Bitcoin credit cards?

[Gimmelfarb]

True, I was thinking about this last night and the best solution would seem to be built in PIN like the debit cards used in Europe and Canada.
"Chip debit cards encrypt all information stored on them, increasing your safety when completing a transaction."

This will prevent merchant from having ALL your info just on the magstripe.

I still don't understand how this will work.  The merchant can't move the bitcoins from your address unless they have your unencrypted private key.  Once they have your unencrypted private key, there is nothing that prevents them from saving it and re-using it in the future.

It seems that what is needed is a card that has a processor, display, and input interface built into it, the card would be placed with some sort of electrical contacts interfacing with the merchant's terminal.  The terminal would request the bitcoin addresses known by the card.  The terminal would then search the blockchain for unspent outputs associated with those addresses.  The terminal would build an unsigned transaction and submit the transaction to the card requesting a signature. The card would then display the transaction amount on its built in display.  The card owner would verify that the displayed amount was correct, and would use the card's built in input interface to indicate acceptance.  The card would reply to the terminal with a signed transaction.  The terminal would then broadcast the transaction to the bitcoin network.

Patience, my son.

That's what the chip debit card is for.

Once you insert your card in the terminal, the terminal prompts the customer for their PIN number. The customer inserts their PIN number into the terminal. Since all terminals are PCI compliant nowadays, the inputted PIN is encrypted and cannot be recorded by the merchant or anyone else. This is all done now with Canadian and European debit cards, this is not just theory.

To break it down, when the customer enters in the PIN number via the terminal, this "unlocks" the Bitcoin address private key to proceed with the transaction. The transaction amount displays on the terminal screen, and the customer presses OK if it is correct. Simple.

I worked for many years in the credit card processing industry, so I know about these things. To be honest, I'm surprised this hasn't already been done. If people want to join together to do this, let's go for it

umm, this sounds awesome. please someone tell me that people are working on this for bitcoin, as we speak? 

[1713878480]

1713878480

[1713878480]

1713878480

[1713878480]

1713878480

[DiamondCardz]

True, I was thinking about this last night and the best solution would seem to be built in PIN like the debit cards used in Europe and Canada.
"Chip debit cards encrypt all information stored on them, increasing your safety when completing a transaction."

This will prevent merchant from having ALL your info just on the magstripe.

I still don't understand how this will work.  The merchant can't move the bitcoins from your address unless they have your unencrypted private key.  Once they have your unencrypted private key, there is nothing that prevents them from saving it and re-using it in the future.

It seems that what is needed is a card that has a processor, display, and input interface built into it, the card would be placed with some sort of electrical contacts interfacing with the merchant's terminal.  The terminal would request the bitcoin addresses known by the card.  The terminal would then search the blockchain for unspent outputs associated with those addresses.  The terminal would build an unsigned transaction and submit the transaction to the card requesting a signature. The card would then display the transaction amount on its built in display.  The card owner would verify that the displayed amount was correct, and would use the card's built in input interface to indicate acceptance.  The card would reply to the terminal with a signed transaction.  The terminal would then broadcast the transaction to the bitcoin network.

Patience, my son.

That's what the chip debit card is for.

Once you insert your card in the terminal, the terminal prompts the customer for their PIN number. The customer inserts their PIN number into the terminal. Since all terminals are PCI compliant nowadays, the inputted PIN is encrypted and cannot be recorded by the merchant or anyone else. This is all done now with Canadian and European debit cards, this is not just theory.

To break it down, when the customer enters in the PIN number via the terminal, this "unlocks" the Bitcoin address private key to proceed with the transaction. The transaction amount displays on the terminal screen, and the customer presses OK if it is correct. Simple.

I worked for many years in the credit card processing industry, so I know about these things. To be honest, I'm surprised this hasn't already been done. If people want to join together to do this, let's go for it

Or, even simpler, we just use off-the-chain services that allow you to withdraw to the Blockchain whenever you want to. Most people will be using off-the-chain services in the future, anyway.

[jbreher]

To break it down, when the customer enters in the PIN number via the terminal, this "unlocks" the Bitcoin address private key to proceed with the transaction. The transaction amount displays on the terminal screen, and the customer presses OK if it is correct. Simple.

So the machine -- 'PCI Compliant' or not -- signs the transaction with your private key, which you have exposed to it using your PIN? No thanks.

About the day after this gets introduced, somebody is going to create look-alike terminals that send your private key to haxxors in the Ukraine. How would one be able to tell you're dealing with an actual, non-nefarious terminal?

[DannyHamilton]

your private key, which you have exposed to it using your PIN? No thanks.

+1

If the machine isn't under my control, then I don't want it to have access to my private key.

The card itself has to do the signing. The card itself also has to display the transaction so I know that what I'm signing is what I intend to sign.  The card itself therefor needs a physical input device that allows me to tell the card that I authorize the transaction.

The terminal should send the transaction to the card, and accept in response a signed transaction that it can broadcast to the bitcoin network.

Unless you are talking about storing the bitcoins in some sort of "bitcoin bank" and the bank issuing a bank card that allows you to access your account with them, you need to stop thinking about bitcoins as just a payment network.  It is also a currency, and many of the things you think you know from your experiences with credit cards and/or debit cards simply won't apply to bitcoin due to its nature as a currency.

[davidgdg]

To break it down, when the customer enters in the PIN number via the terminal, this "unlocks" the Bitcoin address private key to proceed with the transaction. The transaction amount displays on the terminal screen, and the customer presses OK if it is correct. Simple.

So the machine -- 'PCI Compliant' or not -- signs the transaction with your private key, which you have exposed to it using your PIN? No thanks.

About the day after this gets introduced, somebody is going to create look-alike terminals that send your private key to haxxors in the Ukraine. How would one be able to tell you're dealing with an actual, non-nefarious terminal?

I thought that what was being proposed was just a credit or debit card where you have a BTC denominated bank account. If so, then yes it would make sense (1) to solve the zero confirmation issue (2) to be used where the buyer doesn't have a smart phone.  Whether (1) and (2) will remain a problem for much longer is however doubtful.

If no bank is involved, then I can see it might solve (2) (at some potential risk) but it wouldn't solve (1). To solve (1) the merchant needs a guarantee of payment from a trusted third party such as a bank (yes I know "trusted third party" and "bank" don't always go together, but you know what I mean).

Credit cards for loans (i.e. using them to get credit rather than just making payment) are a different issue. If you want to borrow money, credit cards are a thoroughly bad way to go about it, whether you are borrowing BTC or anything else.

 

[AndrewWilliams]

To break it down, when the customer enters in the PIN number via the terminal, this "unlocks" the Bitcoin address private key to proceed with the transaction. The transaction amount displays on the terminal screen, and the customer presses OK if it is correct. Simple.

So the machine -- 'PCI Compliant' or not -- signs the transaction with your private key, which you have exposed to it using your PIN? No thanks.

About the day after this gets introduced, somebody is going to create look-alike terminals that send your private key to haxxors in the Ukraine. How would one be able to tell you're dealing with an actual, non-nefarious terminal?

Really? Like seriously?

Then you might as well never use a debit or credit card terminal ever again. Let me know how that works out

Sorry but this is the real world. If you are that paranoid just stick to cash


How would one be able to tell you're dealing with an actual, non-nefarious terminal?
If you go to a legit store, you will be dealing with a legit terminal.

If a business uses anything compromised like what you are describing, the FBI and or Secret Service gets involved. (Yes, Secret Service investigates credit card fraud).
Like in this case: http://www.khq.com/story/21757307/secret-service-investigates-skimming-case-at-north-spokane-atm-crime-tracker-kalae-chock-has-tips-to-protect-your-account

[DannyHamilton]

- snip -
I thought that what was being proposed was just a credit or debit card where you have a BTC denominated bank account.
- snip -
If no bank is involved, then I can see it might
- snip -

Part of the problem in this conversation is that several people have put forth their own ideas about how a "bitcoin card" might work.  Some of these ideas assume a "credit card" that allows you to take a bitcoin loan.  Some of these ideas assume a "wallet on a card" where the private keys are stored on the card and transactions are broadcast from the terminal to make payment directly from the bitcoins associated with those private keys. Some of these ideas assume a "bitcoin bank" where the card is a way to represent your account at the bank and the bank takes care of paying the merchant and debiting your account for you.

Several people have made assumptions about what was being discussed without paying attention to the details.  As such, this conversation is a bit of a mess at the moment.  A big part of that confusion is probably first due to the OP's choice of words:

the credit card contains your wallet number as a credit card has a credit card number

It doesn't exactly explain if that "wallet number" is an account number representing your account at a bank, or a bitcoin address, or a bitcoin private key, or a loan authorization number.

The rest of the confusion is probably due to the OP's choice not to stick around and control the direction of the discussion correcting people who wander too far off from whatever it was that they intended.

[DannyHamilton]

Really? Like seriously?

Then you might as well never use a debit or credit card terminal ever again. Let me know how that works out

Sorry but this is the real world. If you are that paranoid just stick to cash

Credit and Debit card terminals don't take money from you.  They inform a bank about a transaction.

Accounts at the bank are generally insured (such as FDIC in the US), and under significant regulations.

If a fraudulent transaction occurs, it is the bank that looses the money (or the insurance provider).

You need to stop thinking of bitcoin as just a payment network.  It is also a currency.  Many of the things you think you know from your experiences with credit cards and/or debit cards simply won't apply to bitcoin due to its nature as a currency

[AndrewWilliams]

@DannyHamilton


No, the whole idea of Bitcoin is take away the middleman (the banks!) from the equation.

No banks are needed for my proposal.



Why create a centralized system for a fundamentally decentralized system. It makes no sense.



What you propose is possible, but it involves a private company basically acting as an exchange like Mt. Gox, but with the ability to communicate with terminals and POS systems and new debit cards. You are then putting all the risk with this one private company.

Hacker wipes them out, you're done. Government intervenes, you're done.

I do not want to use a credit card in a Mt. Gox-y sort of way. THAT is too risky!

[davidgdg]

Really? Like seriously?

Then you might as well never use a debit or credit card terminal ever again. Let me know how that works out

Sorry but this is the real world. If you are that paranoid just stick to cash

Credit and Debit card terminals don't take money from you.  They inform a bank about a transaction.

Accounts at the bank are generally insured (such as FDIC in the US), and under significant regulations.

If a fraudulent transaction occurs, it is the bank that looses the money (or the insurance provider).

You need to stop thinking of bitcoin as just a payment network.  It is also a currency.  Many of the things you think you know from your experiences with credit cards and/or debit cards simply won't apply to bitcoin due to its nature as a currency

Indeed. It is one thing to use a debit or credit card where the bank takes most of the fraud risk. It would be another thing to use some sort of bitcoin card where the person who ends up paying or sorting out the mess if it goes wrong is me.

[AndrewWilliams]

Indeed. It is one thing to use a debit or credit card where the bank takes most of the fraud risk. It would be another thing to use some sort of bitcoin card where the person who ends up paying or sorting out the mess if it goes wrong is me.

Where is the risk? If you use your regular debit card at a terminal location, like a gas pump, in which a thief has installed a skimmer and a videocamera to record your PIN number, you will not get your money back.

You are led to believe in a safety net that is not there.

[DannyHamilton]

Indeed. It is one thing to use a debit or credit card where the bank takes most of the fraud risk. It would be another thing to use some sort of bitcoin card where the person who ends up paying or sorting out the mess if it goes wrong is me.

Essentially what is being suggested is a scenario where you tell each and every merchant that you do business with where you've stored a big box filled with cash.  You continuously add cash to this box as needed.  The merchants then go to your box of cash and remove the amount that you've asked them to remove for payment of whatever you are purchasing.  You agree not to move the box at all, and you trust (hope?) that the merchant will never use their knowledge of the location of the box to go take additional cash that you haven't authorized no matter how desperate they become.

And this is being offered as equivalent to the current credit/debit card security.

You can see how when you think about bitcoin as a currency instead of a payment network, some of the concepts start to fall apart.

[DannyHamilton]

- snip -
Where is the risk? If you use your regular debit card at a terminal location, like a gas pump, in which a thief has installed a skimmer and a videocamera to record your PIN number, you will not get your money back.
- snip -

Of course I will.  I have.  I speak from personal experience.  That is the purpose of the insurance that the banks and processing companies provide.

[briehost]

The best thing about having a BTC Card would be that you liability would be limited to however much you'd want to put on the card. You could keep a few extra bitcoin on your phone in case of emergency. Everything else can be left in your armory client at home.

[AndrewWilliams]

- snip -
Where is the risk? If you use your regular debit card at a terminal location, like a gas pump, in which a thief has installed a skimmer and a videocamera to record your PIN number, you will not get your money back.
- snip -

Of course I will.  I have.  I speak from personal experience.  That is the purpose of the insurance that the banks and processing companies provide.

The "insurance" you speak of does not exist.

The only thing credit card companies and banks offer is chargeback protection.

It can only be used in the event of:

1. Straight card theft. But not when PIN number is used! Banks will NEVER NOT ALWAYS give you money back when your correct PIN is used.
2. Non-receipt of goods. For mail orders, delivery of goods.
3. Broken or non-working items. If you buy something and it stops working. Time limit on this.
b. Overcharging

...And all this does is start the chargeback process. The merchant is given the opportunity to write a letter of explanation and provide documentation of their side.

If what you are purchasing could be better covered by a credit card for the above three things, by all means, use a credit card. For everything else, There's Bitcoin Credit Card




That said, Bitcoin credit card would not be ideal for buying goods on the internet or over the phone (duh, just do it given the tools already available), or any kind of purchase where you do not receive the goods or services right away.

The best thing about having a BTC Card would be that you liability would be limited to however much you'd want to put on the card. You could keep a few extra bitcoin on your phone in case of emergency. Everything else can be left in your armory client at home.

Exactly!
No reason to go bananas and expect a crazy amount of security in regards to the Bitcoin Credit Card, just put as much on it as you want.

[DannyHamilton]

- snip -
Where is the risk? If you use your regular debit card at a terminal location, like a gas pump, in which a thief has installed a skimmer and a videocamera to record your PIN number, you will not get your money back.
- snip -

Of course I will.  I have.  I speak from personal experience.  That is the purpose of the insurance that the banks and processing companies provide.

The "insurance" you speak of does not exist.

The only thing credit card companies and banks offer is chargeback protection.

It can only be used in the event of:

1. Straight card theft. But not when PIN number is used! Banks will NEVER give you money back when your correct PIN is used.
2. Non-receipt of goods. For mail orders, delivery of goods.
3. Broken or non-working items. If you buy something and it stops working. Time limit on this.
b. Overcharging

You aren't paying attention.

Of course I will.  I have.  I speak from personal experience.

I give up.

If you want to create such a device, go ahead.

If you want to use such a device, go ahead.

I'm sure you will find others who think the way you do.

The effort will succeed or fail on its own merits.  (I'd be betting on fail).

[AndrewWilliams]

Indeed. It is one thing to use a debit or credit card where the bank takes most of the fraud risk. It would be another thing to use some sort of bitcoin card where the person who ends up paying or sorting out the mess if it goes wrong is me.

Essentially what is being suggested is a scenario where you tell each and every merchant that you do business with where you've stored a big box filled with cash.  You continuously add cash to this box as needed.  The merchants then go to your box of cash and remove the amount that you've asked them to remove for payment of whatever you are purchasing.  You agree not to move the box at all, and you trust (hope?) that the merchant will never use their knowledge of the location of the box to go take additional cash that you haven't authorized no matter how desperate they become.

And this is being offered as equivalent to the current credit/debit card security.

You can see how when you think about bitcoin as a currency instead of a payment network, some of the concepts start to fall apart.

I fail to see your point.

Why is the technology used for debit transaction using encrypted PINs, NOT good enough for Bitcoin?

It's been used on a scale at least 1,000 X larger than Bitcoin, and has succeeded. Why reinvent the wheel?

A network is only going to be as secure as the users using it.

You aren't paying attention.

No, you aren't. Just because you were covered on your theft, it is not the rule.

"A major factor in consumer protection is the card company’s liability policies. Federal law limits consumer liability for unauthorized debit payments to $50, if the consumer reports the fraud within two business days (the cap goes up to $500 if the report is not timely [2 days!]). This means that the consumer has to pay $50-500 dollars before the card company will cover the rest. Major card companies like Visa and MasterCard have “zero liability” for unauthorized transactions, meaning that if the consumer meets the requirements, they don’t have to pay anything and are reimbursed.

However, this “zero liability” only applies to signed transactions. Every company seems to have their own policy when it comes to PIN-based transactions. MasterCard does not extend zero liability protection to PIN purchases, while other financial institutions do. For this reason, it’s important to check the policy on your debit account. Check the back of your card to find out which networks handle your transactions (ex: the Star network), and then call your bank to find out if you qualify for more than just basic federal protections."

Read this: http://banking.about.com/od/checkingaccounts/a/stolendebitcard.htm

I give up.

If you want to create such a device, go ahead.

If you want to use such a device, go ahead.

I'm sure you will find others who think the way you do.

The effort will succeed or fail on its own merits.  (I'd be betting on fail).

Someone woke up on the wrong side of the bed this morning, me thinks.

[AndrewWilliams]

Indeed. It is one thing to use a debit or credit card where the bank takes most of the fraud risk. It would be another thing to use some sort of bitcoin card where the person who ends up paying or sorting out the mess if it goes wrong is me.

So instead you want a private company like Mt. Gox to hold your hand if anything bad happens?

What happened to self responsibility.




Making a Mt. Gox like company in charge of chargebacks and disputes is an accident waiting to happen.
You are basically putting that private company at huge risk of having funds seized or stolen.
Then you want to rely on them for chargebacks??? That's madness. You are giving a private company, without any oversight, the ability to manipulate transactions. They can steal merchant's and consumer's money using the chargeback model. It's ridiculous.

Just dont use Bitcoin Credit Card for risky transactions. Use it when buying a coffee. Use it when buying groceries. Use it when buying furniture. Don't use it to order things online or over the phone. That simple.

[DiamondCardz]

Okay, seriously, couldn't a corporation similar to a Building Society hold your Bitcoins off-the-chain for things like debit card payments? Much easier than having your private key exposed, and it's pretty safe.

[AndrewWilliams]

Okay, seriously, couldn't a corporation similar to a Building Society hold your Bitcoins off-the-chain for things like debit card payments? Much easier than having your private key exposed, and it's pretty safe.

You could, it's just not necessary and just invites problems.

Private key would not be exposed with encrypted debit chip, as it is not with current chipped debit cards.