Congratulations to Chalrie, Gareth, Eric and Roger!
Don't forget Erik
Huh
Topic: BitInstant now has an MSB license from FinCEN? (Read 4215 times)
Don't forget Erik
Huh
Congratulations to Chalrie, Gareth, and Roger!
Don't forget Erik
Congratulations to Chalrie, Gareth, Eric and Roger!
Great job at the Tech Day event, Bit-Instant! All the cool zillionaires couldn't wait to throw some of their worthless fiat paper at you guys! 
Good luck at the awards ceremony tonight!
Good luck at the awards ceremony tonight!
Thanks!
Was a great day
Great job at the Tech Day event, Bit-Instant! All the cool zillionaires couldn't wait to throw some of their worthless fiat paper at you guys!
Good luck at the awards ceremony tonight!
Good luck at the awards ceremony tonight!
At least they can call you to recover their lost PIN. They probably won't be able to call you to recover their stolen funds.
Ok, we're starting on integrating this today. Hopefully it can be done by early next week.
I love this community!!!
At least they can call you to recover their lost PIN. They probably won't be able to call you to recover their stolen funds.
An excellent and true point
At least they can call you to recover their lost PIN. They probably won't be able to call you to recover their stolen funds.
I would think the GPG is not terribly necessary... it would work well and would definitely be secure, but the audience is relatively small.
Yes, a PIN from the website (presumably delivered by https) that they must write down would be miles above simply e-mailing them everything they need to get ripped off in one place, and is not too exotic or technical. It's no different than what Chase or PayPal does.
Workflow would be simple. Ask user: "Redeeming the funds requires an 8-digit PIN number which we will choose, and which will not be e-mailed to you. You will need to write it down or have it texted to you. Do you want to see the PIN now? (yes/no) Do you want us to text the PIN to your mobile phone now? (yes/no)"...
Yes, a PIN from the website (presumably delivered by https) that they must write down would be miles above simply e-mailing them everything they need to get ripped off in one place, and is not too exotic or technical. It's no different than what Chase or PayPal does.
Workflow would be simple. Ask user: "Redeeming the funds requires an 8-digit PIN number which we will choose, and which will not be e-mailed to you. You will need to write it down or have it texted to you. Do you want to see the PIN now? (yes/no) Do you want us to text the PIN to your mobile phone now? (yes/no)"...
Yup, I like this idea ALOT.
I'm gonna discuss it with the team and see how soon we can get this implemented.
Thanks for the feedback!
I love that idea too, but I can picture a lot of people losing the PIN sadly, let's talk when you're online (and not in public either)
I was excitedly thinking this helps legitimize bitcoins a marginal amount as well. However, I kind of chuckled once I viewed the MSB:
"The inclusion of a business on the MSB Registration Web site is not a recommendation, certification of legitimacy, or endorsement of the business by any government agency."
I still think it means something though
"The inclusion of a business on the MSB Registration Web site is not a recommendation, certification of legitimacy, or endorsement of the business by any government agency."
I still think it means something though
Yeh, they have to write that. If you get ripped off by an MSB, you can't go crying back to the government. Its to cover their own butt
Yeah, all the legal caveats get to me. At my work, I have to include a disclaimer in every report I produce that the results are "not to be relied upon." Now seriously, if they are not to be relied upon, why did I make them?!?!?!
stupid TPS reports...
I would think the GPG is not terribly necessary... it would work well and would definitely be secure, but the audience is relatively small.
Yes, a PIN from the website (presumably delivered by https) that they must write down would be miles above simply e-mailing them everything they need to get ripped off in one place, and is not too exotic or technical. It's no different than what Chase or PayPal does.
Workflow would be simple. Ask user: "Redeeming the funds requires an 8-digit PIN number which we will choose, and which will not be e-mailed to you. You will need to write it down or have it texted to you. Do you want to see the PIN now? (yes/no) Do you want us to text the PIN to your mobile phone now? (yes/no)"...
Yes, a PIN from the website (presumably delivered by https) that they must write down would be miles above simply e-mailing them everything they need to get ripped off in one place, and is not too exotic or technical. It's no different than what Chase or PayPal does.
Workflow would be simple. Ask user: "Redeeming the funds requires an 8-digit PIN number which we will choose, and which will not be e-mailed to you. You will need to write it down or have it texted to you. Do you want to see the PIN now? (yes/no) Do you want us to text the PIN to your mobile phone now? (yes/no)"...
Yup, I like this idea ALOT.
I'm gonna discuss it with the team and see how soon we can get this implemented.
Thanks for the feedback!
I was excitedly thinking this helps legitimize bitcoins a marginal amount as well. However, I kind of chuckled once I viewed the MSB:
"The inclusion of a business on the MSB Registration Web site is not a recommendation, certification of legitimacy, or endorsement of the business by any government agency."
I still think it means something though
"The inclusion of a business on the MSB Registration Web site is not a recommendation, certification of legitimacy, or endorsement of the business by any government agency."
I still think it means something though
Yeh, they have to write that. If you get ripped off by an MSB, you can't go crying back to the government. Its to cover their own butt
I was excitedly thinking this helps legitimize bitcoins a marginal amount as well. However, I kind of chuckled once I viewed the MSB:
"The inclusion of a business on the MSB Registration Web site is not a recommendation, certification of legitimacy, or endorsement of the business by any government agency."
I still think it means something though
"The inclusion of a business on the MSB Registration Web site is not a recommendation, certification of legitimacy, or endorsement of the business by any government agency."
I still think it means something though
I would think the GPG is not terribly necessary... it would work well and would definitely be secure, but the audience is relatively small.
Yes, a PIN from the website (presumably delivered by https) that they must write down would be miles above simply e-mailing them everything they need to get ripped off in one place, and is not too exotic or technical. It's no different than what Chase or PayPal does.
Workflow would be simple. Ask user: "Redeeming the funds requires an 8-digit PIN number which we will choose, and which will not be e-mailed to you. You will need to write it down or have it texted to you. Do you want to see the PIN now? (yes/no) Do you want us to text the PIN to your mobile phone now? (yes/no)"...
Yes, a PIN from the website (presumably delivered by https) that they must write down would be miles above simply e-mailing them everything they need to get ripped off in one place, and is not too exotic or technical. It's no different than what Chase or PayPal does.
Workflow would be simple. Ask user: "Redeeming the funds requires an 8-digit PIN number which we will choose, and which will not be e-mailed to you. You will need to write it down or have it texted to you. Do you want to see the PIN now? (yes/no) Do you want us to text the PIN to your mobile phone now? (yes/no)"...
This method of delivery is certain to result in theft, eventually, and is unsustainable. Delivery needs to be by two different channels for this to be safe - e.g. the link in e-mail, and the secret via SMS, and the secret must be unusable without the link.
Yup. The same problem occurs from those sending redeemable codes via e-mail as well, though I don't know if that happen much.
Here's Coinapult's reply to the "is not secure" argument:
- https://bitcointalksearch.org/topic/m.849654
It's true, thats why we stopped sending redeemable codes altogether and do direct deposits.
Problem is, not everyone has/wants to use a cell phone.
Any other ideas? Ira and myself are open to any suggestions and can easily make changes/fixes
What if we required a 'PIN' at checkout, and in order to redeem your coins you need the PIN?
This way, the PIN is entered securely on our servers and cryptographically passed over to Coinapults when redeeming.
We can always make the PIN idea optional, so your not forced to use it if your sending a few coins to a friend
If you could send coins by GPG email it would be better. Is that a possible add on in future ?
I think we can add on that option. What do you think of my PIN idea above?
-Charlie
If you could send coins by GPG email it would be better. Is that a possible add on in future ?
This method of delivery is certain to result in theft, eventually, and is unsustainable. Delivery needs to be by two different channels for this to be safe - e.g. the link in e-mail, and the secret via SMS, and the secret must be unusable without the link.
Yup. The same problem occurs from those sending redeemable codes via e-mail as well, though I don't know if that happens much anymore.
Here's Coinapult's reply to the "is not secure" argument:
- https://bitcointalksearch.org/topic/m.849654
Bitcoin's best interests are served by being friendly with the State for as long as possible.
Couldn't have said it better myself
It gives a big boost to the perceived legitimacy of Bitcoin, and adds a lot of credibility to your operation. It's fantastic news the way I see it!
Thank you, that really means alot to us. We're trying very hard to be in compliance with the state as many other Bitcoin business's are doing as well.
The notion that Bitcoin is trying to stay underground and are a bunch of anarchists is simply not true, and hopefully day by day we can rid that stereotype
Regarding the perceived security issues of sending Bitcoins via email, it's a service that needs to exist in Bitcoinland, and thus Coinapult is doing it. Anyone who is buying massive amounts of coins should probably not send to their email inbox, but for everyone else it's a very convenient new tool. As with all things Bitcoin, personal responsibility and risk tolerance (and understanding) need to be given due consideration.
And yes, the FinCEN registration for BitInstant is just one more step toward credibility that Bitcoin obtains with the establishment. I think it's very good for prominent Bitcoin companies to pursue "legitimacy" in this way, as it shields our organic growing economy from scrutiny, giving us all more time to build a system which stands up to scrutiny when it inevitably arrives.
Bitcoin's best interests are served by being friendly with the State for as long as possible.
And yes, the FinCEN registration for BitInstant is just one more step toward credibility that Bitcoin obtains with the establishment. I think it's very good for prominent Bitcoin companies to pursue "legitimacy" in this way, as it shields our organic growing economy from scrutiny, giving us all more time to build a system which stands up to scrutiny when it inevitably arrives.
Bitcoin's best interests are served by being friendly with the State for as long as possible.
Obviously, no email is secure and if your server is being sniffed, then you could have a problem. BitInstant never engages in currency conversion or the purchase of Bitcoins. USD credit is given to Coinapult.com, which then buys the Bitcoin and sends it via email.
... or if any part of the path from Coinapult to the user's e-mail server is sniffed, then that's an issue... the problem being that such sniffing is actually quite common, and e-mail is typically delivered unencrypted. This method of delivery is certain to result in theft, eventually, and is unsustainable. Delivery needs to be by two different channels for this to be safe - e.g. the link in e-mail, and the secret via SMS, and the secret must be unusable without the link.
The reason we didn't announce it, because nothing changes at this point. It just states that now were operating legally, the government knows what we are doing, and compliant to the best of our efforts.
What changes is it invalidates the notion that Bitcoin businesses will never be given MSB licenses or seen as legitimate due to the perceived threat against government / banking establishment / whatever. It gives a big boost to the perceived legitimacy of Bitcoin, and adds a lot of credibility to your operation. It's fantastic news the way I see it!
I believe MSB licenses are state-specific, apparently from what I read they're (or a partner is) licensed in NY.
MSB Licenses are federal, and MTB licenses are state specific.
Our MSB license allows us to work within federal regulations and be compliant. However there are still certain transactions we cannot do without being a state MTB
Bitcoin to e-mail sounds inherently scary as e-mail is insecure. Anyone have a link where I may learn more, or is there another thread discussing this, so I'm not dumping a different topic on this thread?
https://bitcointalksearch.org/topic/update-bypass-the-exchanges-w-bitinstant-pay-to-email-feature-76863
We partnered with Coinapult to make it happen.
Essentially, you dont give us your Bitcoin address, rather your email address. We send a link+secret to your email address which takes you to a secure hosted redemption page where you can send the coins anywhere.
Obviously, no email is secure and if your server is being sniffed, then you could have a problem. BitInstant never engages in currency conversion or the purchase of Bitcoins. USD credit is given to Coinapult.com, which then buys the Bitcoin and sends it via email.
I just checked out BitInstant's website and noticed they now advertise that they are a licensed MSB... complete with their FinCEN registration number...
something I am surprised to not have been announced or talked about on the forums.
I did see they posted on Facebook:
In such a case, a huge congratulations to them - but also something significant for Bitcoin, as it looks to me like an official nod of approval of sorts, for FinCEN to be granting an MSB license for something that is so clearly Bitcoin-related.
something I am surprised to not have been announced or talked about on the forums.
I did see they posted on Facebook:
Quote
We are now a legal MSB sanctioned by the Dep't of the Treasury! MSB Registration number 31000005031107
In such a case, a huge congratulations to them - but also something significant for Bitcoin, as it looks to me like an official nod of approval of sorts, for FinCEN to be granting an MSB license for something that is so clearly Bitcoin-related.
The reason we didn't announce it, because nothing changes at this point. It just states that now were operating legally, the government knows what we are doing, and compliant to the best of our efforts.
I also get free BSA training twice a year
At this point, we're seeking financial service licenses in Europe and Oceania as well
-Charlie
Jump to: