Author

Topic: chargeback risk when selling with SEPA, suspicious accounts list as solution? (Read 2745 times)

full member
Activity: 160
Merit: 100
I thought SEPA were treated as cleared funds. If so a solution could be to withdraw to cash asap and tell the bank to FOAD if they ask for the money back. You would need a large enough rota of accounts at different banks (or at least held by different legal entities) that you didn't reuse one in any 10 day window. Eventually you will run out of banks willing to do business with you. Grin

Yes SEPA is treated as cleared funds. However they can still be Recalled within 10 business days, even after clearing with EBA. Namely in the case of:

1. Duplicate transactions
2. Erroneous transaction due to technical error
3. Fraud / theft

Especially case 3 is important for selling Bitcoin. Criminals can hack web banking and execute SEPA transfers. In this case the victim's money will most likely be Recalled. But sometimes buyers simply ask for a Recall, so they can keep the money and the Bitcoin.

So the only legitimate solution is to wait 10 business days before delivering Bitcoin, using a customer credit system.
sr. member
Activity: 280
Merit: 250
I thought SEPA were treated as cleared funds. If so a solution could be to withdraw to cash asap and tell the bank to FOAD if they ask for the money back. You would need a large enough rota of accounts at different banks (or at least held by different legal entities) that you didn't reuse one in any 10 day window. Eventually you will run out of banks willing to do business with you. Grin
full member
Activity: 160
Merit: 100
Mt.Gox accepts SEPA transfer funds into their Polish Bank Account, and they process it within 72 hours. But they are taking a big risk - officially, SEPA Credit Transfers (SCT) can be recalled up to 10 business days after the transaction.

One official source, the Royal Bank of Scotland:
Quote
A recall can be requested by the originator bank on behalf of its customer to cancel a SEPA Credit Transfer already settled at EBA. The recall must be initiated by the originator bank within 10 business days after execution date of the SCT subject to the recall. The originator bank does the recall on behalf of its customer. Before initiating the originator bank has to check if the SCT is subject to duplicate sending, technical problems resulting in erroneous SCT or fraudulent originated Credit Transfer. The recall will show on the MT940 as a credit to the clients account.
http://www.rbs.nl/nl/products-services/global-transaction-services/sepa/sepa-credit-transfers

This means: if you sell Bitcoin with SEPA, you must wait 10 business days before delivery. Otherwise you can be the victim of a recall / reversal. But of course, the Bitcoin price is so volatile, this is impossible to do.

Also, beware for refunding payments! If you refund too soon, the customer can ALSO ask for a recall, and get double money! So even when you give a refund, you must also wait 10 business days.

The solution is: customer credit. On my site, BitServiceX, I now allow customers to add funds via SEPA into their account, like a 'Customer Credit'. After 10 business days I clear the funds, and then they can buy Bitcoins. So yes, they have to wait 10 business days. This is the only really safe way to sell Bitcoin. I tried certain local payment methods like Giropay (bad) and Sofort Banking (the worst), but many hackers steal people's money. These payment systems are a risk to society... The PIN/TAN system is out-of-date, insecure and should be retired. Only Bitcoin is safe ;-)
newbie
Activity: 34
Merit: 0
so, to be fair to ZUNO, they quickly unlocked my account after my complaint, claiming that the reasons for locking the account have disappeared. Now they just hold the disputed amount in reserve.

I was thinking about some protection against such scams. What about creating a list of suspicious bank accounts, which tried to chargeback (or possibly some other undesirable behaviour)? To maintain some privacy, items in list would be hashed by SHA-512. Not a panacea, but it is at least a bit harder and more time-consuming to create bank account than to create new user at, say, localbitcoins.com.

So this would be the first entry in such list (IBAN hash, result of `echo -n $IBAN | sha512sum`)
4284200a3da13661c3514f45a1f8b1d83f66c871c6d3ae289e8ae2eb768f8ab45cf2079b1e10105 4b86c6263f682b51c8a5b928f3eacdedd880f485ecf3eb3ba
newbie
Activity: 18
Merit: 0
And I've been working on a project that would rely only on SEPA payments for the last few weeks. Uh oh..
sr. member
Activity: 308
Merit: 250
verified ✔
on localbitcoins FB was a Link to a Story explained why exactly the same happened to them.
Bank's frooze Accounts until all is cleared
sr. member
Activity: 312
Merit: 250
newbie
Activity: 34
Merit: 0
I think in the long term we should expect all banks to shy away from any bitcoin activity. That's why we need P2P exchanges.

Have a look at my suggested system here:
http://www.scribd.com/doc/146822045/BitXChange

I had very quick look, I think it would be good to do quick comparison to existing systems (bitcoin.de, localbitcoins.com, open transactions?). What it brings, why it is better, etc. Can I imagine it as many small cooperating (but independent) MtGoxes?

But even now, bitcoin.de's style is totally decentralized from banks' point of view; they only store BTC, users directly send euros between each other. Such style is not easily attackable - perhaps an evil bank could buy BTC on bitcoin.de (possibly not directly, but using some person as proxy/puppet) and then claim the money back?

And this is mismatch of interests a bit, I am primarily interested in short term, you speak of long term.
newbie
Activity: 34
Merit: 0
So my paranoia was entirely appropriate: I was trading on localbitcoins.com, the payer sent me around 100 eur, got his bitcoins on 13th June, and then 16th (on Sunday Shocked) I got phone call from bank, they asked me whether I agree to return the money. I refused, but my bank blocked my account without any explanation, I only found out when I wanted to transfer some money. So for 100 euros they are blocking few 1000s euros. When I asked, they wrote me that  "according to currect internal conditions of the bank, it is not possible to release money in your account", which seems pretty meaningless to me.

I filed a complaint today.

My bank is ZUNO (Raiffeisen), the scammer's (or his victim's) bank is Deutche Postbank.

newbie
Activity: 27
Merit: 0
I think in the long term we should expect all banks to shy away from any bitcoin activity. That's why we need P2P exchanges.

Have a look at my suggested system here:
http://www.scribd.com/doc/146822045/BitXChange
newbie
Activity: 34
Merit: 0
Hello,

I'd like to ask how risky is it to sell bitcoins with SEPA payment, how easy is it for buyer to do chargeback. And how can I protect myself and diminish the risk? I think that the only realistic scenario is when a hacker gains control over an account, sends the money, receives BTC and disappears and true account owner complains. Did this happen already? Is there some other threat?

I know bitcoin.de introduced bank account verification, I guess to mitigate exactly this risk. But I don't understand how it protects anything. Their procedure is that they send you 0.01 euros with some secret code (in payment message) and you enter that code on their page. OK, you proved that you have access to list of incoming payments for that account. So what? In case of hacked account, the hacker also has this access.

I've already received around 40 such payments successfully, so maybe I am overly paranoid. But bitcoin.de hasn't done those measures for fun.

I found this, rather inconclusive: http://www.englishforum.ch/finance-banking-taxation/78641-sepa-practice.html

thank you
Jump to: