neha (OP)
|
|
August 16, 2014, 07:20:54 AM Last edit: August 18, 2014, 07:19:31 AM by neha |
|
Hello Everyone,
We are looking for some advice. As you might have heard about Nuovocard, we would like to know your opinion on whether we should offer this feature or not.
Feature in Question:Ability to change withdrawal address from the one that they put in during signup?
Background : Nuovocard is primarily going to accessible using emails.
Scenario 1 : The card holder can only pay at a merchant and merchants need to complete KYC. Thus, if there is any fraud, the card holder knows exactly where to go. If he/she needs to withdraw, it can only go to the withdrawel address they put in during signup. In case they loose theirwallet(whose address it is), they need to either spend it or sign up a for a new account, provide kyc and then spend it at their new account.
Scenario 2 : Now if we let the card holder could change withdrawal addresses, they can withdraw to any address but so can any hacker in the unlikely event the user has not secured their email properly.
Please reply here and either put your paypal ID here or pm me. If you want I can send it to one person and they can distribute it using BTC. Maximum 100 entries. Paid only for constructive posts that help us and take this issue forward.
Thanks Everyone.
UPDATE :-
SCENARIO 3
You want to Change your Withdrawal Address ---> Do you have access to your Old Withdrawal Address---->
YES -----> Sign a Phrase with Your Old Withdrawal Address and the New One and Send us an email and if checks, Your Withdrawal Address is Changed.
NO ------> You cant withdraw the funds but only spend them. So either go and spend at a Merchant or Signup for a new Account, provide KYC, and spend in your own Account.
Now regarding the email issue as Gitju points, we will make it mandatory to use a Gmail/Outlook/etc email as their Primary Email because they will have SSL Enforced.
Also, if you loose access to your primary email for any reason, you have to give the Secret Phrase which you gave upon Signup and your money gets refunded to the last withdrawal address on file.
IF YOU LOOSE ACCESS TO BOTH PRIMARY EMAIL AND YOUR WALLET AND YOU DONT HAVE KYC ON FILE, YOUR ACCOUNT REMAINS INACTIVE FOREVER OR UNTIL YOU MAKE A TRANSACTION USING THE MAGNETIC CARD AS THAT WILL STILL WORK WITHOUT OTP. OTHERWISE YOU ARE BASICALLY OUT OF ALL OPTIONS.
|
|
|
|
neha (OP)
|
|
August 16, 2014, 09:53:43 AM |
|
I would not offer this in that case.
The feature to have a fixed withdrawal address (a paper wallet for example which is stored in my safe for the best case) allows me to not care anymore about any risk here.
The willingness to deposit a higher amount is then higher which also should lead in more customer actions (buys/sells).
An email account or the connection to an email server could easily be hacked. Brute/force, stolen passwords, insecure wireless lan or insecure mobile network connections.
Conclusion -> I vote against the ability to change the withdrawal address from the one that was put in during signup.
Well our connection cannot be hacked for sure unless the server gets hacked and we will know about that soon enough. But this is exactly the reason why we want to limit to only one withdrawal address. But the downside is that will it go down the throats of card holders? We will find out I guess. I request more of you to advice us please. Thanks.
|
|
|
|
neha (OP)
|
|
August 16, 2014, 01:40:40 PM |
|
An email account or the connection to an email server could easily be hacked. Brute/force, stolen passwords, insecure wireless lan or insecure mobile network connections.
You said in the other post "An email account or the connection to an email server could easily be hacked. Brute/force, stolen passwords, insecure wireless lan or insecure mobile network connections. " I dont understand how do insecure wireless or mobile affect when the emails work over ssl??? Moreover, if your email password is stolen and you dont have 2fa, then alot of your accounts get compromised. Even the web wallets use email as the backup option for forgot password or OTP. Please explain when you get a chance.
|
|
|
|
gweedo
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
August 16, 2014, 04:02:21 PM |
|
Just have the user sign a challenge message before changing the address to a new one.
|
|
|
|
neha (OP)
|
|
August 16, 2014, 04:22:40 PM |
|
Just have the user sign a challenge message before changing the address to a new one.
Yeah. So just so that I understand right, we send the user a signature that he/she should sign the old address and the new one...correct?
|
|
|
|
Newar
Legendary
Offline
Activity: 1358
Merit: 1001
https://gliph.me/hUF
|
|
August 16, 2014, 04:56:07 PM |
|
Just have the user sign a challenge message before changing the address to a new one.
Yeah. So just so that I understand right, we send the user a signature that he/she should sign the old address and the new one...correct? Some sites use Google Authenticator to allow you to change the address. Some others use email confirmation on top of that. Also, might be of relevance: https://en.bitcoin.it/wiki/Exit_Address
|
|
|
|
neha (OP)
|
|
August 16, 2014, 05:06:25 PM |
|
For the purpose of this argument, we are assuming that if you know about google authenticator, then your email is probably not hacked as your email should have 2fa. In the event on an hack at the customers side, how to best protect the customer. Limiting the user completely to just use their withdrawal address works and also gweedo's way completely works. Even if your email gets hacked, your cold wallet/armory/whatever you are using shouldnt get hacked and thus if we go with gweedo's way, then the hacker wont be able to change the withdrawal address. So to remove the withdrawal feature completely or Use Gweedo's way? Gweedo's way would mean people need to know how to assign signatures. Exit address feature doesn't apply with us because there is nothing to hack at our end. Only hack can be performed at users end. Also, to make it even further secure, we can make users assign their primary email addresses from the webmail providers we choose like gmail, outlook, etc which have SSL forced and they can have a secondary email as anything they want. All viewing, you can use secondary, for OTP's and withdrawels, you need primary.
|
|
|
|
Jaaawsh
Sr. Member
Offline
Activity: 462
Merit: 250
Check out Fastslots.co !!!!
|
|
August 17, 2014, 04:29:50 AM |
|
It's just safer to have then pick one address for withdrawals. So hackers have to work a little harder, I think.
I mean how often are you going to lose access to a wallet? Most people who do bitcoin know what they're doing. I don't really but idk. I don't think the basic stuff is hard.
|
|
|
|
gweedo
Legendary
Offline
Activity: 1498
Merit: 1000
|
|
August 17, 2014, 05:18:26 AM |
|
It's just safer to have then pick one address for withdrawals. So hackers have to work a little harder, I think.
I mean how often are you going to lose access to a wallet? Most people who do bitcoin know what they're doing. I don't really but idk. I don't think the basic stuff is hard.
Depends on a couple of stuff, like with BIP 32 wallets, I would say anytime you import your seed, you consider that wallet compromised and should generate a new seed. Or maybe following the correct protocol in that when you use an address (meaning you had funds in it, and then spent it) I would suggest you change the address.
|
|
|
|
Ripcurl99983
|
|
August 17, 2014, 05:26:55 AM |
|
I vote for one deposit address. That way, the responsibility of one's money is completely left to the consumer and it is the most secure. It would cut down on systems management as well. Get a good disclaimer tho.
|
|
|
|
neha (OP)
|
|
August 17, 2014, 07:10:47 AM |
|
Guys based on the discussion here, I think a proper strategy would be to cater to novices and experts.
So here is what I am thinking:-
You want to Change your Withdrawal Address ---> Do you have access to your Old Withdrawal Address---->
YES -----> Sign a Phrase with Your Old Withdrawal Address and the New One and Send us an email and if checks, Your Withdrawal Address is Changed.
NO ------> You cant withdraw the funds but only spend them. So either go and spend at a Merchant or Signup for a new Account, provide KYC, and spend in your own Account.
Now regarding the email issue as Gitju points, we will make it mandatory to use a Gmail/Outlook/etc email as their Primary Email because they will have SSL Enforced.
Also, if you loose access to your primary email for any reason, you have to give the Secret Phrase which you gave upon Signup and your money gets refunded to the last withdrawal address on file.
IF YOU LOOSE ACCESS TO BOTH PRIMARY EMAIL AND YOUR WALLET AND YOU DONT HAVE KYC ON FILE, YOUR ACCOUNT REMAINS INACTIVE FOREVER OR UNTIL YOU MAKE A TRANSACTION USING THE MAGNETIC CARD AS THAT WILL STILL WORK WITHOUT OTP. OTHERWISE YOU ARE BASICALLY OUT OF ALL OPTIONS.
We will only be offering One Deposit Address and that deposit address will be Armory Address.
|
|
|
|
foxkyu
|
|
August 18, 2014, 07:09:09 AM |
|
i think the scenario one is the best choice only one address for withdrawal is better than have many address so if anything happen we can trace it and if anything happen to their account, or email, or maybe both, admin can contact them by phone just to make sure everything is fine, if they follow the procedure
|
|
|
|
neha (OP)
|
|
August 18, 2014, 07:20:13 AM |
|
i think the scenario one is the best choice only one address for withdrawal is better than have many address so if anything happen we can trace it and if anything happen to their account, or email, or maybe both, admin can contact them by phone just to make sure everything is fine, if they follow the procedure
What about Scenario 3???
|
|
|
|
foxkyu
|
|
August 19, 2014, 08:12:28 AM |
|
What about Scenario 3???
im still choose the first scenario with the same reason of course
|
|
|
|
|