Topic: Towards better consumer protection in bitcoin - page 3. (Read 6747 times)

Chips are simply harder to copy. All of the same risks above still exist, they're just moving the hurdle about who can copy them. A research paper on the topic.

edit: Thinking some more, making something harder but not impossible to copy still has value. Of course I agree that chips are better than magnetic strip, but there are still issues.

It's another illusion: You are still able to make "card not present" transactions with CVV, which is required for purchases over the internet. No codes rolled and the card is static. They dip their hands into your account.

BTW I'm not from the US.

"Quite frankly the credit card security system is awful, bitcoin doesn't have to work hard to beat it."

You forgot to add "...in the US".

The rest of the developed world has chip and pin and 3D secure, that obviate the vast majority of credit card fraud for merchants.

Quite frankly consumer protection in bitcoin is shot. Enthusiasts actually go around talking up the "no chargebacks" property as though it's a good thing. Great for the merchant if they actually get any bitcoin sales, but customers will choose something else when they can.

Lack of consumer protection further hurts merchants; in two ways: One, it lowers their margins because of lemon-market effects; honest consumers will pay less because they're not sure if they're going to get ripped off; Two, it amplifies the power of reputational ransom.. since people squaking loudly is the only real sign of fraud you'll get, you have to pay attention.. but anyone can squak loudly, and demand money (or free products) from you to shut up.

Right now if a deal goes bad, consumers have to resort to public shaming on internet forums, or legal processes. Many in the bitcoin community are libertarians who want to stop relying on the police and courts. Moving away from using the legal infrastructure of the state doesn't have to be for political reasons, it's also much cheaper to avoid lawyers and legal processes.

Bitcoin does have a way to implement better consumer protection. It's called multisig. The idea being that a special kind of bitcoin address is created from three keys. If any two of the private key-holder, the money can be moved. So to create a robust consumer protection model you give the buyer, seller and an arbitrator each one key. The buyer pays into the multisig address, if the buyer receives the service and is happy, her and the seller can both use their private keys to send the money to the seller. If they can't agree then the arbitrator can use her private key to tie-break and distribute the money as they see fit. Also the arbitrator can't steal the money on his own as they only have one key, so they don't need to spend time and money on security.

Multisig is used today but only for security. People keep one set of keys in a backup, the other two keys are held on a hot wallet and third-party web wallet or security service. Malware and the web wallet cant steal coins from the hot wallet, and if the web wallet disappears the person can just open up their backup to move the money. Plenty of wallets can do this including Electrum 2.0. But this model has nothing to do with consumer protection.

There have been some attempts at multisig consumer protection but from what I can see most did not get adopted. Often they rely on users manipulating raw ECDSA keys. The GUIs that do this should have big buttons with names normal people understand, like Create Escrow Account, Fund Escrow, Receive Escrow Money, Sign Off Payment, Get A Refund. The accounts feature in Electrum is perfect for this, when people sign up to their new payment processor or marketplace they get a xpub BIP32 key, the merchant also gives them a xpub key. Clicking the Create Escrow Account button simply uses these to obtain public keys and the redeem script.

I'm nowhere near the first person to come up with this. Here is Mike Hearn talking about the concept in 2012(!) https://www.youtube.com/watch?v=mD4L7xDNCmA

Theres a whole website based on the idea, https://www.bitrated.com/ which is actually really good IMO. I think a reason it isn't seeing more adoption is that it doesn't slot into existing infrastructure. I think it only can work for OTC trades between people, so two people decide on a trade and agree to both sign up to bitrated.com, it has no scope with a payment process like Bitpay or an existing marketplace like https://cryptothrift.com/. Plus because it runs in a browser, bitrated might not be agreeable for people who prefer to keep their private keys on their hard disk. (Although bitrated can be used entirely with local private keys, it even gives you the relevant commands on the site, but I dunno if really any of its users bother)

Any consumer protection has to be part of bitcoin wallets. That software already handles our regular private keys, its only a small step to also handling multisig keys. Hopefully it would be compatible with bitrated.com (which already has an API ready to use). Another benefit of this approach is it can give people a *choice* of mutually agreeable arbritartors, not just a monopoly tied to the credit card or payment processor.

Now there also exists the BIP70 payment protocol. I don't see it having any ability to use multisig consumer protection but I'm sure thats just an oversight.

Bitcoin CAN have good consumer protection. Instead of talking up bitcoin's "no chargebacks" we should be talking about how bitcoin has much better security than credit cards so that the only chargebacks that happen will be because of merchant fraud, not because some hacker in vietnam stole the customer's credit card.

Quite frankly the credit card security system is awful, bitcoin doesn't have to work hard to beat it. https://np.reddit.com/r/personalfinance/comments/3lf9hr/bank_is_refusing_to_refund_fraudulent_visa/cv5umvx

I don't think writing an Electrum plugin that does this is too hard. Sadly it's been more than two years since p2sh multisig was released before the beginnings of adoption were seen.