So how do they prevent insurance fraud? Seems simple, cash out, claim hax, and collect insurance. What am I missing?
I asked the same when I was asked to help fund CPA. :/
This thread smells funny. Just saying.
This +1. Personally, I would avoid CPA before usagi explained everything.
Have you sent an information request e-mail to firstname.lastname@example.org
Have you read the contract?
Have you been following the discussion thread?
It seems to me all your questions have already been answered, I could be wrong on that but I do notice you have not actually asked me anything.
As to the other person's question on how we prevent insurance fraud, let me assure you that this company is run by some very smart people, and if someone tries to commit insurance fraud they probably will not get away with it. However, people do get away with fraud all the time. If you'd like to give us a run for our money please be our guest. Your risk is the premium you pay.
Took a look around the original CPA thread just now, and my question directed at https://bitcointalk.org/index.php?topic=91316.0
still stands. In the real world, insurance companies regularly conduct an extensive background check on claims. How are you going to conduct that in the Bitcoin realm, where everyone is hidden under some pseudonym?
Good luck, but how will you account for fraudulent claims?
This concerns me as well.
Assume that I have insured my GLBSE account against hack/theft.
What will prevent me from selling everything and withdrawing bitcoins, then asking for compensation?
If you want to do this, we would write into your contract at least two provisions; you have to have an authenticator on your account, and you have to choose a strong password that you don't use anywhere else. We would also have to check with the GLBSE, and as there is a subrogation clause in every contract (see the preamble in post #2 or #3 I think) this acts as permission for GLBSE to reveal any details of the incident to us as if he were speaking to you or your lawyer. So we would figure out what happened. In short, if someone logged into your account from an IP you've used a lot in the past, and they typed in your authenticator to log in and then again to do the transfer, we can't cover you.
Another case. If it turns out you got hacked ala the GPUMax scandal recently, where users who didn't have authenticators used their GLBSE password on GPUMax (no comment), we won't cover you, as you would have broken your contract by not having an authenticator on your account. We will know this in our investigation with the GLBSE. There are mitigation and good faith clauses in the contract. You will be informed of these in any contract we write. Really, the authenticator is the big thing. But let's say somehow someone steals your phone and
somehow finds your password. Let's say it's a home invasion so it's from your IP address. Just send us a copy of the police report, we will verify that the crime actually occurred, and we'll pay out.
Beyond a certain point we just have to trust you. But if you could give me a specific scenario of someone trying to defraud us, I could try to answer how we would handle that situation.
How would you verify that the person is indeed using a strong password that he/she is not using elsewhere? GLBSE does not (and should not) keep your password in plaintext; only the hash is kept. IP addresses are trivial to fake, with TOR and proxies providing a literally infinite number of them. About the only reasonable clause is the use of an authenticator - OP would have been either:
(a) Got hacked physically, as in phone/yubikey stolen for a short while
(b) Be a victim of a MITM attack.
(c) Have his/her time-based token stolen within a short timeframe and used.
Also, OP states:
you better format your PC
OP seems to bed doing SEO on the forum, watch out glbse being hacked in a few weeks... just saying
What do you mean? I haven't installed any weird applications on my computer. I think my account got hacked because I used same password at somewhere else too.
How would he get the payout, as this violates the provisions you have stated above?
I'm certainly happy to see insurance companies springing up within the Bitcoin ecosystem as it fills an important niche for a successful economy. I apologize for sounding defensive/hostile in my posts, but the anonymity of the Bitcoin system is a factor that causes scam cases to happen like wildfire. I am sceptical of everything that is not proven, and security through obscurity is not an option for me. I am always ready to invest in another new opportunity, so I would be glad to grab some shares too if my questions are answered.