What do you want to see in an exchange?

[nxthardware]

I've been working with a team of engineers for the last 6 months on a new exchange. We have acquired banking support for 10 different fiat currency.

Wanted to see what the community is looking for in a new exchange, currently we have the following:
- Mandatory 2FA
- Verifiable user funds
- User KYC documents encrypted and stored in Canada, backed-up offline
- On EC2 so that we can sustain DDOS attacks.
- Incorporated outside of the US, so that user privacy is protected.

[1715586735]

1715586735

[1715586735]

1715586735

[El Dude]

see litecoin and bitcoin and no other crap coins.

[amspir]

I've been working with a team of engineers for the last 6 months on a new exchange. We have acquired banking support for 10 different fiat currency.

Wanted to see what the community is looking for in a new exchange, currently we have the following:
- Mandatory 2FA
- Verifiable user funds
- User KYC documents encrypted and stored in Canada, backed-up offline
- On EC2 so that we can sustain DDOS attacks.
- Incorporated outside of the US, so that user privacy is protected.

How are the verifiable user funds demonstrated?

[thms]

I've been working with a team of engineers for the last 6 months on a new exchange. We have acquired banking support for 10 different fiat currency.

Wanted to see what the community is looking for in a new exchange, currently we have the following:
- Mandatory 2FA
- Verifiable user funds
- User KYC documents encrypted and stored in Canada, backed-up offline
- On EC2 so that we can sustain DDOS attacks.
- Incorporated outside of the US, so that user privacy is protected.

I want to see real pictures of the building and a real address on every page of the site.

[LeChatNoir]

High market cap coins only, max 10 coins.
Decreasing fees to incentive liquidity providers.
Very fast and reliable engine to support HFT. 
Fast support.
Proof of solvency.

[farlack]

Phone call enabled withdrawals.
Then enter a pin.


Obviously the calls will cost money, charge 10 cents.


24/7 support. If you're making $50,000 a day in profit, you can spend $1000 a day in staff, I'm almost 100% positive you will be able to afford it if you're making 50k a day.
Waiting 24-48-100 hours for a response is crazy.

Location activated withdrawals, if you register in the United States, there is zero reason for an IP to login to your account from China.
If you plan to travel to China, you can link it in your account to enable it, with a delay of course.

Thumbprint reader 2F, laptops are starting to have this feature, and they're cheap enough to buy if you're storing 100k in bitcoin, you can afford a $30 thumbprint reader.

[vpitcher07]

Everything above but also store fronts. A place where you can actually physically go to trade and talk to staff.

[Singlebyte]

This thread from two days ago help?


Let's design the ideal exchange

https://bitcointalk.org/index.php?topic=507433.0

[casinocoin]

see litecoin and bitcoin and no other crap coins.

This
Although i do support SOME(1 or 2) alt coins, this is needed.
The only place to go right now is BTC-E and i refuse to use their services after failed deposit attempts a few months back resulting in my CC getting disabled for 7 days.

[Mensa]

IWhat do you want to see in an exchange?

Transparency.

- Verifiable user funds

How verifyable? is it sitting in the deposit address until sold?

- Incorporated outside of the US, so that user privacy is protected.

Any servers running in the U.S.? Good business practice nowadays is to avoid U.S. completely, not just have some offshore paperwork and backup in Canada...

[franky1]

an ethical contract

if any of the terms are breached you agree to being sued by any persons with adequate evidence that they have lost funds. without attempting to hide behind bankrupcy protections

the terms saying: (i kept it as laymans as possible)
you will only take funds from the transaction fee's not from people funds themselves
you will not allow unauthorised people into th server room or access to your admin gateway
you will not refuse to repay anyone.
will will have security that will be adequate to prevent hacking
in the event of a hack, if funds are lost. you will reimburse customers
(feel free to add more..)

[E.exchanger]

ummmmm i would love to see full transparency in and exchange and by saying that i mean everything their location phone number how much bitcoins they are holding currently everything possible and what i would love to see the most is payments being instant 

[alani123]

ENCRYPTION, encryption is everything.

I know that some big companies have have their own algorithms developed for security reasons. This way even if data leaks uccur somehow the data will still be unaccesable.

[seriouscoin]

TO ALL

You cant never have it all. Nothing can be perfect, there will always be compromise.... so pick what you want the most.


Just a friendly reminder

[teukon]

Just my opinion (in order of importance):

• No non-free web elements; certainly no Flash.  No obfuscated javascript.  Open source server software would be a huge plus.
• Very good website security.  You're dealing with crypto-currency here so you certainly need something more secure than your average bank offers.
• As much financial transparency as you can reasonably offer.  This is important even if your bitcoin holdings are being regulated by some authority.
• Optional single-factor authentication.
• Good communication would be nice but is not essential.
• Volume sensitive trade fees.  They don't have to be particularly low.
• Support for crypto-currencies besides Bitcoin is not important.
• A fast interface is preferable to a pretty one.

[phillipsjk]

I've been working with a team of engineers for the last 6 months on a new exchange. We have acquired banking support for 10 different fiat currency.

Wanted to see what the community is looking for in a new exchange, currently we have the following:
- Mandatory 2FA
- Verifiable user funds
- User KYC documents encrypted and stored in Canada, backed-up offline
- On EC2 so that we can sustain DDOS attacks.
- Incorporated outside of the US, so that user privacy is protected.

EC2 is not intended to be reliable storage: Third Largest Bitcoin Exchange Bitomat Lost Their Wallet, Over 17,000 Bitcoins Missing

I don't like the idea of mandatory 2FA. I may be under delusions that my machine does not have a keylogger. You should keep in mind that SMS 2FA may not actually be 2FA if the attacker has access to both the user's phone and PC like Facebook, Mircosoft, or Google. Edit: If 2FA is used, you should KISS.

an ethical contract

I stayed away from CaVirtex for the longest time because they claimed Bitcoins have no value in their TOS. If they have no value, why am I trading them for dollars? I have seen similar language on other exchanges. The crux of the matter is that they do not want to fall under securities regulations. However, Bitcoin is being increasingly classified as a "virtual commodity". Not sure if that makes it a security (doubt it).

[kuroman]

Aside the mandatory stuff, in terms of security, encryptions, ergonomics...., I think the most important part is trust and total transparency especially when it comes to fonds,

So how to rise trust, I think one way is to apply everything in regards to lean management, and getting ISO Certifications which means getting audit of course, being it documents management ISO 9001 and co, or anything else, security, management, funds, technology ....ect ect of course not any exchange can do this, I believe this should be mandatory to the BIG guys, and medium exchanges should be encouraged to do so, as for small exchange, I think the trust factor will grow as the exchange grows.

Also one more things, Exchanges should explain to users that the majority or the big portion of their fonds should be left in their own wallet and in cold storage if possible, and to avoid any bad practice which can happen due to lack of knowledge (some believe that exchanges are synonymous to banks which is not the case at all)

[fendlestick]

You gotta have a trollbox!

[acoindr]

I've been working with a team of engineers for the last 6 months on a new exchange. We have acquired banking support for 10 different fiat currency.

Wanted to see what the community is looking for in a new exchange, currently we have the following:
- Mandatory 2FA
- Verifiable user funds
- User KYC documents encrypted and stored in Canada, backed-up offline
- On EC2 so that we can sustain DDOS attacks.
- Incorporated outside of the US, so that user privacy is protected.

I wouldn't have mandatory 2FA. It's not like that's a bulletproof answer. I've seen posts from people claiming to have lost coins with 2FA enabled. Security is always a balance between convenience and robustness. You could say mandatory colonoscopy too, but that may not fit well with some users.

What I would do is have 2FA in the flow by default, but give the option to opt-out, while making it very clear it's considered a big loss of a security protection layer. However, some users know what they're doing, or have other reasons they might opt out of 2FA.

The only thing which should be mandatory is a strong password.

There are a few other security measures which can be very effective, yet remain convenient too.

The first is simply requiring email link confirmation for every withdrawal request. BTC-e has been doing this for a while. It doesn't seem all that inconvenient, yet a hacker would need access to two different accounts.

The second is giving the user the option to set a permanent wallet withdrawal address, an address where no matter what it's the only one the site sends funds to. The only way to change that address requires a colonscopy phone call, or perhaps photo ID submission, etc. That way a hacker can only send funds to an address the user controls, unless they can prove they are authorized to change the withdrawal address.

The last simple yet highly effective security measure is delayed action. Again, give users the option to set a minimum 24/48/whatever hour delay before some action completes. This can be a withdrawal, or changing the permanent withdrawal address etc. This way a hacker in control of much of a user's info must hope the user does not become aware something is wrong before the changes go through, which is unlikely.

Last, in terms of website security, simply be sure the majority of funds are kept in cold storage and refill hot wallets as needed. It's better to possibly delay some customer withdrawals and deal with customer service than be forced to announce a severe loss of funds which can't be recovered.

[franky1]

•  Open source server software would be a huge plus.
• Very good website security.  

sometimes the 2 things above cant work together. revealing all the code allows hackers to learn the layout. pretty much like revealing the blueprints to your house, where the safe is, and where all the security features are. allowing thieves to target a specific area as soon as they gain access to the secured outer doors. i know the open source wont reveal the owners access codes. but allowing hackers to easily find the weaknesses, even in the most secured systems should not be allowed.
opensource policy should be made for client downloads. not server scripts.

id say nothing can be truly hack proof, but ensuring you don't give hackers any advantage helps.

also to note that source code doesn't show what's happening to actual FIAT or actual bitcoins. all it shows are trades using a binary database.. not a block chain or bank account. so the benefits of opensource are not that big.

as for bitcoin being a virtal commodity.. OMG, facepalm... bitcoin has features of an asset, not comodity
asset: store of wealth (car, art, antiques)
commodity: something that is from natural background that is used to make or create other items/products (wheat, gold, beef, copper)