How would Itch.io know that you're using your real name and real card, and not a stolen identity or stolen credit card?
That is a question for Visa/Mastercard/Governements. if the card API says "this name is a legal person and not some prepaid card" itch has to trust it... Good luck to hackers crating multiple fake cards and spending $100 to get a gold badge and trick 5 people!
Its actually very simple to promote real persons over hackers... account activity over 5 years with 100+ downloads, Commenting on the forum replying with non AI answers. Etc. Filing VAT paperwork. Taking out money to an account that matches your card name and is not flagged as criminal. etc etc etc forever.
I have some experience and opinions about this topic of fake accounts and malware and scammers.
A while ago, older accounts were very popular to upload malware. I literally have seen those in the hundreds. In a few months.
The problem is, that Itch wants a low entry bar. Which includes not needing to pay "large" sums to even be able to publish something. Steam asks $ 100 upfront. I think they reimburse the dev after the account sells things. And they do a little more than just verify that the developer is real. I do not know the procedure that Patreon has, but I got the impression that it takes time. Maybe money as well. But Itch does not want to lock out developers and hobby game makers that cannot afford or literally can't send those payments.
Also, are you suggesting a mere increase in verified accounts or basically a strict verification for all publishers? Because a mere increase in verified accounts will not solve the problem of fake pages. There are more than enough legit developers that will not be verified for the scammers to hide among. The developers that would be able to get verified usually do not need to. If you have a few hundred followers and an active community, there is trust. No checkmark needed.
You need trust for unknown and new developers. But this will not be possible on the cheap. The pragmatic solution is to use sandbox. Either by playin a web game or by using a sandbox system on the user's computer. The Itch app provides a poor man's sandbox. One can wonder why such a feature exists in the Itch app...
Anyone that is in doubt about trusting a new developer should use a sandbox, just in case. There are other things an amateur developer might screw up on your system without intention. The sandbox should at least safeguard browser cookies.
If you had read my other comments here you would not be asking these questions. A badge that makes sure users feel safer and hackers have to use a real name card on itch and spend money and wait, to successfully spread malware. It does not hurt newcomers by blocking them, but newcomers have to buy into getting the badge; it makes old users more trustworthy as they should be.
Sandboxing is the solution if you think the browser is a solution, and it ain't looking good I tell ya. Java had sandboxing for 30 years nobody used it, outside of applets, except me; not even Minecraft modders. So I'm making my own JVM to fix that since Oracle foolishly removed the sandbox in the latest Java version... in the meantime we have to embrace native (or close to native performance/featured VMs like Java/C#, js can't do efficient memory sharing between threads without copying f.ex.) because of power usage: Linux on ARM is the only viable platform long term and until we get a better sandbox than V8 (even with WASM) that will not work.
Time is trust, you want to remove the breaks to go faster. That's an accident waiting to happen.
So? Is this supposed to be mandatory to publish or is this supposed to be an option to have such a verified checkmark? You began your suggestion with Steam as an example. Steam does not have an optional way to verify developers. They verify all of them. And because they verify all of them, there is trust.
If it is an additional option to get a verified checkmark, it will not change the situation. Some games would have more trust, all the rest would still not have such a checkmark and be a hiding place for all the bad uploads.
The sandbox mode I talk about is on operating system level. It separates the user that runs the game from the user that normally uses the system. That's why I called it poor man's sandbox. The game user can't read the files belonging to the regular user.
Time is trust, but time is not trustworthy. I have seen malware that was indexed for two years. Several that were indexed half a year. And I saw hundreds of hacked accounts that were several years old and being used to upload malware. And it happens far too often that Itch will not remove reported malware for several weeks. Nope, time does not make a game trustworthy.
... so something that appears on some accounts. Mostly user accounts that do not publish anyway. Itch does have a verification system already. But they only use for very few accounts.
IP validation does not do much good. If Itch would react to reports within hours they might do something with that information for bulk uploads, but the scammers change IP a lot.
2fa does absolutely nothing here. Neither for new fake accounts, nor for older hacked accounts. And Itch does scan files, but their scanners are not up to the task. Again, if they react within hours and update their scanners within hours and scan older files ... that might do some good. The Itch scanners are so bad, I had downloaded files that even old Windows Defenders outright deleted without asking, so clear was the scan result. But then again, some malware I found did not even trigger a single scanner on virustotal. It is trivial for the bad uploaders to circumvent the Itch scanners by trial and error.
Believe me, I sure wish that there were some changes that would make spamming viruses and scams onto Itch a waste of time for the criminals. It makes me sick to see them every day. But the method you suggest would not solve this issue.
It would solve another issue, but only for long time users turned developers at that. As I said, the trust in the Steam platform is only, because they verify each developer. So to increase trust in Itch, there would need to be verification of all uploads. If you only attach a verified symbol to some few accounts in an automatic manner, those few accounts might be trusted a little bit more, till the criminals find ways to fake the verification process.