Gaming Gift Cards Are Like Crypto – and Not in a Good Way
In crypto – especially in the category of blockchain interoperability – we think a lot about fragmented currencies: ETH providing security across multiple layer-2s; USDC in multiple, non-fungible wrapped versions (abcUSDC, xyzUSDC). So-called real-world assets also experience similar fragmentation: a dollar in your pocket is not the same as a dollar in the bank.
Take gift cards. You’re probably holding a few after the holidays and if you are, you’re not alone. A Bankrate survey earlier this year estimated $23 billion is sitting in unused gift cards across the US. That’s about 0.1 percent of the M2 money supply.
Stripping away the colorful plastic packaging, gift cards are a number, some 16 to 30 digits in length, that provides access to a digital equivalent of cash. They’re somewhere between cryptocurrency and a debit card: not as secure or uncensorable as bitcoin or ether, but you don’t need a bank account to use them and they can be bought and sold with minimal information exchanged.
This opens up some interesting wrinkles in the world of commerce on the internet, one of which I recently stumbled upon, involving metaverse activities and unbanked members of my household.
The Fortnite V-Bucks Gift Card: The Worst UX in Payments?
I have teens and tweens in the house and that means I deal in metaverse currencies, specifically Fortnite V-Bucks. The in-game currency is Fortnite publisher Epic Games’ main vessel for turning FOMO into dollars.
For young players of Fortnite, the metaverse of Web3 and $META hype is here today: the game really is a “third place.” The virtual goods (“skins”) that signify status or identity in Fortnite can be just as crucial as any clothes or accessories available in real life.
The result is a steady stream of requests across my phone, accompanied by a wrinkled bill or a CashApp transfer. I fulfill the requests by adding dollars from my credit card to the Microsoft account for Xbox in-game purchases. The kids are playing Fortnite, and I’m playing my favorite game, which is a text-based roleplaying game called Web2 Payments.
V-Bucks: Default transaction flows for unbanked tweens
I play Web2 Payments almost daily in one form or another. But, the other day, one of my kids found a workaround that cut me out of the flow: the Fortnite V-Bucks gift card.
The V-Bucks gift card is available at many retail stores. My kid bought one with physical cash and thought they’d been scammed. The gift card was legit, it turned out, but the process for converting it into in-game currency wasn’t an ideal end-around to parental capital controls. It was too complex for anyone uninitiated in the art of internet search queries.
The in-game form for entering a V-Bucks gift card requires a 16-digit code. But the code on the back of a physical V-Bucks gift card is 25 digits. No explanation is given – not on the card, not on the in-game form. A search reveals a separate webform, where a 25-digit gift card code can be converted into the 16-digit code that the game requires – after logging in with a player account.
If you happen to log in with the wrong account, there’s no way to transfer the V-Bucks.
I’ve worked in the cryptocurrency industry since 2017 and for the past couple of years I’ve focused on cross-chain interoperability. Let’s just say I’m no stranger to bad user experience – but the convoluted UX for converting V-Bucks gift cards into in-game currency surprised me.
Gift-Card Fraud Vs. Cryptocurrency Fraud
The crux of the bad V-bucks gift card UX is simple: it requires a login on a third-party site. This could be more seamless with better instructions or an integrated form, but the need for the login seems pretty obvious. It prevents fraud and money laundering.
Bitcoin and ether have no similar constraints, making them more apt for extralegal uses ranging from laundering the proceeds of fraud, to funding dissident movements in Hong Kong, to escaping capital controls in Turkey. Regulated entities layer similar anti-money-laundering (AML) measures atop the Bitcoin and Ethereum networks. Just like a V-Buck on a gift card is not the same as a V-Buck in-game, bitcoin on the Bitcoin network is not the same as bitcoin in your Coinbase trading account.
It’s entertaining to imagine a world that isn’t like this. Dark-web deals in the Fortnite metaverse sounds like a good wrinkle in a Charlie Stross novel. But in my opinion it would not improve the game – any more than Coinbase would be improved by less-restrictive access. An all-too-real “Grand Theft Auto” is not what most people want in their metaverse.
Even if Fortnite did turn into a channel for gift-card fraud, it would probably be the virtual tip of an iceberg-sized illegal business done via gift cards in much more mundane locations, like Home Depot parking lots and your online bank account.
U.S. Federal Trade Commission data on gift-card scams show they increased from $180 million in 2021 to $228 million in 2022 – but that’s just vanilla scams, duping people into buying and sending a gift card as payment.
The real world of gift-card scams is much more varied and colorful. It involves alleged fraudulent charity tax rebates on Home Depot gift cards, compromised Starbucks loyalty points accounts and gift cards allegedly purchased with the intent to fund ISIS.
Cryptocurrency Vs. Robux
Of course, things get much more interesting – if not more lucrative – when fraud begins on the internet, goes out through retail and comes back to the internet. Roblox is another successful MMORPG. It doesn’t have the cultural cachet of Fortnite or the money-making engine: Roblox reported $2.2 billion in revenue in 2022. Epic Games’ 2022 sales from Fortnite alone are estimated at more than double that amount.
However, Roblox does have its own in-game currency, Robux, and a legion of youthful, unbanked players who lust after it. Players have fallen victim to a “gift card method” attack, where accounts have been griefed or taken over using the gift card code as a means of authentication.
The ripple effects of Robux supply and demand have spread beyond the game, too – into [click fraud. In a 2022 episode of the internet true-crime podcast Darknet Diaries, a pseudonymous guest described distributed click farms where kids are compensated in Robux for watching ads and filling out surveys.
“So, it would cost him like, $6 to pay a kid for like, $50 worth of income for him. He’d have like 2000 kids a month and he was making $1,000 to $2,000 a day, and that was the most I had ever seen…. He’s my age; he’s like, fourteen, fifteen, and he’s doing this every single day.”Does Bitcoin Fix This?
I think $2,000 a day is impressive earnings for a child of 15, but it’s almost certainly a rounding error in the multibilion-dollar business of fake traffic on the internet. And in the rankings of scams, it doesn’t come close to the billions crypto users have lost to bridge hacks alone.
And, while permissionless networks like bitcoin provides extralegal paths for uses both deplorable and laudable, some crypto projects are apparently finding a better option for regulatory escape in something that looks a lot like gift cards.
There could be many interesting opportunities in a more open-source approach, making gift cards more composable or programmable. There might even be a role for a shared trust layer. But at present, it’s hard to see incentives for issuers to create one.
Once you build to a point where you can issue a desirable gift card, you want to keep those dollars in-network, behind your moat – whether that moat is a Home Depot parking lot, or an Epic Games login.
It’s up to builders in Web3 to find the user experiences where open and composable networks make those businesses look obsolete.