Bitcoin Forum
December 10, 2016, 01:02:26 PM *
News: To be able to use the next phase of the beta forum software, please ensure that your email address is correct/functional.
 
   Home   Help Search Donate Login Register  
Pages: « 1 [2] 3 4 5 6 »  All
  Print  
Author Topic: Email from Dwolla Regarding Reversals  (Read 9639 times)
notme
Legendary
*
Offline Offline

Activity: 1540


View Profile
April 16, 2012, 09:07:31 PM
 #21

How is google better?

I didnt like Dwolla after that Tradehill incident. But now I they are dead for me.

I meant Google Authenticator... not Authentication.

Authenticator is an app that generates time-based passwords unique to the given site that implements it.

https://www.bitcoin.org/bitcoin.pdf
While no idea is perfect, some ideas are useful.
12jh3odyAAaR2XedPKZNCR4X4sebuotQzN
1481374946
Hero Member
*
Offline Offline

Posts: 1481374946

View Profile Personal Message (Offline)

Ignore
1481374946
Reply with quote  #2

1481374946
Report to moderator
The block chain is the main innovation of Bitcoin. It is the first distributed timestamping system.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction. Advertise here.
1481374946
Hero Member
*
Offline Offline

Posts: 1481374946

View Profile Personal Message (Offline)

Ignore
1481374946
Reply with quote  #2

1481374946
Report to moderator
RaggedMonk
Sr. Member
****
Offline Offline

Activity: 308



View Profile
April 16, 2012, 09:35:51 PM
 #22

If you don't like this, cancel your account today, right now.

I just confirmed with Dwolla support that all 4 steps are now a requirement before sending money to MtGox.
- The 30 bank transfer history I have no problem with.  
- Accessing my Facebook and Social Security number is an unnecessary invasion of my privacy that I will not tolerate, and is the main reason I am cancelling my account.
- The fact that they are up-selling their new Hub Pages product is repugnant, particularly that it is a requirement before you can send money to certain people.  

If you have an account and don't want to comply with their bullshit verification, contact support and ask for it to be deleted.  They should feel some pain from this new policy.
rjk
Sr. Member
****
Offline Offline

Activity: 420


1ngldh


View Profile
April 16, 2012, 09:37:02 PM
 #23

Has anyone confirmed whether this affects withdrawals (from mtgox or wherever)? Is ID needed to withdraw from an exchange?

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
wogaut
Donator
Sr. Member
*
Offline Offline

Activity: 448



View Profile
April 16, 2012, 09:37:45 PM
 #24

Is that true for Dwolla/Intersango too?

Etlase2
Hero Member
*****
Offline Offline

Activity: 798


View Profile
April 16, 2012, 09:38:04 PM
 #25

If you have an account and don't want to comply with their bullshit verification, contact support and ask for it to be deleted.  They should feel some pain from this new policy.

except that, IIRC, your account won't actually be deleted for a very long time.

RaggedMonk
Sr. Member
****
Offline Offline

Activity: 308



View Profile
April 16, 2012, 09:40:12 PM
 #26

If you have an account and don't want to comply with their bullshit verification, contact support and ask for it to be deleted.  They should feel some pain from this new policy.

except that, IIRC, your account won't actually be deleted for a very long time.

They offered to suspend my account, I told them to permanently delete all data that they are not required by law to retain.  They still haven't responded.
evoorhees
Legendary
*
Offline Offline

Activity: 994


Democracy is the original 51% attack


View Profile
April 16, 2012, 09:44:32 PM
 #27

Ironically, this will make Bitcoin world MORE anonymous, as more US people will now use the anonymous cash deposits at banks via BitInstant instead of Dwolla (it was already much faster... now it's more far more private as well).
DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
April 16, 2012, 09:52:49 PM
 #28


1) Connect a social network


Steps like this only hurt Dwolla.  The fraudsters have dummy social network accounts set up.  I guess they may catch a dummy who starts honest then goes rouge and tries to charge back a Dwolla transaction because they would have more information on them.  Probably not though, the bank is most often going to side with the customer. 

Dwolla NEEDS two factor now.  Just fishing for REAL Dwolla accounts and using them to buy BTC is going to be a problem.  Each hack Dwolla account will be worth something so long as Dwolla is accepted by bitcoin exchanges.  Hackers are going to keep pushing Dwolla as long as they sit still.  Paypal has the advantage because they can usually take a payment back in the end.   

Dwolla has two factor, but one is a password, and one is a short, numerical pin.  SMS or Google Authentication would be a step in the right direction.

BTW that isn't two factor.

a) Something you know
b) Something you have
c) Something you are

One factor uses one of the factors, two factor uses two, and three factor uses three.  Adding more elements from the same factor doesn't significantly increase security.

BTC_Bear
B4 Foundation
VIP
Sr. Member
*
Offline Offline

Activity: 364


Best Offense is a Good Defense


View Profile WWW
April 16, 2012, 09:55:27 PM
 #29

Cash deposits at banks seems to be the way to go to maintain privacy.

This AML KYC stuff is just because LE has become lazy. If they truly suspect someone of a crime then they can goto the bank and get the video. This 'everyone' is a suspect so lets violate their privacy, needs to fail. So, every time they come up with a system, we need to come up with a 'legal' way of circumventing it.


Corporations have been enthroned, An era of corruption in high places will follow and the money power will endeavor to prolong its reign by working on the prejudices of the people until wealth is aggregated in a few hands and the Republic is destroyed. ~Abe Lincoln 1ApJdWUdSWYw8n8HEATYhHXA9EYoRTy7c4
notme
Legendary
*
Offline Offline

Activity: 1540


View Profile
April 16, 2012, 09:56:03 PM
 #30


1) Connect a social network


Steps like this only hurt Dwolla.  The fraudsters have dummy social network accounts set up.  I guess they may catch a dummy who starts honest then goes rouge and tries to charge back a Dwolla transaction because they would have more information on them.  Probably not though, the bank is most often going to side with the customer. 

Dwolla NEEDS two factor now.  Just fishing for REAL Dwolla accounts and using them to buy BTC is going to be a problem.  Each hack Dwolla account will be worth something so long as Dwolla is accepted by bitcoin exchanges.  Hackers are going to keep pushing Dwolla as long as they sit still.  Paypal has the advantage because they can usually take a payment back in the end.   

Dwolla has two factor, but one is a password, and one is a short, numerical pin.  SMS or Google Authentication would be a step in the right direction.

BTW that isn't two factor.

a) Something you know
b) Something you have
c) Something you are

One factor uses one of the factors, two factor uses two, and three factor uses three.  Adding more elements from the same factor doesn't significantly increase security.



Thank you, you are correct.
http://en.wikipedia.org/wiki/Two-factor_authentication

https://www.bitcoin.org/bitcoin.pdf
While no idea is perfect, some ideas are useful.
12jh3odyAAaR2XedPKZNCR4X4sebuotQzN
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2002



View Profile
April 16, 2012, 10:01:58 PM
 #31

I just confirmed with Dwolla support that all 4 steps are now a requirement before sending money to MtGox.
- The 30 bank transfer history I have no problem with.  

There was use of Dwolla by some that never set up a bank account.  If one doesn't trust the exchanges, funds could be moved out of the exchange into Dwolla without giving them anything other than a name e-mail address (for small amounts, of course -- for larger amounts they've wanted ID for quite some time now.)

Many people were able to use Dwolla as an FDIC insured temporary holding spot after cashing out of some bitcoins.  But now, they must register with a bank and wait 30 days in order to get that money back into bitcoins.   Some of them don't even have a bank account.   (Fortunately, some reloadable debit cards will function as direct deposit for transferring cash out sooner than 30 days).

- Accessing my Facebook and Social Security number is an unnecessary invasion of my privacy that I will not tolerate, and is the main reason I am cancelling my account.

Yup -- the Facebook part is unacceptable.  The SS# I can understand, though I would think existing accounts should get grandfathered in as far as the balance that existed when this change occurred.

- The fact that they are up-selling their new Hub Pages product is repugnant, particularly that it is a requirement before you can send money to certain people.

Isn't that bizarre?   To send money to you I need to set up a hub page so that I too can receive money from others?    Why?

I wouldn't bet that was a misunderstanding by the person editing the announcement or something to that effect.

zer0
Sr. Member
****
Offline Offline

Activity: 350



View Profile
April 16, 2012, 10:13:13 PM
 #32

Facebook thing and 30 day wait won't really prevent fraud. Afterall most crimebots record every keystroke and login so the potential fraudster would already have all Dwolla/FB/everything and can just buy the SSN# from a lookup service.

Bitinstant should crowdsource trusted people to do cash in hand trades in every city and pay an affiliate fee or something Smiley No more banks or dwolla middlemen. Sort of a giant hawalla network
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2002



View Profile
April 16, 2012, 10:33:25 PM
 #33

30 day wait won't really prevent fraud.

There is logic for the 30-day wait.  It states that you must have used Dwolla to transfer funds from your bank account at least 30 days prior.  Thus if a scammer did a bank transfer without the bank account holder realizing it right away, the passing of one statement cycle increases the chances the transaction would be discovered.

This will help Dwolla with Dwolla Instant as well, as if the scammer were to have created the account and applied for the line of credit, at least the chances are that the legitimate account holder will likely learn that this account and/or credit line was created before any funds were transferred to a bitcoin exchange.

DeathAndTaxes
Donator
Legendary
*
Offline Offline

Activity: 1218


Gerald Davis


View Profile
April 16, 2012, 10:43:28 PM
 #34

30 day wait won't really prevent fraud.

There is logic for the 30-day wait.  It states that you must have used Dwolla to transfer funds from your bank account at least 30 days prior.  Thus if a scammer did a bank transfer without the bank account holder realizing it right away, the passing of one statement cycle increases the chances the transaction would be discovered.

This will help Dwolla with Dwolla Instant as well, as if the scammer were to have created the account and applied for the line of credit, at least the chances are that the legitimate account holder will likely learn that this account and/or credit line was created before any funds were transferred to a bitcoin exchange.


It prevents a scammer from using a non-Dwolla bank account and signup up for Dwolla service but it does nothing to protect against keylogger and using a victims already established account (one w/ facebook links, and 30 day of account history).

It is feel good security.  If most of the attacks are from creating new accounts using stolen non-Dwolla enrolled bank accounts then the attackers will simply shift to stealing existing dwolla accounts.
hongus
Full Member
***
Offline Offline

Activity: 185


1hongus


View Profile
April 16, 2012, 11:08:32 PM
 #35

I'm pulling all my money out ASAP and contacting support to delete my account as soon as the money reaches my bank account.

1HoNGusEgzyXfvQnxHrJjx4bunJRf9pK19
zer0
Sr. Member
****
Offline Offline

Activity: 350



View Profile
April 16, 2012, 11:20:30 PM
 #36

30 day wait won't really prevent fraud.

There is logic for the 30-day wait.  It states that you must have used Dwolla to transfer funds from your bank account at least 30 days prior.  Thus if a scammer did a bank transfer without the bank account holder realizing it right away, the passing of one statement cycle increases the chances the transaction would be discovered.

This will help Dwolla with Dwolla Instant as well, as if the scammer were to have created the account and applied for the line of credit, at least the chances are that the legitimate account holder will likely learn that this account and/or credit line was created before any funds were transferred to a bitcoin exchange.


True this does prevent simple new signup fraud, but still doesn't combat identity theft. Can open bank accounts remotely using somebody's stolen identity, launder other stolen funds through it to Dwolla, then apply for credit after the 30 days. Some scammers are in it for the long haul if they can pull it off.

Any money transfer system based on online banking is doomed to fraud unfortunately. Trustcash wins again

Stephen Gornick
Legendary
*
Offline Offline

Activity: 2002



View Profile
April 16, 2012, 11:21:24 PM
 #37

If most of the attacks are from creating new accounts using stolen non-Dwolla enrolled bank accounts then the attackers will simply shift to stealing existing dwolla accounts.

Which reduces the size of Dwolla's risk exposure by several orders of magnitude, for now.  I'm guessing at $0.25 per transaction they simply cannot afford even to deal with the administrative hassle coming from the fraud transactions -- either attempted or successful, so this change is one way to automate away much of it.

Stephen Gornick
Legendary
*
Offline Offline

Activity: 2002



View Profile
April 16, 2012, 11:27:42 PM
 #38

Any money transfer system based on online banking is doomed to fraud unfortunately.

In the U.S. they've yet to allow retail banking (consumer banking) customers do ACH push.   Add in a Yubikey requirement to allow ACH push (only with the key) and most of the problem with unauthorized transactions is solved.   The problem is banks see that switch as being too expensive, in financial terms and consumer education and support.  It is still cheaper to pass on the cost of fraud to either the customers or the merchant, and when forced to, eat a little themselves.

zer0
Sr. Member
****
Offline Offline

Activity: 350



View Profile
April 16, 2012, 11:33:53 PM
 #39

Any money transfer system based on online banking is doomed to fraud unfortunately.

In the U.S. they've yet to allow retail banking (consumer banking) customers do ACH push.   Add in a Yubikey requirement to allow ACH push (only with the key) and most of the problem with unauthorized transactions is solved.   The problem is banks see that switch as being too expensive, in financial terms and consumer education and support.  It is still cheaper to pass on the cost of fraud to either the customers or the merchant, and when forced to, eat a little themselves.

There's a gold and currency exchange office where I live where you can walk in, lay down cash and they will send risky electronic transactions for a small fee, so the receiver is guaranteed clean funds.

Yubikey and other requirements for online banking would be great but seems to me banks and credit card companies are willing to just eat the fraud if it's easy for their customers to use. Push a button send money.
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2002



View Profile
April 17, 2012, 12:47:37 AM
 #40

Ya, denying service because you won't link your Facebook account is probably something the EFF needs to jump onto before it becomes accepted practice.

 - http://www.betabeat.com/2011/12/13/as-banks-start-nosing-around-facebook-and-twitter-the-wrong-friends-might-just-sink-your-credit
 - http://www.movenbank.com

Pages: « 1 [2] 3 4 5 6 »  All
  Print  
 
Jump to:  

Sponsored by , a Bitcoin-accepting VPN.
Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!