Bitcoin Forum

Hello Everyone,

We are looking for some advice. As you might have heard about Nuovocard, we would like to know your opinion on whether we should offer this feature or not.

Feature in Question:Ability to change withdrawal address from the one that they put in during signup?

Background : Nuovocard is primarily going to accessible using emails.

Scenario 1 :
The card holder can only pay at a merchant and merchants need to complete KYC. Thus, if there is any fraud, the card holder knows exactly where to go. If he/she needs to withdraw, it can only go to the withdrawel address they put in during signup. In case they loose theirwallet(whose address it is), they need to either spend it or sign up a for a new account, provide kyc and then spend it at their new account.

Scenario 2 :
Now if we let the card holder could change withdrawal addresses, they can withdraw to any address but so can any hacker in the unlikely event the user has not secured their email properly.

Please reply here and either put your paypal ID here or pm me. If you want I can send it to one person and they can distribute it using BTC. Maximum 100 entries. Paid only for constructive posts that help us and take this issue forward.

Thanks Everyone.

UPDATE :-

SCENARIO 3

You want to Change your Withdrawal Address ---> Do you have access to your Old Withdrawal Address---->

YES -----> Sign a Phrase with Your Old Withdrawal Address and the New One and Send us an email and if checks, Your Withdrawal Address is Changed.

NO ------> You cant withdraw the funds but only spend them. So either go and spend at a Merchant or Signup for a new Account, provide KYC, and spend in your own Account.

Now regarding the email issue as Gitju points, we will make it mandatory to use a Gmail/Outlook/etc email as their Primary Email because they will have SSL Enforced.

Also, if you loose access to your primary email for any reason, you have to give the Secret Phrase which you gave upon Signup and your money gets refunded to the last withdrawal address on file.

IF YOU LOOSE ACCESS TO BOTH PRIMARY EMAIL AND YOUR WALLET AND YOU DONT HAVE KYC ON FILE, YOUR ACCOUNT REMAINS INACTIVE FOREVER OR UNTIL YOU MAKE A TRANSACTION USING THE MAGNETIC CARD AS THAT WILL STILL WORK WITHOUT OTP. OTHERWISE YOU ARE BASICALLY OUT OF ALL OPTIONS.

Well our connection cannot be hacked for sure unless the server gets hacked and we will know about that soon enough. But this is exactly the reason why we want to limit to only one withdrawal address. But the downside is that will it go down the throats of card holders? We will find out I guess.

I request more of you to advice us please. Thanks.

You said in the other post "An email account or the connection to an email server could easily be hacked.
Brute/force, stolen passwords, insecure wireless lan or insecure mobile network connections. "

I dont understand how do insecure wireless or mobile affect when the emails work over ssl??? Moreover, if your email password is stolen and you dont have 2fa, then alot of your accounts get compromised. Even the web wallets use email as the backup option for forgot password or OTP.

Please explain when you get a chance.

Just have the user sign a challenge message before changing the address to a new one.

Yeah. So just so that I understand right, we send the user a signature that he/she should sign the old address and the new one...correct?

Some sites use Google Authenticator to allow you to change the address. Some others use email confirmation on top of that.

Also, might be of relevance: https://en.bitcoin.it/wiki/Exit_Address

For the purpose of this argument, we are assuming that if you know about google authenticator, then your email is probably not hacked as your email should have 2fa.

In the event on an hack at the customers side, how to best protect the customer. Limiting the user completely to just use their withdrawal address works and also gweedo's way completely works. Even if your email gets hacked, your cold wallet/armory/whatever you are using shouldnt get hacked and thus if we go with gweedo's way, then the hacker wont be able to change the withdrawal address.

So to remove the withdrawal feature completely or Use Gweedo's way? Gweedo's way would mean people need to know how to assign signatures.

Exit address feature doesn't apply with us because there is nothing to hack at our end. Only hack can be performed at users end.

Also, to make it even further secure, we can make users assign their primary email addresses from the webmail providers we choose like gmail, outlook, etc which have SSL forced and they can have a secondary email as anything they want. All viewing, you can use secondary, for OTP's and withdrawels, you need primary.

It's just safer to have then pick one address for withdrawals. So hackers have to work a little harder, I think.

I mean how often are you going to lose access to a wallet? Most people who do bitcoin know what they're doing. I don't really but idk. I don't think the basic stuff is hard.

Depends on a couple of stuff, like with BIP 32 wallets, I would say anytime you import your seed, you consider that wallet compromised and should generate a new seed.

Or maybe following the correct protocol in that when you use an address (meaning you had funds in it, and then spent it) I would suggest you change the address.

I vote for one deposit address. That way, the responsibility of one's money is completely left to the consumer and it is the most secure. It would cut down on systems management as well. Get a good disclaimer tho.

Guys based on the discussion here, I think a proper strategy would be to cater to novices and experts.

So here is what I am thinking:-

You want to Change your Withdrawal Address ---> Do you have access to your Old Withdrawal Address---->

YES -----> Sign a Phrase with Your Old Withdrawal Address and the New One and Send us an email and if checks, Your Withdrawal Address is Changed.

NO ------> You cant withdraw the funds but only spend them. So either go and spend at a Merchant or Signup for a new Account, provide KYC, and spend in your own Account.

Now regarding the email issue as Gitju points, we will make it mandatory to use a Gmail/Outlook/etc email as their Primary Email because they will have SSL Enforced.

Also, if you loose access to your primary email for any reason, you have to give the Secret Phrase which you gave upon Signup and your money gets refunded to the last withdrawal address on file.

IF YOU LOOSE ACCESS TO BOTH PRIMARY EMAIL AND YOUR WALLET AND YOU DONT HAVE KYC ON FILE, YOUR ACCOUNT REMAINS INACTIVE FOREVER OR UNTIL YOU MAKE A TRANSACTION USING THE MAGNETIC CARD AS THAT WILL STILL WORK WITHOUT OTP. OTHERWISE YOU ARE BASICALLY OUT OF ALL OPTIONS.

We will only be offering One Deposit Address and that deposit address will be Armory Address.

i think the scenario one is the best choice
only one address for withdrawal is better than have many address
so if anything happen we can trace it
and if anything happen to their account, or email, or maybe both, admin can contact them by phone
just to make sure everything is fine, if they follow the procedure

What about Scenario 3???

im still choose the first scenario :D
with the same reason of course