Facebook created a system that allowed children to spend tens of millions of dollars through their parents’ credit cards and Paypal accounts on games and other goods without their parents’ knowledge and, despite concerns raised by game developers and solutions suggested by internal analysts, did nothing to fix the issue, according to a trove of documents unsealed from a 2012 class action lawsuit.
The more-than 150 pages of depositions, analysis, internal reports, and exhibits were unsealed following a motion filed by the Center for Investigative Reporting’s Reveal publication in the Bohannon vs. Facebook case. The documents seem to lay out a clear timeline of how Facebook reshaped itself to open access to its once adult-only website to children, clearing the way for significant unauthorized spending.
Reached for comment Friday by Variety, Facebook shared the following:
“We were contacted by the Center for Investigative Reporting last year, and we voluntarily unsealed documents related to a 2012 case about our refund policies for in-app purchases that parents believe were made in error by their minor children. We have now released additional documents as instructed by the court. Facebook works with parents and experts to offer tools for families navigating Facebook and the web. As part of that work, we routinely examine our own practices, and in 2016 agreed to update our terms and provide dedicated resources for refund requests related to purchases made by minors on Facebook.”
It wasn’t until 2009, a year after Facebook started selling goods and games on its site, that the company changed its policy to allow children 13 and older to create accounts. In 2010, the company introduced Facebook Credits, which one risk operations analyst for the company noted “doesn’t necessarily look like real money to a minor.” From Feb. 23, 2008 to June 25, 2014, Facebook pulled in more than $28 million through more than 13 million transactions for the purchase of Facebook Credits from people under 18 living in the United States alone, according to the unsealed documents.
In early 2011, Facebook was already looking through its data to see just how significant an issue children spending their parents’ money in games was on their service. More specifically, they were looking at how often the parents of those children were seeking to get the money back.
The study looked at accounts belonging to users 17 and under that spent credits between October 2010 and January 2011 and included about 88,000 users. The internal study found that the roughly 3,500 accounts tagged as being underaged spent roughly $755,000 and the remaining 84,000 accounts spent a “whopping $3.6 million.”
Following that study looking into the company’s refund policy, a second examination of the rising problem was kicked off along with a test program for a possible solution. Codenamed First-6, the idea came out of a boot camp and an internal discussion entitled “the financial impact of permitting minors to spend Facebook Credits.”
In 2011, Facebook risk operations analyst Tara Stewart wrote an email to an internal group about her progress on the “friendly fraud inflow project.” The idea was to cut down on accidental or fraudulent spending by children and the elderly. Specifically, the test program targeted users under the age of 17 and over the age of 90 who spend $75 or more in a single transaction on three specific games: “Pet Society,” “Backyard Monsters,” or “EA Sports FIFA Superstars.” Stewart ran the test program from August 2011 to October 2011, according to the email.
Stewart created a filter that identified people who matched her targeted group and then asked them to reenter the first six digits of their on-file credit card. Based on her initial tests, the program seemed to be a success, reducing the number of chargebacks for “friendly fraud,” an internal phrase used to typically describe children using their parents’ credit cards or Paypal accounts.
“It forces the minor to prove he is in possession of the credit card,” she wrote in an email. “Often refunds … occur because a parent permits his child to spend a small denomination and doesn’t realize that the credit card info will be stored. Obviously, some kids will be able to grab the credit card again or write the info down, but this will hopefully curb the spending of the least savvy minors.”
Her work on the program also surfaced some seemingly easy-to-fix problems. She noted, for instance, that most of the games with high chargeback rates were defaulting to the highest-cost setting. In other words, the default for purchase was the highest dollar amount unless the user changed it. She also noticed that children are more likely to make a series of purchases in a row.
Unfortunately, her work also noted that the First-6 solution came with a cost. While the new rule lowered the amount of “friendly fraud” it also “blocked a fair amount of users from purchasing.” On a larger scale, she wrote, “it could decrease the denominator of the segment we are targeting.” Despite that, Stewart still recommended the system’s use for “lower threshold users.” But Facebook seemingly ignored the recommendation.
The issue came up again the following year, but this time from an external game developer.
In February, 2012, a lead server programmer at Rovio emailed Facebook to ask why they were seeing such a high refund rate for “Angry Birds” spending on Facebook. The rate, according to Rovio, was 5% to 10%. “This seems quite high to me, but it might just be normal for games on Facebook. Can you give us an indication of what the average expected refund rate is on the platform? Is there a way to get data about the reason for the refunds?”
Indeed, Reveal notes that the average chargeback rate for businesses is 0.5%, according to the Merchant Risk Council and that a chargeback rate of 1% is considered high, and credit card companies such as Visa and Mastercard will put businesses on probation programs for rates consistently that high. The Federal Trade Commission noted that a 2% chargeback rate should be a red flag of deceptive business.
When Facebook dug into the chargebacks they saw that about 93% of them were due to “friendly fraud.”
“In nearly all cases the parent knew their children was playing ‘Angry Birds,” but didn’t think the child would be allowed to buy anything without their password or authorization first (Like in iOS),” according to the internal email, which noted that the average age of the child playing the game was 5.
The problem, Facebook noted, was exacerbated by the fact that the game targeted young children and that people assumed it functioned like the mobile game, with the same sorts of spending protections. According to the email, the issue could be addressed but it risked lowering how much money the companies made.
“I think we can all agree that it is really important for ‘Angry Birds’ to be a success story so if they are really concerned about the refund rate we can increase our focus on their transactions and our processes around them to try and lower their refund rate,” the email said.
The slew of unsealed documents also includes Facebook’s canned responses for requests for refunds in these instances, the sorts of games that tended to attract this issue (“PetVille,” “Happy Aquarium,” “Wild Ones,” “Barn Buddy,” and any ninja game), and discussion among Facebook employees about whether to refund a 15-year-old girl the $6,000 she spent on a game. Ultimately, Facebook decided not to refund the whale — a nickname for people who spend an inordinate amount of money on virtual goods in a game.
It’s clear in the documents that Facebook was well aware of the issue, and seemed to be struggling over whether to make it harder for children to spend money or keep that threshold low and not impact the company’s significant revenue.
In 2016, Facebook settled the class action lawsuit these documents were a part of and promised to create a special queue for refunding in-app purchases made by U.S. minors.