cancel
Showing results for 
Search instead for 
Did you mean: 
Mad_Dog_Bravo
Community Member

Preventing in-game purchases

Jump to Best Response

Hi,

Usual concern, how can I prevent my kids from making in-game purchases if they happen to be playing under my account?

Thanks

Kudos appreciated if deserved.
Tags (3)
1 Kudo
Best Response
Ivan
Platinum Stadia Guide
Platinum Stadia Guide

@Mad_Dog_Bravo Sorry to bring up an old thread, but just curious if you've made any progress in securing your Stadia from unauthorized purchase.

I've been playing around and try to tighten up my security as much as possible and here's what I found

  • The only way to make a purchase is through the Stadia app. It won't allow you to make purchase through web Chrome browser or TV. This also applies to in app purchases from inside the game.
  • There's hidden links to purchase from web browser, but it will only take credit card, and will ask authentication code every time (similar for making purchases through iOS)
  • Through the app, you can set your Google Play settings to 'Require authentication for purchases' and it will ask for fingerprint / pin every time you want to make a purchase (it wasn't working before, but I just tried to buy a game and it was prompting me)

So I think you should be covered as long as you make sure you need authentication through the app. Let me know if you think there are other loopholes.

------------------------------------------------------------------------------------------
Stadia Guides are not employed by Google. Opinions are my own.

View Best Response in original post

0 Kudos
17 Replies
BinaryJay
Gold Stadia Guide
Gold Stadia Guide

I think the simplest thing is to not give them access to the Stadia app, as that's the only place you can make purchases and you don't need it to actually play games.

 

That being said, if on Android, the payment system does ask if you want to require entering your account password in or use biometrics before every purchase so that effectively locks it out too.

 

I'm not sure how the payments work on iOS but I imagine it's a similar situation.

0 Kudos
Mad_Dog_Bravo
Community Member

It's the in-game purchases that are of concern.

Access to the Stadia app is easy enough to control, but it is the ability to spend an insane amount of money on in-game purchases that sets all the alarms bells ringing... e.g. 5,000 silver tokens in Destiny 2 is £39.99, that is an in-game purchase and not controlled via the Stadia app.  No limit as to how many times that can be purchased....

Ideally, you want to have a way to control these purchases (disable) and lock settings with a pin/passphrase etc.  Whatever the solution it needs to be suitable for all platforms (Chromecast, Chrome, etc.)

Kudos appreciated if deserved.
2 Kudos
Ivan
Platinum Stadia Guide
Platinum Stadia Guide

@Mad_Dog_Bravo Check out the help article below on how to restrict purchases by members of your family

https://support.google.com/stadia/answer/9575790 

Snippets from Android:

Purchase approvals

Your child can make purchases on Stadia through a variety of devices, like their phone or computer. In order to set up your child’s account, you must set up a family payment method that they can use to subscribe and make purchase requests.

To allow your child and other family members to use the family payment method in the Stadia App on Android, you must also enable it on Google Play. To do this, set up a Google Play Family Library. You must have Google Play Family Library enabled for your child to subscribe and make purchases on the Stadia App on Android. Play purchase approval settings will apply for any purchases made on an Android device.

If your child is under 13, you must approve each game they want to buy. Your child could request the purchase of a game from the Stadia store, but Stadia won’t allow your child to complete the purchase until you approve it on the Stadia family dashboard online or from the Family Link app on your mobile device. 

Note: You must approve the purchase on your child’s device. 

  1. Your child sees a game in the Stadia store and taps Ask to buy.
  2. You enter the correct password and approve the purchase on your child’s device. 
  3. The game appears in your child’s game library.
------------------------------------------------------------------------------------------
Stadia Guides are not employed by Google. Opinions are my own.
0 Kudos
Mad_Dog_Bravo
Community Member

Thanks @Ivan , but I'm still trying to figure out how to secure my account.  At the moment I see no security, the kids start Stadia it is logged in under my account and they can purchase in-game features without any security.  No way to lock this feature that I can see.  I'm not looking to setup child accounts, I just want to protect my account and prevent in-game purchases.  They can't buy games as they do not have the Stadia app, but they can turn on the TV and pickup a controller.

Kudos appreciated if deserved.
1 Kudo
Ivan
Platinum Stadia Guide
Platinum Stadia Guide

@Mad_Dog_Bravo Well, generally, you don't want anyone to have free access to your phone right. I haven't unboxed my Chromecast Ultra, but if my understanding is correct, you need your phone to launch Stadia to play on TV?

I understand if you have kids, you want your kids to have access to your phone through your account. I guess one option I can think of right now is to use an app to lock the Stadia app (so they can't access it freely)?

 

------------------------------------------------------------------------------------------
Stadia Guides are not employed by Google. Opinions are my own.
0 Kudos
Mad_Dog_Bravo
Community Member

@Ivan   No, only need the phone for setup or to purchase games.  After that, just hitting the power button on the controller is sufficient to launch into Stadia, no messing about with phone, unless I wish to look at screen captures.

Similar case for running on Chrome, once you have gone through setup via Stadia app, there is no need to use the phone app when playing via a PC for example.   If the kids use my account on their PC's to access Stadia then once again in-game purchases become available to anyone who wants them....

Kudos appreciated if deserved.
0 Kudos
Ivan
Platinum Stadia Guide
Platinum Stadia Guide

@Mad_Dog_Bravo Understood. Yeah, that's definitely an issue there. I tried to find a way for purchases made through Stadia to require pin, but can't find the setting. I guess this is something we should give feedback to the Stadia team.

------------------------------------------------------------------------------------------
Stadia Guides are not employed by Google. Opinions are my own.
0 Kudos
Atma
Founder
Founder
@Mad_Dog_Bravo There appears to be an option to add a pin to the account when you pair it to the Chromecast. https://support.google.com/stadia/answer/9580274?hl=en&ref_topic=9495322 So you'd have to let them in to play on your account and then watch them while they play, but it would prevent micro-transactions for now.
0 Kudos
Mad_Dog_Bravo
Community Member

@Atma

thanks, not really the functionality I was expecting, but about as good as it gets for now. 

Kudos appreciated if deserved.
0 Kudos
Mad_Dog_Bravo
Community Member

Interestingly the feedback that I get from Google Stadia support is well...lacking to say the least.

I quote:  "We don´t have control for any purchases inside the game. It´s best to contact the game publisher for this.  We have a refund policy for any purchases in Stadia app. But if the purchases is in the game itself, I am afraid it is beyond our support."

How quickly Google seem to have forgotten their $19million fine from the FTC in 2014 :  https://www.ftc.gov/news-events/press-releases/2014/09/google-refund-consumers-least-19-million-sett...

So if your kids accidentally rack up some crazy expenses on your credit card without authorization/permission, Google won't help as it's not their problem.

Kudos appreciated if deserved.
1 Kudo
Ivan
Platinum Stadia Guide
Platinum Stadia Guide

@Mad_Dog_Bravo Sorry to bring up an old thread, but just curious if you've made any progress in securing your Stadia from unauthorized purchase.

I've been playing around and try to tighten up my security as much as possible and here's what I found

  • The only way to make a purchase is through the Stadia app. It won't allow you to make purchase through web Chrome browser or TV. This also applies to in app purchases from inside the game.
  • There's hidden links to purchase from web browser, but it will only take credit card, and will ask authentication code every time (similar for making purchases through iOS)
  • Through the app, you can set your Google Play settings to 'Require authentication for purchases' and it will ask for fingerprint / pin every time you want to make a purchase (it wasn't working before, but I just tried to buy a game and it was prompting me)

So I think you should be covered as long as you make sure you need authentication through the app. Let me know if you think there are other loopholes.

------------------------------------------------------------------------------------------
Stadia Guides are not employed by Google. Opinions are my own.
0 Kudos
Mad_Dog_Bravo
Community Member

@Ivan : Try and purchase silver in Destiny 2 via the director within the game itself, it doesn't prompt for card details, and whatever card has been associated with your Google account gets charged with no questions asked.  Equally if you have a gift voucher associated to the account then that gets deducted without any ability to prevent the purchase.  Having a prompt saying "Click yes to proceed" isn't security IMHO and as I described before the kids click Yes and the damage is done.

As for Stadia app security, that is fine, I'm not really concerned with in-app purchases as they are secure enough, and if they aren't then Google will only have themselves to blame if they get another multi-million dollar penalty as they did the last time they didn't bother with security on in-app purchases and the FTC hit them for $19 million.

It really is the in-game purchases that concerns me, there is no limit on these purchases, and to hit buy Silver in Destiny 2  repeatedly does mean that a kid can spend close to £1000 in a minute depending on how quickly they can click...

 

Kudos appreciated if deserved.
0 Kudos
Ivan
Platinum Stadia Guide
Platinum Stadia Guide

@Mad_Dog_Bravo Can you show me a screenshot when you try to make a purchase through Destiny 2? When I tried to purchase silver, it's opening a Google Pay window to pay by credit card, and I'm asked to provide the 3 digit security code. There was no other option to pay. I did this through PC Chrome browser and also through Chromecast on TV.

Furthermore, have you actually experienced this yourself? The only way to pay by gift voucher (I'm assuming you meant Google Play / Pay credits) is through an Android phone, and it will actually ask for your fingerprint/PIN after you click 1-tap-buy if you enabled 'Require Authentication' on Google Play. And yes, this applied to non-credit card payment methods as well (I experienced it last night when trying to purchase a game)

------------------------------------------------------------------------------------------
Stadia Guides are not employed by Google. Opinions are my own.
1 Kudo
Mad_Dog_Bravo
Community Member

@Ivan : You are quite correct, and I am mistaken.  GooglePay is requesting the 3 digit code from the back of my card prior to executing the transaction.

Thanks.

Kudos appreciated if deserved.
1 Kudo
Ivan
Platinum Stadia Guide
Platinum Stadia Guide

@Mad_Dog_Bravo No worries. I'm just glad we're able to get some clarification. You brought up a really important topic. We've seen so many news about unauthorized purchases racking thousand of dollars, and definitely would not want to see those with Stadia.

------------------------------------------------------------------------------------------
Stadia Guides are not employed by Google. Opinions are my own.
0 Kudos
NewbyDood
Stadia Player
Stadia Player

This exact issue happened to us this evening. My toddler has no problem turning on Stadia, selecting whichever account he feels like and start playing. A little bit later I have an email from Google Payments thanking me for my purchase. He spent $40 for a Hitman addon.

My accounts are generally set up for fingerprint or text code, so I dunno how he made this purchase. But Stadia says add-ons are not refundable.

I call BS that Google can not prevent the purchases. They are the ones taking my money, the least they can do is extend payment security to every purchase since the money is running through them. 

0 Kudos
RXShorty
Platinum Stadia Guide
Platinum Stadia Guide

Hello there,

Maybe you should try family sharing?
Create a seperate account for your child will need to ask your approval before buying things.

0 Kudos