1. If Xactions are outside the blockchain, what will secure these things from fraud from a determined thief? Couldn't they just rig up a device to basically send counterfeit bitcoins to them?
BitKey transactions can only be created from a registered merchant device. This helps us track where transactions are coming from and in the event of malicious activity flat out reject them. The benefits of creating a service from the ground up is that as we think up or learn of greater security practices we can implement them immediately.
2. How are people going to fund these cards? It says "Scan code to make a deposit" on them, but surely you don't expect grandma to figure that puzzle out... What are you going to do to make it easy to fund them?
We are not currently looking into accepting anything other than bitcoin deposits. It's a given that someone understand how bitcoin works before they use our service. The QR code on the debit card will be helpful when making your own deposits, receiving funds from someone else, or using one of the bitcoin ATM machines that are slowly rolling out. The latter would probably be the easiest method for grandma to fund her card.
A. Outright theft. -Your servers will literally be worth a lot more than their weight in gold. Both hackers will want to
hack into them and thugs might want to rob you at gunpoint. Is there any way you can ensure that your system
never holds addresses or something that makes you less of a target?
The servers we store our users/cold storage private keys on will not be connected to the BitKey transaction servers in any way. They are two separate systems, one handles the bitcoin transactions and the other handles the credit exchanges between user and merchant accounts. When a transaction is completed at the register, the amount is deducted from the users account and "owed" to the merchant until we process their deposits.
Should the data on either server ever be compromised it will be of no use in the form it is taken thanks to heavy encryption.
B. Privacy. - A very large segment of your customers were drawn to bitcoin in the first place because it's
anonymous. If you require accounts on your service, what can you do to ensure that their ID won't fall into
anyone else's hands, even if court-ordered?
Users do not need to provide any sensitive information to create an account. Unfortunately we can do nothing to prevent negligence on their end but we will be providing them the means to keep their information secure such as multi-factor authentication.
C. Government theft. - There will come a day when one or all governments will attack bitcoin. Count on it. They
can't shut bitcoin itself down, but the exchanges and services like this one will be their primary target. Got any
plans to survive that?
We'll have to go over that when the time comes ;-)
Best of luck with it. I hope to be a customer one day.
Thank you for your questions Luke, I too hope to have you as a customer one day.