Been waiting for my pin for a while now and still haven't received it..
In some cases it takes some time to arrive. Please make sure that the number you wrote is properly detected at
http://www.donotcompare.com/btc/existsNumber.phpwhy you identify by phone ?
isn't receive address unique enough for it ?
Also, you can hash not phone itself but some constant text + phone
thus leaking only db won't harm anyone
The identification by phone is to identify unique users. When a scammer makes a chargeback, it more effective to block his access by his phone number (he might have several phones, but a limited number after all) rather than by his bitcoin address (which can -and should- vary with each purchase), or even his IP.
When I pass from the BETA state to the production mode, phone numbers will be encrypted with a secret key.
In order to better fit the policy of Paypal and to avoid a fraud rate too high I am implementing an automated deliver of a physical good to the user's Paypal address. Which object to choose is not obvious, since I has to comply with the following:
- It has to be cheap, in order to avoid increasing the price too much
- It can be sent cheapily worldwide
- It can only be delivered in case I have sent the Bitcoins
- The user doesn't need it to cash his coins (i.e. the transaction will still be instantaneous)
- It has to prove that the coins were sent, even to a person with no knowledge of Bitcoin and no mathematical background.
- If a scammer uses the system he would not want that object to be delivered to the real owner's address.
- The user has no way to forge the object, and to say that what he received was not what he expected.
Many criteria but I think I got it. I will also avoid sending the PIN at each purchase. It is expensive for me and a source of troubles for users.
In matter of days I expect to have the BETA2 ready. Thanks again for your support!
