To begin with there are several layers of protection built in at acquirer, issuer, network and so on. Almost at each step there's an option to reverse the payment (or issue a compensating transaction) and finally the chargeback and legal recourse.
Bear in mind that each of the business process of the current payment systems exists for a reason. They are the result of decades of learnings and trial and error.
Are there plans to build equivalent features on Blockchain for crypto currencies? Or do their users have to go through the same painful failures?
Basically every crypto enthusiast out there touts the non-reversibility of crypto transactions as its primary feature, not a bug, and that is why I see crypto as generally useless for your average person.
As someone who uses crypto on both ends, I think no reversal is the fairest way. Both sides lie, but the customer lies quite a bit and is usually favored in CC reversals.
"... but but Drugs! Criminals!" is what common people say at this point, to which I answer that drugs and crime flourished long before Bitcoin came to exist.
One was what happened in Lebanon after the port explosion. An Australian who had married a Lebanese wife and moved to Lebanon reported the couple had decided the move was a bad idea, and were saving for a relocation back to Australia. Then the explosion happened, and the government literally ran out of money. The solution was apparently to raid the citizens savings accounts. From https://www.aa.com.tr/en/economy/lebanese-cannot-access-mone... :
> As a result of monetary policies implemented by central bank Governor Riad Salameh, people are currently unable to withdraw money even from local currency accounts, she added.
I don't know if their savings were permanently taken or merely "borrowed" for a while, but in any case the move to Australia was taken off the table when it looked most desirable.
In that scenario, the non-reversibility of Bitcoin transactions looks real attractive. I think it is fair to say crypto currencies look most attractive when the traditional trust networks we humans have crafted out of out of bankers, institutions and laws break down. While the crypto currencies have their weaknesses - the 51% attack is very real and the power consumption of Argentina can seem over the top, they provide a very concrete, measurable level of trustworthiness. You know what it will take to break it. The soft human trust networks can and do break in a myriad of ways, so often we given them a name - "black swan events".
How do we balance it so it can provide a net positive for humanity?
See also this piece by me on social recovery (a related but not quite the same concept): https://vitalik.ca/general/2021/01/11/recovery.html
But this is all not quite the same as reversal and makes different tradeoffs.
What about the stories of companies being scammed via wire transfer?
Of course that's a downside if you are the one who would like law enforcement to happen (either because you are the victim of a theft or you want to enforce on others).
Also fraud can be done with reversible transactions as well, in particular the reversal can be fraudulent; in general, reversible transactions are only really effective if the conveyance of whatever was paid for is also reversible.
If I can reverse a transaction if I get ripped off, I might consider using a smaller or newer vendor. If I can’t then no chance, I’m sticking to the one I trust, even if they don’t have what I want.
Reversible payment methods are a huge boon to merchants, whether they realise it or not.
Obviously any payment method that is a layer over credit cards and US bank transactions is going to want to support reversal; otherwise, in cases like these, the payment processor gets left holding the bag. It's not "the result of decades of learnings and trial and error." It's the result of banking regulations which impose huge risks on anyone who receives money through the banking and credit card system, in order to avoid imposing risks on people who send money.
In many cases, those risks are not inherent to the transaction being conducted; they are introduced by outdated banking business practices that rely on detecting rare frauds after the fact and clearing transactions over the course of weeks or months. Instead of removing the risks, current banking regulations force them on anyone who receives a payment, so the banks don't have to fix them. Cryptocurrencies just remove those risks instead of externalizing them.
And that's why so many payment methods support reversal.
You’d have to be historically illiterate to want to throw this stuff away.
I’m sorry your friend got scammed, but there’s a host of damn good reasons we put the risk on the seller.
This is not a set of outdated practices resulting in ‘risk’ to sellers, it’s deliberate consumer protection.
Cryptocurrencies unilaterally move the risk to the spender and I don't see how that is same as removing risk. A financial transaction is always risky for all the participating parties, there is a chain of liability. You can't make the risk disappear, someone has to bear it and/or underwrite it. Which is why you have all these payment processors that charge x% transaction fees for merchants in exchange for taking on that risk.
A larger point here is disputes will always arise in a business transaction. Which is why we have arbiters who hear both sides of a story and settle the matters. You can't say "Payment reversal is an open invitation to criminals to steal from sellers." and make payers unilaterally liable for every payment they make. That is a recipe for killing a market.
In your friend's case PayPal acted as an arbiter and given that the seller had no proof of sale PayPal made a judgement call to side with the payer. The harsh reality is your friend should have been more careful or said only-cash-accepted.
The entire plan of crypto is to not ever allow that. That's the big innovation.
You're right that a lot of folks don't want features like that, though I just had to point out that this isn't an "innovation" by any wild stretch of the imagination, but rather simply a policy in some implementations.
It's mutable, too, for both banks and crypto: either could allow/disallow such a policy if those involved cared to make it work that way.
One of the big innovations of cryptocurrency is allowing for electronic, cash-like payments. To solution to coercing a “reversal” of a transaction is use the legal system.
> To solution to coercing a “reversal” of a transaction is use the legal system.
Or, just maybe, we could have a system which doesn't need to involve the legal system every time, and protects consumers anyway.
Which we have.
Strange, because from your comments you are based in India and there's simply no way to reverse a bank transfer there or in my own country, can you confirm this? What I've read over the years suggests the complete opposite of what you've said.
A brief internet search brings up:
> Adhil Shetty, CEO & co-founder, Bankbazaar.com, says, "The most important thing to understand is that if a transaction has been made, the bank cannot reverse it from its end without approval from the beneficiary. Bank can only act as a facilitator."
https://www.businesstoday.in/personal-finance/banking/story/...
> According to the Reserve bank of India, it is the senders responsibility to link and transfer money correctly by cross checking the account number and name of the beneficiary. Banks will not be held responsible.
https://www.allonmoney.com/banking/money-transferred-to-wron...
Bank transfer can be invoked within the context of a business transaction (e.g., buying on Amazon) or as a standalone payment with no context attached to it.
In the first case, the money goes through many intermediaries such as payment gateway, merchant, acquirer, etc. In this instance, a customer can dispute a payment at different levels beginning with the merchant (or marketplace), their issuer, and finally file a case in the consumer court. 90% of the disputes get settled by the merchant/marketplace. Issuers typically side with the consumer because their primary customers are consumers. Consumer courts take time to settle a dispute, but they do work.
It's possible for fly-by-night sellers to con a bunch of customers but it's rare. Because payment gateways and acquirers have gotten their act together in recent years and they do stricter KYB checks (Know Your Business).
The bulk of the theft happens through person-to-person bank transfer, i.e., devoid of any business context. Here, the fraudsters con a gullible person to reveal bank credentials and also second-factor auth. Social engineering attacks are also common. But the thing is you always know the destination bank account. So you can track the fraudster as the destination bank would have done a KYC. The key point to note here is that the money can always be physically traced. And there are laws that let victim claw back that money if they can provide sufficient evidence of fraud.
Anyway, there's no issue with building and using a service to handle that for you both on top of the currencies and as a smart contract on the blockchain itself. Most current crypto users just don't seem likely to use it as they prefer the control. This might change as the audience changes.
I'm vaguely aware that there are several checks at the different layers... but I'm puzzled, are there really options to reverse payments at all those layers?
I'm asking, because I've seen multiple times some surprising transactions/unapproved transaction/forgot to cancel a recurring payment...
and, each and every time... the e-money institution/bank/credit card provider, was unable to do anything, until the transaction actually posted.
i.e. while the transaction was still shown as "pending", I couldn't do anything (besides contacting the seller, which obviously wouldn't do anything). Each and every time (when I couldn't eventually get a refund from the seller), I had to wait for the transaction to be posted to be able to file a chargeback
No, transactions are irreversible by design.
If you want this, what you need is an escrow service. Escrow services can conduct transactions in bitcoin or other cryptocoins. I don't know of one, but I believe that they may exist.
I'm not sure I get your objection: Physical cash is exactly the use case for bitcoin.
There will be financial services and other layers built on top of bitcoin, just as it is done for the dollar, and we are seeing the nascent industry now. (Whoever provides insured services first is going to make a mint.)
If so the problem becomes, is your personal security up to defending attackers who want to take your pile of digital gold.
This might actually be the first time for people to learn these lessons. They've been free-riding on the protections that banking regulations provide for all of their lives.
But yes, for me personally, I much prefer deterministically losing 3% to risking 100% (and incentivizing physical attacks).
Is CHAPS reversible? I don’t think it is. Or is it just not exposed as an option to institutions?
A better title would be. "If you get drugged and use Casa, you will be able to save your money"
I'll note that we have seen several folks report being victims of similar attacks since we published this article.
https://twitter.com/Disruptepreneur/status/14131498654759075...
I’m not interested in the service in the slightest but I did get something from it. The read was somewhat entertaining and if I see a friend getting in a similar situation I will be quicker to warn them.
As far as SEO drivel goes, I see much worse than this dozens of times per day.
The writer is Jameson Lopp. There's good solid advice in there for anyone, not just crypto holders, yes he's promoting his own company but it's a big stretch of the imagination to say the bloke is some SEO spammer.
Though it does have some valid points.
So, the girl(s) called Chase posing as my wife and transferred $500 out of my account. A nice chunk of cash, but not too greedy so I could let it go and not pursue it any further. You swallow the embarrassment and move on with your life.
If you got drugged and someone took your phone to do a bank transfer, I would imagine there would be some hope of reversing the transfer, with a whole lot of painful steps. With crypto it's pretty futile if they manage to move it.
Also the $5 wrench attack can evolve, right? Just because you have your keys in different places doesn't mean you can be coerced into getting them together.
Something as simple as using a contract to delay any coin transfers with one or more keys that can stop the transfer is trivial to implement.
Even simple multi-sig is pretty good assuming you don’t rely on two keys both stored in your phone.
For everyday payments, you can use a mobile phone wallet without these protections and worst case you lose a small amount of money if someone takes your phone. It’s just like getting your real wallet stolen and losing cash.
Tell them to give them back to you if you ask in person only.
Suddenly its much harder for the attacker...
Crypto just doesn't work. It's far more harm than good. Every time a weakness is unveiled, we get hand waving from those most invested.
It's bad for the environment, bad for crime, bad for laymen, undemocratic (vote with money), no knobs to adjust monetary/fiscal policy, and it poses as an alternative to government institutions that serve society with things like roads and health care.
Why are we propping up the crypto whales to enable this trash fire?
It's a question of how difficult you make to steal and thus how much riskier you make it for someone to attempt an attack.
As a result I use the supposedly not ok, security by obsecurity. (Along with other normal precautions)
I don't tell people which Bitcoin wallet I recommend, I simply say "I don't tell people where I hide gold".
Although not sure if I could survive devil's breath.
For those who read your comment and feel bad that the humorous angle is reality to them… it isn’t. Don’t let the world make you feel bad about yourself.
For those who read it and get a chuckle about fat people… your world view may benefit from some compassionate adjustment.
Security by obscurity is perfectly OK as part of a layered defense, where your systems are also secured properly. Where it is not OK is when you don't bother to secure your systems because you assume they're hidden and no one will find them.
It's not that it's somehow wrong, the problem with security-by-obscurity is that it's often mistaken for cryptographic security of the Kerchoff kind, where you can reveal the entire scheme, minus the secret key.
Something like port-knocking is a form of security-by-obscurity that is technical enough that someone might mistake it for cryptographic security.
This is important to me, please let me know.
I can freeze withdrawals, whitelist specific addresses, and put time/wait barriers to all of these things.
Edit: I'm not recommending everyone do this. This is a personal risk-management calculation I have made based on my outlook.
Store offline.
Of course, they could put in a 24 hour delay as well for larger transactions. But that's a setting that the user should probably engage themselves.
Also don't use Face ID or fingerprints to open up your phone or especially your password manager or 2FA app.
The question isn’t what happens, but rather how likely it is to happen. I wouldn’t trust any of the current exchanges with my life’s savings, but up to around 20% is a different story.
It's all advertisement. The first paragraph is "Spoiler alert: their funds secured via Casa multisig remain safe."
> the risk is real.
I'm not so sure, I think there's a good chance this was made up. Unless this victim let on how much cryptocurrency he had early on in the conversation, this whole scenario seems too high-risk/low-reward to be very real. I mean, a Tinder account backed by a real person (supposedly with real photos to not put off the mark), waiting for people interested in cryptocurrency to steal it? Not drugging a lot of small fish who were bragging and attracting the attention of the police before finding a whale?
That night, someone on the other side of the world shared a random PDF with me.
I was smart enough not to touch that bad juju PDF, but I wonder if it was an attempt to hack me. Anyone know?
There's no way anyone can answer that unless you share the PDF for analysis (and I couldn't even answer then).
Bitcoin has no privacy by default, so that's not going to work unless people never transact
Lawsuits and criminal proceedings can cause government authority to direct banks and financial institutions to do what they say. Government can set rules to block transactions, or to demand more identification to be tied to a transaction. Even cash can be physically seized and taken by the government. I'm not arguing this is good or bad, just that it is. You can come up with a list of circumstances where this authority is a bad thing, or a good thing.
And in cases like this, we see why that overriding authority can be a good thing. If your bitcoins are stolen, there is nothing anyone can do to get them back. They are gone.
When does non-reversal ever benefit the average Joe?
The only scenarios I can think of is when you transact with non-trustable sources. E.g. buying “stuff” off the darknet (and even here you usually have an escrow).
And that’s just not a use case in most people’s everyday life.
https://github.com/jlopp/physical-bitcoin-attacks/blob/maste...
https://timesofmalta.com/articles/view/victim-describes-his-...
https://www.youtube.com/watch?v=70ZMzE-wQOQ&t=80s
Now it's funny because it's true!
Download to Papa. Yoink-dot-adios-backslash-losers.
Surely after you get roofied after a tinder date with an attacker draining your crypto accounts, you'd file a police report and maybe we'd hear about it in the media?
Unfortunately, while still rare, there are physical attacks perpetrated against bitcoin owners. I've been tracking them for several years. https://github.com/jlopp/physical-bitcoin-attacks
Plus there was the hard hitting advice that “always have a friend who knows all your plans check in with you, to make sure a crime organization isn’t plotting to steal your money”.
Or, more likely, they're just trying to impress you and find common ground! I've seen this many times on dating apps but have never been drugged.
A lot of this advice is great, regardless of whether you're into crypto, but this point is a bit much.
> Compare the person's profile photo when you meet them in real life. If it is questionable that the photos are actually of themselves, that is a red flag.
- You can't transfer money without filling in 2FA credentials
- Suspicious transactions will be flagged (e.g. account draining amounts to another account you've never transfered money to)
- Banks have insurance and will reimburse you the money, whether they can revert the transactions are not. Which leads me to:
- Bank transactions are reversible
- Bank accounts need ID. If money is transfered to someone, they will know the identity of the person receiving money. For dumb people it'll be themselves, for smarter people it'll be their money mule. (never allow strangers or new friends to transfer money through your account no matter how lucrative or trustworthy it may seem). Crypto exchanges are catching up, but crypto doesn't need to be transferred between exchanges.
- Banks are licensed and pay to a national bank; if a bank goes bankrupt (ha), said national bank has you covered. See cases like Icesave and DSB Bank.
But yeah, reversibility, anti fraud / theft prevention and insurance is banks' advantage that the crypto crowd is either unaware of or simply doesn't want to pay for, even if banks are cheap (because they get to play with your money)
https://www.nytimes.com/2019/03/12/technology/how-to-disappe...
