Trade Protections and Simple Redflags

As a Roblox Developer and User, it is currently too hard to protect assets of value on your account from the trade system in the case of an account being comprimised. If this issue is addressed, it would improve all users experinces because it would add additional secuity layers to protect the ill-effects of anauthorized account access.

What I suggest is a set of common sense red flags on marketplace transactions and trades, with a simple, automated, system to bypass these when provintg one is a legitiment account holder. Many games impliment trade restrictions to minimize the influence of bad actors, including but not limited to trade value threshholds, identifying rapid item listing, and sudden changes in behavior (from no sales to many, no trades to many, etc). Such systems would provide great value to Roblox as a social gaming platform.

Realworld Usecase
Last month my account was accessed without authorization somehow. I use 2-step verification, and I have still had my account comprimised while not running any new or untrusted extensions, or installing any new programs. A similiar issue happened 5 years ago before 2-Step verification was added to the platform. This has resulted in over 3,500 USD worth of items at RAP moved off my account in the matter of a few minutes. I signed in using a combination of a home WiFi network at a friend’s house, and my cellular data. I received only 1 email reguarding 2-Step which I used to sign in. Minutes after signing in 3 trades completed on my account for over 1,000,000 Robux, recieving only 1,000 Robux in items back on them. There is nothing I could do to stop this, nor the dozens and dozens of items suddenly listed for sale under RAP. This is devestating to a social game, not to mention has real world value impact. Taking additional steps for security seems to me to be a great priority, especially in a game focusing on children. If Roblox’s system monitored obvious red flags and blocked or disabled sales and trade related features temporarily based off them, I may have lost only small amounts in this breach of my account.

So What Would This Look Like?
Here’s an example of one way this could work: you attempt to trade an item worth 10,000 Robux for an item worth 100. The system sees this obvious red flag, the value difference is very great and this transaction is high risk for being unathorized. Instead of starting the trade, the action is blocked and trading is temporarily disabled on the account. An email is sent to the verified email informing them that a trade attempt was made on the account and marketplace/trade features have been suspended to protect the account. If this was an authorized transaction, you simply click a verification link in the email and the restiction is removed from the account with a grace period before it can be triggered again. If you did not authorize the trade, you update your account information, invalidate all other sign-in sessions, and this too removes the reistrction.

I think the addition of such sanity checks to Roblox could stop so many more issues before they happen and lessen stress on players, save Roblox time and money looking into account hijack cases, and create a better sense of Roblox taking steps to protect their community.

Bumping this thread to see if it was a lack of interst or just timing of the post. To me, simple trade flagging seems like a long overdue feature when accounts have thousands and thousands of real world value in items on them, and no promise that anything will be done if the account is comprimised.

I’d love to see more opinions on how a system like this could function, and what other people think best practices in securing assets in a system with selling/trading are.

This feature should definitely be added

The red flag should happen at a high value as well so that “hackers” don’t sell items for the smallest number that they possibly can. The red-flag value should be pretty close to the actual value of the item.

Agreed. Here’s a couple items I imagine would be flags in a system like this:

• Large difference in trade items relative value to eachother.
• Large undercut in items sale value compared to RAP.
• Sudden changes in volume of items sold or traded (from none in past year to dozens in minutes? Red-flag!).
• Extreamly rapid trade attempts (if the time between offer and accepted is realistically unlikely, a script/bot may be involved and it’s better to be cautious!).
• Extreamly rapid new trades/sales (humans can only create trades or list items so fast. If dozens of items are listed or trades are started in a second or two, that’s a red-flag).

There’s a setting in the privacy tab that can help with the first and second flag already. If you lock it with a pin, it would be very hard for them to steal any limiteds. I don’t trade so I also just turned trading off altogether.

image1106×228 7.76 KB

After this recent event I saw the PIN option and set it, but I feel an opt-in PIN system that isn’t well mentioned doesn’t do justice to anyone. Additionally those settings have zero impact on the ability for a bad actor to list your items for sale at below RAP prices, only stop trades.

It makes sense to me to have an always-on security check for obvious red-flags, that is only temporarily disabled for legitiment cases that may come acrossed as suspicious. 5 years ago, before 2-step or the account PIN, I had nearly instantaniously roughly 750,000 Robux of items listed for sale by a bot/script that gained access to my account. Even with these settings it wouldn’t stop the same kind of occurence. Additionally I feel like if a 2-Step verification sign-in didn’t stop someone from accessing my account, a 4 digit PIN doesn’t make me feel all that much safer.

Needless to say I would recommend everyone take these steps, because more saftey barriers are better, but it doesn’t make sense that anyone would trade 1,000,000 Robux for 1,000 Robux and for Roblox to just say, “Sounds legit.”