I would agree, always ask for a positive proof that the address you're about to pay really belongs to the transaction you're about to pay for. This is better than a receipt.
---
There are always going to be new vulnerabilities that potential victims have not thought through and a fresh class of scams to teach the public about them.
2011 was the year the general public learned that coins left online can be stolen by malware/hackers (from you or your service provider), so stay safe by keeping them offline.
2012 is the year the general public is learning that scamming with Bitcoin is easy to get away with, so stay safe by not "investing" with people you don't have full blood recourse against.
2013 might be the year the general public must learn that just because they see a payment address, doesn't mean it really belongs to the person they are supposed to pay (because its presentation might be altered by malware or a hacked website), and that to stay safe, they must insist on paying a PGP signed address for any non-trivial amount.
...
2017 might be the year where scammers do meatspace man-in-the-middle attacks and mail real-looking invoices to real customers of real companies but which contain the scammer's payment address, and the year the general public learns that just because they received a bill in the mail, doesn't mean that it was really sent by the company that it appears to be from. And this may be the year that the standard behavior of the "send coins" feature in bitcoin clients has evolved to check payment addresses against some sort of new PKI so that customers can be confident that they are paying who they think they're paying, or at least warned that they're on their own and may not be paying who they think they're paying.
Topic: Always ask for a receipt. (Read 2989 times)
I cant believe people send anonymous individuals thousands of bitcoins without even requiring a simple acknowledgement that they received a good or service.
A pseudonymous digital currency certainly changes things doesn't it? This is also being discussed in another thread. Here's a excerpt:
It definitely isn't needed for buying a donut:
- http://www.youtube.com/watch?v=X53ksjejmns
I probably don't need a digitally signed payment request from Amazon because if their payment page didn't acknowledged my payment my next action is to contact their support. If their system is compromised where I get a fake payment acknowledgement they'll know about the problem long before I notice that nothing showed at my door.
But for transactions where where there is a time component, such as where the payment creates or extinguishes a debt, that's where in practice this protocol becomes more needed.
- http://www.youtube.com/watch?v=X53ksjejmns
I probably don't need a digitally signed payment request from Amazon because if their payment page didn't acknowledged my payment my next action is to contact their support. If their system is compromised where I get a fake payment acknowledgement they'll know about the problem long before I notice that nothing showed at my door.
But for transactions where where there is a time component, such as where the payment creates or extinguishes a debt, that's where in practice this protocol becomes more needed.
With most traditional non-cash payment systems, we don't need a receipt in many instances because the payment system holds identity. When I send a check for a car payment to the bank, I don't need a receipt, If there is a dispute then if that check was cashed that's my proof of payment.
For relatively insignificant amounts of money for transactions both cash and pseudonymous digital currency seem to work just fine the way they are currently used. If I give you cash and you don't give me my donut, chances are right there and then I'll be getting my cash back -- though it may involve me making a stink in public about it.
A receipt should be signed and dated and have the person/business details you got the service or good from. In the event of a fraud you will then have something to show the relevent authorities. Dont go and report a bitcoin theft without this proof because the police will simply fob you off.
With Bitcoin, there doesn't even need to be an action post-payment. Here's why:
That's when I'm going to want them to give me a signed message that not only says what Bitcoin address to send my payment to but the account number that the payment will be applied to as well.
With the blockchain providing the proof that payment was made, this signed payment request from before I pay is all I need then to later prove that I made the payment.
With the blockchain providing the proof that payment was made, this signed payment request from before I pay is all I need then to later prove that I made the payment.
Gavin's addresses how in the future Bitcoin might address this:
We need a payment protocol with non-repudiation built in.
See https://gist.github.com/2217885 for a multisig version (the singlesig version is simpler, but the merchant <-> customer communication will be the same).
See https://gist.github.com/2217885 for a multisig version (the singlesig version is simpler, but the merchant <-> customer communication will be the same).
One cheap and easy way is to announce payments shortly before they are broadcast for confirmation. Even if it's just a forum PM, an admin can confirm it if things go really bad.
Unsigned EMail, however, should be rather useless. What would stop anyone from just making it up?
Unsigned EMail, however, should be rather useless. What would stop anyone from just making it up?
A receipt is a written acknowledgment that a specified article or sum of money has been received. A receipt records the purchase of goods or service obtained in an exchange.
I cant believe people send anonymous individuals thousands of bitcoins without even requiring a simple acknowledgement that they received a good or service. In some cases refusing to supply such a receipt is illegal and the business owner can be prosecuted.
If a business you are sending coins to refuse to supply these receipts you can safely assume they are a scam.
A receipt should be signed and dated and have the person/business details you got the service or good from. In the event of a fraud you will then have something to show the relevent authorities. Dont go and report a bitcoin theft without this proof because the police will simply fob you off.
There are many consumer protection agencies out there that will investigate any company refusing to hand over a proof of purchase when requested. There is good reason pirate avoided glbse and always refused to send anyone proof that they had sent him coins. No one has a receipt that they even did so and going to the cops without any shred of physical proof is foolhardy. It would certainly be legitimate to complain if you had an actual receipt so always ask for one and warn people if bitcoin companies fail to provide it.
Hell...even a timestamped email is better than nothing.
I cant believe people send anonymous individuals thousands of bitcoins without even requiring a simple acknowledgement that they received a good or service. In some cases refusing to supply such a receipt is illegal and the business owner can be prosecuted.
If a business you are sending coins to refuse to supply these receipts you can safely assume they are a scam.
A receipt should be signed and dated and have the person/business details you got the service or good from. In the event of a fraud you will then have something to show the relevent authorities. Dont go and report a bitcoin theft without this proof because the police will simply fob you off.
There are many consumer protection agencies out there that will investigate any company refusing to hand over a proof of purchase when requested. There is good reason pirate avoided glbse and always refused to send anyone proof that they had sent him coins. No one has a receipt that they even did so and going to the cops without any shred of physical proof is foolhardy. It would certainly be legitimate to complain if you had an actual receipt so always ask for one and warn people if bitcoin companies fail to provide it.
Hell...even a timestamped email is better than nothing.
Jump to: