
Facebook Let Kids Rack Up Charges on Parents' Credit Cards - DamnInteresting
https://www.revealnews.org/article/facebook-knowingly-duped-game-playing-kids-and-their-parents-out-of-money/
======
mindgam3
The issue is Facebook denying refund requests after children were suckered in
to make large in-game payments using their parents' stored credit cards.

It's not just that this whole scenario is slimy. It's that Facebook was fully
aware of it, had a nice in-house term for it ("friendly fraud"), and not only
chose not to approve refunds but also chose not to implement the most basic
measures to prevent it.

[edit: as a commenter pointed out, the term “friendly fraud” predated
Facebook]

This is symptomatic of a corporate culture that is toxic to to the core.

The money quotes are in the 2 paragraphs below:

"In 2011, Tara Stewart, a risk analyst for Facebook, studied the issue and
suggested that the company begin requiring users to enter the first six digits
of a credit card used for payments on certain games. Stewart ran a survey of
Facebook users and found that many parents were not aware that Facebook stored
their payment information after entering it one time. They also found that the
kids weren’t aware of what they were doing. “It doesn’t necessarily look like
‘real’ money to a minor,” Stewart wrote.

She ran a test to see if the entering the cards first six-digits would reduce
these unwanted charges and the results were encouraging. She also said it
would “make sense to start refunding for blatant FF-minor.” The abbreviation
“FF” stood for “Friendly Fraud,” the term Facebook used to refer to these
fraudulent purchases which were made without malicious intent. Despite this
obvious solution, Facebook decided that it would harm revenue and elected to
continue fighting refund requests for the foreseeable future, the documents
show."

~~~
leereeves
> “It doesn’t necessarily look like ‘real’ money to a minor,”

This is intentional.

In many games, some things cost "gold" earned by playing the game, and others
cost "gems" bought with real money. Or maybe "gold" is the one that costs real
money. It's designed to be confusing and hide the distinction between in-game
points and real money.

At some point the game companies should bear some of the responsibility for
deceiving children.

~~~
AlexandrB
> At some point the game companies should bear some of the responsibility for
> deceiving children.

I hope a reckoning is coming in this regard. Many games include mechanics that
are hard to distinguish from video slot machines and should be regulated the
same way gambling is (rated 18+, audited for "fairness").

~~~
Spooky23
Unlikely. Society shifted and gambling is stigma free.

My son is old enough that arcades are interesting to him now. I was pretty
shocked to see how they have declined into shitty skinner boxes and games of
chance to win tickets. That was always a factor, but is much more prominent
today.

The casual acceptance of sports betting is another example of that shift.
There’s probably some free marketeer who will opine that teaching children
about gambling is a good thing!

~~~
FiveSquared
Well sports betting has been around forever, but dark patterns and intentional
deception in mobile games leads to children being manipulated. Not consenting
adults, CHILDREN.

[https://humanetech.com/](https://humanetech.com/)

~~~
Mirioron
Yeah, I wonder where the parents are when kids do this. Kids don't earn their
own money. But I guess expecting parents to actually parent is too much
nowadays.

------
DanielDent
"Friendly fraud" is not a Facebook-invented term. It's a term used and
understood by card issuers, acquirers, and merchants.

Friendly fraud encompasses:

\- Dissatisfied customers who don't find refuge in a refund policy/process

\- Customers who are embarrassed by their purchases. This situation is
commonly triggered when a significant other reads a credit card statement.

\- Customers who spend beyond their means, and then look for a "solution" when
the statement comes due

I find it weird the way Facebook seems to be using the term here. These are
charges that were never contemplated by the cardholder. There is no "buyer's
remorse" dimension.

Friendly fraud is specifically about charges that _are_ agreed by the card
holder, but they later change their mind and pretend otherwise.

~~~
wl
> Dissatisfied customers who don't find refuge in a refund policy/process

It's dangerous to label such things as fraud. Chargebacks are a consumer
protection mechanism of last resort as well as a remedy for unauthorized
charges. If a merchant doesn't deliver what they promised and doesn't issue
the appropriate refund, the merchant is the one engaging in fraud.

~~~
crysin
Chargebacks are a mechanism that can definitely be abused and in those cases
would be fraud. I don't see that as dangerous at all. Heck, in posts on these
forums people brag about using chargebacks to cancel services because they
didn't want to call or follow the guidelines set by the merchant to cancel an
account. Whether they're in the right or not that's most certainly bordering
abuse of the system.

~~~
Meekro
Those merchants don't always have clean hands, either. Lots of services where
you can sign up with one click, but canceling requires a lengthy phone call
during which they pressure you to stay. And the call has to be during business
hours, hope your boss doesn't mind!

Imagine how much worse it'd be if the dispute process didn't exist. "Oops, our
only cancellation department employee retired last year and we forgot to
replace him!"

------
ShroudedNight
1\. Company is on the record as being aware of unauthorized use of parents'
credit cards.

1a. Company is aware of channels particularly prone to unauthorized use of
credit cards (with Ninja games being presented as the archetype).

2\. Company creates a method for verifying the authority of purchase (and
confirms that it works)

3\. Company intentionally does not implement verification method, thus
explicitly profiting from known fraud.

Now, I'm very much not a lawyer, but this strikes me as the sort of behavior
we would seek criminal penalties for. Has there been any indication that this
has been forwarded to the relevant parties for investigation / prosecution?

~~~
TylerE
Maybe parents should have a separate login for their kids that doesn't have
the CC info saved?

Leaving that saved in the browser is awful close to authorization since there
are reasonable, low-effort steps that could be followed by a non-technical
user to prevent it from happening.

It's like leaving your card on the kitchen counter and being upset when they
order pizza.

~~~
pdonis
_> Maybe parents should have a separate login for their kids that doesn't have
the CC info saved?_

In at least one case in the article (the 12-year old in Phoenix), the kid
apparently did have a separate account; but he asked his mom to let him use
her card for what he thought was a one-time purchase, but Facebook stored the
card info and behaved like recurring payments had been authorized. (Also the
game appears to have been highly non-transparent about when such charges were
being incurred.)

So while I agree that the mom would have been well advised not to let the kid
use the card for even that one-time purchase, I think that pales in comparison
to Facebook's conduct.

------
beezischillin
I explicitly make spending money online harder for myself as a protection from
things like this. (Well, primarily I also don't play any games with micro-
transactions for one because they're universally a rip-off designed to exploit
addictive personalities. Games based around these shady tactics should never
have been tolerated, let alone allowed to become the standard to such a degree
where even real AAA $60 video games are now infested with this. It's
disgusting.) Very few things and services have my payment information saved --
usually just Apple and PayPal have it saved. I never save credit or debit card
details to the keychain so the browser doesn't auto-complete it. I always go
out of my way to set payment confirmation dialogues to always appear. Whenever
I subscribe to something, I use PayPal or the App Store subscription feature.
In case it's a yearly recurring subscription, I always go out of my way to
cancel auto renewal. If nothing else, I delete the authorisation from PayPal
for automatic renewal. I always go and double-check if some place saved my
credit card details or not and if they have then I delete them.

While not completely fool-proof, these steps have made it easier to more
carefully manage my online spendings and not to suckered into parting with my
money.

~~~
dylan604
I have the same habits. Every month, I have to enter my payment info for
phone,car,etc. They always have that little check box for "save payment info
for later". Nope. To the point that my car payment is now done over the phone
each month because they changed their website to force you to enter a payment
(checking/routing). At the rate sites are getting hacked, I will not enter any
more information that required to make it work. As with my auto company, if it
requires more info than I want to provide, then I don't use it.

------
benologist
Steam / Valve did this for quite a few years until they were taken to court in
Australia for their unfair practices. A judge said their refund policy was
criminal and intended to deny refunds and fined them a couple million dollars
for an estimated 20,000 times. Steam drastically changed their refund policy
and evaded fallout everywhere else, but it's probably going to be substantial
for Facebook.

[https://www.pcmag.com/news/350574/valve-fined-3m-in-
australi...](https://www.pcmag.com/news/350574/valve-fined-3m-in-australia-
over-steam-refunds)

~~~
elefanten
These two cases seem pretty different to me. Steam wasn't in compliance with
Australian refund laws and got in trouble for it. But the Steam case had
nothing to do with minors (mostly very young children) making inadvertent
purchases.

~~~
benologist
The similarity is the intent to refuse lawful refunds, and probably the scale.
Steam never optimized to refuse more refunds though.

------
Balgair
So, FB not only did this scummy act once, they did it many many times, never
tried to remedy it, and never tried to alter the 'pathway' for this to occur,
but they had this happen so often that they came up with a nick-name for it?

Like, I knew they were evil, but I didn't think they were stupid too [0].

[0]
[https://en.wikipedia.org/wiki/Stringer_Bell#Season_three](https://en.wikipedia.org/wiki/Stringer_Bell#Season_three)

------
rdiddly
It's okay guys, the security of your credit card information is important to
them! Also, it's a big responsibility, and they "need to do better."

[https://www.google.com/search?hl=en&q=zuckerberg+"we+need+to...](https://www.google.com/search?hl=en&q=zuckerberg+"we+need+to+do+better")

------
tareqak
1) If an individual app developer did something like what Facebook did here,
then there is a better than good chance that they would be successfully
prosecuted with a crime. Why is the criminal justice system so much more
lenient on corporations? If it is just money, then we have to accept that
arbitrariness can be bought and paid for by those who can afford it. There are
a few voices here that advocate for less prison sentences with whom which I
agree with, but white collar crime like the kind in the article isn't punished
to the same level of severity when the organization at large is at fault. It
seems that the incentives for certain kinds of problematic behavior change
when your at scale.

2) If you allow this sort of behavior long enough, then it definitely seeps
into the culture, the decision-making of management, and the interactions of
all those who work there (full-time, part-time, contractors all included). If
bad apples can spoil the bunch, then will certain people refuse to interact,
do business with, or hire former Facebook employees? Is there / will there be
a "blue shield" for Facebook as there is for law enforcement?

------
npunt
Note at the time (2011-2012) there was almost assuredly a lot of incentive at
FB to look the other way regarding this kind of fraud, since they were
preparing to go public (May 2012). When going public you want to get the best
price on your IPO, so I imagine the order from higher up was to push revenue
higher and look the other way on these types of issues.

FB's stock dropped 40% in the months after going public, so that incentive to
not do anything to impact revenue remained as FB dug themselves out of that
hole. It may have even been amplified because internal employees were in
lockout period watching the stock drop and wanting to cash out at a good
price, and probably were (psychologically) price anchored on the IPO price.

~~~
eeeeeeeeeeeee
Yep, I think this just shows how the push for ever increasing revenue creates
a disgusting environment.

Almost every single bad Facebook decision can be traced to them trying to cut
corners for increased valuation.

------
InclinedPlane
> _But the company had discovered that more than 9 percent of the money it
> made from children was being clawed back by the credit card companies._

> _In comparison, the average chargeback rate for businesses is 0.5 percent,
> according to the Merchant Risk Council, a nonprofit that helps businesses
> manage risk._

> _A chargeback rate of 1 percent is considered high, and credit card
> companies such as Visa and Mastercard will put businesses on probation
> programs for rates consistently that high._

> _The Federal Trade Commission said in an unrelated fraud case in 2016 that a
> 2 percent chargeback rate was a “red flag” of a “deceptive” business._

 __Nine percent __chargeback rate. That 's just absolutely nuts.

~~~
CuriousSkeptic
That explains why the security is so lax. The card companies are complicit in
the scheme.

------
tuckermi
The article references this URL: [https://ecf.cand.uscourts.gov/cgi-
bin/HistDocQry.pl?61603081...](https://ecf.cand.uscourts.gov/cgi-
bin/HistDocQry.pl?616030812309732-L_1_0-1) However, that is not accessible
without an account and possibly payment for the document. Is this content part
of the public domain. If so, can/has it been posted elsewhere?

Edit: I should add that I do see some of the documents reproduced and
referenced from elsewhere in the article (e.g.
[https://www.documentcloud.org/documents/5694620-Exhibit-
OO-R...](https://www.documentcloud.org/documents/5694620-Exhibit-OO-
Redacted.html#document/p3/a477371)), however I didn't see any way to access
the full collection.

~~~
dlgeek
[https://www.courtlistener.com/recap/](https://www.courtlistener.com/recap/)

[https://free.law/recap/](https://free.law/recap/)

------
dlandis
If true, this seems to be one of the more clear cut recent examples of
unethical policies devised by Facebook employees. I suspect certain other
policies and programs can be mentally justified, but when it comes to very
obvious things like this I would think it would have a bigger impact on
whether top employees including engineers would be willing to continue working
there. Everyone has their own personal line beyond which they’ll just decide
to move one. I have already read about some people moving on lately but don’t
know if it’s a trend yet.

~~~
golemotron
" by Facebook employees"

The buck stops where?

~~~
darkpuma
A fish rots from the head. But is it just the head that's rotten? No, soon the
whole fish is rotten; that's the point.

So yes, Zuck is rotten. And consequently we should expect to find systemic rot
through the organization at all but the _very_ lowest levels (the
groundskeepers and maintenance guys are probably clean)

------
CaveTech
None of this is unique to Facebook - it plagues the entire industry. I would
even argue that games companies are far more complicit in this scheme than any
service provider.

~~~
senectus1
true, but Facebook is an order of magnitude larger, more integrated and more
powerful than the others.

They need to Drawn and Quartered publicly to clean them up. Each of these
articles adds up to something very scary.

I expect Amazon is due to a truth telling as well.

------
minikites
It's interesting watching Silicon Valley discover the purpose of government
regulations from first principles.

~~~
justtopost
Nothing old applies to us! Until we invent it here! Again. Its magical.

------
_cs2017_
Uhh what the actual fk, the article reversed the meaning of FB emails.

FB encouraged devs to NOT fight the "friendly fraud". "Friendly fraud" is an
industry term (just google it). It is when a customer who received goods then
calls VISA and asks to refund their purchase.

Anyway. FB told devs "let parents get their money back, don't fight it". But
this article says FB told devs "keep committing fraud", which would be just
about the opposite.

Obviously, FB should have taken measures to prevent kids from using their
parent cards without permission. But just because FB behaved badly, does not
mean it's ok for revealnews.org to spread dirty lies.

------
andygcook
This type of predatory behavior has been happening for a long time. When I was
about 9 years old, my brother and I bought Link's Awakening on Gameboy. On the
back of the booklet that comes with the game was a line that read, "Need Help?
Call this number" with an 900 phone number listed.

We had access to the home phone and wanted to beat the game. So of course, we
called the number a few times to get hints on how to beat hards parts of the
game. This was before the internet where you could just lookup a walkthrough
online.

You can imagine my mother's shock when she received a $200+ charge on her
phone bill for a phone number she had never heard of. Apparently the cost of
the call was about $5/minute.

We got yelled at and we weren't allowed to call the number anymore after that.
I'm proud to say we still beat the game though.

~~~
aacook
I still feel guilty about it every time we recount this story. I remember
exactly where I was (on the top bunk) when mom shared the bill with me. I
think she had me dial into the number to show her how it worked. To their
credit, Nintendo did disclose there was a cost to the service but as I'm sure
kids ignore notifications these days, I blindly pressed 7 or whatever because
I wanted to get through the next level so badly. It didn't seem like real
money. I can't remember if mom made me do excess chores to pay off the debt
but I'm guessing she did. I should pay her back the $200 with interest.

------
officemonkey
If Facebook knowingly refused to refund improper transactions, THEY are the
ones committing fraud. Plain, old, "screw you, Facebook user" fraud.

------
tschellenbach
Personally I think most of the reporting on Facebook is written to drive
clicks and ad revenue. It's usually exaggerating the problems.

This story is truly messed up though.

------
quickthrower2
We so need credit card tech that puts the card holder in control. Like a 2fa
message to accept every single charge no matter how small.

------
ravenstine
Facebook could be run by the Russian mob and people would continue to use
it(and Instagram and WhatsApp).

------
socialist_coder
Well, if I had any small amount of trust in FB / Zuckerberg to do the right
thing, I just lost it.

These are some super shady and deceptive business practices.

------
Dowwie
The modern in-game transactions remind me of simpler exploits from years ago:
900 number phone games.

Back in the 80s, children were bombarded with advertisement of phone based
games using a 900 number prefix. 900 numbers are unique in that they charge a
fee for use. A child who wanted to play the RoboCop phone game would simply
pick up a phone and dial the number. Shortly after, they would get to press
numbers on the keypad to choose their own adventures. The games were addictive
and expensive. [1]

Eventually, enough parents were ripped off and they fought the system,
convincing legislators and regulators to stop the exploitation. This put a
complete stop to 900 number games.

[1] [https://guff.com/15-bizarre-1-900-numbers-from-
the-80s-and-9...](https://guff.com/15-bizarre-1-900-numbers-from-
the-80s-and-90s)

------
chemmail
It's like facebook are all those evil corporations you see in movies.

------
enterx
facebook as a platform provider is guilty as charged.

there is a special form enforced for storing credit card information. Where
was QSA?

Credit card providers and game providers should also take their part in
responsibility for storing credit card information.

I do not get how is this still possible with 3D secure protocol out there?

------
pesenti
A friendly fraud implies that the refund was actually made to the customer
([https://en.wikipedia.org/wiki/Friendly_fraud](https://en.wikipedia.org/wiki/Friendly_fraud)).
The article states:

"“Friendly fraud” is the term Facebook used when children spent money on games
without their parents’ permission."

That's incorrect and completely reverses the meaning of the internal FB memo.
“Friendly Fraud – what it is, why it’s challenging, and why you shouldn’t try
to block it.”

(Disclaimer: I work at Facebook but wasn't there at the time.)

------
JimBrimble35
Probably an unpopular statement, but man does this happen a lot with fortnite.
They even have a section in their help pages specifically for unauthorized
purchases by family members. Also, they don't seem to care at all about who's
payment method is associated with an account. You even get kids taking
pictures of their parent's credit cards and passing them around.

------
megous
So they can just return money to all the wronged people now? Or did they
already? How about people outside of US?

I mean there would have to be some criteria for deciding who to return money
to, but I'm sure they can come up with something less arbitrary than the
original decision making that's hinted at in the article.

------
EngineerBetter
When are you all going to delete your Facebook accounts?

I got 9 friends to install Signal yesterday to help them away from WhatsApp.
I'd love to see widespread campaign to encourage people to ditch these
parasites we're addicted to.

------
mosselman
Sad to see that so many smart people in our industry lend themselves to work
for Facebook. There are great tech innovations that come out of Facebook, but
that doesn't weigh up to the damage they are doing to society.

Sam Harris has released two great podcasts that discuss how Facebook, and
other companies like them, choose to earn money from, amongst other things,
radicalising and polarising people in our societies:

[https://samharris.org/podcasts/146-digital-
capitalism/](https://samharris.org/podcasts/146-digital-capitalism/)
[https://samharris.org/podcasts/145-information-
war/](https://samharris.org/podcasts/145-information-war/)

and to some extent: [https://samharris.org/podcasts/144-conquering-
hate/](https://samharris.org/podcasts/144-conquering-hate/)

I recommend these highly.

------
deytempo
And this guy (Zucker) was talking running for US president? Whhhoooah

------
SilverSlash
Well, the solution is simple -- don't give your kids your credit cards...

------
dwighttk
Who is giving Facebook their credit card? Why?

~~~
mikejb
Parent gave the CC to Facebook in order to make one purchase. It isn't always
transparent that this payment option is then stored indefinitely, and can be
charged on user input without re-evaluating that the charge was initiated by
the holder of the CC. This is not necessarily a bad thing, and can be viewed
as a convenience-feature. But it has downsides, which Facebook not only seems
to be aware of, but seems to welcome.

------
loteck
Why is this submission marked as a dupe?

~~~
sctb
[https://news.ycombinator.com/item?id=18937640](https://news.ycombinator.com/item?id=18937640)

~~~
DamnInteresting
Hmm, that's an earlier story from the same site announcing that the documents
are expected to be released, whereas this link is about what the released
documents actually revealed. They are related links, but not quite the same.

~~~
dang
Ok, we'll de-dupe it.

~~~
loteck
With all due respect, I think his was plainly obvious to someone who even
glanced at the submitted story, and shouldn't have had to been explained to
mods.

~~~
dang
Different things are obvious to different people!

------
yeuxverte
Is anyone surprised that 11 year-old Johnny "didn't realize" he was spending
money? Sounds like parents looking to blame anybody but themselves.

~~~
Yetanfou
That's odd, the article I read _did_ contain specific instances of parents
retracting the steps of their spendthrifty offspring which confirmed there was
no indication of actual money being spent, e.g.:

 _“I saw all these $19 charges from Facebook,” she said. “It added up to
nearly $1,000.”

She asked her son why he would do that. But he was flabbergasted by the
charges too. So Bohannon asked her son to play the game so she could watch
what he was doing wrong.

As he played, he occasionally clicked on a corner of the screen that gave him
more abilities, such as magical items, or new ninja attacks for his character.
It didn’t ask if he wanted to pay for it, or let him know that his mom’s
credit card was being charged.

“There was no indication he was spending money,” Bohannon said. “So, 20
minutes later, I rechecked my credit card statement online. And sure enough,
there was another $19.99 charge from Facebook.”_

~~~
gknoy
Holy cow, that's frightening. Mobile games with in-app payments are clear
about "These cost gems {or some other bought-with-real-money mcguffin)", but
refilling those gems nearly always makes it clear that you're going to have to
pay.

~~~
socialist_coder
Facebook payments platform was always far behind Apple & Google Play in terms
of transparency.

------
microcolonel
Just don't save payment card information in your Facebook account which you
share with an irresponsible minor. If you primarily blame Facebook for this
problem, you are failing as a parent.

The fact that it is technically possible for Facebook to validate some
purchases and prevent _some_ instances of this problem does not make it
Facebook's responsibility not to do something practically equivalent to
handing your wallet to a toddler at a carnival.

~~~
NeedMoreTea
Ah yes, blame the parents.

A _9%_ chargeback rate on payments identified from minors is an awful lot of
careless parents. The real fraud rate would be a lot higher as plenty might
write it off to experience come credit card bill. Quite often these things are
remarkably difficult to cancel too (no idea if that applies to Facebook).

The fact is _many_ of these ongoing payments, and the use of separate game
currencies rather than simple $1.99 are deliberately unclear, even to fully
clued up adults. That's rather the whole point of them.

~~~
microcolonel
> _The fact is many of these ongoing payments, and the use of separate game
> currencies rather than simple $1.99 are deliberately unclear, even to fully
> clued up adults. That 's rather the whole point of them._

Well, so are amusement park tickets. That doesn't mean you are absolved of
responsibility for controlling your cash when you go to an amusement park.

~~~
empath75
If your toddler tried to use your credit card at an amusement park to buy $500
worth of cotton candy I imagine the person at the counter would not process
it.

~~~
justtopost
That is a perfect illustration. Facebook is the cornerstore that will sell
your kid 500 in toys and comic books, only to upsell them a pack of camels
from my checkout display. It's cool, we already have your daddys credit card
from last time, and he said we could use if for his future transactions. And
because you are clearly a young child, lacking agency, I will bill him. Yet I
will refuse to refund it when dad comes in later. Did I mention I am selling
access to your data, also webcams!? Its goddamn terrifying we let it get this
far.

------
pbalau
It's obviously fbs fault that you can't educate your kids or even control
them. Fb did not put a phone in your kid's hands to shut him/her up, you did.

------
TheLuddite
If my child takes the money that I left on the desk, goes to the shop, buys
candies and eats them...can I go to the bank and ask them to give back my
crisp bills? Or maybe go to the candy store and whine there?

~~~
socialist_coder
Let me give you an analogy that actually fits the truth:

You went to the candy store with your child and paid via CC. The candy store
saved your CC by default, and due to deceptive UX, made it difficult to figure
out that you needed to opt-out of the saved CC.

The next day, your child was walking past the candy store and the candy seller
runs outside and says, "hey kid, you want this candy? its super good and you
can have it for 5 dollars! just take it, its yours!"

kid takes candy, you get charged $5.

and in reality, even the "you can have it for 5 dollars" part is generous.
facebook did not require the game developers to make it obvious when things
cost real money or not.

