How to verify payment method of buyer to minimize risk of fraud and chargeback, through Zelle/clearXchange?

Hi all. New bitsquare btc seller, looking for clarification or recommendation on how to confirm a buyer’s payment made through Zelle / clearXchange, in order to diminish risk of a charge back (reversal) due to fraud. It is suggested in the bitsquare software to contact the buyer through the email (or number) given.

Questions: what info should I ask them to confirm? The short memo and/or the long transaction ID# given in Bitsquare? The bank and Zelle/clearXchange transaction ID#? Both, and/or something else?

Ideally, I want the minimum amount of their info to confirm that they do control and are authorizing this bank account<->Zelle/clearXchange transaction, correct? For example, I do not want a photo of their ID or cryptographic screenshot or any further compilcated hurdles, unless absolutely necessary. However, the advice from this and other threads doesn’t specify exactly what to ask or verify:

[https://forum.bisq.io/t/new-requirement-for-payment-accounts-with-charge-back-risk/2376/51?u=draille]

There is probably something I am misunderstanding or not seeing clearly connected, but as of now I do not see how contacting the email address (or phone #) given through the Bitsquare transaction verifies control and authoring of the bank account transaction. While this bank<->cXc contains in the memo the bitsquare memo ID, it is still possible that the bitsquare account name was made to match the bank account name, yet the email/phone# from bitsquare cannot be verified or matched to this bank<->cXc transaction.

Note: this might be particular only to my case, as my bank (PNC) has somehow incorporated Zelle/cXc into their own virtual wallet, so I do not and cannot have a separate Zelle/cXc account, which could possibly have other information that I could match. The only info from this Zelle/cXc transaction is the name, which of course matches the bitsquare name, and a their_bank<?>cXc<->my_bank ID transaction #.

Of course, in this case, googling the little info I have has shown no strong links to confirm, nor nothing fishy to deny, any of this. Again, my concern is to figure out how to acquire the most certainty of legitimacy of this and future transactions, with minimal info and max anonymity.

The possibilities I’ve come up with so far:

A) Contact buyer via email, ask them to confirm bitsquare ID and Zelle/cXc ID #. This is assuming that they can access it and it is the same from both ends (right?), yet it still only confirms the buyer’s access to that account, and not necessarily ownership. (As such access and usage could be done quick enough fraudulently, and come to light after the 4 day period of the bitsquare transaction).

B) Include in (A) other information such as photo ID, bills, etc.
Increasing burden and probably dispute, while decreasing anonymity. I think the whole point of all this is to avoid this option as much as possible (At least I don’t want it).

C) Contact Zelle/cXc, have them contact and double check the authorization of the transfer. Again, would prefer not burdening and complicating them nor the buyer, and such verification could extend past the 4 day bitsquare period.

D) Send to the buyer’s bank account one or two small cash/change amounts, then contact them and have them verify the exact amounts (similar to Paypal and other institutions).

I see (D) as best for all. However in this case I have neither the email/phone # contained in the bank-cXc ID #, only the his name. So I would still need to contact Zelle/cXc, yet they probably would not give me his email or phone number to independently verify. Nor do I want to create unnecessary complications and burdens.

Apologies for the long post, but I feel like I’m missing something that easily fills this ‘hole’, or that I’m overthinking or misunderstanding something. Any thoughts, advice, experience, suggestions, etc. are welcomed!

Edits: Formatting

We removed the requirement for the ID check in version 0.5.3 because it opens up too high risk for identity fraud. As the email address is visible at Zelle anyway users are free to get in contact as they like. If and how they do verification is up to them but Bisq does not require that the peer will accept any ID check.
We will add additional security measurements in future to lower risk for charge back, but with any Fiat payment there is left a certain risk. To mitigate risks it is recommended to make several smaller trades with different traders so the risk gets distributed.

Manfred, I’m thinking about FallingKnife’s suggestion. Each user gives his mobile number, but is only visible to the referee’s app. It is encrypted and decrypted with both private keys.

When a user confirms an operation, the referee’s app, which is always open, sends a sms or confirmation whatsaap to each party with a verification number: thus each user does not need to have the application permanently open and the message acts as 2FA.

I know you have limited resources, but I think it might be interesting.

1 Like