Topic: FastCash4Bitcoins Support Thread - page 28. (Read 94604 times)

Trying to sign up,tried adding my info and I broke the intertubes..  Try again in a couple days.

Happy Thanksgiving Bitcoiners.  The staff at FC4B is going to take a well deserved break to spend time with families.  The site will still be up and running and someone will be online every few hours to ensure Dwolla & PayPal transactions go out but we will have very limited support by email & forum.  Remember 11/22 is a banking and postal holiday so there will be no outgoing Bank Transfers or shipments.  Any orders placed for these payment options will be pushed out early Friday.

We have a very large order to fulfill next week so to get an early jump on it (and someone over estimated demand for Dwolla at the expense of other payout options) FC4B will offer a 1% bonus on all sales paid out using Dwolla until Monday.  The bonus is automatic and will reflect on the Sales Order estimate.  Think of it as a reverse sale.  Prices are higher ... and that is a good thing!

Staff
Tangible Cryptography

Is anyone else experiencing this? I expected Google to return pages of indignation, but nothing. Is there a status page?

This is what happened to Intersango - "system issues" with undefined resolution times that seemed to affect only their account.

Recommend keeping minimum cash in that account. Am I paranoid?

FastCash4Bitcoins has too much Dwolla so we are offering a bonus.

Friendly Holiday Reminder.



Thanksgiving Day 11/22 is a federal holiday, postal holiday, and banking holiday.
Be sure to add one day to the expected arrival time for any mail shipment or bank transfers you may have en route.

Update:  Partial Banking System Outage

Woke up this morning to never ending incompetence by Bank Of America.  Their outage in the Direct Pay system continues.  I can't fathom how you can have a mission critical application (partially) offline for over two day.  No ETA has been given.  As stated before the issue only affects the creation of new Payee profiles.  If we have previously paid you by Wire or ACH (even on the "old site") we already have a payee profile and we can payout future orders without delay.  If you have never received a Wire or ACH from us we are unable to enter you into the ACH/Wire system (and thus send you a payment) until Bank Of America resolves their issue.

The outage does not affect any of our other payment options.

Update:  Partial Banking System Outage

The issue with Bank Of America's "Direct Pay" system.  We can create bank transfers but unable to create profiles for new clients.   All affected orders from yesterday have had their processing fees waived.   Bank Of America Small Business services is working a resolution but is unable to provide an ETA. 

If you have previously received an ACH or Bank Wire from Tangible Cryptography we can send you payment without delay (as long as you are using the exact same account & routing number you used previously).  This includes payments issued from our older website.

The outage doesn't affect any of our other payment options including PayPal, Dwolla, and Checks.

Tangible Cryptography would like to apologize for this ongoing delay and while it is beyond our ability to control it does highlight the vulnerability of relying on a single service provider.  We will be seeking Treasury Management services from our other banking partners to provide redundancy in our payment methods.

Yep exactly that. Sweet.

Like this?
 - http://blockchain.info/unspent?address=&address

 - http://blockchain.info/unspent?address=1BTCorgHwCg6u2YSAWKgS17qUad6kHmtQW

If a third party could provide the index lookup to give the unspent txid's from a bitcoin address, then the transaction could be composed locally.

I believe you can also send a single transaction using a key with Electrum with cmd line options. The code for this is quite readable, in Python, and potentially could be grafted into an online processing backend. I guess it's somewhat the same as you still use a third party server except there is several Electrum servers available.

Update:  Banking system outage

There is a nationwide issue affecting Bank Of America "Direct Pay" system.  We can create bank transfers but unable to create new payee profiles.  This prevents us from sending bank transfers of first time clients.     We have been in contact with Bank support and they are working on a resolution but haven't provided an ETA.

So it may be easier to say who isn't affected:
Orders which have a status PAID are not affected.
Orders involving anything other than Bank Transfers (ACH or Bank Wire) are not affected.
Orders involving a bank account that was previously used to receive a payment from Tangible Cryptography are not affected.

The outage is limited to only first time payments involving ACH or Bank Wire only.

Our cutoff for same day processing is 4PM EST which has just passed however the hard cutoff imposed by the banking system is 5PM EST for same day bank wires and 8PM EST for ACH transactions.  We will attempt to process payments right up to both cutoffs.  In the event we are unable to process transactions today we will absorb the cost and waive the processing fees for affected orders made prior to 4PM EST.

This thread will be updated once full banking support has been restored.  

Update 17:51 EST:
Bank Transfers (ACH & Bank Wire) for first time clients are still down. Someday I really hate the banks!

The only thing that's missing is a lack of ability for bitcoind to find which txids belong to a specific private key.  There is no index on that, so the only way for this to work is for it to scan the whole block chain looking for such transactions.  Pieter Wuille has mentioned allowing such an index to be optionally created, but I think that mention was more recent than 0.7.

If that index existed, then the Sweepprivkey proposal I made over a year ago would be a slam dunk.  I'm hoping the index becomes an option sometime soon, because the power to pay with private keys anywhere would open up new avenues for business I don't think have been considered.

On the other hand, Blockchain.info presumably maintains that index (given that they can scrape all coins off a private key instantly).

Smart.  Good use of the raw transaction API call.

You don't need to import a private key, you simply use Blockchain.info's API to redeem the private key on behalf of your customer.  Here's the API:


You would probably want to verify the amount of funds available to that address as if the amount is lower than the amount available, the change gets sent right back to the address it came from.

This could also be done with the Raw Transactions capability of the Bitcoin.org client v0.7 and higher, and thus eliminate any concern over sending a customer's private key to a third party service.

So you never need to import the private key, you simply spend it to the address generated for a specific transaction and that takes the place of the customer having to redeem the funds themselves first.

Everything is all good.
I'll continue to promote this service. I'm a very loyal customer.
 

Yeah I didn't think of the deniability aspect.  Those are good points.  I will look into blockchain.info.  If they have API support for importing a private key that might work.  I guess I could also import the private key directly to MtGox.  Just need to check how the confirmations can be tracked. 

If it proves popular security could be enhanced by using automated SMS to collect half of the private key.  Webform asks for the first x digits of the private key and then displays something like "Text the second half of the private key to 11011".  SMS gateway service could relay that to the backend server which combines the key.

Anyways just to be honest up front this isn't a priority right now but it is an interesting idea and will help to improve liquidity so it is something we will implement when time is available.

The easiest way to do this in small quantity is to just do it manually through BlockChain.info.  Simply send a transaction to an address you control and then pretend that you received the coins externally.

Despite not liking to use third party wallet services, BlockChain.info is well situated to importing a private key and sending the funds onward for a few reasons.  First, importing keys is instant - you can literally spend the funds the second you import them.  Second, the transaction that emitted is the actual transaction of sending the private key's funds directly to the destination address - there is no commingling of funds with their own, no waiting for confirmations, and typically no transaction fees.  (The outgoing transaction gets fee credit for all the confirmations that accumulated while the funds sat idle on the paper wallet, which in most cases is enough for a no-fee transaction with decent priority).  Finally, I have little problem with using a third party wallet service just for the purpose of getting my funds in and out within a single minute - it's leaving the funds there that I'm less upbeat about.

To me, the biggest foreseeable risk is that the customer has malware and ends up getting their own funds stolen by a keylogger while entering the private key on a FastCash4Bitcoins web form, and blames FastCash4Bitcoins for being culpable in some way in getting the funds stolen.  Of course, this risk exists even if they're sending the funds from their computer the normal way, the only difference being that if it gets stolen at this point, it's at least more provable (to the perspective of the customer) that you weren't at fault.  An alternative would be to take the private key over the phone, but this could get cumbersome and uninteresting especially for low dollar transactions.

Any time I pass private keys or MtGox codes between myself and others, I generally ask for half the code in an e-mail (in your case, webform) and the other half in a text message to my cell phone.  That way, someone would have to have control over both channels to be able to swipe the funds out from under me.  All that matters is that you can redeem it faster than any attacker.  By systematically discouraging complete private keys to be sent to your server, you remove an incentive for hackers to try to hack you in the first place.

So I was thinking on my commute this morning about how to implement this securely.  We currently use 100% cold wallets but when importing a private key it must then be spent to another address to provide double spend protection.   That requires the use of a hot wallet.  My first though it is to put a hot wallet on the site which will never keep a balance.  Instead it would receive a private key, import it, lookup the value, and then create a tx sending it the deposit address for the order in question.

The attack profile would be very small.  I imagine most users won't use private keys so it would be a subset of our total volume.  If the server is compromised the attacker would be limited to diverting private keys until the attack is detected. 

Any alternatives?  Thoughts? ideas?

Update:
* Forgot password email enabled.
* Update password page added to account menu.