To begin with there are several layers of protection built in at acquirer, issuer, network and so on. Almost at each step there's an option to reverse the payment (or issue a compensating transaction) and finally the chargeback and legal recourse.
Bear in mind that each of the business process of the current payment systems exists for a reason. They are the result of decades of learnings and trial and error.
Are there plans to build equivalent features on Blockchain for crypto currencies? Or do their users have to go through the same painful failures?
Basically every crypto enthusiast out there touts the non-reversibility of crypto transactions as its primary feature, not a bug, and that is why I see crypto as generally useless for your average person.
Right, so it's important to understand the context in which cash is used.
The vast majority of cash transactions take place in exchange for goods/services rendered immediately. Like I go to a grocery store, buy a pound of bread and pay cash. So disputes are settled right there and then, merchant and customer talk it out. Also, about 90% of cases ticket size is ~20$ so even if a dispute isn't settled in spender's favour it's no big deal. The spender will not transact at the merchant again so in fact more often than not merchants are willing to settle in favour of customers.
Now for larger ticket items I'd hypothesise that 99% of them are done through online through credit-card, bank transfer and what not. Due to safety reasons customer as well as merchant wouldn't want to deal with big sums of physical cash.
That leaves us with suitcase piles of cash being paid; and it's not hard to guess it's mostly being done to avoid authorities. Note that there is a legitimate use case for moving large piles of cash, say casino depositing daily earnings at their local bank. That is not a transaction in a meaningful sense.
At the end of the day, there is a fundamental judgement call when it comes to disputes: was the product "substantially not as described"? who has better evidence? etc. Once you put an arbiter in the middle, making this decision (which, again, I argue is an essential point of the modern financial system) the entire raison d'etre of crypto goes away.
As someone who uses crypto on both ends, I think no reversal is the fairest way. Both sides lie, but the customer lies quite a bit and is usually favored in CC reversals.
"... but but Drugs! Criminals!" is what common people say at this point, to which I answer that drugs and crime flourished long before Bitcoin came to exist.
One was what happened in Lebanon after the port explosion. An Australian who had married a Lebanese wife and moved to Lebanon reported the couple had decided the move was a bad idea, and were saving for a relocation back to Australia. Then the explosion happened, and the government literally ran out of money. The solution was apparently to raid the citizens savings accounts. From https://www.aa.com.tr/en/economy/lebanese-cannot-access-mone... :
> As a result of monetary policies implemented by central bank Governor Riad Salameh, people are currently unable to withdraw money even from local currency accounts, she added.
I don't know if their savings were permanently taken or merely "borrowed" for a while, but in any case the move to Australia was taken off the table when it looked most desirable.
In that scenario, the non-reversibility of Bitcoin transactions looks real attractive. I think it is fair to say crypto currencies look most attractive when the traditional trust networks we humans have crafted out of out of bankers, institutions and laws break down. While the crypto currencies have their weaknesses - the 51% attack is very real and the power consumption of Argentina can seem over the top, they provide a very concrete, measurable level of trustworthiness. You know what it will take to break it. The soft human trust networks can and do break in a myriad of ways, so often we given them a name - "black swan events".
How do we balance it so it can provide a net positive for humanity?
Legitimate democracy can't be undermined by an international currency not controlled be the government. In fact, it can be reinforced by it.
This issue is very similar to free speech: the good it does by making the government unable to silence political opponents far outweights the harm done by extremists and lunatics of all sorts.
See also this piece by me on social recovery (a related but not quite the same concept): https://vitalik.ca/general/2021/01/11/recovery.html
But this is all not quite the same as reversal and makes different tradeoffs.
What about the stories of companies being scammed via wire transfer?
Hits me a little different now…
And be prepared to wait 24 - 72 hours for final confirmation!
Of course that's a downside if you are the one who would like law enforcement to happen (either because you are the victim of a theft or you want to enforce on others).
Also fraud can be done with reversible transactions as well, in particular the reversal can be fraudulent; in general, reversible transactions are only really effective if the conveyance of whatever was paid for is also reversible.
If I can reverse a transaction if I get ripped off, I might consider using a smaller or newer vendor. If I can’t then no chance, I’m sticking to the one I trust, even if they don’t have what I want.
Reversible payment methods are a huge boon to merchants, whether they realise it or not.
Obviously any payment method that is a layer over credit cards and US bank transactions is going to want to support reversal; otherwise, in cases like these, the payment processor gets left holding the bag. It's not "the result of decades of learnings and trial and error." It's the result of banking regulations which impose huge risks on anyone who receives money through the banking and credit card system, in order to avoid imposing risks on people who send money.
In many cases, those risks are not inherent to the transaction being conducted; they are introduced by outdated banking business practices that rely on detecting rare frauds after the fact and clearing transactions over the course of weeks or months. Instead of removing the risks, current banking regulations force them on anyone who receives a payment, so the banks don't have to fix them. Cryptocurrencies just remove those risks instead of externalizing them.
And that's why so many payment methods support reversal.
You’d have to be historically illiterate to want to throw this stuff away.
I’m sorry your friend got scammed, but there’s a host of damn good reasons we put the risk on the seller.
This is not a set of outdated practices resulting in ‘risk’ to sellers, it’s deliberate consumer protection.
But there are additional, unnecessary risks created by the banking system, and for many transactions (like when the thief stole my friend's laptop, or transactions that result in identity fraud) those risks are the vast majority of the total risk. In those cases, cryptocurrency solves the problem; it doesn't just shift the risk back to the buyer.
Cryptocurrencies unilaterally move the risk to the spender and I don't see how that is same as removing risk. A financial transaction is always risky for all the participating parties, there is a chain of liability. You can't make the risk disappear, someone has to bear it and/or underwrite it. Which is why you have all these payment processors that charge x% transaction fees for merchants in exchange for taking on that risk.
A larger point here is disputes will always arise in a business transaction. Which is why we have arbiters who hear both sides of a story and settle the matters. You can't say "Payment reversal is an open invitation to criminals to steal from sellers." and make payers unilaterally liable for every payment they make. That is a recipe for killing a market.
In your friend's case PayPal acted as an arbiter and given that the seller had no proof of sale PayPal made a judgement call to side with the payer. The harsh reality is your friend should have been more careful or said only-cash-accepted.
The entire plan of crypto is to not ever allow that. That's the big innovation.
You're right that a lot of folks don't want features like that, though I just had to point out that this isn't an "innovation" by any wild stretch of the imagination, but rather simply a policy in some implementations.
It's mutable, too, for both banks and crypto: either could allow/disallow such a policy if those involved cared to make it work that way.
Reversals would mean that there is some authority that can declare arbitrary transaction to be valid or not, and cryptocurrency is exercise in creation of payment system without such trusted party.
So no, would not call it simply a policy.
One of the big innovations of cryptocurrency is allowing for electronic, cash-like payments. To solution to coercing a “reversal” of a transaction is use the legal system.
> To solution to coercing a “reversal” of a transaction is use the legal system.
Or, just maybe, we could have a system which doesn't need to involve the legal system every time, and protects consumers anyway.
Which we have.
You omitted the part where this solution requires a surcharge of ~3% on every single transaction we make with our credit cards.
In a civilized society, this is how transactions work:
You research the merchant and judge whether they are trustworthy. You decide they are, and purchase an item from them. If you have a problem with the item, you request a refund. They ask for the product back, and then they send you the refund.
Nothing in the above paragraph requires a credit card processor to enable a reversal of funds.
If they refuse to provide a refund, that is their choice, but relying upon a central god-like money authority to judge whether they made the "correct" one is bonkers. That's under jurisdiction of the law.
Strange, because from your comments you are based in India and there's simply no way to reverse a bank transfer there or in my own country, can you confirm this? What I've read over the years suggests the complete opposite of what you've said.
A brief internet search brings up:
> Adhil Shetty, CEO & co-founder, Bankbazaar.com, says, "The most important thing to understand is that if a transaction has been made, the bank cannot reverse it from its end without approval from the beneficiary. Bank can only act as a facilitator."
https://www.businesstoday.in/personal-finance/banking/story/...
> According to the Reserve bank of India, it is the senders responsibility to link and transfer money correctly by cross checking the account number and name of the beneficiary. Banks will not be held responsible.
https://www.allonmoney.com/banking/money-transferred-to-wron...
Bank transfer can be invoked within the context of a business transaction (e.g., buying on Amazon) or as a standalone payment with no context attached to it.
In the first case, the money goes through many intermediaries such as payment gateway, merchant, acquirer, etc. In this instance, a customer can dispute a payment at different levels beginning with the merchant (or marketplace), their issuer, and finally file a case in the consumer court. 90% of the disputes get settled by the merchant/marketplace. Issuers typically side with the consumer because their primary customers are consumers. Consumer courts take time to settle a dispute, but they do work.
It's possible for fly-by-night sellers to con a bunch of customers but it's rare. Because payment gateways and acquirers have gotten their act together in recent years and they do stricter KYB checks (Know Your Business).
The bulk of the theft happens through person-to-person bank transfer, i.e., devoid of any business context. Here, the fraudsters con a gullible person to reveal bank credentials and also second-factor auth. Social engineering attacks are also common. But the thing is you always know the destination bank account. So you can track the fraudster as the destination bank would have done a KYC. The key point to note here is that the money can always be physically traced. And there are laws that let victim claw back that money if they can provide sufficient evidence of fraud.
Anyway, there's no issue with building and using a service to handle that for you both on top of the currencies and as a smart contract on the blockchain itself. Most current crypto users just don't seem likely to use it as they prefer the control. This might change as the audience changes.
I'm vaguely aware that there are several checks at the different layers... but I'm puzzled, are there really options to reverse payments at all those layers?
I'm asking, because I've seen multiple times some surprising transactions/unapproved transaction/forgot to cancel a recurring payment...
and, each and every time... the e-money institution/bank/credit card provider, was unable to do anything, until the transaction actually posted.
i.e. while the transaction was still shown as "pending", I couldn't do anything (besides contacting the seller, which obviously wouldn't do anything). Each and every time (when I couldn't eventually get a refund from the seller), I had to wait for the transaction to be posted to be able to file a chargeback
No, transactions are irreversible by design.
If you want this, what you need is an escrow service. Escrow services can conduct transactions in bitcoin or other cryptocoins. I don't know of one, but I believe that they may exist.
I'm not sure I get your objection: Physical cash is exactly the use case for bitcoin.
There will be financial services and other layers built on top of bitcoin, just as it is done for the dollar, and we are seeing the nascent industry now. (Whoever provides insured services first is going to make a mint.)
If so the problem becomes, is your personal security up to defending attackers who want to take your pile of digital gold.
Physical cash is money, and serves the functions of money (see eg https://en.wikipedia.org/wiki/Money#Functions)
Bitcoin does the same.
In the nascent crypto world, different areas are using this new money in different ways: The US currently tends to store of value. Other areas (Venezuela, El Salvador) are tending toward medium of exchange.
In any case: OP's reversibility-of-transactions is a financial services function, not a "money" function.
This might actually be the first time for people to learn these lessons. They've been free-riding on the protections that banking regulations provide for all of their lives.
But yes, for me personally, I much prefer deterministically losing 3% to risking 100% (and incentivizing physical attacks).
Is CHAPS reversible? I don’t think it is. Or is it just not exposed as an option to institutions?
A better title would be. "If you get drugged and use Casa, you will be able to save your money"
I'll note that we have seen several folks report being victims of similar attacks since we published this article.
https://twitter.com/Disruptepreneur/status/14131498654759075...
I’m not interested in the service in the slightest but I did get something from it. The read was somewhat entertaining and if I see a friend getting in a similar situation I will be quicker to warn them.
As far as SEO drivel goes, I see much worse than this dozens of times per day.
The writer is Jameson Lopp. There's good solid advice in there for anyone, not just crypto holders, yes he's promoting his own company but it's a big stretch of the imagination to say the bloke is some SEO spammer.
Though it does have some valid points.
So, the girl(s) called Chase posing as my wife and transferred $500 out of my account. A nice chunk of cash, but not too greedy so I could let it go and not pursue it any further. You swallow the embarrassment and move on with your life.
Moral of the story: please don't store large amounts of cash in your checking account.
The idea is that fraud is already illegal and there are methods for dealing with it.
If that happened to me I would move on, particularly because you don't know the criminals here and whether they'd seek retribution if you made a police report.
If someone roofied you, they'd probably be willing to do worse things to you if you hassled them. Just some advice; speaking from life experiences.
If you got drugged and someone took your phone to do a bank transfer, I would imagine there would be some hope of reversing the transfer, with a whole lot of painful steps. With crypto it's pretty futile if they manage to move it.
Also the $5 wrench attack can evolve, right? Just because you have your keys in different places doesn't mean you can be coerced into getting them together.
Something as simple as using a contract to delay any coin transfers with one or more keys that can stop the transfer is trivial to implement.
Even simple multi-sig is pretty good assuming you don’t rely on two keys both stored in your phone.
For everyday payments, you can use a mobile phone wallet without these protections and worst case you lose a small amount of money if someone takes your phone. It’s just like getting your real wallet stolen and losing cash.
Tell them to give them back to you if you ask in person only.
Suddenly its much harder for the attacker...
Crypto just doesn't work. It's far more harm than good. Every time a weakness is unveiled, we get hand waving from those most invested.
It's bad for the environment, bad for crime, bad for laymen, undemocratic (vote with money), no knobs to adjust monetary/fiscal policy, and it poses as an alternative to government institutions that serve society with things like roads and health care.
Why are we propping up the crypto whales to enable this trash fire?
Other people have other problems they're trying to solve and you don't care about those problems, so you do not understand "why crypto." If you want to understand "why crypto," be concerned with other problems. You've already decided what is important, and that blinds you to understanding the motivations of others.
Not any more so than other forms of energy consumption. If anything, Bitcoin incentivizes the use of clean renewable energy. https://niccarter.info/topics/
> bad for crime
Hard to even parse what that means given how much crime is committed via dollars. https://unchained-capital.com/blog/bitcoin-is-not-for-crimin...
> bad for laymen
Meaningless drivel.
> undemocratic (vote with money)
Bitcoin is both undemocratic AND is not a "vote with money" type of system. Governance is unrelated to who holds it. https://www.lopp.net/bitcoin-information/governance.html
> no knobs to adjust monetary/fiscal policy
That's a feature.
> it poses as an alternative to government institutions that serve society with things like roads and health care.
Also a feature. https://www.coincenter.org/a-human-rights-activists-response...
It's a question of how difficult you make to steal and thus how much riskier you make it for someone to attempt an attack.
As a result I use the supposedly not ok, security by obsecurity. (Along with other normal precautions)
I don't tell people which Bitcoin wallet I recommend, I simply say "I don't tell people where I hide gold".
Although not sure if I could survive devil's breath.
For those who read your comment and feel bad that the humorous angle is reality to them… it isn’t. Don’t let the world make you feel bad about yourself.
For those who read it and get a chuckle about fat people… your world view may benefit from some compassionate adjustment.
Because being overweight is not you being the best version of yourself. Your health, energy, romantic life, and likely even career would improve if you did something about the problem. It is something that's entirely within your control to do something about.
Life is short, it's too short to spend it fat. The best time to take action is now.
Security by obscurity is perfectly OK as part of a layered defense, where your systems are also secured properly. Where it is not OK is when you don't bother to secure your systems because you assume they're hidden and no one will find them.
It's not that it's somehow wrong, the problem with security-by-obscurity is that it's often mistaken for cryptographic security of the Kerchoff kind, where you can reveal the entire scheme, minus the secret key.
Something like port-knocking is a form of security-by-obscurity that is technical enough that someone might mistake it for cryptographic security.
This is important to me, please let me know.
I can freeze withdrawals, whitelist specific addresses, and put time/wait barriers to all of these things.
Edit: I'm not recommending everyone do this. This is a personal risk-management calculation I have made based on my outlook.
Store offline.
Of course, they could put in a 24 hour delay as well for larger transactions. But that's a setting that the user should probably engage themselves.
Also don't use Face ID or fingerprints to open up your phone or especially your password manager or 2FA app.
The question isn’t what happens, but rather how likely it is to happen. I wouldn’t trust any of the current exchanges with my life’s savings, but up to around 20% is a different story.
It's all advertisement. The first paragraph is "Spoiler alert: their funds secured via Casa multisig remain safe."
> the risk is real.
I'm not so sure, I think there's a good chance this was made up. Unless this victim let on how much cryptocurrency he had early on in the conversation, this whole scenario seems too high-risk/low-reward to be very real. I mean, a Tinder account backed by a real person (supposedly with real photos to not put off the mark), waiting for people interested in cryptocurrency to steal it? Not drugging a lot of small fish who were bragging and attracting the attention of the police before finding a whale?
I think the flaw with that is that I could totally see some unemployed dude who took his meager savings and went all /r/wallstreetbets into dogecoin describing themselves the same way on a dating app. I guess the question is, which one is closer to the more typical case?
Aside: It's something I worry about sometimes too on phones...
That night, someone on the other side of the world shared a random PDF with me.
I was smart enough not to touch that bad juju PDF, but I wonder if it was an attempt to hack me. Anyone know?
There's no way anyone can answer that unless you share the PDF for analysis (and I couldn't even answer then).
Bitcoin has no privacy by default, so that's not going to work unless people never transact
Lawsuits and criminal proceedings can cause government authority to direct banks and financial institutions to do what they say. Government can set rules to block transactions, or to demand more identification to be tied to a transaction. Even cash can be physically seized and taken by the government. I'm not arguing this is good or bad, just that it is. You can come up with a list of circumstances where this authority is a bad thing, or a good thing.
And in cases like this, we see why that overriding authority can be a good thing. If your bitcoins are stolen, there is nothing anyone can do to get them back. They are gone.
When does non-reversal ever benefit the average Joe?
The only scenarios I can think of is when you transact with non-trustable sources. E.g. buying “stuff” off the darknet (and even here you usually have an escrow).
And that’s just not a use case in most people’s everyday life.
https://github.com/jlopp/physical-bitcoin-attacks/blob/maste...
https://timesofmalta.com/articles/view/victim-describes-his-...
https://www.youtube.com/watch?v=70ZMzE-wQOQ&t=80s
Now it's funny because it's true!
Download to Papa. Yoink-dot-adios-backslash-losers.
Surely after you get roofied after a tinder date with an attacker draining your crypto accounts, you'd file a police report and maybe we'd hear about it in the media?
Unfortunately, while still rare, there are physical attacks perpetrated against bitcoin owners. I've been tracking them for several years. https://github.com/jlopp/physical-bitcoin-attacks
Plus there was the hard hitting advice that “always have a friend who knows all your plans check in with you, to make sure a crime organization isn’t plotting to steal your money”.
Or, more likely, they're just trying to impress you and find common ground! I've seen this many times on dating apps but have never been drugged.
A lot of this advice is great, regardless of whether you're into crypto, but this point is a bit much.
> Compare the person's profile photo when you meet them in real life. If it is questionable that the photos are actually of themselves, that is a red flag.
- You can't transfer money without filling in 2FA credentials
- Suspicious transactions will be flagged (e.g. account draining amounts to another account you've never transfered money to)
- Banks have insurance and will reimburse you the money, whether they can revert the transactions are not. Which leads me to:
- Bank transactions are reversible
- Bank accounts need ID. If money is transfered to someone, they will know the identity of the person receiving money. For dumb people it'll be themselves, for smarter people it'll be their money mule. (never allow strangers or new friends to transfer money through your account no matter how lucrative or trustworthy it may seem). Crypto exchanges are catching up, but crypto doesn't need to be transferred between exchanges.
- Banks are licensed and pay to a national bank; if a bank goes bankrupt (ha), said national bank has you covered. See cases like Icesave and DSB Bank.
But yeah, reversibility, anti fraud / theft prevention and insurance is banks' advantage that the crypto crowd is either unaware of or simply doesn't want to pay for, even if banks are cheap (because they get to play with your money)
https://www.nytimes.com/2019/03/12/technology/how-to-disappe...
