complicated answer:
      You, as a consumer/buyer, are used to getting your game code from a developer/publisher website marketplace as soon as you enter your payment info and click “submit/finish/process transaction.” You can then resell that code/key on G2A almost immediately, and the issue is that there’s very little or no waiting period to verify you as a third-party seller first. Sounds good, right? What if you used a stolen credit card number? That adds a bunch of steps to the process. First, the card has to be reported as stolen, either by the original owner of the number, or by the financial institution that holds the card. Noticing a fraudulent charge as a card holder can be immediate or you usually have up to 30 days to report a charge, sometimes as many as 120 days. If the financial institution already knows that card is stolen, then it typically will deny the card outright. If not, the charge might process through. If it’s an atypical transaction type for the original cardholder, it might get put through, it might not. It’s hit or miss. Anyway, the developer/original seller then has to locate that transaction for the affiliated card, transaction number, date, transaction amount, and link that to whatever code was issued. This might happen the next day, or 30 days later. Keep in mind, that’s 30 days after the code has already been issued to the buyer, fraudulent or not, which is probably ample time to resell the code on G2A. For a single transaction, or even a hundred transactions, tracking that down and canceling the code might be fairly easy. But what about a thousand transactions? Fifty thousand? And to complicate it further, do you automatically cancel the code and the ability to access whatever content that code unlocks, even if it’s already been redeemed? What if that code was resold to a legitimate/non-fraudulent buyer, who redeemed it? Are they out of luck and out of their money? Who is liable for those lost funds?

      • Azi says:

        I have to clarify a few things (as part of my job is fraud investigation for medium sized game publisher/developer).

        You won’t be able to purchase game on most online stores with card that has been reported as stolen.
        The real problem is with those cards that are stolen but not reported. The report and chargeback from the bank can come after a few days, month or even two years (yes this happens a lot).
        This means that until we get notified by the bank everything seems legit for us and G2A. After the report we have to refund the transaction and block the key. We do not care who redeemed the key or what happened to it.
        Problem is that a lot of people will buy games for cheap on shady sites and when the game disappears from their Steam library they will blame the publisher. As far as I know most publishers will revoke keys bought with stolen cards.

        G2A probably don’t even care about their reputation since they are making a lot of money on the fraud protection and transaction fees. Publishers will usually try to stop selling keys directly on their stores and give you just button to redeem the game where you want it( with no visible key).

        • lglethal says:

          Thanks for your comment Azi. I’m curious about something though. There is always a money trail, so why does it seem to stop at G2A?

          Keys are bought from the Publisher with a stolen credit Card. They are then sold on from G2A. Eventually it gets reported, the keys get shut down, the gamer victim loses access to the game (the one that bought the keys on G2A – I see two victims in this, the Publisher and the Gamer).

          Why does it stop there? G2A has all the details of the account set up by the thief to sell the key. Whatever else is there, there must be a bank account attached to that account (since the thief has to get their money somehow). Whilst setting up fake online emails and G2A accounts is probably easy, Banks are NOT easy to cheat into setting up fake accounts. ID is required. Real ID.

          So G2A should be passing those bank details across to law enforcement, no? If they are not doing that, doesnt that count as receiving stolen goods or something similar?

          Since you sound like your definitely more involved in this, then my arm chair analysing, I’d be interested to hear your opinion.

          • Azi says:

            I think that the main problem with G2A is that it is not an official reseller. This means that they have no idea which keys were revoked by the publisher and they cannot ask (publisher or Steam directly).

            If somebody who purchased revoked key on G2A contacts us we will confirm that the key was revoked and why exactly it was revoked but that is where it ends for us, G2A cannot even do that since they have nobody to contact except the buyer and seller. Both of them can lie.

            G2A basically has no tools to verify who is right (except screenshots and statements from buyer and seller – both can be forged).

    • fish99 says:

      As PseudoKnight says, they do. I bought Kerbal SP (GOG key) from G2A and had it revoked by GOG (apparently the guy who sold it to me bought it with a stolen credit card). Even with their Shield protection, G2A didn’t lift a finger to help.

    • Iain_1986 says:

      Ubisoft did…and the gaming community tore them to shreds, threw a massive tantrum and proclaimed them to be “The Worse Company Ever”. Eventually Ubisoft had to back down and reverse what they did.

      G2A didn’t get a sniff of bad rep from it at the time, it was all Evil Evil Ubisoft.

      Sometimes you just can’t win with Gamers.

    • Beefenstein says:

      Any reason why the banks who make money from managing our money allow such easy and simple fraud to occur? Oh, wait, is it because they make money from laundering illegal transactions and do so on an industrial scale?

    • TechnicalBen says:

      You buy some milk, take it home. Turns out the shop you got the milk from stole it… so the police knock down your door and take the milk out of your fridge.

      Keys that have been activated, have been activated, and may not have been purchase as known stolen (could have been gifts, or sites may be “grey” so hard for a naive customer to know).

      • Iain_1986 says:

        I’m not sure what you’re getting at TechincalBen…but handling stolen goods *does* mean the police confiscate the item…You in fact can be charged too even if you had “no clue” it was stolen.

        So yeah. Revoking stolen keys seems completely apt.

        • SanguineAngel says:

          Not if you purchased it in good faith, as in TechnicalBen’s example is likely the case – would anyone buy a bottle of milk from a shady guy in a pub back room?

          I suppose if purchased from a retailer it might still be seized as evidence, perhaps?

          • Dezztroy says:

            That’s the thing though, G2A IS the shady guy in the back room. They’re a fence for both legit and stolen goods, the customer has no idea what they’re really getting when they pay. Unfortunately some people accept that if it means they can save another $5.

            If you bought a game from an authorized retailer (GMG, GamesPlanet etc.) and it ended up being a stolen copy, that’d be a completely different thing.

  6. Doug Exeter says:

    This is my shocked face.

  7. H4uZ says:

    I find it weird that most devs don’t save records of their sales with matching key sold. Doubt developing such tech would be costly, but if it would they should just band together and build an open-source solution everyone can use (Banning frauds from hitting multiple games at the same time).

    I understand canceling already used up keys results in grey market users backlash resulting in bad PR (even though devs have every right to do it and the customers are in the bad here), but if devs at least cancel every non redeemed key the moment fraud is found out, trust issues would rise against grey marketplaces.

    Make no mistake, this whole “system” is a house of cards, it works fine when people believe they are getting cheap working keys, but as soon as these websites start selling non usable keys or keys get banned, the market disappears quite rapidly. If there is one thing customers hate more than paying high prices, is paying any amount and receiving nothing in return.

  8. Solidstate89 says:

    I’m glad Gearbox actually followed through with their threat.

  9. Banks says:

    They wanted to do a remake but they’ve done the sequel: shitstorm.

  10. widowfactory says:

    Who on God’s green Earth is spending £226 on a single game – let alone a mediocre one such as Bulletstorm? I wouldn’t even spend that on a game I really, really liked!

    • TillEulenspiegel says:

      Easy to spend that much on a board game plus a few years’ expansions, for example. That’s kind of a single game.

      But videogame collector’s editions are overpriced trash these days, especially the universally awful statues which look like they cost no more than $5 to make.

      They just want in on the F2P strategy of milking the whales (do whales produce milk? I mean they’re mammals), too bad they almost never provide anything nice in return for the super-fans.

      • MrCrun says:

        I’m pretty sure whales are mammals *because* the produce milk. IIRC a mammal is a thing that suckles its young – among other thing probably. If I’m wrong then it’s entirely because it’s after 4am so SHUTUP(!).

  11. limbo12 says:

    Interesting case of selective credulity in this article: no one cares that tinyBuild’s claim of 450k in losses has not been verified with any evidence when asked for it, but RPS “courageously” takes G2A to task for not substantiating their claims about low fraud rates.

    Something stinks.

    • urahara says:

      The Tinybuild figure might be inaccurate, but no one is saying losses don’t occur due to the kind of fraud used to generate these key codes.
      The problem is that G2A claims they don’t have a problem when they do. It’s like if eBay claimed that they have a system to catch 100% of fake bids before an auction closes. It sounds good but isn’t possible with their current set up.

  12. pelwl says:

    tinybuild’s figure of $450k came from the number of their games sold on g2a multiplied by the full retail price of the games. Ignoring the fact that that figure is much higher than the market reality, the real issue here is that they were implying that all those keys sold on g2a must have been stolen, when in fact most of them were probably originally acquired from distributors/resellers who legitimately purchased them from the developers. These keys would have been heavily discounted whether through bulk sales and/or purchasing in cheaper regional markets.

    Even though tinybuild obviously had no clue about how to set up a store on their website you’d have thought they should know the exact figure that they lost due to credit card fraud without having to ask for g2a’s sales history of their games.

  13. malkav11 says:

    Personally I feel like G2A’s response was perfectly reasonable and Gearbox’s demands not at all. Or at least, not in the remarkably short timeframe given. I don’t think G2A are saints or anything – the nature of their business does lend itself to being exploited by wrong’uns and the “Shield” subscription is pretty dodgy, but they are not wrong that the primary issue a lot of people seem to have with them is not wanting keys to be resold at all, and that that would be bad for consumers all around.

    It’s also deeply weird that Gearbox ever contracted with them for special promotional stuff. It would be like having a special eBay only version of a game.

    • Jalan says:

      Gearbox’s attempt to try and crawl out of the fecal-filled crater they dug for themselves in hopes that the stench doesn’t follow them is laughable. Pitchford claiming ignorance of what G2A basically is and will (apparently) always be also seems really dubious.

      A small part of me wishes this entire thing ends in such a way that both Gearbox and G2A become deadlocked in a costly legal battle that depletes both companies of resources to the point where things actually do change or they risk ceasing to exist as they were. But that’s in non-reality, where the reality is probably more likely that Gearbox would bury G2A in litigation and waltz out of the smoke cloud unscathed.

    • Daemoroth says:

      Lies are perfectly reasonable? Since when?

    • Xan says:

      I recommend reading the G2A AMA on Reddit, it shows what a bunch of liars G2A actually is.

    • Tridus says:

      You’re right. People are free to hate on G2A (I know I do), but Gearbox went into this deal with G2A. The only way it’s possible Gearbox didn’t know any of this is if Gearbox management is unbelievably incompetent.

      It’s normal to due some kind of due diligence with a business partner, and even a cursory Google about G2A brings up these practices. If Gearbox didn’t even bother to do that, they have no one to blame but themselves.

      It’s more likely that they did know and didn’t care because $, until it became a PR problem. Then they threw G2A under the bus with a set of demands and an absurd timeline that no company would ever meet.

      Now they’re trying to claim ignorance and innocence. It’s a farce. They could claim gross incompetence or greed, though.

      • epeternally says:

        Not everyone devotes each second of their life to whatever Gamer Culture is fixated on at the moment. It is not weird to think that a bunch of middle aged people with full time jobs weren’t aware of G2A’s reputation, even within the industry.

  14. syllopsium says:

    ‘G2A.COM employs over 100 people whose job is to ensure the legality of keys, transaction security, and compliance with the most stringent anti-fraud regulations.’

    This seems.. unlikely, unless a very loose definition of who is involved in this is used.

    • Daemoroth says:

      I think they said the same thing right before a Reddit user submitted a fake key that was verified by G2A and added to the market.

  15. Chillicothe says: the only entity that makes Citizen Randy look moral and ethical.

  16. Jac says:

    Gearbox are a complete joke for doing this in public.

    In what world does a company agrees a deal with another company and then publicly make demands to gain headlines and pander to their customers. They should have handled this privately and of they weren’t happy pulled out. I’ve never used G2A and likely never will but Gearbox are out of order here and if i was anyone in the industry I’d certainly never work with them in any capacity.

    • LewdPenguin says:

      Whilst you’re certainly right that this has been a hideous way of dealing with things on Gearboxs part, I wonder if any industry distaste will be greater over the handling of the matter, or that they wanted to do such a deal with a company generally regarded as a pariah in the first place.

      • Tridus says:

        If that was the case, Gearbox wouldn’t have gone into the deal with G2A in the first place. It’s not like this was secret information. It’s common industry knowledge.

        Gearbox either knew and didn’t care until it became a PR problem, or they are staggeringly incompetent and went into a deal with G2A without doing any due diligence whatsoever.

    • SuperTim says:

      Actually, it’s the best thing they could have done at that moment. When every important gaming critic is calling you out for working with G2A, it’s too late change the deal silently.

      I’d expect if you fixed the deal in silence, most people will not know you did, and think you’re still the company who deals with the shady G2A. That would have been an even more undesirable outcome.

  17. myhandleonrps says:

    link to

    “Even though you tried to hide your identity, we found your account without any problems” was one of their responses to a bug report. I bet they can easily employ a hundred of these people for almost nothing.

  18. Tridus says:

    This mostly makes Gearbox look stupid… which is quite a feat considering how stupid Gearbox normally looks.

    Acting surprised at this stuff is a joke. It’s more likely that they knew and didn’t care until it became a PR problem. If they really didn’t know, then they are astoundingly incompetent and management is unfit to run a corporation. This isn’t some secret thing that would have required a team of investigators to hunt down. It’s common industry knowledge a routine Google of “G2A” turns up. Any amount of due diligence as part of the deal would have uncovered it.

    Either way, they get to wear this one. Ignorance isn’t a defense when you go into business with another company and the problem is public knowledge. Either you’re too incompetent to have looked for it, or you knew and decided you didn’t care.