Steam’s in-platform trading system now has an Escrow-like function, in an effort by Valve to minimise the harm caused by hacked or stolen accounts. This is effectively an effort by Valve to
force ‘encourage’ people to make use of the two-step Steam Mobile Authenticator security measure, as those who do so will still be able to trade freely.
‘Escrow’ refers to a system where funds (or other items of value) are deposited with a neutral third-party account before a transaction is completed.
The new Steam trading rules are as follows:
- Anyone losing items in a trade will need to have a Steam Guard Mobile Authenticator enabled on their account for at least 7 days and have trade confirmations turned on. Otherwise, items will be held by Steam for up to 3 days before delivery.
- If you’ve been friends for at least 1 year, items will be held by Steam for up to 1 day before delivery.
- Accounts with a Mobile Authenticator enabled for at least 7 days are no longer restricted from trading or using the Market when using a new device since trades on the new device will be protected by the Mobile Authenticator.
The article linked above goes into detail about why Valve/Steam have taken this decision. According to the piece, account theft (and the clearing out of user items) is a problem that has increased “twenty-fold” since the introduction of trading. Valve internal numbers put the figure at around “77,000 accounts hijacked and pillaged each month”, and the company is quick to point out that these are “not naive users” who give out their details left, right and center.
Valve feel that two-step authentication through the Steam Mobile Authenticator is the best method to prevent this, but most users currently don’t use it.
Rather than remove trading entirely (an option that was apparently under discussion), the Escrow-style system is the awkward compromise.
The rather glaring issue with this change, and the reason I suspect most haven’t adopted the Steam Mobile Authenticator, is because at present it only runs on “Apple iOS devices running iOS 6.1 or later, and on Android devices running 2.2 (Froyo) or later”. There may be any number of people who’d like to use this extra security step, but don’t have smartphone.