Digital gaming marketplace G2A was at the center of a public dispute last month regarding grey-market game code reselling which for years has been associated with credit card theft and fraudulent chargebacks.
Humble Bundle, seeing it as an opportunity to prop itself up in the industry, has detailed the many steps and tactics it uses and how they’ve evolved over the years.
The first line of defense is a machine learning-based anti-abuse platform called Sift Science designed to weed out suspicious activity. Humble Bundle says it has been trained across 55 million transactions and adapts with new data on a daily basis.
The second step is SMS verification in which phone numbers are verified through text message. The company admits that this step can be frustrating to legitimate customers but thanks to its machine learning, only a small number of orders get flagged for verification.
Should a transaction still get through that looks fishy, the team will perform a manual review in which they look at customer history to help determine legitimacy. And when all else fails, rate limits and captchas are leaned on to minimize damage.
For example, if someone gets through all the other security provisions, they’ll still only be able to steal a couple of keys with a stolen credit card. A thief would need a new stolen card to purchase the next couple of games and so on.
If someone is somehow able to get away with a lot of keys purchased with stolen cards, Humble Bundle reserves the right to cancel orders and revoke game keys. That sucks for someone that legitimately paid for a game at another store and looks bad on the reseller that sold them the title.
Humble Bundle says its prevention methods do work although fraudsters are persistent, poking and prodding until they find a hole. And when they do, Humble closes it up.