Bitcoin Forum
March 19, 2024, 07:54:40 AM *
News: Latest Bitcoin Core release: 26.0 [Torrent]
 
   Home   Help Search Login Register More  
Pages: [1] 2 »  All
  Print  
Author Topic: BitInstant now has an MSB license from FinCEN?  (Read 4200 times)
casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1135


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
April 18, 2012, 08:36:07 PM
 #1

I just checked out BitInstant's website and noticed they now advertise that they are a licensed MSB... complete with their FinCEN registration number...

something I am surprised to not have been announced or talked about on the forums.

I did see they posted on Facebook:

Quote
We are now a legal MSB sanctioned by the Dep't of the Treasury! MSB Registration number 31000005031107

In such a case, a huge congratulations to them - but also something significant for Bitcoin, as it looks to me like an official nod of approval of sorts, for FinCEN to be granting an MSB license for something that is so clearly Bitcoin-related.

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
Even if you use Bitcoin through Tor, the way transactions are handled by the network makes anonymity difficult to achieve. Do not expect your transactions to be anonymous unless you really know what you're doing.
Advertised sites are not endorsed by the Bitcoin Forum. They may be unsafe, untrustworthy, or illegal in your jurisdiction.
zer0
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250



View Profile
April 18, 2012, 08:42:32 PM
 #2

I think that's how they are able to directly sell bitcoins to email now. Now bitinstant is truly instant, pay them and get coins immediately.
rjk
Sr. Member
****
Offline Offline

Activity: 448
Merit: 250


1ngldh


View Profile
April 18, 2012, 08:45:15 PM
 #3

I think that's how they are able to directly sell bitcoins to email now. Now bitinstant is truly instant, pay them and get coins immediately.
How is the email part relevant to a FinCEN license? Also, Charlie has been saying for a while now that they had applied for it, so maybe it was only recently approved.

Mining Rig Extraordinaire - the Trenton BPX6806 18-slot PCIe backplane [PICS] Dead project is dead, all hail the coming of the mighty ASIC!
gusti
Legendary
*
Offline Offline

Activity: 1099
Merit: 1000


View Profile
April 18, 2012, 08:46:19 PM
 #4

you can see registration filing here :
http://www.fincen.gov/financial_institutions/msb/msbstateselector.html
number : 31000005031107

If you don't own the private keys, you don't own the coins.
zer0
Sr. Member
****
Offline Offline

Activity: 350
Merit: 250



View Profile
April 18, 2012, 08:46:59 PM
 #5

I think that's how they are able to directly sell bitcoins to email now. Now bitinstant is truly instant, pay them and get coins immediately.
How is the email part relevant to a FinCEN license? Also, Charlie has been saying for a while now that they had applied for it, so maybe it was only recently approved.

I thought before they could only move money, not convert it into anything else including BTC
davout
Legendary
*
Offline Offline

Activity: 1372
Merit: 1007


1davout


View Profile WWW
April 18, 2012, 08:48:01 PM
 #6

I believe MSB licenses are state-specific, apparently from what I read they're (or a partner is) licensed in NY.

casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1135


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
April 18, 2012, 08:53:26 PM
 #7

Bitcoin to e-mail sounds inherently scary as e-mail is insecure.  Anyone have a link where I may learn more, or is there another thread discussing this, so I'm not dumping a different topic on this thread?

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
bitdragon
Hero Member
*****
Offline Offline

Activity: 609
Merit: 501


peace


View Profile WWW
April 18, 2012, 08:57:25 PM
 #8

Bitcoin to e-mail sounds inherently scary as e-mail is insecure.  Anyone have a link where I may learn more, or is there another thread discussing this, so I'm not dumping a different topic on this thread?

https://bitcointalk.org/index.php?topic=76863.msg853424#msg853424

Yankee (BitInstant)
Legendary
*
Offline Offline

Activity: 1078
Merit: 1000


Charlie 'Van Bitcoin' Shrem


View Profile WWW
April 18, 2012, 08:59:12 PM
 #9

I believe MSB licenses are state-specific, apparently from what I read they're (or a partner is) licensed in NY.

MSB Licenses are federal, and MTB licenses are state specific.

Our MSB license allows us to work within federal regulations and be compliant. However there are still certain transactions we cannot do without being a state MTB

Bitcoin to e-mail sounds inherently scary as e-mail is insecure.  Anyone have a link where I may learn more, or is there another thread discussing this, so I'm not dumping a different topic on this thread?

https://bitcointalk.org/index.php?topic=76863.0

We partnered with Coinapult to make it happen.

Essentially, you dont give us your Bitcoin address, rather your email address. We send a link+secret to your email address which takes you to a secure hosted redemption page where you can send the coins anywhere.
Obviously, no email is secure and if your server is being sniffed, then you could have a problem. BitInstant never engages in currency conversion or the purchase of Bitcoins. USD credit is given to Coinapult.com, which then buys the Bitcoin and sends it via email.

I just checked out BitInstant's website and noticed they now advertise that they are a licensed MSB... complete with their FinCEN registration number...

something I am surprised to not have been announced or talked about on the forums.

I did see they posted on Facebook:

Quote
We are now a legal MSB sanctioned by the Dep't of the Treasury! MSB Registration number 31000005031107

In such a case, a huge congratulations to them - but also something significant for Bitcoin, as it looks to me like an official nod of approval of sorts, for FinCEN to be granting an MSB license for something that is so clearly Bitcoin-related.

The reason we didn't announce it, because nothing changes at this point. It just states that now were operating legally, the government knows what we are doing, and compliant to the best of our efforts.
I also get free BSA training twice a year  Grin

At this point, we're seeking financial service licenses in Europe and Oceania as well

-Charlie

Bitcoin pioneer. An apostle of Satoshi Nakamoto. A crusader for a new, better, tech-driven society. A dreamer.

More about me: http://CharlieShrem.com
casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1135


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
April 18, 2012, 09:51:50 PM
 #10

Obviously, no email is secure and if your server is being sniffed, then you could have a problem. BitInstant never engages in currency conversion or the purchase of Bitcoins. USD credit is given to Coinapult.com, which then buys the Bitcoin and sends it via email.

... or if any part of the path from Coinapult to the user's e-mail server is sniffed, then that's an issue... the problem being that such sniffing is actually quite common, and e-mail is typically delivered unencrypted.  This method of delivery is certain to result in theft, eventually, and is unsustainable.  Delivery needs to be by two different channels for this to be safe - e.g. the link in e-mail, and the secret via SMS, and the secret must be unusable without the link.

The reason we didn't announce it, because nothing changes at this point. It just states that now were operating legally, the government knows what we are doing, and compliant to the best of our efforts.

What changes is it invalidates the notion that Bitcoin businesses will never be given MSB licenses or seen as legitimate due to the perceived threat against government / banking establishment / whatever.  It gives a big boost to the perceived legitimacy of Bitcoin, and adds a lot of credibility to your operation.  It's fantastic news the way I see it!

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
evoorhees
Legendary
*
Offline Offline

Activity: 1008
Merit: 1021


Democracy is the original 51% attack


View Profile
April 18, 2012, 10:21:08 PM
 #11

Regarding the perceived security issues of sending Bitcoins via email, it's a service that needs to exist in Bitcoinland, and thus Coinapult is doing it. Anyone who is buying massive amounts of coins should probably not send to their email inbox, but for everyone else it's a very convenient new tool. As with all things Bitcoin, personal responsibility and risk tolerance (and understanding) need to be given due consideration.

And yes, the FinCEN registration for BitInstant is just one more step toward credibility that Bitcoin obtains with the establishment. I think it's very good for prominent Bitcoin companies to pursue "legitimacy" in this way, as it shields our organic growing economy from scrutiny, giving us all more time to build a system which stands up to scrutiny when it inevitably arrives.

Bitcoin's best interests are served by being friendly with the State for as long as possible.
Yankee (BitInstant)
Legendary
*
Offline Offline

Activity: 1078
Merit: 1000


Charlie 'Van Bitcoin' Shrem


View Profile WWW
April 18, 2012, 11:59:14 PM
 #12


Bitcoin's best interests are served by being friendly with the State for as long as possible.

Couldn't have said it better myself  Smiley

It gives a big boost to the perceived legitimacy of Bitcoin, and adds a lot of credibility to your operation.  It's fantastic news the way I see it!

Thank you, that really means alot to us. We're trying very hard to be in compliance with the state as many other Bitcoin business's are doing as well.

The notion that Bitcoin is trying to stay underground and are a bunch of anarchists is simply not true, and hopefully day by day we can rid that stereotype


Bitcoin pioneer. An apostle of Satoshi Nakamoto. A crusader for a new, better, tech-driven society. A dreamer.

More about me: http://CharlieShrem.com
Stephen Gornick
Legendary
*
Offline Offline

Activity: 2506
Merit: 1010


View Profile
April 19, 2012, 12:27:49 AM
Last edit: April 19, 2012, 01:28:32 AM by Stephen Gornick
 #13

This method of delivery is certain to result in theft, eventually, and is unsustainable.  Delivery needs to be by two different channels for this to be safe - e.g. the link in e-mail, and the secret via SMS, and the secret must be unusable without the link.

Yup.  The same problem occurs from those sending redeemable codes via e-mail as well, though I don't know if that happens much anymore.

Here's Coinapult's reply to the "is not secure" argument:
 - http://bitcointalk.org/index.php?topic=76493.msg849654#msg849654

Unichange.me

            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █
            █


Bitcoin Oz
Hero Member
*****
Offline Offline

Activity: 686
Merit: 500


Wat


View Profile WWW
April 19, 2012, 12:34:13 AM
 #14

If you could send coins by GPG email it would be better. Is that a possible add on in future ?

Yankee (BitInstant)
Legendary
*
Offline Offline

Activity: 1078
Merit: 1000


Charlie 'Van Bitcoin' Shrem


View Profile WWW
April 19, 2012, 01:21:40 AM
 #15

This method of delivery is certain to result in theft, eventually, and is unsustainable.  Delivery needs to be by two different channels for this to be safe - e.g. the link in e-mail, and the secret via SMS, and the secret must be unusable without the link.

Yup.  The same problem occurs from those sending redeemable codes via e-mail as well, though I don't know if that happen much.

Here's Coinapult's reply to the "is not secure" argument:
 - http://bitcointalk.org/index.php?topic=76493.msg849654#msg849654

It's true, thats why we stopped sending redeemable codes altogether and do direct deposits.

Problem is, not everyone has/wants to use a cell phone.

Any other ideas? Ira and myself are open to any suggestions and can easily make changes/fixes

What if we required a 'PIN' at checkout, and in order to redeem your coins you need the PIN?

This way, the PIN is entered securely on our servers and cryptographically passed over to Coinapults when redeeming.

We can always make the PIN idea optional, so your not forced to use it if your sending a few coins to a friend

If you could send coins by GPG email it would be better. Is that a possible add on in future ?

I think we can add on that option. What do you think of my PIN idea above?

-Charlie

Bitcoin pioneer. An apostle of Satoshi Nakamoto. A crusader for a new, better, tech-driven society. A dreamer.

More about me: http://CharlieShrem.com
casascius (OP)
Mike Caldwell
VIP
Legendary
*
Offline Offline

Activity: 1386
Merit: 1135


The Casascius 1oz 10BTC Silver Round (w/ Gold B)


View Profile WWW
April 19, 2012, 02:42:21 AM
 #16

I would think the GPG is not terribly necessary... it would work well and would definitely be secure, but the audience is relatively small.

Yes, a PIN from the website (presumably delivered by https) that they must write down would be miles above simply e-mailing them everything they need to get ripped off in one place, and is not too exotic or technical.  It's no different than what Chase or PayPal does.

Workflow would be simple.  Ask user:  "Redeeming the funds requires an 8-digit PIN number which we will choose, and which will not be e-mailed to you.  You will need to write it down or have it texted to you.  Do you want to see the PIN now? (yes/no)  Do you want us to text the PIN to your mobile phone now? (yes/no)"...

Companies claiming they got hacked and lost your coins sounds like fraud so perfect it could be called fashionable.  I never believe them.  If I ever experience the misfortune of a real intrusion, I declare I have been honest about the way I have managed the keys in Casascius Coins.  I maintain no ability to recover or reproduce the keys, not even under limitless duress or total intrusion.  Remember that trusting strangers with your coins without any recourse is, as a matter of principle, not a best practice.  Don't keep coins online. Use paper or hardware wallets instead.
kjlimo
Legendary
*
Offline Offline

Activity: 2086
Merit: 1031


View Profile WWW
April 19, 2012, 03:31:29 AM
 #17

I was excitedly thinking this helps legitimize bitcoins a marginal amount as well.  However, I kind of chuckled once I viewed the MSB:

"The inclusion of a business on the MSB Registration Web site is not a recommendation, certification of legitimacy, or endorsement of the business by any government agency."

I still think it means something though Smiley

Coinbase for selling BTCs
Fold for spending BTCs
PM me with any questions on these sites/apps!  http://www.montybitcoin.com


or Vircurex for trading alt cryptocurrencies like DOGEs
CoinNinja for exploring the blockchain.
Yankee (BitInstant)
Legendary
*
Offline Offline

Activity: 1078
Merit: 1000


Charlie 'Van Bitcoin' Shrem


View Profile WWW
April 19, 2012, 04:01:10 AM
 #18

I would think the GPG is not terribly necessary... it would work well and would definitely be secure, but the audience is relatively small.

Yes, a PIN from the website (presumably delivered by https) that they must write down would be miles above simply e-mailing them everything they need to get ripped off in one place, and is not too exotic or technical.  It's no different than what Chase or PayPal does.

Workflow would be simple.  Ask user:  "Redeeming the funds requires an 8-digit PIN number which we will choose, and which will not be e-mailed to you.  You will need to write it down or have it texted to you.  Do you want to see the PIN now? (yes/no)  Do you want us to text the PIN to your mobile phone now? (yes/no)"...

Yup, I like this idea ALOT.

I'm gonna discuss it with the team and see how soon we can get this implemented.

Thanks for the feedback!

I was excitedly thinking this helps legitimize bitcoins a marginal amount as well.  However, I kind of chuckled once I viewed the MSB:

"The inclusion of a business on the MSB Registration Web site is not a recommendation, certification of legitimacy, or endorsement of the business by any government agency."

I still think it means something though Smiley

Yeh, they have to write that. If you get ripped off by an MSB, you can't go crying back to the government. Its to cover their own butt

Bitcoin pioneer. An apostle of Satoshi Nakamoto. A crusader for a new, better, tech-driven society. A dreamer.

More about me: http://CharlieShrem.com
kjlimo
Legendary
*
Offline Offline

Activity: 2086
Merit: 1031


View Profile WWW
April 19, 2012, 04:06:43 AM
 #19

I was excitedly thinking this helps legitimize bitcoins a marginal amount as well.  However, I kind of chuckled once I viewed the MSB:

"The inclusion of a business on the MSB Registration Web site is not a recommendation, certification of legitimacy, or endorsement of the business by any government agency."

I still think it means something though Smiley

Yeh, they have to write that. If you get ripped off by an MSB, you can't go crying back to the government. Its to cover their own butt

Yeah, all the legal caveats get to me.  At my work, I have to include a disclaimer in every report I produce that the results are "not to be relied upon."  Now seriously, if they are not to be relied upon, why did I make them?!?!?!

stupid TPS reports...

Coinbase for selling BTCs
Fold for spending BTCs
PM me with any questions on these sites/apps!  http://www.montybitcoin.com


or Vircurex for trading alt cryptocurrencies like DOGEs
CoinNinja for exploring the blockchain.
Gareth Nelson
Hero Member
*****
Offline Offline

Activity: 721
Merit: 503


View Profile
April 19, 2012, 10:12:06 AM
 #20

I would think the GPG is not terribly necessary... it would work well and would definitely be secure, but the audience is relatively small.

Yes, a PIN from the website (presumably delivered by https) that they must write down would be miles above simply e-mailing them everything they need to get ripped off in one place, and is not too exotic or technical.  It's no different than what Chase or PayPal does.

Workflow would be simple.  Ask user:  "Redeeming the funds requires an 8-digit PIN number which we will choose, and which will not be e-mailed to you.  You will need to write it down or have it texted to you.  Do you want to see the PIN now? (yes/no)  Do you want us to text the PIN to your mobile phone now? (yes/no)"...

Yup, I like this idea ALOT.

I'm gonna discuss it with the team and see how soon we can get this implemented.

Thanks for the feedback!


I love that idea too, but I can picture a lot of people losing the PIN sadly, let's talk when you're online (and not in public either)
Pages: [1] 2 »  All
  Print  
 
Jump to:  

Powered by MySQL Powered by PHP Powered by SMF 1.1.19 | SMF © 2006-2009, Simple Machines Valid XHTML 1.0! Valid CSS!