First of all, I admit I was a bit overreacting myself. While Bitstamp is overreacting because they are afraid for their own butt I am overreacting because I am afraid they will make me go through the verification process AGAIN. And guess what, they did:
Nejc Srečnik
22.10.2014 06:58:59
Dear XXXXX,
While we understand that this comes as an inconvenience, we believe that our security precautions are in accordance with your expectations in keeping your account secure.
To re-enable virtual withdrawals for your account, we kindly ask you to provide a high quality photo of your ID document with a hand written note of when the image was submitted following the example bellow:
"[date of submission] For Bitstamp Limited Only"
Please note that the ID and hand written note must be submitted as one image.
We kindly ask you to attach your image in a reply to this ticket, so we can proceed with your request.
We also kindly ask you to confirm that your system and email account are not compromised.
If you wish to change your email address, please tell us your current and your new address, so we can proceed with your request.
Also be advised that 2FA is not required or forced, however it is highly recommended, as it provides an extra layer of security for your Bitstamp account. Should we ever decide to support any other 2FA, we will make sure to let our customers know.
Should you have any additional questions, please feel free to ask.
Best regards,
Nejc Srečnik
Here's the thing:
1. I myself submitted the password recovery form to test out the functionality.
2. My e-mail was never compromised.
3. I did not lose my password.
You overreacted:
1. You disabled my withdraws without any reason.
2. You require me to go through the verification process AGAIN.
Here's my stance:
1. I will not go to bank again to get another paper copy of my proof of residency. It's your problem not mine.
2. You have to provide me a solution that does not include me going physically to the bank again!
We live in the era of digital signatures. I have an ID-card that allows me to sign documents digitally. A compromise solution would be if you accepted a digitally signed document proving that this account belongs to me. Please understand that many people don't receive paper bills and don't have a scanner to scan physical world documents. To require me to go through this painful verification process again costs you 20 euros. Send me 20 euros worth of bitcoins to 1******************************* and I will verify my account again because that's how much my time costs. I have to go to bank (40 minutes and scan in the documents 20 minutes). 1 hour of my time costs exactly 20 euros.
By the way, your security precautions suffer a serious retardation and I would seriosuly doubt if people who designed your system's security were competent enough for the job. You cannot make a user's e-mail so critical for their access to Bitstamp because e-mails are not held in secret. A malicious person would gather the e-mails of your customers and made a bot that would submit password recovery for all of your customers. Your system is flawed as it allows an anonymous user to disrupt your whole userbase's access to the service. Thus, it is you that needs to change their system to solve this problem. I am free to change my e-mail at my free will at any time I want and you cannot demand account verification each time.
To reply to other posts in this thread:
I will not start using 2FA authentication because I dislike google and Google Authentication. You better think some other way to enable 2 factor authentication if you want to force it to your customers.
Ignoring the rest of the post, but this is a bit inaccurate. The "Google Authenticator" uses a very common open-source algorithm....
Thanks for the tip. I really did not know that but now I will look the specifics of Google Authenticator. Perhaps I could still use it even though I don't like Google.
just wait and see what happens when you hit some (invisible) volume limits with fiat deposits and withdrawals...
got my assets frozen for a week and a half while I was travelling europe. awsome experience.
but to get back to OPs issue:
They are simply scared shitless, that someone might actually steal customer funds so they are overshooting a "bit".
bitcoin.de is a great place, but it is a market place, not an exchange so that comes with its own set of issues (forget trading apis and other fancy stuff).
Exactly, that's what I'm afraid of. Once I start moving big money they might make my life miserable as they obviosuly do not care for their customers' convenience and user experience at all! Too bad bitcoin.de is not an exchange though, I was really hoping that there is some exchange in Europe that makes the verification process super easy. Come on, we have ID cards that allow signing documents digitally. Verification could be so simple yet they are stuck in the archaic way of doing things by requiring photos of physical world objects!
I guess there is a problem with stamp's database or capital chain, so they are so anxious to clean up the accounts, wish it not to be gox 2.
edit: about bitcoin.de, its verification seem to be the same hard: if you're not German, you have to send them all kinds of documents to be able to buy/sell for more than 750 eur a year.
according to
https://bitcointalk.org/index.php?topic=695082.0 , LakeBTC and Kraken both have sepa account, while them also need to verify, but it will be a lot easier, you can try.
Isn't Kraken like on the other side of the planet? I'd prefere an EU exchange but if you say LakeBTC and Kraken would work then I will definitely check them out, thank you!
Just a measure to protect the customers from themselves.
It is way better than having all your coins stolen.
I guess it's free market. You can say that it's for the customers' own good but the fact is that their security measures are inconvenient, archaic and could be done much better. People will soon simply go to other exchanges. Facebook has automatic SMS sending to improve account security. Why doesn't Bitstamp have one? I would happily receive a SMS to my mobile phone with a pin.
I will never ever use Bitstamp. But on the other hand you shouldnt have made it complicated. Youre account was ok, why did you try the password recovery? You shouldve crossed the bridge when you get there.. You shoudve tried the password recovery if you really need it.
I requested the password recovery because I did not know what e-mail belonged to what account in Bitstamp. I had 3 accounts in Bitstamp and 3 different e-mails for them as this idiotic Bitstamp does not let you register 2 accounts for the same e-mail. So I requested password reset to know which account is which. Never before I have seen a system so moronic that instead of resetting your password it creates a new account for your e-mail and requires you to go through the painful verification process again. This could be abused so bad. I could just datamine all the e-mail addresses used in the bitcointalk forum and reset everyone's password in Bitstamp and everyone would need to verify their account AGAIN. It is clearly Bitstamp's idiocy here and it has nothing to do with security precautions. From this moment I seriously distrust Bitstamp. If they make such mistakes who knows what other mistakes they have made!
This verification process is annoying I agree, but they are forced to do so.
At this point people are complaining about it's way too difficults, too much hassle....
But if they don't, and one day lose a lot btc due to a hack or fraud, then people will complain and moan about why they don't have a proper verification process.
Rules are rules, if you prefer to have an exchange with less rules, then I suggest BTC-E.
While I get your point you are wrong at one thing: users don't need to suffer due to lazy programming and bad business workflows. Does PayPal require users to verify their account like that? Scanning in some papers and so on? I doubt it. See, it can be done more easily so why hasn't Bitstamp come up with a better solution? Or perhaps they don't have enough money for these developments. The biggest exchange does not have enough money? Suspicious.
