Here's how I think we could implement Bitcoin debit cards w/o a third party

[moddedmatt]

Alright, I have no idea if this has been suggested before, but here's how I think we could do it.

It would obviously need some change implemented into the blockchain which I have no idea how hard they would be to make.

We could make it so every private key is protected by a PIN number. It would either give you one or you could decide which PIN you want depending on how it is implemented. This way, not only would this help implement debit cards, but it would take away a big danger of people finding your private key since they would need to know the PIN number associated with it.
The chip on the debit card would pretty much be an encryption of your private key and you would insert it in a card reader connected to the blockchain, enter your PIN number and complete the transaction!

One of the big problem with Bitcoin is that it's not easy enough to spend in the real world. QR codes suck and inserting a card is a lot simpler than pulling out your smart phone, starting the app, scan the QR code and then send the agreed amount of bitcoins.

[1715318008]

1715318008

[1715318008]

1715318008

[1715318008]

1715318008

[R2D221]

The problem with that approach is, how do you determine the PIN? Also, desktop and mobile apps would need to include it as well, otherwise we would have two kinds of private keys, and how would that work?

One of the big problem with Bitcoin is that it's not easy enough to spend in the real world. QR codes suck and inserting a card is a lot simpler than pulling out your smart phone, starting the app, scan the QR code and then send the agreed amount of bitcoins.

Yet most banks have created apps to make payments with your phone. For me it's more practical to carry a single object to do most stuff.

I understand why a decentralized debit card system would work, but the implementation may be harder than it seems.

[Cranky4u]

One of the big problem with Bitcoin is that it's not easy enough to spend in the real world. QR codes suck and inserting a card is a lot simpler than pulling out your smart phone, starting the app, scan the QR code and then send the agreed amount of bitcoins.

QR codes are a cultural acceptance issue, much like mobile phones were only for yuppies in the 80s. With next gen users, both physical age brackets [gen x, y & z] and smart technology, becoming more of the majority will influence the adoption rate of QR codes.

[doof]

I PIN is only 10,000 combinations.  Would take a few minutes to brute force.

[doof]

Coinkite card does this anyway.

[Peter R]

Alright, I have no idea if this has been suggested before, but here's how I think we could do it.

It would obviously need some change implemented into the blockchain which I have no idea how hard they would be to make.

We could make it so every private key is protected by a PIN number. It would either give you one or you could decide which PIN you want depending on how it is implemented. This way, not only would this help implement debit cards, but it would take away a big danger of people finding your private key since they would need to know the PIN number associated with it.
The chip on the debit card would pretty much be an encryption of your private key and you would insert it in a card reader connected to the blockchain, enter your PIN number and complete the transaction!

One of the big problem with Bitcoin is that it's not easy enough to spend in the real world. QR codes suck and inserting a card is a lot simpler than pulling out your smart phone, starting the app, scan the QR code and then send the agreed amount of bitcoins.

The card can be a bitcoin signing class (BSC) device that reads a raw transaction from the PoS terminal and signs it subject to certain signing rules.  This way, the private key never leaves the device.  You can even implement daily spending limits.   

Coindesk published an article on an NFC version of this idea yesterday:  http://www.coindesk.com/sigsafe-key-tag-brings-bitcoin-payments-nfc-devices/

Of course, this works as a contact smart card too. 

[rhino34567]

Wouldn't the card reader owner be able to see your private key, though? Unless I am missing something in here, since I would imagine somebody else would have pointed it out.

[R2D221]

Wouldn't the card reader owner be able to see your private key, though?

A fiat debit card reader also reads your “private key” (or equivalent for bank accounts). It's essential for it to work.

[DannyHamilton]

Wouldn't the card reader owner be able to see your private key, though?

A fiat debit card reader also reads your “private key” (or equivalent for bank accounts). It's essential for it to work.

No, it deosn't.

It reads your account number.

You rely on a trusted authority to protect the funds that you've placed on deposit in that account.

With bitcoin, there is no trusted entity.  Instead you trust the security of the private key.

[R2D221]

No, it deosn't.

It reads your account number.

You rely on a trusted authority to protect the funds that you've placed on deposit in that account.

With bitcoin, there is no trusted entity.  Instead you trust the security of the private key.

It needs to somehow tell your bank that it wants to take funds from there. How can the bank prove that they are trying to spend from the right account?

Of course the bank is a trusted entity, but it's one that needs private keys to confirm who's spending what.

[DannyHamilton]

No, it deosn't.

It reads your account number.

You rely on a trusted authority to protect the funds that you've placed on deposit in that account.

With bitcoin, there is no trusted entity.  Instead you trust the security of the private key.

It needs to somehow tell your bank that it wants to take funds from there. How can the bank prove that they are trying to spend from the right account?

Of course the bank is a trusted entity, but it's one that needs private keys to confirm who's spending what.

"private key" implies that there is some form of digital signature or encryption involved.

When I make an online purchase with my debit card, I just enter the card number (which is clearly a publicly visible account number), and not a "private key".  There is no digital signature, and there is no "encryption" where the bank would need to know my private key to decrypt it.

The bank has contracts with the payment processors to make sure that the payment processors have an incentive to prevent fraud.  The payment processors have contracts with the merchants to make sure that the merchants have an incentive to prevent fraud. The merchants have employment contracts with the employees to make sure that the employees have an incentive to prevent fraud.

Regardless of all those contracts and incentives, credit card fraud and debit card fraud are a significant cost for banks and merchants.  Fortunately, because of the contracts, the banks can recover much of the loss directly from the merchants, and the rest of it is covered by the other revenue (such as merchant fees, and customer fees).  As such, the bank can generally give you back your funds if you are victim of fraud.

[R2D221]

"private key" implies that there is some form of digital signature or encryption involved.

OK, you're right. I used the wrong word. However, I still need to give some “secret code” to make a transaction with my debit card (e.g. the 4 digit code at the back when purchasing online, totally unrelated to my account number). If the whole system is to be trusted, then nobody can spend from my account without that secret code.

[TimS]

Wouldn't the card reader owner be able to see your private key, though? Unless I am missing something in here, since I would imagine somebody else would have pointed it out.

No, it wouldn't.

Just like with some current smart cards: The card reader would tell the card "I want you to sign this data, and here's the PIN the user entered" and the card would use the PIN to decrypt the private key, sign the data, and send back the signature without the private key ever leaving the card.

What you describe is similar to how non-chip-and-PIN credit cards work: when you swipe it, it tells you all of its secrets (credit card number, name, anything else needed) and you use that to make the transaction.

[jl2012]

It would obviously need some change implemented into the blockchain which I have no idea how hard they would be to make.

I stopped reading here

[neha]

There are alot of hurdles to this without a 3rd party and management of the pin is the primary one. If by mistake you left your wallet/your wallet gets stolen and someone had seen the pin when you entered last, your money is gone and its not like banks that you can trace it or get it back in anyway. FYI we are also coming up with a debit card which would require a pin but the pin is only valid for 1 transaction. The only place your money can go is back to your own wallet or to the merchant. Thus keeps your money safe. Will be announcing it soon this forum.

[nvK]

Hi, from Coinkite here. We will be launching out API in a couple weeks, you will be able to do some of the things you want.

Just FYI, we did some research on having "smarter" smart cards to hold priv keys before, in our opinion most of them were not safe enough or not cost effective.