New requirement for payment accounts with charge back risk


#21

@wodry, @riclas , @erizo, @in-cred-u-lous:

I thought further on the issue…
What about that:
When making an offer you can decide to support direct contact by email. If so you require for your offer that the taker delivers his email address and u need to provide it as well. But it is optional and the email is stored in the account for re-use. You can define at per-offer base. The email will get exchanged int he trade process like the other account data.
The offers in the offer book will have displayed an icon to indicate that direct contact is required for that offer.

Additionally we could provide a tool for uploading a selfie with one’s id card holding next to the face. This photo gets watermarked and a bit distorted and we add some graphical elements (e.g. the Bisq logo) in a way which makes the image worthless for identity theft. Additionally we can render the trade ID over the image in the moment before it gets exchanged with the peer. So the image the peer receives is tagged with that trade. The image will only be exchanged with the peer not with the arbitrator, though the arbitrator could request it from the peers if needed and if they agree to deliver it.
The user only needs to upload the photo to the app (stays local of course) and the app renders the modified image and stores it in the account. The id card need to be a governmental issued one like passport of national id card.
Again in the offer the maker can define if they require an id card image or not. If so, the id cards get exchanged in the trade process same as the bank detail data.
And the offer in the offer book gets marked with an icon indicating the id card requirement.

Of course that all is only for those payment methods which have charge back risks.

What do you think? Do you see open risks with faking the selfie? I think with the photo it gets harder but of course it is not 100% safe. But a seller who wants more security can always require the email contact and can do the id check as they find sufficiently secure.
We can define that min. requirement for such a p2p id check and if a peer requests too much the peer can reject and the arbitrator would refund both in such a case.

I think that would give people enough option between privacy/convenience and security to choose from.
It is a bit of effort to implement so I am not sure how fast we can deliver that. But I wanted to get feedback first. mMaybe someone has a better idea or see some flaws in it…


#22

I was under the impression that the e-mail contact was to have as little checks as possible. In your latest suggestion it seems like it is the ultimate tool when selfie with ID is not enough, which should be enough in the majority of the cases.

If passing documents through the app is possible, i don’t see a real need for the e-mail.

Rendering the trade ID isn’t useful, since it’s done by the app. Unless you want to use that as the watermark, but you could just use the Bisq logo.

this is the solution i was hoping for, since it takes from the user the burden of modifying his document and uploading it on each contact.


#23

It is impossible to prevent a scammer from editing the image of an identification card. I could add any number, any photo and any name and add any full body photo if you need. I might even have a complete album of them.

Users are not banks or public entities that can cross data or perform forensic analysis of the images to verify whether those identifications are real or not.

Actually I think it does not work for anything. Those who can use SEPA with 2FA can now close a transaction in minutes, when we both use the same bank, and in a perfectly safe manner. Identification with each stranger will be an additional impediment, which will not give me more security, but rather greater uncertainty and might come to rethink the use of the application.


#24

Yes I agree that the security of the photo solution is not very convincing.
What is your suggestion? If we don’t do anything we might get have more charge back cases.
I think with SEPA the charge back risk is mainly when there is a stolen bank account case. If we would have a way to proof that the buyers banks requires 2FA it might help as the likelyhood of a hacked account is much lower.
Are there lists of banks with that data? I doubt.


#25

By the end of October 2018 all SEPA banks should work with 2FA.

Meanwhile I think this would only really work: we will collect lists of banks that use 2FA, the users could collaborate identifying them, even if the list is not exhaustive. Only transactions with these banks will be allowed, prohibiting other account numbers.


#26

Wow banks finally start to implement 10 years old tech! Maybe they get a break from their attempts to understand what “Blockchain” is about and realized all what they need is applying 20 year old cryptography and 10 year old IT best practices. :wink:

Do you have any idea where we could render such a list?
Anyone who can help here?

Here is something to start with:
https://twofactorauth.org

Ps: 2FA is even 20 years old (https://arstechnica.com/information-technology/2013/05/kim-dotcom-claims-he-invented-two-factor-authentication-but-he-wasnt-first/)


#27

The most simplest sistem would be for each user to provide proof that their bank works with 2FA.

For example these are three Spanish banks with which I work and who implement 2FA. It is very easy to prove it:

Code 0182 Bank: BBVA

Code 0049 Bank: Santander
https://www.bancosantander.es/en/particulares/banca-online/seguridad-online/nuestro-promiso-de-seguridad

Code 2048 Bank: Liberbank
https://www.liberbank.es/atencion-al-cliente/faqs

They are https pages where the use of 2FA in the transactions is mentioned.

Bisq would have a field where you would enter the URL (https only) of the bank page where the use of 2FA is explained. Both sides of the transaction must do so, and both must check the URLs to verify that the other party uses the bank with 2FA.

Otherwise or if the URL does not match the bank of the other party’s account, the user would open a dispute.

The email field would be suppressed to avoid social engineering scams. In addition, the bank code data of each transaction could be collected - only the code - and stored in a public repository in the cloud, without encryption, to be subjected to users scrutiny. Over time a database of reliable banks would be built and only those banks could be used


#28

i’ve been used for several frauds from clients with 2FA, including a transfer from a client of my own bank.
you overestimate its security.

There’s a reason most financial services use photos for KYC… There is no better alternative, even if it is not full proof neither attractive to the client.


#29

You got scammed with stolen bank accounts which used 2FA? Or was it a fraudulent chargeback?


#30

Most (if not all) chargebacks are for transfers from stolen bank accounts.
and I am sure the fraudulent transfer i got from my bank was done with phished 2FA credentials.


#31

Do you know how that phishing is done? But fake pages and then quickly using the 2FA code? Or are people really that stupid to give away the 2FA code by phishing emails/calls?


#32

We have matrix cards as 2FA and sms codes as 3FA.
what I was told is that, since it was a 100€ transfer, it only requested codes from the matrix card. the client got phished through some bank e-mail for the numbers of the matrix to collect the transfer.
So yes, people are that dumb.


#33

Hello everyone,

2FA may not be perfect, but it is a proportionate and adequate response to the problem. Scams are much rarer and, as Riclas says, limited to small amounts. This fraud in 2FA banks can only happen if:

1- The amount moved is small
2- The bank combines 2FA and OTP card for small amounts
3- The user has suffered Pishing
4- The user is stupid enough to send his OTP by mail

Of course are more sophisticated scams possible for example intercepting SMS and things like that, but they are not very frequent. Nothing you imagine will be perfect.

The introduction of identity card photographs into a P2P service would not secure commerce, but would become a focus of identity capture by malicious people. Data theft and identity falsification would surely be generalized in such a system. It could become very dangerous.

A centralized commerce service can use identity verification services (the regulations of many countries oblige that) like https://www.trulioo.com/ and many others, however the photos that each user receives so that he Will serve ?

Photo editing programs do wonders.


#34

Such chargebacks should not get accepted in no case. If people are too stupid they have to learn by paying. And banks need to educate/inform them better.


#35

@riclas: Did you also got scammed by fraudulent chargebacks? I mean those where no crime was involved but the buyer just asked the bank for getting back the money? I think in SEPA that is very hard and should be very low risk. What is your opinion/experience?

The ClearXchange chargeback might have been such as well. Maybe the husband of the account owner did a lot of trades and then the wife was upset that he spent all the money and requested a chargeback. We dont know but might be an explanation. As there was no other cases it seems it was at least not a stolen bank account case.

If it was such a fraudulent case the victim should go to court and requests his money back. There is a signed contract in the exchange process which should serve as proof. Just for small amounts like 300USD lawyer costs are too high in relation so the scammer can go away without risk.


#36

I honestly have no way of knowing if fraudulent chargebacks were made to me. You are correct that in those cases it will be very low risk in SEPA.
I actually believed many of the chargebacks I got were just buyers trying to get both money and btc, until the police knocked on my door and accused me of being part of a ML group.

It’s safe to assume all chargebacks are phishing or fraud cases, from my experience.


#37

Surely it is best to limit transactions to 2FA banks, you will see:

If a user is foolish enough to send his OTP to Phishing, he can also send his ID card. Then we will suffer, not a small scam… a big scam.

This happens, even in the banks, it is very difficult to avoid the idiots, they are very destructive.

That’s why I do not think it’s a good idea to include email in Bisq. Is to open Bisq to the world of Phishing.


#38

Your reasoning assumes the same number of people who give out their OTP to phishing will also give (or been asked for) a selfie with their ID.
that’s why you ask for something else on the selfie, not just the ID card. some paper with trade number for example.

there needs to be a limit drawn somewhere to how much you ask from a new client, but the more restrictions you give, the less open to fraud you are.
Perfect world: people could easily use their ID card to sign the transaction.
In Europe this is possible, but most people don’t have the skills, knowledge or means to do so. It’s a pity this isn’t enforced when creating the new european IDs.


#39

Hello everyone,

Well, all that can be falsified with the greatest ease, even with stamping, no problem. There are even tutorials on the internet for that. In Spain the identity card has a cryptographic chip, but in other countries (Italy or Portugal) have a level of sophistication similar to the membership card of a library.

If the system of selfis were operating in Bisq the scammers would have it very easy. They would have an unlimited identity capture system by selling small amounts of BTC.

Then, because they have account numbers, copies of identity cards and emails, they could start phishing on some users. They could also make ‘real’ photos of anyone, showing cards printed with the photo of that person, but with the captured data of a real identity of Bisq. The same for any invoice that appears in the photo. The redundancy of insecurity is not more security


#40

Not true. all of EU countries now issue chips on their ID cards. Granted, many people don’t have their new ID card yet. All EU countries need to comply with eIDAS by 2018, then we will have what we need to end this discussion.

Maybe i’m being naive, but i’m not arguing for high quality scans of ID cards. I don’t see how watermarked scans of ID cards are useful for scammers. Then again i’m not a security expert.
The history (reputation) of the seller usually takes a part in deciding if i give out my data, which is another issue on Bisq.