A new way to trade bitcoins to fiat requiring very little trust

[the_big_feet]

Hi,

I posted this in bitcoin trading section, but there is a lot of trashy posts, so I decided to post it here.
So there are those companies that do data mining, for other companies (for example for loan companies) extracting data from bank accounts (for example from accounts of prospective loaners, who gave login credentials to their accounts) to give info to their clients (loan companies), who need it (for example to determine if a given person is credit-worthy, after checking his account history).
Why there are no companies like this, that would allow almost-trustless crypto-to-fiat exchanges directly between individuals? I mean, if you want to buy 1 BTC for 10kUSD and I want to sell 1 BTC for 10kUSD, then I make a transaction to you with:
a) nLockTime
b) requirement of a asymmetrical signature from company which professionally checks bank accounts to confirm transaction (let's call it BitConfirm from now on) - so it is multsig transaction
c) BitConfirm's policy needs crypto-signed confirmation from seller and buyer of Bitcoin that they will sell and buy under the condition of such and such payment on such and such bank account in such and such time etc.

Now, we agreed that BitConfirm will do the verification and we both signed by keys that will be used to send and receive this 1 BTC, then one of us or both sent this crypto-agreement to BitConfirm and BitConfirm needs to sign this message to, before anyone will send any money. You send BitConfirm your login credentials. It works exactly like those companies I mentioned above, there are companies like that working and legal all around the world. BitConfirm checks and either confirms or not this transaction.

Of course there are other ways of formulating transaction, there are problems to be solved (deposits for transaction-spam preventions and BitConfirm's fees etc.), but basically if we trust BitConfirm (trust is their business), then we have following advantages:
-we can make transaction between ourselves, without needing any exchanged crippled by hyper-regulation and else
-we don't have to trust each other, as we trust BitConfirm
-we can prove BitConfirm's maliciousness - because BitConfirm had signed the message (check c above)) before anyone concluded bank transfer. So, we could present this signed agreement and, for example, our bank statement with digital signature from bank's side, and that would prove BitConfirm's maliciousness and put it out of business.

So, what are your thoughts?

[1715069012]

1715069012

[1715069012]

1715069012

[1715069012]

1715069012

[1715069012]

1715069012

[1715069012]

1715069012

[HeRetiK]

If BitConfirm merely checks whether you hold the amount required in your bank account, they can still not guarantuee that your counterparty will actually make a bank transfer after you sent the bitcoins.

If BitConfirm is able to also send money from the bank account that they are auditing, I don't see many people using BitConfirm. I personally definitely wouldn't.

In both cases you still have the problem of some bank transfers being reversible.

At least that's the issues that I'm seeing. Maybe I'm oversimplifying the process you had in mind.

Either way it just seems like a cumbersome mix of centralized exchanges and escrow services that potentially causes more problems than it would solve. Problem being, if such a company were to take off you (1) can very well expect regulation coming down on it and (2) maliciousness has rarely put companies out of business, especially in finance. The latter being one of the reasons why cryptocurrencies entered the world stage in the first place.

[the_big_feet]

No, you didn't understood the process. First we make a deal - let's say offline - that I am selling you 1 BTC for 10kUSD, valid for 4 days. Then we fill out, let's say, some electronic form with fields like:
-how much bitcoin is sold
-at what price in fiat
-to what account the money should be transferred
-until what deadline money should be credited
etc.
Then we both sign this form using private keys belonging to public keys which will be addresses used in that future transaction. Then this form along with our e-signatures we send to BitConfirm. Now I, as a seller, put on the blockchain this transaction of 1 BTC, but with necessity of two signatures - one is mine and one belongs to BitConfirm address. I put LockTimeN on transaction. Now you can send your fiat to my account.

Now:
1)you send money -> I send my login credentials to BitConfirm -> BitConfirm signs the transaction of 1 BTC (this missing signature)
2) you don't send money -> time of LockTimeN elapses, I can do with my Unspent Output what I want
3) I don't send login credentials to my account/sent invalid ones -> BitConfirm signs the transaction and publishes on blockchain -> BitConfirm can prove that I sent those incorrect credentials or none in case there is some accusation from my side. They also have form signed by my signature belonging to public key of my sending address.
4) BitConfirm did something wrong - I can easily prove that to public because they also signed this form and I have access to my account which I can show to others (for example I didn't received any money, and BitConfirm said I did and transferred my 1 BTC.)
Now you get the idea?

[the_big_feet]

The BitConfirm's main job is to login, at some time, to my account, check if it is already credited with proper amount from you, and then if it is, signing the transaction of bitcoin (I already signed this transaction myself, with the prerequisite of another signature from BitConfirm and sent it to you and BitConfirm with LockTimeN - time for our fiat currency transaction to take place).

[the_big_feet]

Well, I think there is no reason why BitConfirm would become regulated. There are plenty of companies that do "transaction confirmation" by logging in to bank account that do not have to follow any special regulation like advanced KYC or AML, just basically they have to follow the law. Because BitConfirm will NOT deal in fiat, it will not fall under the exchange umbrella. It just checks the balances. Not to mention that it could be incorporated in country which does not have any laws to regulate this kind of activity.
Obvious advantage from Bisq would be arbitrage. I don't trust Bisq, because in case there will dispute (which I guess happens often) I don't want the arbiter, who is the main factor allowing the Bisq to exist at all (otherwise everybody would cheat) to be some random, anonymous node with no knowledge of local banking websites, international banking (like time it takes to transfer from country A to B, intermediary banks closing SWIFT codes etc.), advanced techniques of fraud etc. That is the weak point of Bisq I think. I would prefer as an arbiter known company with reputation, specialists in data mining, banking and fraud prevention and customer care.
That being said, it's only idea that came to my mind as off-spring of working on something else, so I just shared.

[baradfo]

I see a few "ifs" that could stop this idea moving forward. First is that "Bitconfirm" would have to be a trusted company for the two parties involved, whomever they would be. Also, the banks would have to be knowledgeable to this activity and allow it. Yes, there are banks that allow data checks and such that are out there but dealing with crypto banks tend to be standoff-ish. Either way it's an intriguing idea for ways on converting crypto to fiat.

[vit05]

Bitconfirm will act as an escrow service. It could be useful in some situations. But what we really need is a system that does not need that 3 parts are people. We need that the transaction between two persons could go as the old shake hands deals.

[HCP]

The BitConfirm's main job is to login, at some time, to my account

Ummmm NO.

Aside from the fact that providing your login credentials to a third-party is generally against the terms and conditions of pretty much every banking service I can think of... your idea of "very little trust" is considerably different to mine!

Also, taking the "Think Evil"™ approach here... the opportunities for phishing seem plentiful. What happens when people start handing over internet banking or cryptocurrency account information to Bitc0nfirm.com?

[Diamond Member]

There are banking regulations that make nearly every withdrawal from your bank account reversible, and absent those regulations, it is possible to use the court system to essentially reverse bank transactions in the form of a judgment against the receiver of the transfer.

Look at the ACH deposit process of Gemini, and you will see it is very similar to what you describe, at least to verify the bank details. Key differences between what you describe and Gemini are that deposits are not available for withdrawal for a week and the limits are very low. Also, a user must verify their identity on Gemini that must match the name associated with the bank account being linked.

[the_big_feet]

My replies:
1) Bank transfer are reversible - well, this applies to any system, any solution, any way we would deal crypto to fiat. But, surprisingly, it's not so easy as you would imagine. If it would, then everybody could pay for everything and once the item is received, he would reverse payment. That is so called "customer-fraud". But it's common with card payments not wires.
2) We would have to entrust third party our login credentials and it's crazy - just do good search on google how many companies do data scraping of bank websites. Basically, if I want to get a loan from private company, I have to give my login credentials to bank account and then they send it to third party company, which does the actual logging in and extracts data. Since this solution works for many years with no controversies, I don't understand why here it would be different.
3) BitConfirm could steal my money -well, for almost every bank in existence there is two-factor authentication for sending money. Login and password only allows to SEE the balance/history of incoming or outgoing transfers but NOT to do any transfer. So you're actually entrusting only information, nothing else. And besides, after the operation you can immediately change password.
4) I made a title to this post "... requiring very little trust." Very little, because once the BitConfirm does even one fraud, the victim could easily prove that in a way that obvious to everybody. So it could just did the fraud once, twice. Same is for all parties involved - if there would be a claim of victim which is unfounded, BitConfrim could easily disprove that, for example by keeping transfer history page notarized by TLSNotary, yes?

Why people still use mostly centralized exchanges and not decentralized? Because people, even with all those regulations, still trust more established companies with reputation. And BitConfirm do not keep funds at any moment, it just have reputation as it's only asset.

[the_big_feet]

5) This will violate T&C of bank - this somehow doesn't stop tens of companies operating like that in credit-scoring business. Maybe T&C are not law itself?
6) Banks generally don't want to deal with crypto - that's the whole point. Bank can distinguish transfer from crypto-exchange and take action, but how it will distinguish a transfer from one private person from another, provided the transfer title is correct?
I am giving nice idea, there is money in it, but to appreciate it you need to examine things more carefully.

[HeRetiK]

So if I understand you correctly the procedure would be as follows:

1) The Bitcoin sender sends his coins to a 2-of-2 multisig address (requiring the signature of the Bitcoin sender and BitConfirm).
2) The Bitcoin sender provides his signature for a LockTimeN transaction spending from the 2-of-2 multisig address.
3) The bank transfer sender sends the agreed upon amount to the bank account of the Bitcoin sender.
4) BitConfirm audits the bank transfer senders account, confirming that the agreed upon amount has been sent.
5) Upon confirming that the bank transaction has been made, BitConfirm provide their part of the signature for the LockTimeN transaction.
6) The bank transfer sender receives a LockTimeN transaction to an agreed upon Bitcoin address.

Yes / No?

2) We would have to entrust third party our login credentials and it's crazy - just do good search on google how many companies do data scraping of bank websites. Basically, if I want to get a loan from private company, I have to give my login credentials to bank account and then they send it to third party company, which does the actual logging in and extracts data. Since this solution works for many years with no controversies, I don't understand why here it would be different.

Really? That's interesting to learn. I suppose that's an US thing (assuming you are an US citizen). As far as I'm aware of auditing in Europe relies merely on bank statements (barring the evaluation of other assets one may own).

[the_big_feet]

Well, with some modifications probably (security deposits etc.). So, I am not US citizen, but I think that auditing the balance account is the price many people would pay for smooth exchanging. One could also send just a tls notarized part of website which mentions only this particular transaction, not the whole transactions list. With even this modification, you could satisfy privacy concerns. I guess.

[audaciousbeing]

My thought to a business model like this is that, it would surely boost the confidence in the market as there are background check that would need to be done in other to determine a credit worthy individual. However, my concern is the practicability of this business model. Just like the scenario you painted, the only reason why background check is possible is because there is a database where its being cross checked and every data collecting organisation centralise information to the database which makes the data mining company's work easy.

In crypto today, most organisations operating the crypto world and that have implemented the KYCs to be best of my knowledge don't share data and don't even have a central data base as that alone even contradicts the existence of crypto currency which is the decentralization of data. Aside that, there is also no overseeing body performing an oversight on these activities. How do you intend to make this work.