The BBC is breathlessly reporting cases of parents whose bank accounts have been cleared out by their children playing games with in-game purchases.
We are technically savvy but didn’t think to put a password on and my son, who was 12, ended up spending around £700.
It was on his own phone and he managed to download Clash of Clans through a Google Play account, enter his own children’s bank card details and buy lots of in-game items.
It is possible to prevent this. My own children often ask to buy in-game items, which tells me I have somewhat succeeded in training them to ask first. Steam has a PIN code that only I know. The iPad requires my fingerprint before it will take money. And Google Play is set up to require a password. So far, so good.
I installed Mini Golf King on my phone for my son who is five. He knows he’s not allowed to spend money in games, yet this game successfully tricked him into spending £300 on in-app purchases.
[…]
People will say “well, you should be supervising him”. I was! I was in the room.
But the game is a children’s game, rated PEGI 3 [suitable for players aged three and above].
I would allow him to watch a U-rated film and I assumed PEGI 3 games were safe to play with casual supervision.
Now things are getting tricky: user interfaces are hard to get right even when you are trying not to confuse people. I can remember a handful of occasions where I have done something daft with a computer, have been met with no sympathy at all from support staff, but objected that the problem is that the user interface was misleading. There are worthy complaints here.
Now politicians are taking an interest. There is always this instinctive call: The Government should Do Something! I do not see the need. Complain instead to marketplace. Google Play, the Apple App Store and Steam are in a position to enforce user interface standards and they can probably do better with default settings, spending limits, and better-designed family accounts.
As a parent, I think the answer is, don’t give kids “freemium” games. They either play games you pay for one upfront or no games at all……
Contracts with minors in England are not enforceable unless they are for ‘necessaries’, items such as food and clothing. So a 5-year old spending £300 is not a ‘necessary’ and the contract is void, the money is returnable. The law is there already. Stops a kid at an auction bidding for a Vermeer. And with a 5-year old, there’s clearly no ‘consensus ad idem’, a further blow to contractual capacity.
“The iPad requires my fingerprint before it will take money. “
Kid finds way to get hold of father’s finger….
Also, stick to chess, draughts and snakes and ladders, as age appropriate.
‘We are technically savvy…’
Clearly not savvy at all, about anything.
Thank you Mr Ed – my initial response was going to be to ask whether an existing law would already cover it (my sense is that most regulations are redundant)
And totally supportive of not giving them access to freemium games. In the opposite direction, I’m “tech support” for my mum and her boyfriend (both 70+), and am very strict that he mustn’t install anything with in-app transactions (age appropriate enough, it tends to be gin rummy and such like) – I don’t trust the developers to make it clear and easy for them to understand that they’re about to spend money.
But, sure, let’s get government involved. I’m positive that regulation will hit EA et al harder than smaller companies, and not act as a barrier to entry, amiright?
enter his own children’s bank card details and buy lots of in-game items.
Well, you trusted him with his own bank account, and he chose to spend the money on what he wanted. If you disapprove, don’t give him his own bank account and access to it.
Yeah, sorry dear – you’re not. The sad fact is that except for a small slice of the population who are (roughly)between the ages of 40 and 55 the general population is utterly technically illiterate except for that portion whose career is maintaining that tech.
Mr Ed
July 15, 2019 at 10:17 am
The contract isn’t with the minor.
“the general population is utterly technically illiterate except for that portion whose career is maintaining that tech”
I think you’re probably right. Quite possibly, no amount of making it really obvious that you’re dealing with something that could be expensive will wake people up.
But playing devil’s advocate here: you sell someone a box, you put in the small print that if they perform action A it will cost them money. Then you make it so that performing action A is easy to do by mistake. I think there is a legitimate complaint that could be made. Probably it is covered by existing law, too, but I suspect reasonable people can disagree about whether any given transaction was accidental. It’s not out of the question that software user interfaces don’t fit neatly into existing law. A lot of this is probably untested.
In practice I would hope that word gets around and people stop buying the box and that more honest business models win out.
“Kid finds way to get hold of father’s finger” It is a bit of a worry, Mr Ed. They can be awfully resourceful.
Agammamon,
The minor picked up the device, and used it to enter into a contract. The minor is not the agent of the adult, but an inadvertent impersonator. The game is clearly aimed at minors, so the offeror must have had in mind that minors would be those using the game. There is the defence of ‘non est factum’ (it is not my deed) available to the adult in these circumstances.
OTOH, the game company may say ‘But you agreed to any use of this device being charged to your account, and we weren’t to know that you weren’t too dumb to stop a kid using it, even if he spent £700.’. To a purist, in common law, that is fine. As the law stands, including unfair contracts terms legislation, there is a lot in the way of the company seeking to keep that £700.
Rather tangential (polite way for ‘OT’), but bear with me: Alan Turing is to be the new ‘face’ on the £50 note, as a scientist (or STEM) bod.
Which rather neatly raises a new ‘Turing Test’:
Is that £50 note real or fake?
Of course for a scientist it should have been Fred Sanger, but what’s merit got to do with anything? If Bletchley Park shortened the war by 2 years, as has been claimed, how would Germany have withstood 21 months under nuclear attack?
“but didn’t think to put a password on and my son”
Really? You can set up an Apple/Android account without a password – I think not.
“user interfaces are hard to get right even when you are trying not to confuse people”
All Google Play apps (including games) say something like “includes in-app purchases” right below the Install button.
So in summary, the parent (a) set up the phone using their own account, (b) associated the account with a valid payment method, (c) allowed the payment method to bypass password/fingerprint authentication, (d) installed an app that knowingly included in-app purchases, and (e) gave this to a child.
It seems a bit of a stretch to believe that yet another protection mechanism is needed, at some point the owner of the phone must bear the responsibility. As a Software Engineer I play this game with business users every day, when you’ve put in enough protection there is only a PEBCAK condition remaining.
The first thing I tell anyone in my family who is not as computer literate is to never put a bank card details in the account in the first place.
Two things.
1)Anyone who runs a banking app on a fone needs their head examined. Yes it’s convenient. It’s also hackable. No-one, with any sense, even stores passwords on a device. W#hat’s the point of security f you’re going to circumvent it?
)And anyone gives a fone to a five year old to play with is criminally irresponsible.
“The iPad requires my fingerprint before it will take money.”
If you knew how easy it is to get round things like password & fingerprint protection, you wouldn’t.
Runcie B,
Thanks for the acronym, I prefer ‘PICNIC’, ‘problem in chair, not in computer’.
The thing is, if someone thinks that they need to be protected from their own stupidity, then they are smart enough not to need protection.
perdu en france: “Anyone who runs a banking app on a fone needs their head examined”. As of today I would argue that a properly updated iPhone running apps exclusively from the App Store is about the most secure personal computing device there is. It is much more likely that your laptop is infested with malware.
“If you knew how easy it is to get round things like password & fingerprint protection, you wouldn’t” — on an iPad? Bearing in mind my threat model is a small boy, not MI5. I think it is good enough.
Agreed – risk level low vs the convenience; and there’s many other measures (password management programs etc) to make yourself extra secure. We all make trade-offs of convenience vs security everyday – I’m probably at greater risk of getting sideswiped off the M25 every day (instead of taking the “safer” train and “inconveniently” doubling my commute) than being hacked.
I feel a lot of sympathy for some of the cases outlined in the article. Whilst of course they’ve selected the autistic kid and the disabled 22 year old in order to manipulate our emotions, I’m not heartless enough not to feel sympathy for those cases.
And it’s very easy for me to say “It says it has in-app purchases – lets check the 1 star reviews and see what people are saying” – I’m in the same place as Runcie, I see it as hygiene to check these things (I checked the Mini Golf King game out of curiousity, and swiftly concluded that the in-app purchases were sneaky at best) but I wouldn’t trust my mum’s other half to be paranoid enough to do so; he’s 70+ and will never be tech-savvy at this point (not something I judge him for, either).
So I don’t think it’s as easy as saying “Well, they should know better” – but I’m still very uncertain of the need for regulation!
It feels like an ideal case for social media, before we start talking regulation. My Facebook feed is full of parents warning each other about this kind of thing – which to me at least seems like a sensible, if not complete, solution.
This.
Same thing happened to my sister and her 13-year-old son. $1200 in gaming fees. Read your TOS.
I always get worried when someone calls on the Government to “do something about this that or the other”. Some Famous Person once said “If someone says he is from the government to help you”, Run away …fast.
Anyone who runs a banking app on a fone needs their head examined
Most banking apps have a secondary authentication and often it is two factor and only allowed on pre-authorised devices, as malware to get around this is practically non-existent on iOS and Android, it is much safer than using a browser, combined with the ability to nuke the device remotely if it gets lost/stolen, I would recommend this as the best way to do online banking and not use a browser (on a PC or anywhere, even a mobile device).
perdu en france: “Anyone who runs a banking app on a fone needs their head examined.”
Visit the Land of the Future, today’s cutting edge, the workshop of the world — China. I was astonished how far down the road to a cashless society China has travelled. Even street vendors get paid through a banking app on the mobile phone. Cash was generally treated as a pain — and a person was almost stuck without a phone & a banking app.
Of course, once our societies head down the cashless route, worrying about children unwittingly spending money is going to be the least of our problems!
Neonsnake: “My Facebook feed is full of parents warning each other …”. You are showing your age, Dad! 🙂 Seriously, Facebook may not let your children spend your money, but it is a major risk in other ways.
I obviously mistyped…I meant Myspace…or maybe ICQ… 😉
I’m fairly relaxed about Facebook et al. Mine is about as locked down as it’s possible to be, I never post publicly, and for all its flaws, it’s a good way to stay in touch with old friends and colleagues.
But, yeah, at my age, it does seem to be filled with mums doing the equivalent of old chain emails – warning each other about apps like the ones in the OP.
“We are technically savvy but didn’t think to put a password”
So none of the BBC’s Journalists™ thought to question this statement?
“Steam has a PIN code that only I know.”
Steam asks for my card details every single time. Because I don’t trust myself.
If those journalists had dared to betray awareness of a contradiction in the original quote, might they have risked someone posting a clip of them accepting the narrative’s excuses about Hillary’s email server without batting an eye. 🙂
@bobby b
Same thing happened to my sister and her 13-year-old son. $1200 in gaming fees. Read your TOS.
Seriously? They are 100 pages of impenetrable legalese. And you think I should read the two hundred of them them that govern the different things I do?
When I buy a car I don’t rely on my mechanical skills to determine if the car is a good one (because I have none) what is needed here is a practical way for ordinary people to understand these meaningless piles of legal blather. I always thought something like an “Approved By The Consumers Association” sticker on TOS would be a really great way to advance. Were it sufficiently prevalent, I think companies would eventually be unable to sell anything without such an approval (hopefully from several competing agencies.) I am reminded of licenses for open source software. Nobody reads all that either, but there are a predefined set of licenses assessed and guaranteed by the Open Source Initiative (or whatever their name is) that means you can have some confidence without hiring a lawyer.
There is a dilemma in that the only people who are really incentivized to pay for such a thing are the software producers, and I doubt we want to license to favor them, since he who pays the piper picks the tune. However, another place where it would be really useful is from software vendor. It is very unfortunate that there are practically only two app stores out there. But for sure an app store may well attract more business by offering some sort of guarantee about the type of license they allow.
The stores also handle the transactions, taking a cut from each. Their interests and incentives are pretty clearly in favor of opacity and abuse.
“Seriously? They are 100 pages of impenetrable legalese.”
As a general rule of thumb, if a piece of software requires me to agree to an impenetrable EULA, I don’t use it. And yes, I’m serious. I have clicked “disagree” and deleted stuff from my hard drive. Many times. However, awkwardly for this discussion, I usually (not always, but almost) bend that rule when it comes to games.
Your idea of “approved” TOS and EULAs is a good one, though. In fact, one of the advantages of a small set of OSI and FSF approved licences is that not only can you have some confidence in them, but that you can read them all yourself, and only have to do it once. If something says it’s under GPL2, then you already know what that is.
And the truth is, most of the commercial Agreements are already cut-and-paste jobs anyway. In fact, when you do read them, it’s obvious that many small developers/publishers (and some surprisingly large ones) haven’t even bothered to do so themselves, given all the the inappropriate and pointless clauses that must have been dragged in from their own copy of Windows or something. (I’ve even seen software Agreements that were, very obviously, designed for hardware and vice-versa.) But without actual standardization, there are enough minor differences and “gotcha”s to make things difficult. If publishers could say, “To use this software, you must agree to the Consumers’ Association Approved Agreement 1.0 with In-App Purchase Extensions” (or whatever), then life would be a lot easier. For both parties.
I use the phrase “read your TOS” in the same way I use “RTFM”. (Read the effing manual, for those too young.)
Be aware of what you’re signing on for. When you sign up for your phone, you’re guaranteeing charges made on that phone, whether it’s you or not. When you sign on to net banking, you’re guaranteeing that, if someone has the right login and password and knows the name of your first pet or your mother’s maiden name, money is going to move. If you give your kid a credit card, you have co-signed for that card.
In a world where goods and services are sent our way in response to some electronic signals, you have to know that you are going to be held responsible for the sending of those signals. If you’re careless about who you entrust those signals to, you’ll pay.
We can’t have the perfect convenience of faceless transactions if we’re not willing to guarantee our side of those transactions. Thus, “read your TOS.”
I am the sort of person who reads through TOS from companies, in such depth that I may get to the bit where I find out, not to my chagrin, that I agree not to export the software of a US company to Libya, North Korea etc. without a licence from the State Department or whatever. Fundamentally, however, if a company wants you to put a payment method into your device or game, it is because it wants to take your money, by the bucketload if possible. So just don’t do it.
I have no idea how things are in the several States or at a Federal level, but in the UK, there is plenty of legislation and regulation around this sort of thing as it is. But things are set up so that you don’t hand over your money unless you agree to it, by deed (implicit in the previous conduct) even if not by thought.
I’ve had some mild success with this approach.
It’s not an exact equivalent, but I used to be the furniture buyer for a, uh, “large catalogue-based retailer” in the UK *cough* (you know the one) and worked with the FSC to label products that were responsibly sourced. They’re vehemently (or were, in my day) non-governmental, but allowed me to label my products as such, if I were able to prove such. It worked very well, both from a corporate view and a consumer view. It was a popular initiative, from the research we carried out afterwards.
Why does a “game” with a PEGI rating of 3 years + have microtransactions / gambling in it?
Maybe the PEGI rules should be more in line with reality with any inclusion of microtransactions or loot boxes / “surprise mechanics”* bumping the rating up to PEGI 18 and the “Gambling” logo, since the game is really just a lure to get children frittering real money on nonsense.
* – https://www.polygon.com/2019/6/21/18691760/ea-vp-loot-boxes-surprise-mechanics-ethical-enjoyable
Good point, JG. Not that the sort of parents who moan about this kind of thing pay a blind bit of notice to PEGI/ESRB ratings anyway, but still, a good point.
What John B said.
The sympathy meter is reading zero.
“He knows he’s not allowed to spend money in games, yet this game successfully tricked him into spending £300 on in-app purchases.”
This doesn’t sound right. When I’ve bought things like sat nav maps it takes me to Google where the payment is very clear, and I’m sure both providers do this. Little Johnny lied to you, Mum.
I’ve always kept the kids away from Freemium games and given them Play cards to buy games. Freemium games are cheap garbage anyway (and only attract people who are seriously tight, only Freemium costs them much more over time).
Games on Phones/Tablets don’t work this way. Let me take you thru the steps
1. You buy a Smartphone. Let’s assume an Apple.
2. When you want to download an App you need an account with the Apple Store
3. To create an account at the apple store they ask for a credit card whether you want to give such information or not
4. You have an account now and try to download the free game. You have to enter your account details again and you get the game.
5. During the install you are asked to agree with the 700 page small print, wherein there is a clause stating that the game has in app purchases
6. Little Johnny starts playing the free game
7. In the course of the game the player is presented with a screen offering something useful like a map, skill, special weapon, extra lives. He says yes
8. You’ve now spent £5.00
9. Goto step 6
At no point after 5 do you get a screen requiring you to reenter a password or your CVV.
Now if you are a bit tech savvy then you can do a google search and learn how to create an Apple account without a credit card but the last time I did this it was not straightforward.
If you call customer support they claim that this facility is for the benefit of the user who has no need to re-enter bank details. They will paint a pretty picture of Johnny not needing to bother dad before he downloads the latest mp3.
Now whether this is good or bad is another matter but I do understand the concern.
I want to contrast this with Mobile Phones. In this instance it is possible to buy a capped contract. Indeed I have done so because whilst my kids say they will only download data from wifi, that is forgotten when they don’t get to pay the bill – when things are free they have no value. Now the kid will find that if they do download using wifi, their plan lasts to the end of the month whereas if they don’t care, they have a dead phone for the last two weeks. Milton Friedman’s quote concerning the care taken when spending someone else’s money on myself, comes to mind
I skeptical that this can be solved by the market for several reasons
1. Makers of free games get their income (if any) via in-app purchases. There is little motive in making the small print clearer or more succinct.
2. Many of the makers of free games apps tend to be fairly shortlived.
3. Once you’ve bought a particular phone model, you are locked into their app store, so there isn’t a free market at stage 2.
I do like John Galt’s suggestion