Epic Games to pay $245M for tricking users into making unwanted charges

Came here to say this too. This just needs to be the rule generally. Steam and Amazon do the same thing - get hacked and get charged for some items, if you dispute the Steam charge you lose your $5000 account, that's not a fair playing field and effectively negates the protection offered by credit card networks. Hopefully steam resolves it, that's always the first line of defense, but if they don't, you still can't charge me for it.

It should really be a blanket rule against revoking access to previously purchased items in any form. If I get hacked and the perp buys something on my amazon account, I shouldn't lose access to music I've purchased etc.

And as someone else notes - this also is a problem with Google revoking your account (or losing access to it) and then losing access to other services that auth against Google single-sign-on.

There is the business side of this to consider. Disputes are expensive--companies are forced to pay significant fees whether they win or lose the dispute. A dishonest customer lying to their bank about your product/service should be able to be banned from using your product/service. Otherwise, what's to stop them from maliciously charging then filing disputes over and over again?

To be clear, I'm talking about a different case, where the customer doesn't reach out for help, and doesn't give you an opportunity to correct the problem (which most banks ask them to do first but they just lie about it). With my business, this is the case for 9 out of every 10 disputes (and I have a very low dispute rate). The other 1 time is they just mistakingly reported it as a dispute because they didn't recognize it, but after you reach out they correct it with their bank (but guess what, you still have to pay the dispute fee when that happens).

When your SAAS product costs $5 / month, and the dispute fees are $15 / dispute or more, and customers go back and file disputes on the previous X months of charges, and they never give you a chance to make it right, it becomes a problem worth banning them over.

This order doesn't broadly apply beyond Epic. It seems to me that they're blocking Epic from locking accounts specifically because of the dark patterns they used to get users to accidentally spend money.

I doubt this would be applied to other companies unless they also found those companies used confusing UIs to get people to pay. Which is still good news nonetheless, as the main issue for me is all these dark patterns in the first place.

This is just common in general. Nobody that you chargeback is going to want your business again. It's just that tech companies usually hold something you want (your account) effectively hostage, whereas a restaurant or whatever you can just stop going to. This does make it worse.

I'd love to see this formalized as a rule/right. I essentially can't file a chargeback against Amazon or Steam, ever, because of the likely repercussions to the rest of my libraries there.

> if you do a chargeback, you often get blacklisted on their service.

Although, to be honest, if a problem has deteriorated to the point where I need to do a chargeback, I've already written off doing any further business with that company anyway.

I wonder if CC companies have a way of punishing companies for this. At least in my circles, the sense of security from having charge-backs is a huge reason a lot of people even use CCs. If Visa told Uber/Epic/etc "you can't use our network if you're going to undermine our features".

Though it would smell a bit like a giant squashing ants... anti-trust and all that. :/ So maybe government getting a handle on Dark Patterns is the best way to do things.

Can you help me make sure I follow this right. You do a charge back in cases where you can't reach an agreeable resolution with the company, right.

Presumably that's the end of the relationship - you claw your money back via the CC and say good bye to the company.

What's the argument for being able to charge back but then wanting to (and the company being forced to, as I think you are suggesting) doing business with each other?

I suspect I am missing something.

I don't think this concept will fly broadly in America, it violates the way the American constitution sets up private vs public. Forcing private businesses to do businesses with the public without discrimination is only allowed in certain cases. Are you open to the public, providing an important service? (Like taxi, hotel, etc?) Then you cannot discriminate. Are you not-essential, with limited rules based membership? Then you can discriminate.

In this case, telling a private business they are forced to entertain customers who have robbed them, it's outrageous. And while I understand that chargebacks CAN be legitimate, they also CAN and often are illegitimate. When I worked in small business computer repair, we literally got out of the business of selling expensive machines because more than half of all orders were fraudulent and were charge backed with zero recourse -- we lose the machine, we lose the money. We lost an incredible sum of money to thieves this way, and so being told we are forced to do business with them would have destroyed our business.

If you wanted to create a new class of online public service like Twitter and Google and increase regulation on them as one might do hotels, that's one thing. But a blanket requirement that all businesses must entertain customers who chargeback is a nonstarter, imo.

Banning users who charge back is standard practice on all video game stores. They equate it to fraud in their terms of service. Imagine having an account worth thousands of dollars and losing everything because you decided to exercise your rights.

I'm so happy to see authorities are finally doing something about this abuse.

I run an ecommerce business, and pretty much always always block customers who file a chargeback or dispute.

They're completely draining to deal with, usually fraudulent, and the only way to win one is to prove beyond reasonable doubt that the buyer is lying.

I think it is reasonable.

On other side the companies should then be able to sue you and you need to prove that charge was fraudulent. If you fail, you will carry full costs of both sides. Thus cutting down the fraud by chargebacks.

Note of course that these are the terms of a settlement, and I don't think this has any legal implications on digital licensing and identity management.

I wonder how they manage that on countries that have proper consumer rights government agencies.

Facebook, Amazon, Microsoft/XBox and Google do this.

It's not relevant to Netflix.

Does Apple also do this?

Why would you chargeback in Fortnite instead of just refunding? The only reasons I can think of are fraudulent ones.

This is also why I never pursued any GDPR complaints out of fear that I will be locked out of my account.

When I told about my issue to ICO, they basically gave advice to use different service... that's it.

There should be some sort of legal protection that if you want to exercise your rights, company shouldn't be allowed to cut you out for doing so.

And despite Epic having great games, this is why I have not installed it or paid for any of their product so far.

Also why steam is still the leader despite having a terrible UI: they have been very good to their customers.

When you unlock an item in a battle-pass, you have to hold down the button for about a second to unlock it (and there's a little progress bar animation as it unlocks). This is great! it makes it much harder to accidentally unlock the wrong thing with a single button press. The downside to a wrong click is pretty negligible though, you're probably going to unlock everything in the battle-pass eventually anyway.

But in the "store" part of the app, where you're purchasing things with the "v-bucks" in-game currency (which you've paid actual money for), the purchase was just a single button press. It was very easy to accidentally purchase when instead you meant to press the "back" or "preview item" button. Only recently did they change this to use the same "hold for 1 second" pattern already used in the battle-pass.

Somewhat ironic. Remember Epic's attack on Apple's game store? At least Apple does not apply that many controversial patterns to their customer experience.

> Epic feared that adding a confirmation button would add “friction,” “result in a decent number of people second guessing their purchase,” and reduce the number of “impulse purchases.”

yeah, it would have absolutely done that.

Is this the company that craves to install its Store on the most profitable mobile platform? I will try to keep that in mind

I'd like something that broadly prohibited any company that 1) acts as a gatekeeper for any third party services, or 2) offers digital "purchases" from blocking user access to their account without having to first prove overt nefarious actions that disrupt the service. And not some hand-wavy TOS violation, but it should be impossible to block someone more than temporarily without going through some kind of arbitration process.

If a company doesn't want to deal with this hassle, don't offer up "Sign in with Google/Apple/Facebook/whatever" (I'm talking about Google/Apple/FB/whatever in this scenario), and don't "sell" digital goods that are hosted online.

The FTC’s order can be reasonably interpreted as a warning shot to other US companies, but I’d still like to see “chargebacks may only reverse access to that which the purchase paid for, not to the right to access past and future purchases” enshrined in law.

> software engineers (or working in the field), have the power to not implement these features when our employer asks us to do it.

Realize that you're statment is a euphemism. What you really mean is we have the choice between implementing a dark pattern or finding another job and letting someone else implement it. Stated this way it's a lot easier to understand people's behavior.

Never mind dark patterns. If engineers had that kind of moral fibre to choose doing the right thing over getting paid, social media as we know it today wouldn't exist, and adtech giants wouldn't rule the web.

The reality is that most of us think we're making the world a better place, when truthfully we're just trying to make a decent living, while making the unscrupulous shot callers rich. And that's the percentage that does actually want to make an honest living. Others will happily apply their knowledge to deceive and exploit, and then go on to make successful companies of their own. The circle of tech.

> We, as software engineers (or working in the field), have the power to not implement these features when our employer asks us to do it.

You don't, but, doctors and structural engineers do.

I was saying for years that a licensing proffeshional body, like the one other proffesions have, would improve things in our industry.

When was the last time a bridge fell down because someone boss bullied a structural engineer into suigning it off? They know you know that any engineer that agrees to do doggy shit is risking their licence, and it's not worth if for them.

This industry would improve significantly if it had a proffeshional body with teeth, and for that you need licensing like doctors and other proffeshions have.

> Yes, I realise not everyone has the privilege to say "NO", but at least some of us can and should push back.

I agree wholeheartedly. I would (and have) quit jobs where I was required to do things I considered unethical. Having to do that can suck and be a financial blow, but I think being able to keep my soul is worth it.

I think a lot of us do push back on the product owners and designers when something seems obviously bad. But I don't think it's good advice to encourage people to unilaterally declare themselves the gatekeeper just because they write the code.

Cogs can't push back; experts can, and should.

You seem to have started with the premise that getting management to behave ethically is hopeless, but that maybe engineers could refuse.

Management can always find someone willing to behave un-ethically if they look.

Regulation and criminal liability tends to be the only way to eliminate shady business practices.

unions

As an adult who’s partner plays Fortnite with her cousins and occasionally gets dragged in, I haven’t seen this. I’ve spent maybe 25, and it seemed pretty obvious what was going on. Maybe I just haven’t found the dark pattern path. It should be clear what’s going on before charging.

I don’t love the “v bucks” vs real dollars they charge for things. though I get that the reward for those who grind isn’t actual dollars.

As someone who let a younger person play on my laptop, I will note my balance was quickly brought down to 0 though I had some new “emotes”.. lesson learned.

I’d rather just pay once for games, though that seems to be on its way out.

Yeah, it makes their kerfuffle with Apple look a bit different.

Because Apple charges 30%. And Apple can keep that if there is a refund.

In this case, Epic is returning money. They would ideally be net zero on this whole debacle. You mistakenly bought $10 worth of skins, Epic collected that $10. Then you get refunded $10, Epic returns that $10. In the App Store scenario. You mistakenly bought $10 worth of skins, Apple collected that $10, gave $7 to Epic. Then you get refunded $10, Apple returns that $10, and then collects that $10 from Epic. Epic loses $3 on the exchange.

And if this is just refunding the purchases, it's kind of a good deal for Epic. As they essentially got an interest free loan from their customers.

What you said, and what I'm retorting with requires data, lots of it. But my understanding is that given unchecked power in a domain, almost all of them do the same.

It’s sure a good thing we let them run their own App Store for Apple products then.

Definitely a win for the little guy. /s

I think I agree with you, but to play devil's advocate, the video game industry is struggling to monetize their work.

No one wants to pay for games anymore, no one wants a pay to win system in a game, and cosmetic items seem like a waste of money to most. The result is the gaming industry pulling out all the tricks to try to separate the consume from his or her wallet to pay for content.

To be honest though - there are no good guys here. They're all awful.

Google and Apple take insane cuts out of any money moving on their platform and while Epic uses predatory tactics to trap people into subscriptions Apple and Google do the same.

I agree, they just handed Apple a huge moral victory. You fight publicly and sue for your own payment process, then you turn around and scam your users with dark patterns around payment. This would not have been possible with iAP!

Funny, despite Apple taking 30%, it is very obvious when you are making an iAP, you have to double click the power button and stare at the device.

I also think of the games market this way. It's bifurcated between single purchase and on-going, and I'm not interested in constantly paying for stuff or needlessly complicating transactions, so the latter doesn't exist to me.

I find the acceptance of in-game stores rather unfathomable, but apparently the market has spoken as it represents the majority of industry revenue. So, it's unfortunately not going anywhere. What's wrong with players willing to drop $1000+ on a single game and/or have their game mechanics and other activities tainted by constantly pulling out their wallet? I know people in RL that do this, some to great personal financial harm, and haven't really gotten a good answer yet.

I already live in a pay to win world so the idea of unwinding in one seems insane to me.

My biggest beef is when this is added in an update after I bought a game that didn't have it.

There’s a bit of a sweet spot with replayability and DLCs.

I have a hard time finishing games. When they add new chapters to the game they’ve moved the goal posts as it were, and that doesn’t feel good. If they introduce some new side quests and a new race, I’ve still finished the game (or let’s be honest, got 90% of the way).

But if I want to play Skyrim again as a telekinetic khajiit then I might pay for DLC.

Don't fall victim to the halo effect!

Both Epic and Apple are right on some issues, and horrifically wrong on others.

I deal with Valve, because I have to. There is not a good way to get video games that doesn't involve pirating, unless you use a platform like Steam.

The fact that I do not really own the games is a huge pain in my ass, but I love video games, and want to spend my actual money on them, so I'm kind of stuck.

> consumers all love Valve

Where do people get ideas like this?

I play Fortnite so I can answer. Basically purchase in Fortnite was instant. You clicked/touched on the button > you bought it instantly. There were no confirmation screens, no "are you sure" etc nothing. One click purchase. And cancellation was very limited, basically non existent. Credit cards were also saved instantly so no further interaction needed for later purchases, so some kids ended up spending a lot without their parents knowledge at all.

There are more examples here about the patterns https://www.ftc.gov/business-guidance/blog/2022/12/245-milli...

They already changed the system like half a year ago, guess they knew about the penalty back then https://www.fortnite.com/news/updates-to-fortnite-purchase-c...

Now for every purchase you have to hold the buy button for several seconds. You can't click/touch accidentally. Plus there is a proper refund system now.

I worked a contract for a state appeals court way back in the day. I believe anything the judge considers is recorded as part of the case, so “comment” is more official than just raising your hand. Either you’ve filed a document or taken the witness stand. Either way lawyers are involved so that’s a lot of friction.

>Under the FTC’s order, Epic must pay $245 million, which will be used to provide refunds to consumers.

Mostly lawyers.