Recently, Gearbox announced that they’re partnering with game key re-seller G2A for a collector’s edition of Bulletstorm. Problem: over the years, G2A has been subject to widespread criticism for lax security, enabling fraud, and making money at developers’ expense. Predictably, Gearbox has taken serious flack for the partnership.

G2A’s reputation has fallen so far down the mine shaft that, in recent times, multiple high-profile YouTube and streaming personalities have dropped out of lucrative ad deals with the site. People, then, were taken aback when Gearbox decided to hop in bed and get snuggly with G2A to create a baffling assortment of limited edition physical collector’s editions. Setting aside the oddity of partnering with a digital storefront to produce physical goods, the cloud of controversy surrounding G2A is thick and noxious, and people on sites like Reddit, NeoGAF, and Twitter promptly blew up at them.

Advertisement

Most prominently, popular YouTuber John “TotalBiscuit” Bain took to Twitter to say that he’ll be avoiding Gearbox’s games entirely until something changes:

I reached out to Bain for clarification on his comments. Here’s what he told me:

“G2A has offered its own payment system as a ‘solution’ to credit card fraud and mass-chargebacks which cost indie developers and retailers huge amounts of money and put them at risk of being blacklisted by the worlds major credit card companies,” Bain explained to me in an email. “A company can decide to work with G2A directly and use their payment solution and API, from which G2A takes a fee. This has been offered to companies such as TinyBuild who claimed to have lost hundreds of thousands of dollars in revenue due to G2A as well as smaller startup retailers such as our partner chrono.gg, who also suffered significant credit card fraud and chargebacks early in its life. When they approached G2A regarding this, they offered to give them insight into who was selling stolen keys from chrono.gg but only if they switched to using their payment system and API.”

Advertisement

“G2A is providing a ‘solution’ to a problem that they created and continue to facilitate and profit from both the solution and the fraud,” he added. “G2A is essentially saying, ‘That’s a nice game you have there, it would be a shame if something were to happen to it.’ That sounds an awful lot like a protection racket to me.”

I reached out to G2A for a response to Bain’s comments, but they’ve yet to reply. I also reached out to Gearbox, who was unable to provide a response as of publishing.

For their part, G2A’s spent recent months resolutely insisting that they’ve cleaned up their act and strive to guard their service against fraud, stolen or otherwise illegitimate keys, and other potential pitfalls that come part and parcel with running a largely unregulated gray market. They say, for instance, that they have a department of over 100 people monitoring the site for shady keys, and the main reason they want to work directly with developers is because they have no reliable way of tracking stolen keys otherwise.

Advertisement

However, people have found G2A’s claims of increased security hard to believe. During a Reddit AMA conducted in February, a user demonstrated that after becoming a “verified” seller, they could theoretically switch to selling non-legit keys with little scrutiny. They even tossed up a fake listing and got it verified during the back-and-forth discussion on Reddit, just to prove their point. G2A went on to ban that user, in a move that was about as well-received as you’d expect.

G2A later told me that the user was banned because he violated terms of service and suffered the consequences. They also claimed that what he did wouldn’t have worked with more than just a key or two. They added, however, that if it had been a fraudulent key (taken from a developer’s website due to lax security, obtained with a stolen credit card, etc), there’s not a ton they could do without a developer’s direct involvement. “If we were not informed and not given the list mentioned above, it’s purely impossible to distinguish legally acquired keys from those acquired illegally,” a G2A rep said to me in an email shortly after the AMA. “All we can do is to react when a customer faces a problem with a purchase, help him or her, and then make sure the thief meets the consequences.”

That doesn’t really inspire confidence!

And despite that, shortly after the AMA, I received an email from an indie developer claiming that they’d tried to get keys removed from G2A, to no avail.

Advertisement

These days, G2A talks a big game, but they’ve yet to provide compelling evidence that they can reliably back it up. The only thing abundantly clear about the site is that they desperately want to clean up their image, and certainly, working with Gearbox seems like another step on the road to perceived legitimacy. Now, though, Gearbox is getting their reputation dinged for that decision. Instead of Gearbox pulling G2A up, it appears that G2A yanked Gearbox down into the mud with them.