Newly unsealed court documents show that Facebook was aware that underage children routinely used their parents’ payment information to spend large sums of money on in-game purchases, and the company chose not to fix the problem. For years, it allowed for what it called “friendly fraud” because it feared implementing protections would harm revenue, according to the documents.
In 2016, Facebook settled a class-action lawsuit brought by parents of children who were tricked into unwittingly making purchases with real money while playing free video games hosted on the social media platform. Despite its recognition of the problem, internal discussions show that Facebook decided it would be best to fight refund requests and allow the problem to persist.
Documents related to the case were placed under seal because Facebook successfully argued that releasing them to the public could harm its business. Reveal, a publication run by the Center for Investigative Reporting, argued that these documents were in the public interest, and last week a judge granted Reveal’s request to release the documents.
On Friday, 135 pages from the court proceedings were unsealed, though Facebook was allowed to maintain some redactions.
The documents include internal discussions between employees debating whether or not they should provide a refund (chargeback) in cases where it was abundantly clear that a child had used their parents’ payment information without their permission.
In one such case, two employees discuss charges amounting to $US6545 ($9221), and acknowledge that the child claims to be 15 years old but looks younger. The child is referred to as a “whale”, a term used to indicate a user who is a big spender. One employee asks if they should process the refund but are advised not to do so. “Agreed. Just double checking,” the first employee replies.
The documents come from 2010-2014 and demonstrate that Facebook was well aware of kids were playing simple games such as Angry Birds and purchasing virtual items without their parents’ knowledge. One internal study of the issue concluded, “In nearly all cases the parent knew their child was playing Angry Birds, but didn’t think the child would be allowed to buy anything without their password or authorization first (like in iOS).”
In 2011, Tara Stewart, a risk analyst for Facebook, studied the issue and suggested that the company begin requiring users to enter the first six digits of a credit card used for payments on certain games.
Stewart ran a survey of Facebook users and found that many parents were not aware that Facebook stored their payment information after entering it one time. They also found that the kids weren’t aware of what they were doing. “It doesn’t necessarily look like ‘real’ money to a minor,” Stewart wrote.
She ran a test to see if the entering the cards first six-digits would reduce these unwanted charges and the results were encouraging. She also said it would “make sense to start refunding for blatant FF-minor”. The abbreviation “FF” stood for “Friendly Fraud”, the term Facebook used to refer to these fraudulent purchases which were made without malicious intent.
Despite this obvious solution, Facebook decided that it would harm revenue and elected to continue fighting refund requests for the foreseeable future, the documents show.
Rovio, the makers of Angry Birds, also noticed that refund requests from Facebook purchases were unusually high and wrote to Facebook expressing concerns.
After taking a look at the issue, a Facebook employee concluded that around 93 per cent “of the refunds are being made due to friendly fraud refund requests”. They said that building in a way to prevent the issue would harm revenue, but Facebook could give Rovio special attention for monitoring transactions.
“I think we all agree that it is really Important for Angry Birds to be a success story so if they are really concerned about the refund rate we can increase our focus on their transactions and our processes around them to try and lower their refund rate,” they wrote.
In 2012, Glynnis Bohannon filed a lawsuit against Facebook after her son inadvertently spent $US610.40 ($860) on a game called Ninja Saga. Bohannon was frustrated by her inability to get Facebook to refund her money and was quickly joined in the lawsuit by other parents. In 2016, Facebook decided to settle the case, paying two families $US5000 ($7044) and agreeing to change its practices.
When contacted for comment on the case, a Facebook spokesperson sent Gizmodo the following statement:
We were contacted by the Center for Investigative Reporting last year, and we voluntarily unsealed documents related to a 2012 case about our refund policies for in-app purchases that parents believe were made in error by their minor children. We have now released additional documents as instructed by the court. Facebook works with parents and experts to offer tools for families navigating Facebook and the web. As part of that work, we routinely examine our own practices, and in 2016 agreed to update our terms and provide dedicated resources for refund requests related to purchases made by minors on Facebook.
Just because this civil case is settled doesn’t mean that lawmakers won’t take an interest in it. At the most recent oversight hearing of the US Federal Trade Commission by the Senate Commerce Subcommittee on Consumer Protection, several senators expressed particular interest in making sure the agency is taking measures to protect kids from predatory online activity.
Senator Ed Markey raised concerns about YouTube channels targeting children with deceptive toy reviews, and Senator Maggie Hassan secured a pledge from FTC Chairman Joseph Simons to launch an investigation into the video game industry’s use of loot boxes in games targeting children.
Starting in August, Facebook’s stock price began to spiral before getting a slight bounce at the beginning of the new year. On Friday, The Wall Street Journal published an opinion column from Facebook CEO Mark Zuckerberg titled “The Facts About Facebook”, that was clearly aimed at assuaging investor fears. Zuckerberg admitted that his company’s business model “can feel opaque, and we’re all distrustful of systems we don’t understand”.
But that assessment completely ignores the times that Facebook has recognised a problem but elected to do nothing about it out of fear of harming its reputation and/or profits. There are plenty of understandable reasons to distrust Facebook, and the only person who doesn’t seem to understand that is Zuckerberg.