High risk transactions

[aryanet]

Cancelled orders on CoinBase is going to kill their business. New customers are unhappy and the post does not make sense as the users are verified and money is withdrawn from their account.

[zachlatta]

I understand where they're coming from, but my experience with support has been less than stellar. About four weeks ago I bought 10 BTC from them. My transaction was deemed "high-risk" and the order was cancelled. I never got my money back.

I've been corresponding with support over the past four weeks and still haven't seen a dime. Support generally takes 4-5 business days to respond to each email. I understand that their support staff is extremely limited, but it is still unacceptable, especially because they're dealing with monetary transactions.

[sliverstorm]

What do you mean, "you never got your money back"? They're just sitting on $2,000 USD of yours?

[zachlatta]

Presently, yes.

[yebyen]

I did not lose my money, in fact it was a small transaction that triggered their fraud sensor, and they never processed the withdrawal from my bank. Since you've already triggered it with a large transaction (and it sounds like they have your money, too), maybe this option is no longer available to you. When my transaction was cancelled, it was one that would indeed have been more profitable to me.

However, I contacted the support department, asked them to explain themselves politely, offered to place a reserve amount in my account, and they immediately offered to "white list" me and promised this would never happen to one of my transactions with them, ever again.

I passed the "human, DBAA" test (breaking bad reference), I guess. If people like me go around telling about this policy, I would expect it to be less effective (or stop altogether) but as soon as this exchange was over, I was glad it had occurred. After reading the article though, it sounds like they are basically transparent about it, and my experience was not at all unique.

What does coinbase have disjoint against other Bitcoin Exchange services? Well for one thing, there are no bid-ask spreads, you are trading with coinbase.com alone. They should be able to reject your transaction at any time, full stop. Two, they don't carry USD deposits (except in your case? I have a feeling you've been too patient with them!) which means what exactly, I don't know, I am not a lawyer, but my question to you would be... have you done any further business with them? Did you take any steps past e-mailing?

I would have a certified, registered, return-receipt requested letter from my lawyer at their office two weeks ago already, if I were you. Maybe you really did trigger their fraud detection, and they are just waiting for the legitimate owner of "your account" to come and claim his USD or bitcoins.

In your case especially, I would say they now owe you 10 bitcoins at the market price four weeks ago, and a sincere letter of apology.

[zachlatta]

Thanks for your story and advice. I've contacted them accordingly. If I don't hear back from them soon, I am prepared to take legal action.

[zachlatta]

Update: I got a response from them and the issue has been sorted out. Thanks for the advice!

[yebyen]

Awesome! As I currently have no other reliable way to transact bitcoins (I'm a registered Mt.Gox user, so maybe I could buy there, but I wouldn't count on withdrawals)...

...I'm really glad to hear that Coinbase is not out there shafting people on purpose!

[zachlatta]

If you're looking for another place to buy bitcoin, I've had good luck both buying and selling on http://localbitcoins.com/. Not as convenient as Coinbase though.

[damian2000]

How was your account funded?

[zachlatta]

Bank transfer.

[fragsworth]

If a transaction is decided to be "High Risk", why not postpone the transaction until additional verification is done?

Instead, we are left wondering if Coinbase is selectively cancelling transactions that they can make a profit off of (due to the volatility of bitcoins)

[pault]

If the flagged transactions were immediately rejected it would obviate the need for excuses. What benefit do they get from putting the transaction in limbo for days before they notify the user?

[patio11]

If you give users immediate feedback as to which transactions hit your fraud screen, this allows fraudsters to black box reverse engineer your fraud detection algorithms much, much faster. You very much don't want to do this if you're a financial services business, because if your primary anti-fraud mechanism is an automated system and fraudsters discover the rules to it, you will probably learn about that first when you wake up, run an accounting report, and discover you lost $8 million overnight.

I don't think the average HN user appreciates the risk environment payments companies work in. Imagine if a criminal gang organized enough to have a payroll had ten copies of people who were every bit as good at app security / financial risk management as e.g. Thomas, with two of them whose only marching orders were "Probe payments sites every day, quietly, and tell the team when you find one which is weaker than it could be. We will then conduct several months of quiet R&D on a software product which is more elaborate than that shipped by most YC startups. Our 'launch' will be deployment of that software product against our adversaries at the payments company, and it will blitz them so fast that by the time anyone thinks to pull the plug we'll be millionaires. Then we'll celebrate our good fortune until we do it again next week, to them or another company as circumstances dictate."

(Risk management, which a lot of startups need, is a high-leverage and very fun environment to work in. At present a lot of companies, large and small, custom build systems out of bubblegum and duct tape. If you get good at this you'll have a very rewarding career ahead of you, for many definitions of the word rewarding. I used to want to go into it but got sidetracked by the unexpectedly high amounts of leverage you can get using software to sell software.)

[sethev]

I'm curious: what do you mean by risk management (other than credit card fraud prevention - or is that what you meant?)

[aryanet]

I had that immediate rejection too. A few days ago when they launched instance buy, I was qualified to buy 1 per week. I did it, not only it immediately reduced my quote of buy by 1, but it immediately got cancelled due to high risk. So, there is something to say about this.

[pault]

That's good to know. I want to give the benefit of the doubt to coinbase, but they haven't done a good job of getting out in front of this story.

[shtylman]

What price would you then give the user?

[colechristensen]

'buy low sell high'

For a given time period

* Mark transactions as 'high risk' at random

* Prefer transactions which buy coins from the user at low prices and sell coins to the user at high prices

* Randomly cancel a subset of non-preferred transactions after you've seen the market move over your time period

* Profit

If you do this right, canceling transactions is like having a price oracle, you can profit with 'future knowledge' by leaving some transactions open for extra seconds/minutes/hours/days.

[aryanet]

I agree with buy low sell high. If they do this at a large volume and keep some liquid at least during price surge, it may solve the problem.

[hga]

There are various physical coin dealers who are said to play the same sorts of games.

[aryanet]

I agree with you entirely. They should use a secondary level of verification than denying service by canceling transactions randomly.

[thinkcomp]

Until Coinbase complies with applicable laws, every transaction they handle is a high-risk transaction. They could be shut down at any moment.

They're not alone. There isn't a single Bitcoin exchange in the world right now compliant with U.S. money transmission laws.

Buyer/seller beware.

Full disclosure: we're in litigation over this.

[shtylman]

Based on your username, I am going to assume you are referring to this lawsuit:

http://www.scribd.com/doc/139975904/Aaron-Greenspan-lawsuit

In which case you are the Plaintiff suing these companies which is very different than the US government suing them.

[cbr]

Summary: Aaron Greenspan was running a company handling money online until 2011 when he ran into regulatory issues with the state of CA. He's now suing many other organizations who are doing similar things, claiming those organizations aren't trying to comply with the law which gives them an unfair advantage. He appears to representing himself.

[thinkcomp]

"He appears to representing himself."

Not true, look at the docket.

[cbr]

Sorry, I got that from:

    REQUEST FOR CIVIL LOCAL RULE 3-9(b) EXEMPTION AND RETIREMENT
    This complaint is not signed by a member of the Bar of
    this Court and Plaintiff is a corporation. Civil Local
    Rule 3-9(b) requires corporations to retain counsel...

[thinkcomp]

That's the original complaint--an amended complaint has been filed since--but I'm not sure I follow... Whether or not the law has been enforced has nothing to do with their compliance. The full docket is here:

http://www.plainsite.org/flashlight/case.html?id=2434524

[diziet]

Aaron, there is no question in my mind that the MTA laws are at best inappropriate and the varied enforcement (or lack of enforcement) of the laws are irrational. But I wonder what goal the complains and lawsuits would bring do you want to accomplish?

[aryanet]

Holly! That is one hell of a plaintiff list. I am going to enjoy reading this.

[michaelhoffman]

I think you mean it is a hell of a defendant list. There's only one plaintiff, Think Computer Corporation.

[xpop2027]

Nice find.

[maxvu]

I don't understand -- is your intention to put them under fire so they're on your side in efforts to repeal MTA?

[cfontes]

Could you please explain what you are doing in layman terms?

[swalkergibson]

He alleges that there are a number of companies that are deliberately skirting money transmission regulations, where his company was trying to do things by the book. As a result, those companies raised money from VCs where he was unable, allegedly due to his desire to get things done within that regulatory framework. Consequently, the other companies got ahead of his company in the marketplace, thus he is seeking damages that compensate him for the allegedly anti-competitive behavior of those companies and VCs.

[yebyen]

I am surprised that nobody mentioned that yesterday, Coinbase crossed their global "daily buy limit"! Users of Coinbase were greeted with a new interface to buy coins, prompting them to click and confirm their transactions would not be completed until Friday (the usual condition on a Monday) and that their USD-quoted price would be processed at the effective market rate at that time (if you're used to doing business with Coinbase, they mention a time but really the deal is done at the time of their choosing) on Friday.

So, you are agreeing to spend a given amount of USD to acquire BTC, but the price is not fixed and you actually don't know the number of BTC you'll be getting until their calculation of the market rate occurs, five days from now. I had the same experience as the person in Coinbase Blog, they white-listed me, now I have an expectation that they will deliver on their promises.

Before that, I don't think I ever did (or had any reason to.) Some company on the internet is agreeing to take my bank details and make a withdrawal from my bank account, but what happens next is anyone's guess.

(A thought exercise: what is it exactly about letting 5 days pass before that makes it safer for Coinbase to part with a sum of bitcoins when a bank transfer is completed? The owner of the account has had zero opportunity to contest the charge as fraudulent, and those bitcoins go "at-risk" on that day when the transaction is completed. If there is a run on bitcoins, how does Coinbase guarantee they will be able to satisfy all of the orders they've accepted?)

[shtylman]

People like to make it seem that a bitcoin purchase is life or death and basically equate being able to buy bitcoins whenever and however they want up there with life, liberty, and the pursuit of happiness.

[shtylman]

Don't be hatin' just cause you have never seen panic buying ;)

[colinbartlett]

What does a reversible payment method mean? And how does that differ from Mt. Gox? I know Coinbase is not an exchange like they are but are their payment methods different? Genuinely curious.

[shtylman]

Coinbase uses a method called "ACH" to electronically request the money from your bank account. The problem with this method is that it is relatively easy for a fraudster to get the information needed to do this (routing and account number) and submit that as their account on coinbase. Consumer protection banking laws in the US are very consumer favorable and thus if someone goes to their bank and claims they did not authorize the transaction (of coinbase taking the money from your account) the funds will be returned to you and coinbase will take the hit. Now, typically this is less of an issue, but with bitcoin, coinbase is not able to take back any bitcoins they have let you withdraw. Thus you can see where this leaves them in a very delicate situation about having to monitor how and who they withdraw money from as well as the amounts.

[damian2000]

Here in Australia all the exchanges I know about require you to physically deposit cash at a bank branch to fund your account. This type of deposit can't be reversed.

[aryanet]

Good details. US laws suck. But they have all this account/identity verifications which is trackable. As a new user, I followed all steps to become a good user, but all my transactions are being cancelled. I even tried new accounts, and no luck. So, if they were to follow this trust pattern, no new user would be able to become a good user. I have seen posts where people who are veterans on coinbase have their transactions cancelled. I am to the point that I want to drop by their office with a physical check in hand and tell them to buy me BTC.

[shtylman]

Ironically enough, due to check fraud that check might not help you as much as you think ;)

I don't know what algos they use to detect fraud but being a veteran does not always mean there won't be fraud on your bank account. Remember, this is not about those five 10 dollar transactions you authorized, this is about that one 5 thousand dollar one that was the result of fraud. From their point of view, a false positive is much better than a false negative.

[aryanet]

OK. Then with the current bitcoin price, their risk level goes significantly higher. They should really open the option to people walking into their office and drop off physical checks. I am willing to do that and that does not have the problem is ACH because it is in physical form and has your signature on it.

[dangrossman]

Sure it does, especially since many times checks aren't actually sent to a clearinghouse, but scanned and turned into ACH transactions. They're just as easy to counterfeit (you can order checks with any account and routing number you want from Vistaprint online, or print your own at home) and sometimes just as easy to reverse. A cleared paper check that was never converted requires a bank's intervention to reverse, but it's still possible.

You want to show up with cash, not a check.

[wmf]

Coinbase uses ACH (which is reversible) while many other exchanges use wire transfers (which AFAIK are merely more difficult to reverse, not impossible).

[shtylman]

Yes, wires are much more difficult to reverse but they can be reversed. In my experience, your financial institution must get your prior approval before reversing a wire (which is not true for ACH reversals). Wires also you a completely different system of clearing funds which is part of the reason reversal requirements are different.

[aryanet]

I think what he means is this:

If you buy something online for example and you don't get it, you can call them up bitch about it and they refund you, and in worse case if they are jerks and you used your credit card you can dispute.

With bitcoin, once transfer is done from one account to another account, the transaction is not reversible. Since bitcoin addresses are anonymous, you don't know who it went to so there is no way to track and reverse the transaction like we do with refunds and voids.

However, his explanation doesn't make sense anyway. The concerns he raises are about fake accounts and having them to pay exchange to purchase the coins before they actually withdraw money from your account, which is taking a risk on their part to be able to secure the coins at the price you purchased. However, this is not true either. I had my orders cancelled back to back even if the money was withdrawn from my bank account. What risk? I don't know. Perhaps they made money from not granting me the coins that were doubled in price since last week.

[shtylman]

The risk is not that your account will be debited, it is that you will go to your bank and claim the charge was not authorized by you after having moved the coins off their site. Now, maybe your bank account was compromised, and the attacker used your info to get coins. The bank will still refund you at the expense of coinbase. Remember, it isn't the "good" actors these actions are meant to protect against. A business like coinbase is a target 24/7 for many malicious individuals with access to lots and lots of compromised accounts.

[aryanet]

So this is good tip. I actually did transfer out my first bitcoing from Coinbase to Blockchain, so it makes sense if their algorithm doesn't like that. I just transferred that coin back in to see if it makes any difference. But frankly, it is impossible for new users to buy bitcoin on coinbase. I had used my daily limits just to find out about this problem.

[antonius]

A couple large bitcoin funds go broke to hackers and the price of bitcoin subsequently doubles in a little over two weeks. I'm curious to see how this will continue to play out.

[aryanet]

I like to co-relate it with bitcoin value is finally being realized. Or perhaps because the difficulty for mining it is exponentially increasing.

[rabbidruster]

Their site seems to be down. Scary!

[iancarroll]

It's up again. Coinbase is YC-backed so the founders aren't thin air.

[analog31]

And they call Bitcoins a currency?

[mahyarm]

A lot of this hassle is interfacing with the US banking system, not bitcoin itself. If banking was implemented as a push system vs. the current pull system with no real authentication that we have in the US because of legacy reasons, it would eliminate entire categories of fraud.

I've heard Europe is significantly better in this regard.

[lmm]

So does that mean there are exchanges in Europe where it's much easier to buy and sell bitcoins? Because I'm not aware of any.

[mahyarm]

Supposedly bitstamp with it's SEPA integration? I don't know if it's much easier or not. I just remember people talking about how nobody uses paper checks in Europe and everybody uses the free / cheap online wire transfer interface in their bank website to send money to other accounts in the country. They use it to pay rent, send money for split meals, etc.