I find GoGs policy a nice middle ground to Steam, on one side, and ruining their business as you suggest, on the other.
Hit them where it hurts: state regulators. If you're in New York, for example, complain to the Department of Financial Services (DFS) . They're hard hitting and know what they're doing. (I think California's analog is the California Department of Business Oversight (DBO), though it isn't, to my recollection, as intimidating as DFS.)
Someone should make a list of all local regulatory agencies by location. List all places hat deal with average joes as well as how likely they are to respond to you and how often they win against companies.
I really dislike digital distribution of games and software on this point. While some Steam games I can run offline I am not sure if all of them can be. Plus how do I reinstall?
It is a sad state of affairs when being a buyer on ebay is safer than buying from Steam
I was also under the impression that the card networks frowned upon trying to prevent cardholders from exercising any chargeback right they have with their card. Then again, I have business interests that accept payments via these card networks and I've never even seen the full terms that we supposedly agreed to on the merchant side, so I don't know how I'd check even though we're presumably subject to the same rules, whatever they are.
Cough, ahem, No Man's Sky...
According to Steam I'd played around 40 hours, but in reality most likely <10 hours active and stupidly left the game idling a couple of nights which racked up the hours.
I tried to get a refund from Steam and was refused, I then tried a charge back from PayPal and Steam stepped in and more or less told me that if I continue down this road I'll be locked out of all my games.
A few lessons learned:
1. Don't pre-purchase games
2. Wait a couple of weeks for real gamer reviews
3. Avoid Steam/digital distributions for higher value games.
This has certainly soured me from buying anything costing more than a few quid on Steam.
>> 2. Wait a couple of weeks for real gamer reviews
I know it's hard to do if everyone you know's playing the latest hotness, but if you can wait a few months, you can usually get the game heavily discounted in one of Steam's (or Humble, Green Man or other Steam key sellers) quarterly sales.
I used to buy my games on release date at or near full price, but these days I try very hard to wait as long as I can for them to get heavily discounted. When you pay much less than full price, the sting is lessened if you chalk up too many hours to get a refund.
To be honest NMS is the only game I've paid for prior to the release date, and even then I only paid for it a week beforehand.
I'm not a huge gamer (with the exception of dipping into Eve Online no and then). But NMS was hugely attractive to me, less so from the gamer/press hype, but from all the things Sean had talked about and demo'd.
That'll learn me.
Last month I bought Dishonored 2 for £10 and Deus Ex: Mankind Divided for £8, roughly six months after release (when they were £60).
THIS. I posted my own comment, but I also suffered from the same crash/hang refund issue. The game was so unplayable I gave up, and shut down my Steam link. Unbeknownst to me, it was still running and therefore Steam refused my refund, and didn't reply to my follow up.
And reinstalling the games is easy. You can install a copy on any computer you log into. You just can't play more than one at a time.
If you played a game for more than a couple hours, are you really entitled to a refund? And when you mention "Even games dropped by developers don't matter to Steam" do you mean early access games?
Caveat emptor. Digital distribution won't magically prevent you from buying bad games. Look at reviews, try the game for an hour or two, and ask for a refund if you don't like it.
Tried it twice, works wonders.
in my experience the time limits are related to delivery of the service. for instance, you pay with credit card for a service happening 9 months in the future. if the appointed day arrives, and the service is not performed, there won't be a problem getting a charge back even though the actual charge was 9 months old.
i don't think it's crazy for a software company to want to claim that i'm leasing software from them after a one-time payment, but if that's the case, i also feel like i forever have grounds for the return of my money if they ever break the lease.
To ensure they don't get more chargebacks, they have little choice but to block your account. Most companies will do whatever they can to avoid a chargeback. It's better to start there if you want to maintain a relationship.
Often, the company is happy to rectify the situation if you contact them, because like you said, chargebacks can be expensive per transaction.
In my experience, sometimes consumers will run a chargeback even for legitimate purchases. For example, a spouse will run through a credit card statement and do a chargeback if they don't recognize a purchase, without even checking with their partner. Then, the credit card company often sides with the consumer despite evidence, and if you sold a tangible good, you're SOL.
They're estimated to have stolen from Australians 22,000 times out of ~25m population so you can imagine why they scrambled so hard to change their policies before justice was served in the EU or US.
You can make a new account and use a new credit card I guess, but you still lost your library of games.
they don't need to justify anything. Their platforms, their rules. You signed your rights away when you clicked yes to the EULER.
Of course, you can litegate, but then you'd end up costing more money than you can gain, and probably no one will find it worth the hassle.
"But I can't chargeback if I get irrationally gamer-ragey" is not something I've ever worried about, ever.
Steam's ToS are at odds with federal law in this respect as they say I have a 2 week / 1 hour window to get a refund.
Federal law says I have 60 days and then outlines under what conditions, but they are pretty broad.
Previously I purchased a software license for Gamemaker Studio Master Collection (directly from YoYo, not through Steam thankfully).
This was when Windows 10 was very new, but YoYo claimed it was supported. Turned out it had bugs with some configurations and so it was crashing on launch; completely unusable.
I opened a support ticket and was following up, but they had no idea how long it would take to fix it.
Next thing that happens is they drop the price from about $800 to about $400.
There I was, still unable to use the software and now it was 1/2 the price. So I contacted them again and said, "Look, it's been a month now and you still haven't fixed this and you dropped the price to 1/2 what I paid. I've been really patient, the least you can do is refund me the difference since I still can't even use the software."
They came back and said, "No it was $800 when you bought it you just have to wait until we get it fixed."
At that point I was super frustrated and replied back and said, "I'm done, just refund the entire amount and cancel my license."
YoYo's reply was that they don't give refunds under any circumstances and that it was plainly spelled out in the EULA.
So I called my credit card company and they did a charge back.
Circling back, now they sell through Steam and if this had happened Steam would ban my account and block me from ALL software I had ever purchased from them.
It's unethical and bordering on illegal that Steam takes retaliatory measures against consumers for excercising their consumer credit rights as provided by federal law.
Quite frankly Steam should be on the receiving end of a class action lawsuit.
And if you're really paranoid about it, you can pretty easily back up games and play them with a cracked Steam DLL. It's not a big deal.
Chargebacks are super useful, but they aren't guaranteed and I try to avoid overusing them so that when you need them you know the credit card company will take you seriously.
Just be careful if you intend to keep using Uber - many companies (Steam is notorious for this - folks have lost access to thousands of dollars of games for contesting a single one) will ban you from the service if you do a chargeback.
I've personally used price protection, roadside assistance, extended warranty, and concierge service. Plus many thousands of dollars worth of cash back, points, and miles (probably close to $10,000 total).
OTOH, getting a credit card and paying the full balance every month is S good way to build your credit history and scores.
Mine, for instance, will let me lodge a dispute - however to do so, they cancel my card and re-issue a new one. This means in the N places where my card is in use, I now have to go and update it.
The asymmetry between me as a customer and a large organisation with a faceless customer service is just so big that complaints take too much effort to reach someone that could do something about it (if they were willing to own up to problems, which they usually are not).
Having the legal right to get any fee refunded and getting it are just so far removed that I would wager all money handling services make non-trivial amounts of profits from unjust fees because they can exploit this asymmetry.
Sadly, for me as an individual the right decision is almost always to let it go because my time is more expensive.
Basically they utterly refused to chargeback, or even block future charges to a specific vendor that had been charging me monthly for a service I could not use due to moving. The vendor said their policy was I had to cancel in person, and refused to do anything else.
Amex absolutely did not have my back, and I have one of their higher-tier cards. Absolutely have been looking around at alternatives now though, after basically being told they'll let a vendor continue charging me against my will forever and there was nothing they would do about it. They said take the vendor to court.
I ended up canceling the card entirely and having it re-issued, since even changing the number on your card these days isn't enough to stop monthly recurring billing - of course that feature is for your "convenience".
All in all it was a pretty horrible experience that they resolved in the favor of a vendor that was quite obviously playing the "make cancelation super hard so we can collect monthly payments from people who continue to put it off" game - Amex literally could not have cared less one of their merchants was essentially engaging in barely-legal consumer fraud.
Utterly horrible customer service, and this was via many reps and a couple low-tier CSR managers. It's quite obvious to me why Chase and the like are eating steadily away at the once-stalwart Amex customer base. Prior to that experience I would not have remotely considered a different card due to them always being stellar whenever I needed them, and they usually went above and beyond any expectations I had for customer service. That trust built over the decades with me is now completely gone, and it's obvious they are simply yet another card issuer these days.
Admittedly I could have jumped through their hoops, but I was out of the country at the time and I'm the cut off my nose to spite my face type of person when it comes to companies pulling this type of bullshit. I refuse to jump their their hoops. Started off just wanting to cancel for 6-9 months until I returned to town, but they made the process so amazingly difficult I will never give another gym a dime of business. "Cancel gym membership in person scheduled weeks in advance" is not on most folks list of things to do prior to leaving town unexpectedly.
I did find it amusing the Amex CSR basically told me to book an international flight home to resolve the issue (which amounted to $100/mo or somesuch). I was honestly flabbergasting at the support they gave the merchant, having been an Amex merchant in the past. The vendor must have some strong notes attached to it for me to get so much pushback.
ISPs are one where if you are not a savvy consumer you wont realize that when they say up to X megabits a second that its not only a different unit from megabytes, but that anything 0 <= (actual service) <= X is considered meeting the terms of the contract. ISPs are also the type of company where you call to cancel the service, as the contract allows because you are not locked in, and instead of letting you cancel they give you the run around and send you to person after person to try to keep you online.
While we don't know if OP was in the right here from this story, you must have at least _some_ ability to see where they could be at fault
Them stating I can't stop future payments though has nothing to do with any third party contract that may or may not exist. It's not up to them to enforce that, and in any case I can assure you said contract did not list American Express as a payment method anywhere on it. They enabled a merchant to extort me because I had at one time years before made the mistake of giving them my Amex account number and the merchant purposefully made it impossible to remove.
I keep getting random notifications that "my card has been removed from android pay" from Chase and always have to navigate a phone tree. What's this secret shibboleet code you've found?
Never use debit cards when credit cards are accepted, is my general tip.
(No, I don't work for them or have any real love for banks, but credit where credit is due - pun intended.)
In a sane world it would be considered insane to use something as insecure. Frankly, they should be considered illegal.
I don't give my wallet to the guy I'm purchasing something from and let him extract the necessary funds - why should it be ok to do so on the internet?
That the banks reimburses me for invalid transactions is not a valid approach - that is directly funding criminals.
Generate one-time cards for every purchase, anything less ought to be considered negligence.
Totally agree on debit cards. In theory they have similar protections, but the fact that they remove your money immediately can cause a lot of trouble.
When I asked Amex to cancel or prevent further charges, they refused to do anything without a cancellation number, which I didn't have and couldn't get.
So, your mileage may vary.
This sounds like yet another example of why SMS is not a good second factor. The Uber rep's responses seem to ignore the question of how this account was compromised (instead providing suggestions for good password hygiene), so it's not clear to me whether they even think that the SMS PIN is supposed to provide any security at all.
Assuming this is accurate, I guess it's time to assume there's an unexplained failure in Uber's security/login rules?
The logical fallacy in your answer is in assuming that, just because the customer got an SMS with a TFA code, an attacker did not get the same or subsequent code and use it. We don't know that.
Of course, it's also possible that Uber's TFA is broken ...
But honestly, I hadn't considered the possibility that they triggered an SMS and then got access later, maybe with a second (rerouted) SMS. That's a good point.
You know, that name is becoming customary, but this is not two factor authentication.
Two factor authentication requires that you successfully authenticate on both of two separated channels to gain access. That SMS crap companies keep doing require that you authenticate on any one of two channels to gain access.
I login to $app with my password. $app bounces me to SMS. I then go back to $app with the SMS code.
So I needed my password with $app and the code from the SMS.
But in general, you're right. The problem with SMS as a second factor isn't that it's not two-factor, it's the ease of compromising both factors at once. Hijacking phone numbers is disturbingly easy, and smartphones mean that you can steal one physical token and get both email access (for password reset) and SMS access (for the code).
If it asked for the password (does Uber use passwords at all?) then yes, I was just saying dumb things; please ignore.
You could also immediately cancel/freeze your credit card until you've resolved the issue with your stolen Uber account.
It sucks but it makes sense for the merchant. The bank should return the fees but the exchange rate difference is likely lost.
Also another good reason not to use a debit card for any online transaction. At least with a credit card, no one can take your money while they're settling the dispute.
Currency exchange to RU is relatively stable, but you could imagine being scammed from a country with hyperinflation, where a refund 3 months later denominated in the local currency is worth much less. So in general, it's not adequate to be compensated for international fraud in the fraudster's currency.
It's the merchant fault the card was not protected, we shouldn't really be concerned with what makes sense for the merchant.
As Uber said: They have no control of this. The user should go to their bank, because they provided the service of currency conversion.
Consider the following scenario:
1. I borrow your thing.
2. I break your thing.
3. Oh well, there's literally nothing that can be done about this.
Compare, say, a suit for wrongful death. The principle you describe would in general cap damages at $0. Similarly, if Uber is responsible for stealing $430 from my bank account, that fact that they gave $20 of it away is not a reason for them to return only $410.
Should they make the person whole? Absolutely.
Do they have to? Probably not based on their merchant/banking agreements.
I notice the victim uses Android: Is it rooted? What other random stuff do they have installed? etc. etc. - because that will make a huge difference.
Money can't be "stolen" from your Uber account.
Someone can find out your password to your Uber account the same way they could get your password for any website. Then they log in as you, and take trips using your account. Your card would then be charged for the trips.
It's OP's fault that someone found out their password. Uber was nice and refunded them for the trips.
Except the account in the article had two factor auth enabled. Someone triggered the second factor (a text message) then logged in without access to it. That's the question at the heart of "how did this attack happen?"
It is certainly possible that Uber's TFA system is compromised, but that's not the only explanation.
In 2015 my Uber account was hacked and 1k was taken from my bank account. Uber knew/knows about their users getting hacked and their PR was it's the users fault for using a bad password. Also then I tried to cancel my Uber account via their site but there is no option that lets the user do so only can be done by contacting/waiting for a support person to do so. It took them a few days to cancel my account.
Needless to say I loathe then for this reason followed by all their other horrid behavior!
I think it's nice of Uber that they refunded OP's trips even though it wasn't their fault that OP's account was compromised. And it makes sense that they just suggested using a strong password. What else could they do?
The article strongly suggests this isn't the case, though. OP had TFA active, but Uber allowed access to his account without without requiring the passcode they texted him. We don't know exactly what happened, because the support rep dodged the TFA question every time, but it doesn't appear to be a proper outcome.
I'd just like to point out that if the currency value changed the other way, he would be refunded more money.
I actually wondered where is that money technically going in this case. I rented a car abroad once, a block of 3000 Euro was put on my card, then when it was released I got less money back than it blocked originally since the currency rate has changed. So someone made money on just blocking that money for a few days, but who? The bank?
When a currency exchange happens, say from EUR to USD, it has a different exchange rate from USD to EUR. When the retailer 'refunds' you, the transaction isn't just cancelled or reversed, you are credited the amount of the original charge (in the retailer's currency), so there is a different exchange rate.
For example, on the VISA Europe  site you can see the exchange rate for EUR to USD yesterday was 1 EUR = 1.11661 USD, but the other way around it is 1 EUR = 1.12399 USD.
Interestingly, I had someone steal my debit card several years ago, and they went to CVS or Walgreens (can't quite remember). They purchased Visa gift cards, and had video of the transaction in which my card was used to purchase a Visa gift card, so they should be able to have Visa provide the information about the stolen card or at least void it, but they will not. For some reason, Visa et al have decided that it's better for them to just eat the several hundred dollar cost of the card.
I think some people are unaware of this and think that just refunding the money to a customer means things are back to square one.
If the consumer initiates the chargeback, it will be handled in the consumer's currency. Which will result in a fun reconciliation problem for the business.
If the company initiates it will be done in the currency it was originally charged in. Which will give the consumer more or less money depending on exchange rates.
And to be fair to Uber, they don't have control over foreign transaction fees or changing forex rates. This just as well might have worked out in the author's favor. Uber could curry some goodwill by covering the forex losses and transaction fees in this case, especially since it came out to about $20, but God knows that that's not their MO.
If Uber can't find and plug the hole for fraud pathways before the criminals scale them, they will lose their shirts on chargebacks.
The title gives the impression that your credit card can be used for transactions outside of Uber by attackers.
> I'm so sorry to hear for any alarm this may have caused
> I'm sorry to hear about such a frustrating experience
> and I can totally understand your frustration here.
> My pleasure to get this sorted out for you. I'm sorry to hear this wasn't the 5-star experience
> I certainly understand your concern
Knock that shit off, please? We all know it's bullshit.