Hello all,
Global Coin FX (
www.globalcoinfx.com) is being included as a start-up in the Seedcoin Fund 2 (SF2) offering on Havelock.
Executive SummaryWe have developed a NASDAQ style exchange platform that allows individuals to place buy/sell orders for virtual currency pairs such as Bitcoin/GBP.
Initially we are launching with Bitcoin GBP and shortly thereafter we will also have Litecoin GBP and further down the line other virtual currency / fiat pairs. Our exchange fee is 0.5% per order (therefore for a matched buy/sell order our exchange would make 1% in fees), with a market maker rebate of 0.1%.
Perhaps our largest differentiator is that we intend to adopt a model of vertical integration. Shortly after our exchange is live we will launch a payment processor. We will then be proactively pursuing opportunities to interface with existing in-store retail payment methods and online retailers (clothing, food, hotels etc.). Finally, we will be establishing and/or supporting a virtual currency ATM network.
Pitch deck:
http://www.seedco.in/home/sites/default/files/page/attachment/PitchGCFXDeck_0.pdfExchange OverviewOur exchange operates very much like NASDAQ – it is a fully automated matching engine. It supports market orders and limit orders. We will also incorporate other more esoteric order types such as iceberg orders post go-live and based on client demand.
The matching engine is able to comfortably handle hundreds of thousands of trades per second on commodity hardware. It has been modelled after the LMAX disruptor to ensure that it is able to handle such substantial volumes
http://martinfowler.com/articles/lmax.html.
Most existing exchanges rarely handle in excess of 1000 trades per day giving us great confidence in the robustness of our architecture and platform due to the load it can handle in comparison with real loads existing exchanges transact in.
Supported currency pairs on launchOn launch, the exchange will support Bitcoin/GBP. Within a month of going live we will also launch Litecoin/GBP.
ArchitectureThe application has been written from the ground up by our CEO over the course of 1.5 years of development effort. The frontend has been written in a combination of JQuery, HTML5, Twitter Bootstrap, PHP.
No Bitcoin wallets are stored on the frontend. The frontend communicates with a middle layer service using authenticated API calls which has been written in the asynchronous Python Tornado library.
The middle layer communicates with the backend server where the matching engine, database and Bitcoin wallet is located.
Our infrastructure is scalable due to the use of reverse proxies such as Nginx and Amazon cloud infrastructure.
The Service Oriented Architecture means that we can very easily develop a mobile client, which we intend to do within 3-6 months from launch for the Android platform and within 1 year for iOS. We already have a prototype for Android, which requires UI prettification and it is ready to go.
SecurityThree tier segregated architectureOur frontend communicates with a middle tier ‘security broker’ web service/API. The frontend does not possess any business logic, only presentation logic for the web application.
This middle layer acts as a security broker and sits in a completely segregated network subnet only exposing its API port, ensuring that only authorized users currently logged in to the platform can communicate with it.
This architecture ensures that even if the frontend were compromised, an attacker would never get a hold of any Bitcoin wallets, as these are located on a completely segregated part of the network only accessible through a constrained user interface – the API, using specific API calls only pertaining to that particular users API token – i.e., a user would only be able to steal virtual currency they own themselves. The API key itself is a SHA-2 512 hash, making it practically impossible to guess another person’s API key and hence access their funds.
Even if the API key of another account was guessed, the API does not allow you to withdraw either funds or virtual currency from the API. You can only withdraw from the website using two factor authentication. This in effect means that funds are fully safe and secure.
Withdrawing of Bitcoin requires two factor authentication, withdrawing of GBP requires two factor authentication and maker checker authorization.
This is the same type of three tier architecture used by major e-banking platforms that ensure that accounts are segregated and that customer A cannot see customer B’s data.
Encryption at rest and in motionWe use encryption of data both at rest and in motion and all endpoints are fully SSL encrypted. Our web server utilizes HTTP Strict Transport Security to ensure that communications to it are never vulnerable to Man in the Middle attacks. Passwords are stored using un-reversible salted cryptographic hashes to ensure they are safe.
Two factor authenticationTo bolster account security, we also offer 2-factor authentication with Google Authenticator. Post go-live we will also incorporate yubikey hardware 2factor authentication as well.
SMS alertsFor a small fee we can also alert individuals by SMS whenever there is a withdrawal made from their account. The small fee would cover our network operators charge for this service.
Utilizing next generation cookie-less technologyOur platform does not use HTTP cookies to track state across the application. Cookies are vulnerable to theft and vulnerable to cross site request forgery attacks.
Our application uses HTML5 local storage to track state across the application meaning that session cookies are not transmitted with every request and the application as a whole is immune to cross site request forgery attacks due to the same origin policy enforced by browsers.
The main threat involved in using local storage involves JS injection attacks and these are stamped out of the application through whitelisting, output encoding and content security policy.
Accountability of Client FundsAccountability of fiat currencyWe will perform daily reconciliation and quarterly external audit of all fiat deposits. This will be available to all to see.
Accountability of virtual currencyWe will be implementing Gregory Maxwell's proof of solvency framework which offers a robust method of providing mathematical proof that all BTC are fully accounted for. We will allow users to verify their bitcoin holdings against the total available.
More info here:
https://iwilcox.me.uk/2014/proving-bitcoin-reservesAnd the specification:
https://github.com/olalonde/proof-of-liabilities#serialized-data-formats-work-in-progress--draftProtection of Bitcoin depositsUsers will be able to elect to hold a proportion of their BTC reserves in cold storage. We are investigating various partnerships with firms that provide insured cold storage of BTC reserves underwritten by major international insurance houses. BTC deposits that are live, will be fully available for instant trading and settlement and protected by our existing security measures (two factor auth, distributed architecture etc).
AML and KYC and complianceMSB licensing with HMRCWe voluntarily applied for a Money Service Business (MSB) license under the Money Laundering Regulations that HMRC oversee. HMRC advised us in writing that currently the trade of transacting sterling to and from Bitcoin is not a trade that HMRC supervises; therefore we are not currently required to register as an MSB.
FCA authorisationIn our conversations with the Financial Conduct Authority (FCA), they mentioned that Bitcoin is not a specified investment and therefore not overseen by the FCA and therefore no authorization is necessary at present.
Both of these might change in the near future, however at present we have formal confirmation from both regulating and governing bodies that no formal registration is necessary.
However, we have adopted a proactive stance with regards to Anti Money Laundering and Know Your Customer checks as we believe it is only a matter of time before both HMRC and FCA make a formal position.
AML/KYC outsourcingTo proactively address AML and KYC and take a forward-looking view with regards to regulatory compliance, we have partnered with a company called MiiCard - (
www.miicard.com) which provides online identity assurance services.
Unlike other exchanges which have a manual process of verifying customers passports and proof of addresses which often takes weeks due to the back log of verifications in the queue meaning that individuals keen to capitalize on trading opportunities are stuck waiting, our partner offers a completely seamless solution, completely online that is able to robustly identify an individual is who they say they are in approximately 10 minutes.
Once that is complete, our partner then sends us a call-back, which confirms that the user is who they say they are. We only use the ‘Claims API’ from our partner which only returns validated Name, date of birth and address.
We store the validated name, address, date of birth per user in full compliance with the EU Payment Directive and Anti Money Laundering Act 2007.
Furthermore, as we will be processing personal identifiable information we have registered with the Information Commissioners Office so that we are in compliance with the Data Protection Act in the UK and to give users of our exchange faith that their data will be handled with the utmost of care and security.
Virtual Currency Regulatory Thought LeadershipOur CEO is a founding member of the UK Digital Currency Association (
http://www.digitalcurrencyassociation.org.uk/about-the-ukdca/founder-members). Furthermore, we have been involved in discussions at the highest levels of government with two offshore jurisdictions - one in Northern America, one in Europe to assist them in creating the right regulatory and governance frameworks to enable businesses such as ours to use these locations as Bitcoin friendly hubs.
Revenue streamsDirect Trade CommissionsOur exchange will charge 0.5% per leg for each buy and sell instruction. Therefore per matched trade, our exchange will charge 1% in fees. There will be discounts (0.1%) for individuals who enhance our exchange’s liquidity very similar to a maker-taker fee model as used by other exchanges such as NASDAQ.
Vertical Integration ServicesPayment processingOnce established, we will also be launching payment processing aimed at online and offline retailers (clothing, hotels, shops, etc.). Payment processing involves handling purchase transactions in virtual currencies for a merchant, allowing them to accept virtual currencies and convert them into fiat immediately.
Existing virtual currency payment processors use an exchange such as ours and add a commission on top of the exchange’s spot price, which is what they charge their end client. The merchant ends up getting less money and the customer ends up paying more for the product they want to buy had they not gone to an exchange directly. Below is the typical payment processor workflow:
Our payment processor will not charge a spread. Therefore, clients and merchants will be able to transact at the real Bitcoin spot price and only pay the exchange fee of 0.5% per transaction. Payment processors would regularly charge 0.5% + their spread which can range anything from 5-10% making us much more competitive.
Additionally, payment processors expose themselves to huge amounts of counterparty risk – the exchanges they deal with only recently stopped processing of all transactions due to the transaction malleability vulnerability. We mitigate this risk as we are the exchange and we control the end-to-end process. Our payment processor will be fundamentally undercutting existing virtual currency payment processors in the UK and internationally.
We do not intend to be profitable by being a payment processor. The benefit for us is that by offering payment processing both merchants and their customers will both be active participants on our exchange, creating a highly liquid marketplace for virtual currencies ensuring that there is always someone at the end of a trade waiting to buy or sell.
We aim to offer a very easy to use interface whereby both merchants and customers can buy products and services using Bitcoin and we will do all the payment processing in the background on behalf of the merchant.
We will hedge currency risk to ensure that merchants are not exposed to the sometimes unpredictable nature of Bitcoin prices and that what they offer on their website or physical premises for a given amount will be what they get in their pocket.
In-store point of saleWe are currently pursuing opportunities to interface with existing in-store retail payment methods allowing them to accept virtual currencies as another payment option.
Bitcoin ATMsOnce established, we will also look to either acquire an existing Bitcoin ATM operator or establish an ATM network ourselves. We have already reached out to various Bitcoin ATM manufacturers to enquire about the process of interfacing their ATM's with our exchange.
SMS phone to phone payment processingWe are currently investigating the opportunity to develop SMS phone to phone payment processing. This would enable individuals to use their mobile phone’s SMS functionality to send Bitcoins between themselves. Any redemptions into fiat currency would need to go through our exchange and through the AML/KYC process, however, as long as currency remains virtual, then there would be no need to interact with our platform directly over a web browser.
This potentially opens up avenues to explore providing this service to the worlds unbanked populations in e.g., India, Africa and other countries where simple mobile phone have high degrees of permeation in the population and SMS infrastructure already well established.
Again, as we are an exchange and control the end to end process, we would be drastically cheaper than any of our competitors which would be crucial in these markets.
High frequency and latency sensitive trader servicesCo-locationWe aim to attract high frequency traders and towards that regard we will allow proprietary trading firms to co-host their latency sensitive trading strategies next to our exchanges matching engines in exchange for a monthly hosting fee.
FIX connectivityTo further assist them in integrating their existing technology with ours, we will offer a FIX API. FIX (Financial Information Exchange) is the de-facto API for broker/dealers when communicating with exchanges worldwide. We will also investigate integrating other API's over and above our Restful, FIX interfaces such as FAST,ITCH etc protocols based on client demand.
Market data
Real-time market feeds vs. delayed market data feeds. Real-time market feeds can be subscription based and charged for. This is currently not standard practice in the Bitcoin world therefore we may/may not explore this. However, there is a need for historical market data and in our position, we would be able to offer this for sale to proprietary trading organisations, hedge funds and/or retail advanced traders.
Advisory ServicesWe expect to create ancillary revenue from advisory services on virtual currencies, capitalising on our knowledge and expertise through consulting relationships with companies and other organisations. We expect our thought leadership and advise to also have the indirect benefit of driving incremental traffic to our exchange.
You've got us hooked, when will you make this available for us to start??We intend to go live in Q3 2014.
We have opened our alpha to select folks from the #bitcoin-otc freenode IRC channel.
Please sign up to our mailing list to receive updates regarding our beta and launch.
Website:
www.globalcoinfx.comTwitter: @globalcoinfx
** For any information on Seedcoin's SF2 offering, please see their specific thread at:
https://bitcointalksearch.org/topic/havelock-seedcoin-fund-2-ipo-april-28-582933Any questions, please ask here. We are very excited to be serving the Bitcoin industry.