$245 million FTC settlement alleges Fortnite owner Epic Games used digital dark patterns to charge players for unwanted in-game purchases AND MORE “SCAMMERS” ALERTS!!!

https://www.ftc.gov/business-guidance/blog/2022/12/245-million-ftc-settlement-alleges-fortnite-owner-epic-games-used-digital-dark-patterns-charge?utm_source=govdelivery

By

Lesley Fair

December 19, 2022

AddThis Sharing Buttons

Share to FacebookShare to TwitterShare to LinkedIn

The FTC’s $275 million proposed settlement with Epic Games, owner of Fortnite, alleges the company violated the law by collecting personal information from kids under 13 without parental consent and by enabling voice and text chat by default – an unfair practice that put kids and teens in risky contact with strangers. But to borrow a phrase from advertisers, “But wait! There’s more!” Much, much more in the form of a separate $245 million proposed settlement with Epic Games for using digital dark patterns to bill Fortnite players for unintentional in-game purchases.

How much money can a company take in by selling virtual costumes, dance moves, and piñatas shaped like llamas? It won’t surprise Fortnite fans to hear that the answer is billions, especially when, as the FTC alleges, Epic used a host of digital design tricks – dark patterns – to charge consumers for virtual merchandise without their express informed consent. What’s more, the FTC says when people disputed unauthorized charges with their credit card company, Epic locked their accounts, depriving them of access to content they had already paid for. The proposed FTC consent order is the agency’s largest administrative settlement to date. Continue reading for some insightful – and instructive – quotes from consumers and employees who didn’t hold back about their opinions of Epic’s tactics.

For the technological Rip Van Winkles among us, Fortnite is a hit video game with more than 400 million registered users, many of whom are kids. Although people can play the basic version for free, Epic charges for in-game purchases designed to enhance game play. The FTC alleges that with millions of consumers’ credit cards conveniently in hand, Epic failed to adequately explain its billing practices to customers and designed its interface in ways that led to unauthorized charges. You’ll want to read the complaint for details, but here are a few of the dark patterns the company allegedly used.

According to the complaint, Epic set up its payment system so that it saved by default the credit card that was associated with the account. That meant that kids could buy V-Bucks – the virtual currency necessary to make in-game purchases – with the simple press of a button. No separate cardholder consent was required. And although the currency was imaginary, the charges Epic packed on to Mom or Dad’s credit card were very real. What did parents and users have to say about Epic’s methods? Here are some examples:

• “Hello Epic Games, The charges associated with this account were made without my authorization. This account is associated with my 10 year old son’s account and I am really disappointed that there is no check and balances that alerted me of these charges, and a 10 year old can purchase coins worth almost $500 so easily.”
• “Epic Games is swindling parents with unauthorized game purchases, tricking young consumers & using shady practices for billing. I authorized a 1-time Epic Games purchase for my 11 yr-old son, only to discover EG did NOT erase my credit card info, & thus my son has been making unauthorized purchases, racking up $140 in less than 8 days after the initial authorized purchase.”

Epic’s own Fraud and Risk Consultant expressed similar concerns internally and recommended that the company require account holders to confirm their CVV numbers before charging the card on file: “This is standard / best practice and it prevents kids from using mom’s credit card without her permission[.]” However, by the time Epic finally took that advice, the company had already billed account holders for millions of V-Bucks transactions – many of which were unauthorized, according to the FTC.

Another dark pattern alleged in the FTC’s lawsuit is Epic’s design of in-game purchases in a way that made it easy for an inadvertent button push to lead to unwanted charges. For example, for users playing Fortnite on the small screen of a smartphone, the company placed the button to preview merchandise very close to the purchase button. The upshot: One misaligned click by a user still in the window shopping phase and Epic immediately deducted the cost of the item from the player’s V-Bucks balance. Users also reported unwanted purchases when the game was waking from sleep mode or in a loading screen.

What’s more, the FTC says Epic used inconsistent and often counterintuitive designations for the buttons, an alleged digital dark pattern that also led to unauthorized charges. For example, when playing Fortnite using the PlayStation controller, the button to preview merchandise has a cross on it while the button to buy certain items has a square. But for other items, those functions are reversed. Users who press the square can preview items, but users who press the cross are charged.

Epic was undoubtedly aware of the consequences of its design choices, given what users were reporting to the company:

• “I’d like to raise a concern I have with the in-game store – there is no ‘confirm purchase’ button when you go to buy a skin/glider/axe….The reason I say this is because about 2 months ago I accidentally misclicked ‘purchase’ on a glider I had no intentions of buying. It instantly just took the V-Bucks and that was that….”
• “I accidentally purchased a skin using my V-Bucks when I just meant to rotate it and check it out. Fat-fingered the ‘Square’ button on the PS4.”
• “We are really disappointed that you are unable to help us as we feel my Sons V Buck accidental spend would have been avoided if your systems had more confirmation steps before buying items. Most other games companies have clear steps before you can purchase, e.g. item goes into basket, then questions asking ‘are you sure you want to purchase this?’, ‘Press this button to complete your purchase’. Your purchase process has none of these steps and we believe that it’s designed to take advantage of young users and accidental purchase.”

All told, the company received more than a million complaints about unwanted charges. And it wasn’t just customers. Epic’s own employees raised concerns about unwanted charges and repeatedly recommended measures to address them. For example, one employee described the company’s failure to include a confirmation screen for sales as “a bit of a dark UX [user experience] pattern.” But among Epic’s reasons for rejecting that suggestion was a concern it would reduce the number of “impulse purchases.”

In addition, the FTC alleges that Epic set up roadblocks that hindered users’ ability to reverse unauthorized charges. For certain purchases, Epic imposed a flat “no refunds” policy. For other inadvertent buys, the FTC says Epic “deliberately requires consumers to find and navigate a difficult and lengthy path to request a refund through the Fortnite app,” hiding the button in a hard-to-find location under the “Settings” tab.

What if users went to their credit card companies to dispute unauthorized charges? According to the complaint, Epic locked them out of their Fortnite accounts, denying them access to the merchandise they bought that wasn’t the subject of the credit card dispute. 

To settle the case, Epic has agreed to pay $245 million, which will be used to provide refunds for consumers. In addition, the proposed order mandates an overhaul of the company’s billing and dispute practices and bars the use of dark patterns to get consumers’ consent. Once the proposed settlement is published in the Federal Register, the FTC will accept public comments for 30 days.

The message for other companies should be clear. Take steps to avoid the dark patterns alleged in the Fortnite complaint and others outlined in the FTC report, Bringing Dark Patterns to Light.

Look at your website or app through the eyes of consumers. UX – user experience – is the current term, but it harkens back to a consumer protection fundamental: Be transparent about your billing practices. Consumers who check their accounts or view their credit card statements should never be taken by surprise.

Exercise particular care where kids are concerned. When it comes to box fighting or bunny hopping, kids may be skilled Fortnite players. But it’s a mistake to presume they have a similar sophistication about how in-game purchases work.

Rethink your refund practices. According to the complaint, an Epic employee who helped design the refund request path reported that during testing, he put the link in an obscure location in an “attempt to obfuscate the existence of the feature” and that “not a single player found this option in the most recent round of UX testing.” When the designer asked if he should make the feature easier to find, he was told by a superior, “it is perfect where it is at.” The moral of the story: Hiding the method customers must use to ask for a refund isn’t a good look for a company, and it’s not a strategy your business should implement.

Read your mail and listen to your employees. In many of those one million complaints Epic received, users gave the company an earful about exactly how its billing practices let them down – and Epic’s own employees echoed the same concerns. Companies that want to foster goodwill and avoid legal hot water should listen more carefully to customers and staffers.

Are you a Fortnite customer with a refund question? Bookmark the FTC’s Fortnite page and sign up for email updates. You’ll be contacted when more information is available.

________________________________________________________

https://www.ftc.gov/business-guidance/blog/2022/12/record-setting-ftc-settlements-fortnite-owner-epic-games-are-latest-battle-royale-against-violations?utm_source=govdelivery

Business Blog

Record-setting FTC settlements with Fortnite owner Epic Games are the latest “Battle Royale” against violations of kids’ privacy and use of digital dark patterns

By

Lesley Fair

December 19, 2022

AddThis Sharing Buttons

Share to FacebookShare to TwitterShare to LinkedIn

Two separate settlements with Epic Games, owner of the massively popular online game Fortnite, send the unmistakable message to business that the FTC means business when it comes to enforcing online protections for kids and fighting back against dark patterns designed to rack up charges without consumers’ express consent. If that isn’t enough to make companies take notice, perhaps these numbers will. Epic will pay a record-shattering $275 million civil penalty for alleged violations of the Children’s Online Privacy Protection Act. The company will turn over an additional $245 million for allegedly using dark patterns to dupe millions of Fortnite players into making unintentional purchases, the largest FTC administrative settlement ever. This post will focus on the FTC’s allegation of COPPA violations and on Epic’s choice of default settings, which allowed strangers to communicate with children and teens under 18. Subscribers to the Business Blog can expect a second post shortly that will take a deep dive into how the FTC says Epic used design tricks to zap Fortnite players with unauthorized charges. You definitely don’t want to miss Part 2.

First, a refresher about what the COPPA Rule requires. Section 312.3 makes it clear that the Rule covers operators of child-directed sites and online services – a determination made by evaluating the subject matter, visual content, use of animated characters or child-oriented activities and incentives, and other factors – and operators of sites and online services who have actual knowledge they’re collecting or maintaining personal information from a child under 13. If a company is covered by COPPA, it must (among other things) get verifiable parental consent before collecting, using, or disclosing personal information from children under 13.

According to the FTC, a substantial number of the 400 million people who play Fortnite are kids under 13, and through its registration process, Epic collected kids’ personal information – including their full names, email addresses, and usernames – without getting their parents’ consent. The complaint cites a number of factors to establish that Fortnite is a “child-directed” service. First, there’s a 2019 survey reporting that 53% of U.S. children aged 10-12 played Fortnite weekly, compared to 33% of teens between 13 and 17, and 19% of those between 18 and 24. The style of game play is relevant, too, including Fortnite’s cartoon-like graphics and colorful animation. Indeed, according to the complaint, Fortnite has proven so popular with children that Epic Games has approved licensing deals – and pocketed millions of dollars – for Fortnite-branded merchandise aimed at kids, including children’s clothing, Halloween costumes, school supplies, and toys.

Other persuasive evidence came from Epic’s own employees. The complaint quotes statements like “We want to be living room safe, but barely. We don’t want your mom to love the game – just accept it compared to alternatives,” “Agree with the idea that, generally, all theming should be relevant to a 8-14 y.o., as a litmus test,” and “We are NOT adult: experience must allow for parental comfort for ages 10+.”

The FTC alleges that Epic launched Fortnite with no parental controls and minimal privacy settings. Instead, the company included one paragraph toward the end of a lengthy Privacy Policy, disavowing that it was kid-directed. Thus, for two years, Epic allegedly took no steps to seek parental consent before collecting children’s personal information. Furthermore, as the complaint alleges, “Even when Epic obtained actual knowledge that particular Fortnite players were under 13, Epic took no steps to comply with COPPA” during this timeframe. The company finally instituted an age gate in 2019, but Epic didn’t apply it to most of the hundreds of millions of Fortnite players who already had accounts. The complaint alleges that Epic violated COPPA by failing to honor the requirements designed to ensure that parents – not companies – are in control of kids’ information online.

But according to the FTC, Epic’s law violations didn’t end there. In designing Fortnite to match users to play the game together, Epic set it up by default that players could engage in direct, real-time voice chat with other players. Given the number of Fortnite players who were young kids or teenagers, the inevitable result was that children and teens were often matched with strangers.

Epic’s then-Director of User Experience spotted the problem early on. Noting that “surely a lot of kids” are playing Fortnite, the Director of User Experience urged Epic leadership to institute “basic toxicity prevention” mechanisms to “avoid voice chat or have it opt-in at the very least.” An Epic employee raised a similar concern after a high-profile gamer verbally harassed a young player while publicly streaming to an audience of thousands. As the employee acknowledged: “. . . we honestly should have seen this coming or [at least] expected this with an on-by-default voice chat system. Situations like this are bound to happen . . .”

Another employee summed up the problem this way: 

I think you both know this, but our voice and chat controls are total crap as far as kids and parents go. It’s not a good thing. It was on my list a year ago, but never bubbled to the surface. This is one of those things that the company generally has weak will to pursue, but really impacts our overall system and perception. I’ve made a COPPA compliant game and we are far from it, but we don’t need to be that far . . .

 How did Epic respond to its own employees’ concerns? According to the FTC, with lip service – followed by crickets. Despite entreaties from its staff, Epic chose to maintain its on-by-default in-game communications that allowed personal interactions between kids and strangers. When the company introduced a toggle switch allowing Fortnite players to turn voice chat off, the FTC says the control was buried on a hard-to-find settings page. Furthermore, even after Epic ultimately implemented an age gate, the FTC says the company continued to enable direct communication by default for all players, including those who identified themselves as under 13 or teens.

The complaint outlines disturbing allegations of how Epic’s choice of default settings resulted in harm to kids and teens, including threats, bullying, and sexual harassment. Numerous news stories reported that predators had coerced youngsters they met through Fortnite into sharing explicit images or meeting offline for sexual activity. In addition, some kids and teens were exposed to traumatizing encounters involving self-harm, suicide, and suggestions by others that a player “kill themselves.” As one parent reported to Epic, “This morning, while on Fortnite, my 9 year old son had a ‘friend’ (someone he doesn’t know in real life, but has been playing with for months) tell him that he was going to kill himself tonight. It shook him to the core.”

In addition to the $275 million civil penalty, which by law goes to the U.S. Treasury, the proposed court order prohibits Epic from enabling voice and text communications unless parents of users under 13 or teenage users (or their parents) give their affirmative consent through a privacy setting. Epic also must delete personal information previously collected from Fortnite users in violation of COPPA’s parental notice and consent requirements unless the company obtains parental consent to retain that data or the user identifies as 13 or older through a neutral age gate. To protect kids and other users in the future, Epic must establish a comprehensive privacy program that addresses the issues challenged in the FTC complaint.

What can other companies take from the record-setting settlement?

Companies can’t disclaim their way out of COPPA coverage. Simply saying your business isn’t covered by COPPA doesn’t absolve you of your legal obligations. The COPPA Rule includes detailed definitions of the sites and online services subject to the law’s protective provisions. If there is any doubt in your mind about whether COPPA applies to your business, now is the time to clear up that ambiguity.

Listen to what your employees are telling you. When a knowledgeable staffer says, “Houston, we have a problem,” take their concerns seriously. One of a company’s best tools for reducing the risk of legal quicksand is a staff that feels empowered to call management’s attention to potential difficulties. 

Default settings that harm consumers can be unfair under the FTC Act. As the complaint alleges, Epic’s choice to configure its system for on-by-default voice and text chat injured both kids in the under-13 COPPA age group, as well as teens. Think through the potential for harm your default settings could have for users of all age groups. 

Looking for COPPA compliance resources? Visit the FTC’s Children’s Privacy page. And be sure to read the follow-up Business Blog post about the FTC’s challenge to Epic’s use of digital dark patterns.

_________________________________________________________

https://consumer.ftc.gov/consumer-alerts/2022/12/gift-privacy-fortnite-players?utm_source=govdelivery

Consumer Alert

The gift of privacy for Fortnite players

By

Amy Hebert

Consumer Education Specialist

December 19, 2022

AddThis Sharing Buttons

Share to FacebookShare to TwitterShare to LinkedIn

Did you just read about the FTC’s settlement with Epic Games related to in-game charges in Fortnite resulting in $245 million in refunds for some parents and players? Well, there’s a Part 2: the FTC has reached another settlement with Epic about its handling of privacy for kids and teens who played Fortnite.

When playing Fortnite, you might get matched up with other players to battle it out until there’s just one player or team left. Those players include kids and teens who make up a big part of the hundreds of millions of people who play Fortnite. And it also includes adults — anyone really.

What’s the problem? The FTC says the game’s default settings were not private — voice and text chat were automatically on, and turning that off was not easy. That meant players’ voices, including kids and teens, were automatically broadcast to friends and strangers alike. That also meant anyone who saw your kid’s display name, which was also automatically public, could send a friend request. So strangers could play with — and potentially talk and chat with — them again. This, says the FTC, resulted in kids being bullied, threatened, and harassed, including sexually, through Fortnite. For two years, Epic also didn’t get parents’ permission to collect information from their kids under 13 — something required by the Children’s Online Privacy and Protection Act.

To settle the FTC’s charges, Epic has agreed to change its default settings for kids and teens from public to private, so it blocks open voice and text chat by default. Epic will also put a privacy program in place and pay a $275 million penalty to the U.S. Treasury. (While there won’t be refunds under this settlement, you might be eligible for money back if you were unfairly charged. Learn more at ftc.gov/fortnite.)

If you’re a parent, new games are almost certainly in your future this holiday season. Before your kids or teens start playing:

• Know that usernames might be public. Talk about usernames. The best ones won’t include a user’s real name or other personal details about them.
• Check the privacy settings in the game.  If the settings are hard to find or hard to make changes to, tell the FTC.

If you think a company is breaking the rules when it comes to you or your kids’ or teens’ privacy, tell the FTC at ReportFraud.ftc.gov.

________________________________________________________

https://consumer.ftc.gov/consumer-alerts/2022/12/need-help-spotting-avoiding-and-reporting-scams-start-money-matters?utm_source=govdelivery

Consumer Alert

Need help spotting, avoiding, and reporting scams? Start with Money Matters

By

Sam Levine, Director, Bureau of Consumer Protection

December 16, 2022

AddThis Sharing Buttons

Share to FacebookShare to TwitterShare to LinkedIn

Image

As 2022 winds down, many of us are still feeling the financial effects of the pandemic: from finding work to buying or renting a home; from getting loans to simply making ends meet. And as we work to recover our footing, scammers are trying to take advantage. But help is on the way.

The FTC’s new website, ftc.gov/Money Matters (in Spanish: ftc.gov/AsuntosDeDinero) has your back as you spot, avoid, and report scams — and as you help others protect their bottom line. Let’s say you need to see if a job offer you got is legit: start at Money Matters. Maybe you want to help a friend know how to spot scams when trying to rent an apartment: start at Money Matters.

Or you could be up for doing a presentation in your community. Because you know what the FTC knows: that when people have heard and talked about scams with someone they trust (that’s you, by the way), they’re less likely to pay a scammer. Money Matters has your back there, too, with ready-to-go presentations you can give on everything from credit to car-buying to prize scams.    

If you’re more into sharing online, you’ll find graphics on all the topics, in English and Spanish, to share with your social media followers. Along with this video, which we hope you’ll watch and share. Because none of us are immune to the far-reaching financial impact of COVID-19, and scammers target all of us. So help the people you care about know how to spot, avoid, and report scams: share Money Matters however you can in your community. It’ll make a difference.

Topics

Shopping and Donating

Jobs and Making Money

Education and Training

Scams

Job Scams

Car Buying Scams

Debt and Credit Scams

Money-Making Opportunity Scams

Prize and Grant Scams

Student Loan and Education Scams

Rental and Housing Scams

______________________________________________________________

https://consumer.ftc.gov/consumer-alerts/2022/12/what-do-if-your-online-order-never-arrives?utm_campaign=abtp1&utm_content=a-cta&utm_medium=email&utm_source=govdelivery

Consumer Alert

What to do if your online order never arrives

By

Colleen Tressler, FTC, Division of Consumer and Business Education

December 12, 2022

AddThis Sharing Buttons

Share to FacebookShare to TwitterShare to LinkedIn

Image

We’ve all been there. During the holidays you order something online and anxiously await its arrival. But then your package doesn’t come when the seller said it would. And worse, you hear nothing. Your happy anticipation is turning to anger and frustration. So now what?

If you didn’t get your stuff:

• First, contact the seller. Most businesses will work with you to resolve the problem and keep you as a customer.
• If that doesn’t work, you still didn’t get your order and the charge shows up on your credit card statement, dispute the charge.
• If you paid by debit card, contact your debit card company (often your bank or credit union). Ask if they can help you. This sample letter for disputing debit card charges can help.

Sometimes, you can head problems off by doing some research before buying from an unfamiliar online store.

• Check out the company or product. Search online for the name plus words like “review,” “complaint,” or “scam.” See what other people say about it. And read the seller’s description of the product carefully. If they offer name-brand goods at steeply discounted prices, they might be fakes.
• Pay by credit card. You’ll get protections under federal law, so you don’t have to pay for things you ordered but didn’t get.

A word on timing, as the holidays approach: online sellers have to ship when they (or their ads) say they will. (The law says so.) If they don’t ship then, they have to tell you (and give you a chance to cancel and get a full refund). If they don’t give a shipping date, they have 30 days to ship from the date of your order.

If you suspect a scam, report it to the FTC at ReportFraud.ftc.gov.