I've been working in the payments industry on and off for 15 years. I am yet to work with a payment method that does not support reversal (except for physical cash). As a last resort victims can file chargeback with their issuers or police.
To begin with there are several layers of protection built in at acquirer, issuer, network and so on. Almost at each step there's an option to reverse the payment (or issue a compensating transaction) and finally the chargeback and legal recourse.
Bear in mind that each of the business process of the current payment systems exists for a reason. They are the result of decades of learnings and trial and error.
Are there plans to build equivalent features on Blockchain for crypto currencies? Or do their users have to go through the same painful failures?
> Are there plans to build equivalent features on Blockchain for crypto currencies?
Basically every crypto enthusiast out there touts the non-reversibility of crypto transactions as its primary feature, not a bug, and that is why I see crypto as generally useless for your average person.
Banks basically act as escrow service, and it's not difficult to build this feature with smart contracts (as long as vendor is comfortable with the money being held by Escrow for a period of time, say a month).
It is, bitcoin is cash on the internet. If you want reversible transactions and credit then use a credit card, I'm pretty sure there are credit cards for crypto now and if there aren't there probably will be soon.
It is for merchants. Chargebacks are abused and can kill your profitability in certain industries. Stripe and PayPal label these has high risks and will shut your account down if you receive too many chargebacks.
As someone who uses crypto on both ends, I think no reversal is the fairest way. Both sides lie, but the customer lies quite a bit and is usually favored in CC reversals.
As a person living in an authoritarian state, the inability of the government or other authority to reverse a payment looks like a very attractive feature to me. Yes, it does have downsides. They just don't look as troublesome as being completely cut off all financial services with a simple stroke of a pen - which was experienced by many members of political opposition in my country.
"... but but Drugs! Criminals!" is what common people say at this point, to which I answer that drugs and crime flourished long before Bitcoin came to exist.
Some things are near incomprehensible to us in the West.
One was what happened in Lebanon after the port explosion. An Australian who had married a Lebanese wife and moved to Lebanon reported the couple had decided the move was a bad idea, and were saving for a relocation back to Australia. Then the explosion happened, and the government literally ran out of money. The solution was apparently to raid the citizens savings accounts. From https://www.aa.com.tr/en/economy/lebanese-cannot-access-mone... :
> As a result of monetary policies implemented by central bank Governor Riad Salameh, people are currently unable to withdraw money even from local currency accounts, she added.
I don't know if their savings were permanently taken or merely "borrowed" for a while, but in any case the move to Australia was taken off the table when it looked most desirable.
In that scenario, the non-reversibility of Bitcoin transactions looks real attractive. I think it is fair to say crypto currencies look most attractive when the traditional trust networks we humans have crafted out of out of bankers, institutions and laws break down. While the crypto currencies have their weaknesses - the 51% attack is very real and the power consumption of Argentina can seem over the top, they provide a very concrete, measurable level of trustworthiness. You know what it will take to break it. The soft human trust networks can and do break in a myriad of ways, so often we given them a name - "black swan events".
This is really the heart of the matter. On hand , yay, great we can subvert nasty states using cryptocoin, but also could undermine legitimate democracies. Swords cuts both ways. No one can deny the wave of ransomware and cryptocoin are not related.
How do we balance it so it can provide a net positive for humanity?
The closest thing to those concepts in crypto would be multisig wallets, including more advanced ones that enforce a "daylimit" where a single key can withdraw a small amount but larger amounts require confirmations from multiple keys or a delay during which another key can cancel the transfer.
>I am yet to work with a payment method that does not support reversal (except for physical cash). As a last resort victims can file chargeback with their issuers or police.
What about the stories of companies being scammed via wire transfer?
This isn't a scam, it's robbery/theft, which is an important distinction. If you're robbed at an ATM the bank will make you whole. If someone lies to you and asks for money, you go to an ATM and give it to them, the bank isn't going to do anything about it.
Wire transfers can be reversed in some cases but it's not as simple as filing a chargeback; AFAIK it requires cooperation between law enforcement and the recipient bank.
Transactions have to be irreversible so that law enforcement is impossible, which is the main selling point of cryptocurrencies.
Of course that's a downside if you are the one who would like law enforcement to happen (either because you are the victim of a theft or you want to enforce on others).
Also fraud can be done with reversible transactions as well, in particular the reversal can be fraudulent; in general, reversible transactions are only really effective if the conveyance of whatever was paid for is also reversible.
Reversible transactions are effective at building trust in situations where you don’t trust the merchant.
If I can reverse a transaction if I get ripped off, I might consider using a smaller or newer vendor. If I can’t then no chance, I’m sticking to the one I trust, even if they don’t have what I want.
Reversible payment methods are a huge boon to merchants, whether they realise it or not.
Payment reversal is an open invitation to criminals to steal from sellers. A friend of mine had his laptop stolen via payment reversal. Listed it on Craigslist for sale, a woman paid by PayPal and then came by to pick it up, and after she left she reversed the payment. PayPal automatically took her side because he didn't have a shipping tracking number. Cashier's-check scams are another classic form of this crime: https://www.vox.com/the-goods/2019/8/19/20808526/cashiers-ch...https://www.consumer.ftc.gov/articles/how-spot-avoid-and-rep...
Obviously any payment method that is a layer over credit cards and US bank transactions is going to want to support reversal; otherwise, in cases like these, the payment processor gets left holding the bag. It's not "the result of decades of learnings and trial and error." It's the result of banking regulations which impose huge risks on anyone who receives money through the banking and credit card system, in order to avoid imposing risks on people who send money.
In many cases, those risks are not inherent to the transaction being conducted; they are introduced by outdated banking business practices that rely on detecting rare frauds after the fact and clearing transactions over the course of weeks or months. Instead of removing the risks, current banking regulations force them on anyone who receives a payment, so the banks don't have to fix them. Cryptocurrencies just remove those risks instead of externalizing them.
And that's why so many payment methods support reversal.
> Cryptocurrencies just remove those risks instead of externalizing them.
Cryptocurrencies unilaterally move the risk to the spender and I don't see how that is same as removing risk. A financial transaction is always risky for all the participating parties, there is a chain of liability. You can't make the risk disappear, someone has to bear it and/or underwrite it. Which is why you have all these payment processors that charge x% transaction fees for merchants in exchange for taking on that risk.
A larger point here is disputes will always arise in a business transaction. Which is why we have arbiters who hear both sides of a story and settle the matters. You can't say "Payment reversal is an open invitation to criminals to steal from sellers." and make payers unilaterally liable for every payment they make. That is a recipe for killing a market.
In your friend's case PayPal acted as an arbiter and given that the seller had no proof of sale PayPal made a judgement call to side with the payer. The harsh reality is your friend should have been more careful or said only-cash-accepted.
You're right that a lot of folks don't want features like that, though I just had to point out that this isn't an "innovation" by any wild stretch of the imagination, but rather simply a policy in some implementations.
It's mutable, too, for both banks and crypto: either could allow/disallow such a policy if those involved cared to make it work that way.
Paying by cash is irreversible. That’s how payments were until credit cards and the Internet came along.
One of the big innovations of cryptocurrency is allowing for electronic, cash-like payments. To solution to coercing a “reversal” of a transaction is use the legal system.
> I am yet to work with a payment method that does not support reversal
Strange, because from your comments you are based in India and there's simply no way to reverse a bank transfer there or in my own country, can you confirm this? What I've read over the years suggests the complete opposite of what you've said.
A brief internet search brings up:
> Adhil Shetty, CEO & co-founder, Bankbazaar.com, says, "The most important thing to understand is that if a transaction has been made, the bank cannot reverse it from its end without approval from the beneficiary. Bank can only act as a facilitator."
> According to the Reserve bank of India, it is the senders responsibility to link and transfer money correctly by cross checking the account number and name of the beneficiary. Banks will not be held responsible.
Semantically you are right, however there's more to it.
Bank transfer can be invoked within the context of a business transaction (e.g., buying on Amazon) or as a standalone payment with no context attached to it.
In the first case, the money goes through many intermediaries such as payment gateway, merchant, acquirer, etc. In this instance, a customer can dispute a payment at different levels beginning with the merchant (or marketplace), their issuer, and finally file a case in the consumer court. 90% of the disputes get settled by the merchant/marketplace. Issuers typically side with the consumer because their primary customers are consumers. Consumer courts take time to settle a dispute, but they do work.
It's possible for fly-by-night sellers to con a bunch of customers but it's rare. Because payment gateways and acquirers have gotten their act together in recent years and they do stricter KYB checks (Know Your Business).
The bulk of the theft happens through person-to-person bank transfer, i.e., devoid of any business context. Here, the fraudsters con a gullible person to reveal bank credentials and also second-factor auth. Social engineering attacks are also common. But the thing is you always know the destination bank account. So you can track the fraudster as the destination bank would have done a KYC. The key point to note here is that the money can always be physically traced. And there are laws that let victim claw back that money if they can provide sufficient evidence of fraud.
My bank also in theory supports reversing transactions but last two times I've asked them to they didn't do it anyway.
Anyway, there's no issue with building and using a service to handle that for you both on top of the currencies and as a smart contract on the blockchain itself. Most current crypto users just don't seem likely to use it as they prefer the control. This might change as the audience changes.
> To begin with there are several layers of protection built in at acquirer, issuer, network and so on. Almost at each step there's an option to reverse the payment (or issue a compensating transaction) and finally the chargeback and legal recourse
I'm vaguely aware that there are several checks at the different layers... but I'm puzzled, are there really options to reverse payments at all those layers?
I'm asking, because I've seen multiple times some surprising transactions/unapproved transaction/forgot to cancel a recurring payment...
and, each and every time... the e-money institution/bank/credit card provider, was unable to do anything, until the transaction actually posted.
i.e. while the transaction was still shown as "pending", I couldn't do anything (besides contacting the seller, which obviously wouldn't do anything). Each and every time (when I couldn't eventually get a refund from the seller), I had to wait for the transaction to be posted to be able to file a chargeback
> Are there plans to build equivalent features on Blockchain for crypto currencies?
No, transactions are irreversible by design.
If you want this, what you need is an escrow service. Escrow services can conduct transactions in bitcoin or other cryptocoins. I don't know of one, but I believe that they may exist.
Ethereum has had a couple of reversible payment systems built over the years, but nobody used them. Non-reversible, immediate, guaranteed transactions are just more convenient outside of a few edge cases
As kind of an outsider to a lot of things payment and crypto, just a normal consumer, I feel like this is a scenario where you don't know you're an edge case until it's too late.
"A few edge cases" including the fact that a sizeable chunk of the population will go through extremely convoluted means to steal from you, especially in the case of non-reversible, immediate, and guaranteed transactions?
> I am yet to work with a payment method that does not support reversal (except for physical cash).
I'm not sure I get your objection: Physical cash is exactly the use case for bitcoin.
There will be financial services and other layers built on top of bitcoin, just as it is done for the dollar, and we are seeing the nascent industry now. (Whoever provides insured services first is going to make a mint.)
Yeah, this is the part of the cryptocurrency I don’t understand… i feel most people are way more likely to need to have a charge reversed because of fraud than to have some payment to them reversed in fraud…why would we want to make the more likely situation impossible to protect against the more rare situation?
Well obviously core users of Bitcoin like ransomware artists don't want their gainz reversed. Most people who really use (as opposed to hodl) bitcoin outside of speculation are criminals.
This article reads like an advert for this service (casa) pushing for similar bank guarantees / insurance as traditional banks, so er. Yeah basically the same thing. I mean if someone steals your cash money there's no way to get it back either.
> Or do their users have to go through the same painful failures?
This might actually be the first time for people to learn these lessons. They've been free-riding on the protections that banking regulations provide for all of their lives.
To be fair, they haven't been free-riding. Credit cards force prices up by about 3% for a reason, and checking accounts don't give you market yields for a reason.
But yes, for me personally, I much prefer deterministically losing 3% to risking 100% (and incentivizing physical attacks).
Most of these systems are not actually reversible at the protocol level. They sometimes offer cancellation at stages prior to settlement. When needed, transactions are most often "reversed" at the governance level.
You're free to believe that I (the author) made up this story. I'm not a fiction writer; the Bitcoin security space is exciting enough without needing to waste time making stories up.
I'll note that we have seen several folks report being victims of similar attacks since we published this article.
FYI this comment actually had the effect of confirming that the story is all but made up - there is nothing remotely resembling evidence anywhere, including in this ostensibly defensive comment.
It’s fine to sell something in a blog post if you’re providing something of value in return. They are also pretty overt about the fact that they are selling something.
I’m not interested in the service in the slightest but I did get something from it. The read was somewhat entertaining and if I see a friend getting in a similar situation I will be quicker to warn them.
As far as SEO drivel goes, I see much worse than this dozens of times per day.
The writer is Jameson Lopp. There's good solid advice in there for anyone, not just crypto holders, yes he's promoting his own company but it's a big stretch of the imagination to say the bloke is some SEO spammer.
If the money were in a bank or investment account, the worst this guy would have to deal with (in the US) is a little aggravation when getting the fraudulent transactions reversed. Personally I wouldn't reveal to strangers that I'm into crypto. It's like broadcasting the fact that you've got thousands of dollars of cash in your pocket.
I got roofied once in a bar and the next thing I knew I was going back to my place in the back of a car. They gave me weed, too. You are completely out of it, you will say whatever they ask you. This is how truth serum works, at its core.
So, the girl(s) called Chase posing as my wife and transferred $500 out of my account. A nice chunk of cash, but not too greedy so I could let it go and not pursue it any further. You swallow the embarrassment and move on with your life.
But if you don't have the keys to move your money, it becomes a lot less useful as money. It's still like gold though, something that you have a sort of vault that you rarely visit.
If you got drugged and someone took your phone to do a bank transfer, I would imagine there would be some hope of reversing the transfer, with a whole lot of painful steps. With crypto it's pretty futile if they manage to move it.
Also the $5 wrench attack can evolve, right? Just because you have your keys in different places doesn't mean you can be coerced into getting them together.
It’s pretty easy to make it hard to move your crypto while you maintain access to all keys involved. It becomes even easier if you use a blockchain that supports smart contracts.
Something as simple as using a contract to delay any coin transfers with one or more keys that can stop the transfer is trivial to implement.
Even simple multi-sig is pretty good assuming you don’t rely on two keys both stored in your phone.
For everyday payments, you can use a mobile phone wallet without these protections and worst case you lose a small amount of money if someone takes your phone. It’s just like getting your real wallet stolen and losing cash.
This is all too complicated for all but a handful of people.
Crypto just doesn't work. It's far more harm than good. Every time a weakness is unveiled, we get hand waving from those most invested.
It's bad for the environment, bad for crime, bad for laymen, undemocratic (vote with money), no knobs to adjust monetary/fiscal policy, and it poses as an alternative to government institutions that serve society with things like roads and health care.
Why are we propping up the crypto whales to enable this trash fire?
Overweight people are worthy of, and capable of, finding love. I know your comment is in jest but it also propagates negativity in a way that is corrosive to others’ self-worth.
For those who read your comment and feel bad that the humorous angle is reality to them… it isn’t. Don’t let the world make you feel bad about yourself.
For those who read it and get a chuckle about fat people… your world view may benefit from some compassionate adjustment.
> As a result I use the supposedly not ok, security by obsecurity.
Security by obscurity is perfectly OK as part of a layered defense, where your systems are also secured properly. Where it is not OK is when you don't bother to secure your systems because you assume they're hidden and no one will find them.
> As a result I use the supposedly not ok, security by obsecurity. (Along with other normal precautions)
It's not that it's somehow wrong, the problem with security-by-obscurity is that it's often mistaken for cryptographic security of the Kerchoff kind, where you can reveal the entire scheme, minus the secret key.
Something like port-knocking is a form of security-by-obscurity that is technical enough that someone might mistake it for cryptographic security.
"Not your keys, not your Crypto" is good advice, but I personally prefer to leave my wallet in the hands of a trusted large exchange like Gemini, Coinbase, or Kraken. Not only do they have better security than I do, they also have a whole slew of extra barriers in the event a malicious actor wants to drain my funds.
I can freeze withdrawals, whitelist specific addresses, and put time/wait barriers to all of these things.
Edit: I'm not recommending everyone do this. This is a personal risk-management calculation I have made based on my outlook.
Or like in this article, the victim gave access to their phone to the thief - that's 2nd factor authentication broken, and if their password manager is also unlocked (e.g. via Face ID or by coercion to put their password in) that'll give the thief full access to the account.
Of course, they could put in a 24 hour delay as well for larger transactions. But that's a setting that the user should probably engage themselves.
Also don't use Face ID or fingerprints to open up your phone or especially your password manager or 2FA app.
What happens if you get hacked? You lose all your money.
The question isn’t what happens, but rather how likely it is to happen. I wouldn’t trust any of the current exchanges with my life’s savings, but up to around 20% is a different story.
While the article seems part-advertisement, the risk is real. Best not to let strangers know your worth, and use multi-factor authentication everywhere. It's a disgusting (and beautiful) world we live in!
It's all advertisement. The first paragraph is "Spoiler alert: their funds secured via Casa multisig remain safe."
> the risk is real.
I'm not so sure, I think there's a good chance this was made up. Unless this victim let on how much cryptocurrency he had early on in the conversation, this whole scenario seems too high-risk/low-reward to be very real. I mean, a Tinder account backed by a real person (supposedly with real photos to not put off the mark), waiting for people interested in cryptocurrency to steal it? Not drugging a lot of small fish who were bragging and attracting the attention of the police before finding a whale?
Here's one take: You don't go around calling yourself a crypto trader if you do not have a significant stake. The victim engaged with the thief because they too had "I am a crypto trader" in their bio, which indicates they may be equally wealthy. It's a kind of financial classism, common financial ground, possibly "falling into wealth" from low investments, etc.
Cryptocurrencies offer a single property that is both good and bad: there is no authority who can reverse or block a transaction against the will of the participants.
Lawsuits and criminal proceedings can cause government authority to direct banks and financial institutions to do what they say. Government can set rules to block transactions, or to demand more identification to be tied to a transaction. Even cash can be physically seized and taken by the government. I'm not arguing this is good or bad, just that it is. You can come up with a list of circumstances where this authority is a bad thing, or a good thing.
And in cases like this, we see why that overriding authority can be a good thing. If your bitcoins are stolen, there is nothing anyone can do to get them back. They are gone.
Government can also seize your crypto but that’s besides the point.
When does non-reversal ever benefit the average Joe?
The only scenarios I can think of is when you transact with non-trustable sources. E.g. buying “stuff” off the darknet (and even here you usually have an escrow).
And that’s just not a use case in most people’s everyday life.
Readit News
To begin with there are several layers of protection built in at acquirer, issuer, network and so on. Almost at each step there's an option to reverse the payment (or issue a compensating transaction) and finally the chargeback and legal recourse.
Bear in mind that each of the business process of the current payment systems exists for a reason. They are the result of decades of learnings and trial and error.
Are there plans to build equivalent features on Blockchain for crypto currencies? Or do their users have to go through the same painful failures?
Basically every crypto enthusiast out there touts the non-reversibility of crypto transactions as its primary feature, not a bug, and that is why I see crypto as generally useless for your average person.
As someone who uses crypto on both ends, I think no reversal is the fairest way. Both sides lie, but the customer lies quite a bit and is usually favored in CC reversals.
"... but but Drugs! Criminals!" is what common people say at this point, to which I answer that drugs and crime flourished long before Bitcoin came to exist.
One was what happened in Lebanon after the port explosion. An Australian who had married a Lebanese wife and moved to Lebanon reported the couple had decided the move was a bad idea, and were saving for a relocation back to Australia. Then the explosion happened, and the government literally ran out of money. The solution was apparently to raid the citizens savings accounts. From https://www.aa.com.tr/en/economy/lebanese-cannot-access-mone... :
> As a result of monetary policies implemented by central bank Governor Riad Salameh, people are currently unable to withdraw money even from local currency accounts, she added.
I don't know if their savings were permanently taken or merely "borrowed" for a while, but in any case the move to Australia was taken off the table when it looked most desirable.
In that scenario, the non-reversibility of Bitcoin transactions looks real attractive. I think it is fair to say crypto currencies look most attractive when the traditional trust networks we humans have crafted out of out of bankers, institutions and laws break down. While the crypto currencies have their weaknesses - the 51% attack is very real and the power consumption of Argentina can seem over the top, they provide a very concrete, measurable level of trustworthiness. You know what it will take to break it. The soft human trust networks can and do break in a myriad of ways, so often we given them a name - "black swan events".
https://en.wikipedia.org/wiki/Four_Horsemen_of_the_Infocalyp...
How do we balance it so it can provide a net positive for humanity?
See also this piece by me on social recovery (a related but not quite the same concept): https://vitalik.ca/general/2021/01/11/recovery.html
But this is all not quite the same as reversal and makes different tradeoffs.
What about the stories of companies being scammed via wire transfer?
Of course that's a downside if you are the one who would like law enforcement to happen (either because you are the victim of a theft or you want to enforce on others).
Also fraud can be done with reversible transactions as well, in particular the reversal can be fraudulent; in general, reversible transactions are only really effective if the conveyance of whatever was paid for is also reversible.
If I can reverse a transaction if I get ripped off, I might consider using a smaller or newer vendor. If I can’t then no chance, I’m sticking to the one I trust, even if they don’t have what I want.
Reversible payment methods are a huge boon to merchants, whether they realise it or not.
Obviously any payment method that is a layer over credit cards and US bank transactions is going to want to support reversal; otherwise, in cases like these, the payment processor gets left holding the bag. It's not "the result of decades of learnings and trial and error." It's the result of banking regulations which impose huge risks on anyone who receives money through the banking and credit card system, in order to avoid imposing risks on people who send money.
In many cases, those risks are not inherent to the transaction being conducted; they are introduced by outdated banking business practices that rely on detecting rare frauds after the fact and clearing transactions over the course of weeks or months. Instead of removing the risks, current banking regulations force them on anyone who receives a payment, so the banks don't have to fix them. Cryptocurrencies just remove those risks instead of externalizing them.
And that's why so many payment methods support reversal.
You’d have to be historically illiterate to want to throw this stuff away.
I’m sorry your friend got scammed, but there’s a host of damn good reasons we put the risk on the seller.
This is not a set of outdated practices resulting in ‘risk’ to sellers, it’s deliberate consumer protection.
Cryptocurrencies unilaterally move the risk to the spender and I don't see how that is same as removing risk. A financial transaction is always risky for all the participating parties, there is a chain of liability. You can't make the risk disappear, someone has to bear it and/or underwrite it. Which is why you have all these payment processors that charge x% transaction fees for merchants in exchange for taking on that risk.
A larger point here is disputes will always arise in a business transaction. Which is why we have arbiters who hear both sides of a story and settle the matters. You can't say "Payment reversal is an open invitation to criminals to steal from sellers." and make payers unilaterally liable for every payment they make. That is a recipe for killing a market.
In your friend's case PayPal acted as an arbiter and given that the seller had no proof of sale PayPal made a judgement call to side with the payer. The harsh reality is your friend should have been more careful or said only-cash-accepted.
The entire plan of crypto is to not ever allow that. That's the big innovation.
You're right that a lot of folks don't want features like that, though I just had to point out that this isn't an "innovation" by any wild stretch of the imagination, but rather simply a policy in some implementations.
It's mutable, too, for both banks and crypto: either could allow/disallow such a policy if those involved cared to make it work that way.
One of the big innovations of cryptocurrency is allowing for electronic, cash-like payments. To solution to coercing a “reversal” of a transaction is use the legal system.
> To solution to coercing a “reversal” of a transaction is use the legal system.
Or, just maybe, we could have a system which doesn't need to involve the legal system every time, and protects consumers anyway.
Which we have.
Strange, because from your comments you are based in India and there's simply no way to reverse a bank transfer there or in my own country, can you confirm this? What I've read over the years suggests the complete opposite of what you've said.
A brief internet search brings up:
> Adhil Shetty, CEO & co-founder, Bankbazaar.com, says, "The most important thing to understand is that if a transaction has been made, the bank cannot reverse it from its end without approval from the beneficiary. Bank can only act as a facilitator."
https://www.businesstoday.in/personal-finance/banking/story/...
> According to the Reserve bank of India, it is the senders responsibility to link and transfer money correctly by cross checking the account number and name of the beneficiary. Banks will not be held responsible.
https://www.allonmoney.com/banking/money-transferred-to-wron...
Bank transfer can be invoked within the context of a business transaction (e.g., buying on Amazon) or as a standalone payment with no context attached to it.
In the first case, the money goes through many intermediaries such as payment gateway, merchant, acquirer, etc. In this instance, a customer can dispute a payment at different levels beginning with the merchant (or marketplace), their issuer, and finally file a case in the consumer court. 90% of the disputes get settled by the merchant/marketplace. Issuers typically side with the consumer because their primary customers are consumers. Consumer courts take time to settle a dispute, but they do work.
It's possible for fly-by-night sellers to con a bunch of customers but it's rare. Because payment gateways and acquirers have gotten their act together in recent years and they do stricter KYB checks (Know Your Business).
The bulk of the theft happens through person-to-person bank transfer, i.e., devoid of any business context. Here, the fraudsters con a gullible person to reveal bank credentials and also second-factor auth. Social engineering attacks are also common. But the thing is you always know the destination bank account. So you can track the fraudster as the destination bank would have done a KYC. The key point to note here is that the money can always be physically traced. And there are laws that let victim claw back that money if they can provide sufficient evidence of fraud.
Anyway, there's no issue with building and using a service to handle that for you both on top of the currencies and as a smart contract on the blockchain itself. Most current crypto users just don't seem likely to use it as they prefer the control. This might change as the audience changes.
I'm vaguely aware that there are several checks at the different layers... but I'm puzzled, are there really options to reverse payments at all those layers?
I'm asking, because I've seen multiple times some surprising transactions/unapproved transaction/forgot to cancel a recurring payment...
and, each and every time... the e-money institution/bank/credit card provider, was unable to do anything, until the transaction actually posted.
i.e. while the transaction was still shown as "pending", I couldn't do anything (besides contacting the seller, which obviously wouldn't do anything). Each and every time (when I couldn't eventually get a refund from the seller), I had to wait for the transaction to be posted to be able to file a chargeback
No, transactions are irreversible by design.
If you want this, what you need is an escrow service. Escrow services can conduct transactions in bitcoin or other cryptocoins. I don't know of one, but I believe that they may exist.
I'm not sure I get your objection: Physical cash is exactly the use case for bitcoin.
There will be financial services and other layers built on top of bitcoin, just as it is done for the dollar, and we are seeing the nascent industry now. (Whoever provides insured services first is going to make a mint.)
If so the problem becomes, is your personal security up to defending attackers who want to take your pile of digital gold.
This might actually be the first time for people to learn these lessons. They've been free-riding on the protections that banking regulations provide for all of their lives.
But yes, for me personally, I much prefer deterministically losing 3% to risking 100% (and incentivizing physical attacks).
Is CHAPS reversible? I don’t think it is. Or is it just not exposed as an option to institutions?
Dead Comment
A better title would be. "If you get drugged and use Casa, you will be able to save your money"
I'll note that we have seen several folks report being victims of similar attacks since we published this article.
https://twitter.com/Disruptepreneur/status/14131498654759075...
https://twitter.com/jayzalowitz/status/1413165187205455882
https://twitter.com/e_acorral/status/1413168523250180097
I’m not interested in the service in the slightest but I did get something from it. The read was somewhat entertaining and if I see a friend getting in a similar situation I will be quicker to warn them.
As far as SEO drivel goes, I see much worse than this dozens of times per day.
The writer is Jameson Lopp. There's good solid advice in there for anyone, not just crypto holders, yes he's promoting his own company but it's a big stretch of the imagination to say the bloke is some SEO spammer.
https://www.lopp.net/
Though it does have some valid points.
So, the girl(s) called Chase posing as my wife and transferred $500 out of my account. A nice chunk of cash, but not too greedy so I could let it go and not pursue it any further. You swallow the embarrassment and move on with your life.
If you got drugged and someone took your phone to do a bank transfer, I would imagine there would be some hope of reversing the transfer, with a whole lot of painful steps. With crypto it's pretty futile if they manage to move it.
Also the $5 wrench attack can evolve, right? Just because you have your keys in different places doesn't mean you can be coerced into getting them together.
Something as simple as using a contract to delay any coin transfers with one or more keys that can stop the transfer is trivial to implement.
Even simple multi-sig is pretty good assuming you don’t rely on two keys both stored in your phone.
For everyday payments, you can use a mobile phone wallet without these protections and worst case you lose a small amount of money if someone takes your phone. It’s just like getting your real wallet stolen and losing cash.
https://en.bitcoin.it/wiki/Timelock
Tell them to give them back to you if you ask in person only.
Suddenly its much harder for the attacker...
Crypto just doesn't work. It's far more harm than good. Every time a weakness is unveiled, we get hand waving from those most invested.
It's bad for the environment, bad for crime, bad for laymen, undemocratic (vote with money), no knobs to adjust monetary/fiscal policy, and it poses as an alternative to government institutions that serve society with things like roads and health care.
Why are we propping up the crypto whales to enable this trash fire?
It's a question of how difficult you make to steal and thus how much riskier you make it for someone to attempt an attack.
As a result I use the supposedly not ok, security by obsecurity. (Along with other normal precautions)
I don't tell people which Bitcoin wallet I recommend, I simply say "I don't tell people where I hide gold".
Although not sure if I could survive devil's breath.
For those who read your comment and feel bad that the humorous angle is reality to them… it isn’t. Don’t let the world make you feel bad about yourself.
For those who read it and get a chuckle about fat people… your world view may benefit from some compassionate adjustment.
Security by obscurity is perfectly OK as part of a layered defense, where your systems are also secured properly. Where it is not OK is when you don't bother to secure your systems because you assume they're hidden and no one will find them.
It's not that it's somehow wrong, the problem with security-by-obscurity is that it's often mistaken for cryptographic security of the Kerchoff kind, where you can reveal the entire scheme, minus the secret key.
Something like port-knocking is a form of security-by-obscurity that is technical enough that someone might mistake it for cryptographic security.
This is important to me, please let me know.
I can freeze withdrawals, whitelist specific addresses, and put time/wait barriers to all of these things.
Edit: I'm not recommending everyone do this. This is a personal risk-management calculation I have made based on my outlook.
Store offline.
Of course, they could put in a 24 hour delay as well for larger transactions. But that's a setting that the user should probably engage themselves.
Also don't use Face ID or fingerprints to open up your phone or especially your password manager or 2FA app.
The question isn’t what happens, but rather how likely it is to happen. I wouldn’t trust any of the current exchanges with my life’s savings, but up to around 20% is a different story.
It's all advertisement. The first paragraph is "Spoiler alert: their funds secured via Casa multisig remain safe."
> the risk is real.
I'm not so sure, I think there's a good chance this was made up. Unless this victim let on how much cryptocurrency he had early on in the conversation, this whole scenario seems too high-risk/low-reward to be very real. I mean, a Tinder account backed by a real person (supposedly with real photos to not put off the mark), waiting for people interested in cryptocurrency to steal it? Not drugging a lot of small fish who were bragging and attracting the attention of the police before finding a whale?
That night, someone on the other side of the world shared a random PDF with me.
I was smart enough not to touch that bad juju PDF, but I wonder if it was an attempt to hack me. Anyone know?
There's no way anyone can answer that unless you share the PDF for analysis (and I couldn't even answer then).
Bitcoin has no privacy by default, so that's not going to work unless people never transact
Lawsuits and criminal proceedings can cause government authority to direct banks and financial institutions to do what they say. Government can set rules to block transactions, or to demand more identification to be tied to a transaction. Even cash can be physically seized and taken by the government. I'm not arguing this is good or bad, just that it is. You can come up with a list of circumstances where this authority is a bad thing, or a good thing.
And in cases like this, we see why that overriding authority can be a good thing. If your bitcoins are stolen, there is nothing anyone can do to get them back. They are gone.
When does non-reversal ever benefit the average Joe?
The only scenarios I can think of is when you transact with non-trustable sources. E.g. buying “stuff” off the darknet (and even here you usually have an escrow).
And that’s just not a use case in most people’s everyday life.