BTC Pull POS System

[Ratters]

Hi, I hope this is in the right section.

I just want a bit of advice about BTC Point Of Sale for a future project.

I’ve researched a lot of POS systems where the merchant enters the amount, generates the QR Code and the customer scans it to pay for the goods or services. This is easy for the merchant but more difficult for the customer as they have to use their phone.

Now....

Are there any systems that would allow the customer to supply the QR Code for a wallet? The merchant would enter all of the payment details and just scan the customers QR to receive payment, preferably with password authentication much the same as the Chip & Pin system for card payments only with QR Codes.

I’d just like to know if it is technically possible and/or if there is an out of the box solution that achieves this.

Many thanks for your help.

Rgds

Ratters

[telepatheic]

No, bitcoin transactions are push only however you can create your own systems which use bitcoin at the low level but they won't have the built in security of bitcoin.

For example the merchant scans the QR code giving the merchant computer an address of an endpoint which the computer can connect to, to make a payment protocol request. The customer authorises the app to make a payment to the address supplied in the payment request.

[Ratters]

That is the method I’m thinking about, there must be code for this by now. I'm sure I'm not the first to have thought of this and if I am this is where the idea was born!!

I’m now thinking about the security issues with a pull protocol. With password authentication in place I cant see it would be any less safe than with a push.. would it?

But that’s the tricky part, how to implement the authentication into the QR and merchant software safely. Its catch 22 really, in order to PW authenticate, the merchant sw would have to be able to read it in the QR however by allowing this it opens a security breach. But i guess no more so than the current chip and pin system.

I may have to drink on this over the weekend!

Thanks for you help

Rgds

Ratters

[Peter R]

Are there any systems that would allow the customer to supply the QR Code for a wallet? The merchant would enter all of the payment details and just scan the customers QR to receive payment, preferably with password authentication much the same as the Chip & Pin system for card payments only with QR Codes.

Not yet as far as I know but there will be.  

"ECDSA signing tags" could permit simple and fast payment at brick-and-mortar stores, and reduce the risk of zero-confirm fraud.  A host device (for example a merchant's PoS system) would query the tag for its bitcoin address, look up this address's unspent outputs in the blockchain, and then create a raw transactions that spends the appropriate amount of funds from the tag's address to the merchant's address.  After the tag receives a signature request for this raw transactions from the host device, the tag would check the request against a set of rules and sign the transaction, provided none of the rules are violated. User-defined signing rules could permit various levels of security from none (sign all requests), to locking the spend addresses, limiting the value of transactions, and requiring a password from the tag’s owner or cryptographic authentication from the host.

These "ECDSA signing tags" could be interoperable with existing PoS systems that support contactless (e.g. Visa PayWave) and contact smart cards (e.g., standard chip-and-pin technology).  I am working on an NFC project now called "sigsafe".  This tag could be used as a "tap-and-pay" device at a bitcoin-enabled PoS system. The merchant would enter the amount owing and the customer would scan his tag to pay.  The sigsafe would check that the transaction didn't violate any spending rules (for example a per-transaction maximum or a daily spend limit), and, if the transaction request was allowed, would return the signature to the host.  The host would then broadcast the transaction to the network.

A second advantage of the merchant constructing the raw transaction is that they can reduce the risk of zero-confirm fraud.  Not only is the legitimate TX highly likely to be broadcast first, but it can be constructed in a manner such that it will be accepted into mempool by vast majority of the network (e.g., it won't send outputs to on-chain gambling sites that are blacklisted by certain mining pools).