Humble Bundle has opened up about how it works to prevent fraud after a recent battle between key reseller G2A and developer TinyBuild raised concerns regarding the bartering of second-hand game keys.
The conflict started after Tinybuild claimed it had lost $450,000 in game sales as a result of fraudulent transactions facilitated by G2A.
Tinybuild CEO Alex Nichiporchik called out the reseller for creating a "fraud-fueled economy," and suggested it was easy for someone to make a quick buck at the expense of devs by picking up cut-price game keys from a bundle before selling them on for a profit.
In a new blog post, Humble admitted it's an "enticing target for fraudsters," but moved to reassure devs by explaining at length how its various fortifications work to prevent fraud.
A machine-learning anti-abuse startup called Sift Science acts as the company's first line of defense, and will alert Humble to suspicious purchases using data collected from over 55 million transactions.
Once a transaction has been deemed high risk, Humble will ask the buyer to verify their phone number through SMS verification. Customers caught out at this stage can then be banned from the platform.
If verification is provided, but the purchase still raises eyebrows, Humble holds onto the transaction for manual review, which usually involves trawling through a user's purchase history.
Assuming Humble's customer service team is still on the fence at this stage, they'll likely approve the purchase because "the only thing worse than fraudsters is blocking legitimate customers from getting their game."
When prevention isn't possible, Humble uses rate limits and captchas to minimize the damage, suggesting that "if someone gets past everything else, they are still contained to a modest amount of thievery."
More specifically, when a purchase results in a chargeback -- like the ones that hit Tinybuild -- Humble says it works quickly to cancel the order, revoke the download page, and pull back any Steam, uPlay, or Origin keys associated with the purchase.
"The person holding that key loses access to the game. If they purchased it from a reseller, that means the reseller’s reputation is diminished," adds the blog post.
"We're monitoring fraud daily, and we’re always tweaking variables in every step of the process above. The fraudsters are persistent. They poke and poke until they find a hole. When they find it, we find it too and close it up."
To those developers still worried about running afoul of online fraudsters, Humble says the best way to avoid those issues is to lets its team do their job, or use the newly announced Humble Gamepages to direct sales using the Humble Widget.
It has also apologized in advance to any customers who might be falsely accused of wrongdoing, but believes "it's an unfortunate necessity to protect our developers' products."