--- The SEPA transfer protocol is about Alice being able to send Silver Grams, which Bob receives as Euros in his Euro bank account. It's also about Jorg earning a profit in silver grams, by sending a SEPA transfer to Bob on Alice's behalf.
Excellent reading, fellowtraveler! The flaw that springs to mind is with SEPA (ACH may be similar).
Problem: The SEPA protocol allows for refunds, so allowing both Alice and Jorg to profit through subverting the OT process.
As at [1]: "Payment service providers originating an SCT can request a recall of duplicate or erroneous transactions."
An SCT is a "SEPA Credit Transfer", the kind of transfer I think we're thinking of when we think of using OT to transact. As at [2]: "
A recall can be requested by originator bank on behalf of its customer to cancel a SEPA Credit Transfer already settled at EBA.
This must be initiated within 10 banking business days after execution date of the SEPA Credit Transfer subject to the recall. Before initiating the originator bank has to check if the SCT is subject to duplicate sending, technical problems resulting in erroneous SCT or fraudulent originated Credit Transfer."
(An SCT is distinct from an SDD - "SEPA Direct Debit" - which allows much longer recalls, as at [3]: "For unauthorised transactions,
this right to a refund extends to 13 months after the due date.")
Abuses:
[1] Jorg abuses both Alice and Bob. While we might assume that we can detect that Jorg paid Bob via a SEPA call, Jorg could wait until receiving his payment and then contest that payment was made fraudulently thus retrieving the value deposited to Bob. Alice would then be faced with having to re-pay a settled bill.
[2] Jorg and Alice collude to abuse Bob. Alice wants to buy two silver coins from Bob. Alice pays Jorg, Jorg pays Bob, a SEPA call shows Bob as paid. Bob ships the two coins and provides Alice a shipping number. Alice, knowing the coins are now irretrievable to Bob, informs Jorg who disputes the SEPA transfer, receiving back the whole value sent. Alice also disputes the SEPA payment arrived and so the escrow mechanism divides her payment to Jorg in two, and returns her half. (Although note: Jorg could agree to return an arbitrary amount even subsequent to escrow completion.) Alice now has two silver coins at half price, Jorg has profited by pocketing the other half of that price as well as his transaction fee, and Bob is down by the whole price.
Solutions:
1. If a SEPA call and the protocol also allows for the status of an old transfer to be detected (not clear from my research), this would allow an automatic input into both the reputation system about Jorg (and potentially automated contact to Alice and Bob, if they could elect for such);
2. This puts greater urgency on the reputation system, and also a first approximation of the reputation increase cycle - that is, 'noob' for at least ten days following the first transfer;
3. A system by which payments are made through a client-initiated federation of actors: Bob requires Alice to pay via 3 intermediaries. Alice's client randomly chooses and pays Jorg
and Carol
and Ted all of whom then pay Bob. This reduces Bob's risk of total loss and increases Alice's risk of being caught by a good actor;
4. Extending (3) above, support for confederations of actors. Alice & Bob may request that only a guild matching certain parameters handle payments, where a guild is decided on (say) a volume basis ("traded $1m+ in last 30+10 days, >99.5% uncontested transactions in those 30"). The guild would be in charge of their own arrangements for membership and distribution of work/reward. A single trader with a large volume would also count as a guild, but is unlikely to have the highest rating but either way a guild is unlikely to risk that whole business abusing Alice and Bob's trivial sum. A guild might well (for instance) choose to incorporate in one or more jurisdictions and use this as a selling point, even though it may well mean higher transaction fees in return. As part of that business, they may well elect to insure Bob against Alice colluding with one of their members.
Cheers!
[1]
http://www.paymentscouncil.org.uk/files/payments_council/sepa/shortcut_to_sepa_credit_transfer_%28sct%29%5B1%5D.pdf[2]
http://www.rbs.nl/docs/MIB/Country.../SEPA_FAQs_RBS_NL_v2_2012.xls[3]
http://www.ukpayments.org.uk/files/payments_council/sepa/epc222-08_version_2.0_shortcut_sepa_direct_debit.pdf