June 17, 2015 By Douglas Bonderud 2 min read

Anyone who ponies up money on Kickstarter, Indiegogo or other crowdfunding sites likely has a similar expectation: Eventually, they will be shipped the promised product in a state resembling the original description. The problem? Just 38 percent of Kickstarter campaigns are successful, Naked Security reported, leaving investors without their purchase and, in some cases, much poorer for the experience. Now, an FTC ruling — the first on a crowdfunding case — found that a board game project that never materialized amounted to deceptive promises on the part of its creator, and it has imposed a number of sanctions as a result. But this is the FTC’s first foray into this burgeoning market, and its judgment shores up a critical message: Buyer beware.

The Crowdfunding Case: Game Gone Wrong

It all started when Erik Chevalier had the idea for a new board game called “The Doom That Came to Atlantic City.” Based loosely on Monopoly, the idea was to use Lovecraftian art and themes to give the game an air of “urban destruction,” according to its Kickstarter page. In just two months, the game raised more than $122,000, four times its original goal. Chevalier said the game would ship by October or November of 2012, but nothing materialized. After a series of blog posts, culminating in the July 2013 “Terminus,” it became clear that the game would never become reality — and backers would never see their money or the game.

Supporters lodged a complaint with the FTC, which found that while consumers know there’s an inherent risk to crowdfunding, they “should be able to trust their money will actually be spent on the project they funded.” Ultimately, the case ended with a $111,793.71 judgment against Chevalier, but he won’t be required to pay due to existing financial hardship. And what happened to all the money? Almost none went into game development; most was used to pay the creator’s personal expenses and finance a cross-country move.

Exceptions and Rules

Not all crowdfunded projects are a failure. Take Reading Rainbow: The beloved children’s-show-turned-app raised $6.4 million in 35 days and has met every project goal, according to USA TODAY. Projects like Chevalier’s are much more common, however. There’s password management device MyIDkey that never materialized, and more than a few video games that raised big money but couldn’t deliver a finished product. Kickstarter itself says that project creators bear all responsibility to complete their efforts or refund backers, but the site never guarantees results or investigates “a creator’s ability to complete their project.” While the FTC ruling on this crowdfunding case looks like a victory for consumers, it’s moral and not monetary since Chevalier will almost certainly never pay.

The big picture here? New markets are always a hotbed of failure and legislative confusion. As noted above, just under 40 percent of Kickstarter projects enjoy success, and Venture Beat predicted a similar amount of failure in burgeoning tech areas such as the Internet of Things (IoT). Ultimately — be it crowdfunding or cloud-based startups — consumers are the ones left holding the bag if something goes wrong. While agencies like the FTC do their best to monitor and manage these arenas, they inevitably lag behind as market drivers and consumer interests change.

Innovation comes with risk. The first FTC crowdfunding case demonstrates that there are also consequences not just for those who choose risk, but those who make it. Legislation doesn’t yet match consumer expectation for compensation, and it proves the ever-popular point: From crowdsourcing to cloud-sourcing, buyers must always beware.

More from

What does resilience in the cyber world look like in 2025 and beyond?

6 min read -  Back in 2021, we ran a series called “A Journey in Organizational Resilience.” These issues of this series remain applicable today and, in many cases, are more important than ever, given the rapid changes of the last few years. But the term "resilience" can be difficult to define, and when we define it, we may limit its scope, missing the big picture.In the age of generative artificial intelligence (gen AI), the prevalence of breach data from infostealers and the near-constant…

Airplane cybersecurity: Past, present, future

4 min read - With most aviation processes now digitized, airlines and the aviation industry as a whole must prioritize cybersecurity. If a cyber criminal launches an attack that affects a system involved in aviation — either an airline’s system or a third-party vendor — the entire process, from safety to passenger comfort, may be impacted.To improve security in the aviation industry, the FAA recently proposed new rules to tighten cybersecurity on airplanes. These rules would “protect the equipment, systems and networks of transport…

Protecting your digital assets from non-human identity attacks

4 min read - Untethered data accessibility and workflow automation are now foundational elements of most digital infrastructures. With the right applications and protocols in place, businesses no longer need to feel restricted by their lack of manpower or technical capabilities — machines are now filling those gaps.The use of non-human identities (NHIs) to power business-critical applications — especially those used in cloud computing environments or when facilitating service-to-service connections — has opened the doors for seamless operational efficiency. Unfortunately, these doors aren’t the…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today