Facebook tricked kids into in-game purchases, say privacy advocates – Naked Security

[ad_1]

In 2011, Glynnis Bohannon’s 12-year-old son handed her $20. In exchange, she let him use her credit card so he could spend $20 on “Facebook Credits” to use in the Ninja Saga game.

At least, that’s how much he, and she, thought they were spending. A year and nearly a $1,000 worth of credit card charges later – he didn’t know that virtual currency came with a real-world cost – Ms. Bohannon and another exasperated, cash-sapped parent filed a class action lawsuit against Facebook.

Facebook was ordered to refund parents when the suit was settled in 2016, but the repercussions are still rippling out after a court granted a request to unseal the legal documents, made by the Center for Investigative Reporting (CIR).

On Thursday, more than a dozen groups that advocate for children’s rights said they’re asking the Federal Trade Commission (FTC) to investigate whether Facebook has engaged in illegal, unfair or deceptive practices by enticing children to spend money on in-game purchases without their parents’ consent.

After looking over 135 pages of documents unsealed last month, the CIR says that internal Facebook memos, “secret strategies” and employee emails paint what it calls a “troubling picture” of how Facebook conducted business between 2010 and 2014.

The judge allowed Facebook to keep some documents sealed. What’s come into the light of day paints an extremely unflattering portrait of the company, and that’s saying a lot for Facebook.

Some of the unsavory practices of monetizing kids that are revealed in the documents:

“Friendly fraud”

One memo sought to explain “friendly fraud” (FF) – Facebook’s term for children spending money on games without parental permission – to explain “what it is, why it’s challenging, and why you shouldn’t try to block it.”

  • Facebook encouraged game developers that FF was a positive when it came to maximizing revenues, according to an email titled “developer education for loss insights” that outlines the company’s game strategy.
  • Another internal document refers to situations in games where children didn’t even know they were spending money. Facebook knew all about this, the CIR says:

    Their own reports showed underage users did not realize their parents’ credit cards were connected to their Facebook accounts and they were spending real money in the games, according to the unsealed documents.

    In fact, in that report, it’s suggested that maybe Facebook should just refund parents. Facebook chose to ignore such warnings from its own employees for years. Instead, it told game developers that it was focused on maximizing revenues.

  • Another document is a transcript of a discussion between Facebook employees after parents found out how much their kids had spent. In one case, a 15-year-old racked up $6,545 during two weeks of gameplay on Facebook. Facebook employees call such children “whales” – a term used in the casino industry to describe profligate spenders. Such children could blithely rack up big bills by purchasing in-game features such as crop-unwilt in FarmVille, for example, or magic spells, or flaming swords, or any of the other features that help game players. In the conversation about the $6,545 credit card bill that resulted from such naivety, the Facebook employees recommend not refunding the parent.

Parents who couldn’t get a response from Facebook, be it from emailing or phone messages, were forced to turn to the Better Business Bureau, or their credit card companies, to get their money back, according to the CIR.

Facebook made a clear decision

The CIR said that the revenue that Facebook made from “bamboozling” children had such large chargeback rates – that’s when credit card companies had to claw back money on behalf of parents – that it far exceeded what the FTC judges to be a red flag for deceptive business practices. All of this went on for years, the CIR said:

Despite the many warning signs, which continued for years, Facebook made a clear decision. It pursued a goal of increasing its revenues at the expense of children and their parents.

Facebook employees not only knew about the problem of FF; they also came up with a solution… that was ignored. To reduce credit card company chargebacks, Facebook employee Tara Stewart suggested to colleagues that the company should just refund money to parents when their kids clearly used their credit card without permission.

A few months earlier, she’d launched a test project to help Facebook reduce chargebacks by requiring children to re-enter the first six digits of the credit card number on certain games before they could spend money. It worked, according to internal documents: It lowered the number of refund and chargeback requests from children.

It had one problem, though: it would have denied Facebook a sizeable chunk of revenue.

In response to a report that found that Angry Birds had a sky-high refund rate of 5-10% (a 2% chargeback rate being what the FTC calls a “red flag” about a “deceptive” business), one Facebook employee wrote:

If we were to build risk models to reduce it, we would most likely block good TPV [total purchase value].

…In other words, revenue.