Elwar (OP)
Legendary
Offline
Activity: 3598
Merit: 2386
Viva Ut Vivas
|
|
July 13, 2011, 08:54:25 PM |
|
How would you use bitcoins for a business if someone who has access to the company's wallet is able to just take it and drain it without anyone knowing?
Say Walmart starts accepting bitcoins, they pay for new stores with bitcoins, pay vendors, pay for merchandise, etc.
Their accountants are writing checks, keeping track of purchases etc.
If one of the accountants decides to just write himself a check for a buttload, there is a paper trail and the person is prosecuted.
If Walmart is using bitcoins, the accountant takes the bitcoin wallet, makes a copy, takes it to the nearest library and uses it to send to hundreds of new bitcoin addresses of his own, and he is rich.
How is this prevented?
|
First seastead company actually selling sea homes: Ocean Builders https://ocean.builders Of course we accept bitcoin.
|
|
|
BitcoinPorn
|
|
July 13, 2011, 08:57:24 PM |
|
How is this prevented?
I guess accountants must now be held ..accountable.
|
|
|
|
carbonc
Member
Offline
Activity: 126
Merit: 60
|
|
July 13, 2011, 09:00:58 PM |
|
I would say that the wallet file would not be accessable to a user like this.
The wallet file would be on a server that has no real user interface.
A program that has access to the wallet.dat would have to be devised that would allow payments to be made after approval from mangement.
|
|
|
|
ctoon6
|
|
July 13, 2011, 09:02:48 PM |
|
you dont need access to the private key to have coins transferred over. you can check to make sure they paid from just looking in the block chain.
|
|
|
|
Bitcoin Harbor
Newbie
Offline
Activity: 34
Merit: 0
|
|
July 13, 2011, 09:03:50 PM |
|
Fundamentally, it's not much different than any other currency. You don't allow untrusted parties near the actual money, period. Any other fiat currency is just as stealable, if not moreso - it's just a database entry, you don't have to physically cart away gold bricks to commit theft.
A business would simply not have anyone they don't trust interact with the wallet directly. Instead you have the accountant manipulate a database, which is linked to the wallet but does not have permissions to execute transactions. If this weren't a solved problem, the current technology-based financial system would be completely impossible.
|
|
|
|
JoelKatz
Legendary
Offline
Activity: 1596
Merit: 1012
Democracy is vulnerable to a 51% attack.
|
|
July 13, 2011, 09:06:31 PM |
|
How would you use bitcoins for a business if someone who has access to the company's wallet is able to just take it and drain it without anyone knowing? Lots of ways. Pretty much, the same way you protect cash. You don't leave large amounts of it in insecure places. You audit accesses to the places you store it. You require multiple approvals for operations. Say Walmart starts accepting bitcoins, they pay for new stores with bitcoins, pay vendors, pay for merchandise, etc.
Their accountants are writing checks, keeping track of purchases etc.
If one of the accountants decides to just write himself a check for a buttload, there is a paper trail and the person is prosecuted.
If Walmart is using bitcoins, the accountant takes the bitcoin wallet, makes a copy, takes it to the nearest library and uses it to send to hundreds of new bitcoin addresses of his own, and he is rich. You have to be joking. Walmart wouldn't put any wallet holding large amounts of money on a computer anyone could copy files from. How is this prevented? Just the tiniest bit of common sense 100% stops this. There are no wallet files, the keys are kept on physically secure devices. Transactions can only come in from approved sources and go through verification and logging before being signed and securely exported. The same way you secure stock transactions. The same way you secure wire transfers.
|
I am an employee of Ripple. Follow me on Twitter @JoelKatz 1Joe1Katzci1rFcsr9HH7SLuHVnDy2aihZ BM-NBM3FRExVJSJJamV9ccgyWvQfratUHgN
|
|
|
FreeMoney
Legendary
Offline
Activity: 1246
Merit: 1016
Strength in numbers
|
|
July 13, 2011, 10:23:04 PM |
|
Bitcoins in a wallet sent directly are cash. If you don't trust someone to hold a suitcase full of cash don't give them an equivalent amount of your coins to control. If you need them to simply initiate reversible transactions use a system that can do that on top of your cash.
It won't be hard at all for major business deals to get okayed by 6 or 20 people if necessary. A normal sized business will probably pick some amount of operating cash to allow each agent to use directly and another amount for which any transfers will be incomplete without the owner/manager signing off on at the end of the day or whenever.
|
Play Bitcoin Poker at sealswithclubs.eu. We're active and open to everyone.
|
|
|
MrJoshua
Member
Offline
Activity: 76
Merit: 12
|
|
July 13, 2011, 11:15:34 PM Last edit: July 13, 2011, 11:26:07 PM by MrJoshua |
|
Your hypothetical does not create a situation in which there is no paper trail. If the "accountant" has access to a wallet file then you know who has the money, and can prove it in a court of law.
So let's make the hypothetical a little better to address the real issue, and write a movie plot at the same time.
Walmart decides to use bitcoins, to pay for services (note this is an important distinction, if they only accept bitcoins, then only one or a few key stake holders need have access to the wallet file). Keanu Reeves the top accountant has access to the largest wallet file for payments (he would not have _all_ the money, just the money the owner periodically transfers to a wallet they both have access too adequate for Keanu to conduct business).
Now Keanu's daughter is kidnapped, and he is told "If you don't transfer 100,000 bitcoins to this addresses within 30 seconds we will kill her. 30, 29, 28..." What do you do? What. Do. You. Do?
Once he transfers the bitcoins they are gone, and both the speed and anonymity unique to bitcoin make catching the criminal at the "hand off" impossible. There is no "hand off".
This is similar to the "perfect crime" scenario outlined in Applied Cryptography page 145.
However, this is not necessarily a significant advantage. It only improves the executability of the crime in one place the "hand off" which if done properly with cash or other monitory devices is not the weakest part of the crime to begin with. Also, unlike cash, every transaction that the kidnappers do from that point on with the bitcoin is trackable in the block chain, one wrong step and they will be caught, much more difficult with cash. Meanwhile all the other weaknesses of the crime, such as being seen kidnapping the daughter, etc. still remain.
So to answer the question behind your question. Normal businesses that are mindful of legal and physical security just like they must do now with cash, and accounts and the employees who can access them, will not be exposed to significantly greater risk with bitcoins. The steps they will need to take to be secure with bitcoins will be different then with cash or accounts, but they are similar and over time will become codified.
It is true that new crimes will be possible with bitcoins that where not possible with cash, credit cards, and banks. However, that has been true of every major invention throughout time, from the internet and the computer, to the car and printing press before them. Progress enables.
Bitcoin will not be adopted for what it makes difficult. It will be adopted for what it makes simple.
j
|
The value of bitcoins is not a theory, predictions of it's failure are what is theoretical.
|
|
|
foggyb
Legendary
Offline
Activity: 1736
Merit: 1006
|
|
July 13, 2011, 11:26:07 PM |
|
Now Keanu's daughter is kidnapped, and he is told "If you don't transfer 100,000 bitcoins to this addresses within 30 seconds we will kill her. 30, 29, 28..." What do you do? What. Do. You. Do?
Once he transfers the bitcoins they are gone, and both the speed and anonymity unique to bitcoin make catching the criminal at the "hand off" impossible. There is no "hand off".
How is this different from a ransom demand for US dollars to a swiss bank account?
|
Hey everyone! 🎉 Dive into the excitement with the Gamble Games Eggdrop game! Not only is it a fun and easy-to-play mobile experience, you can now stake your winnings and accumulate $WinG token, which has a finite supply of 200 million tokens. Sign up now using this exclusive referral link! Start staking, playing, and winning today! 🎲🐣
|
|
|
MrJoshua
Member
Offline
Activity: 76
Merit: 12
|
|
July 13, 2011, 11:29:16 PM |
|
Now Keanu's daughter is kidnapped, and he is told "If you don't transfer 100,000 bitcoins to this addresses within 30 seconds we will kill her. 30, 29, 28..." What do you do? What. Do. You. Do?
Once he transfers the bitcoins they are gone, and both the speed and anonymity unique to bitcoin make catching the criminal at the "hand off" impossible. There is no "hand off".
How is this different from a ransom demand for US dollars to a swiss bank account? This creates a paper trail and a "hand off" point, and is quite a bit slower.
|
The value of bitcoins is not a theory, predictions of it's failure are what is theoretical.
|
|
|
koin
Legendary
Offline
Activity: 873
Merit: 1000
|
|
July 14, 2011, 01:28:57 AM |
|
because a theft following a security breach looks little different than an employee pilfering of the company wallet, expect hacking and viruses to get blamed at a disproportionately higher rate.
|
|
|
|
Serge
Legendary
Offline
Activity: 1050
Merit: 1000
|
|
July 14, 2011, 01:34:59 AM Last edit: July 14, 2011, 04:20:05 AM by Serge |
|
Big businesses would require some enterprise bitcoin client solution to be built with tight control of wallets, handling multiple wallets and such. Current bitcoin client is only acceptable to end-users and small mom and pop shops.
|
|
|
|
steelhouse
|
|
July 14, 2011, 01:48:59 AM |
|
I think you make a good point. The small business owner could control all the bitcoin. For a large business the largest shareholder could hold all the bitcoin and distribute to accounts. There also might be joint encryptions on wallets. Thus a 1000 coin wallet might have to get a key from 5 people to be used when 10 people have the key.
|
|
|
|
coingenuity
|
|
July 14, 2011, 01:49:31 AM |
|
Consider your cell phone company, and how they protect your credit card details from malfeasance of all sorts. Or your doctor, and how they protect your government id #'s from being sold by nurses to identity thieves.
Long story short, all the smart hackers get jobs in white-hat security protecting companies from themselves.
|
|
|
|
99Percent
Full Member
Offline
Activity: 410
Merit: 101
🦜| Save Smart & Win 🦜
|
|
July 14, 2011, 01:49:59 AM |
|
The digital and fast nature of bitcoins are the solution to this problem.
Client software can be made that accesses access an encrypted wallet which requires that password to access the encrypted wallet has to be composed from two or more "associates" passwords. Only when the composite password is assembled can funds be sent. This avoids the kidnap scenario above unless the kidnappers decide to kidnap the daughters of all the associates at once.
For the walmart cashier example, the cashier never has to have access to Walmart's wallet.dat. A very simple program can access the wallet for her and confirm to her funds have recently been received from the checkout customer, much how credit cards work. The only reason nowadays cashiers handle cash is because they have to give back change which is not relevant with bitcoins, and because they can't immediately deposit the excess to the corporate bank account.
|
|
|
|
Steve
|
|
July 14, 2011, 02:02:27 AM |
|
How would you use bitcoins for a business if someone who has access to the company's wallet is able to just take it and drain it without anyone knowing?
Say Walmart starts accepting bitcoins, they pay for new stores with bitcoins, pay vendors, pay for merchandise, etc.
Their accountants are writing checks, keeping track of purchases etc.
If one of the accountants decides to just write himself a check for a buttload, there is a paper trail and the person is prosecuted.
If Walmart is using bitcoins, the accountant takes the bitcoin wallet, makes a copy, takes it to the nearest library and uses it to send to hundreds of new bitcoin addresses of his own, and he is rich.
How is this prevented?
Investigate the scripting capabilities of bitcoin transactions. You can create transactions that require multiple signatures for the recipient to spend them. The receiving department of a company could forward incoming payments in such a way that any further spending would require the signature of the CEO, CFO and a number of others as desired. The current client has no UI to create such transactions, but the scripting capabilities in the block chain allow it. This feature enables many other interesting possibilities.
|
|
|
|
ctoon6
|
|
July 14, 2011, 02:23:27 AM |
|
could you not encrypt the private keys to require one or more private keys for the encryption to be opened up?
situation: a company with 3 "big bosses" only accepts bitcoins for payment for goods and services. a smart person set a system up for for them so all they each have to do is make a private key on each of their computers. then on a computer that has never been on the internet has been reformatted, still never even having an Ethernet cable plugged in, hell it may as well not even have a NIC. this computer is for storing the wallet and doing the operations to encrypt it. each of the big bosses has 3 copies of their private keys used for encrypting the wallet file/private keys. all 3 private keys must be used. so not 1 person can just decide to spend the money. this could be put into an enterprise client that allows this to happen natively.
also i propose an offline transaction authorization system. this would be where you have a small piece of software putting the packets of information in the flash drive, then you unplug it and plug it into the other computer for which it is intended. the other computer would require you to accept exactly what packets to accept manually. then you must also accept what packets to send manually. This would insure that it is impossible to get viruses even if the other computer is infected, granted you know enough about the system.
|
|
|
|
evoorhees
Legendary
Offline
Activity: 1008
Merit: 1023
Democracy is the original 51% attack
|
|
July 14, 2011, 02:26:54 AM |
|
Companies will hold their "large wallets" off-site, managed by new companies that form to protect against issues such as those mentioned in the OP.
Many people will get wealthy solving these types of security problems.
|
|
|
|
TraderTimm
Legendary
Offline
Activity: 2408
Merit: 1121
|
|
July 14, 2011, 03:52:51 AM |
|
Bitcoin itself is a triple-entry system in accounting terms. (Ref: http://iang.org/papers/triple_entry.html ) Just restrict access - I'd code up a simple scraper that would present balances to someone who needed to do the books, but not physical access to the actual client. So you'd separate the data from the actual 'vault'. You could do this with blockexplorer if you knew all the addresses that you've received to. I'm sure there are other methods, as suggested above.
|
fortitudinem multis - catenum regit omnia
|
|
|
Meatpile
|
|
July 14, 2011, 04:41:58 AM |
|
for a giant business it would be 1000 times more secure and easier than cash. No employees would need access to cash, they just accept exact digital payments and verify that they happened.
The customer wont need change.
The employees get paychecks digitally whenever the company decides to pay them.
No need for any traditional manager / money handling risks apart from the incredible volatility of the currency/ commodity value.
|
|
|
|
|