Ninjastic
PostEdited versionsQuotes to this post
Post
Topic
Board Bitcoin Discussion
Re: CampBX Launch - Free Trades for All Bxlievers!
by
Keyur @ Camp BX
on 05/07/2011, 20:44:04 UTC
Quote from: joepie91 on July 05, 2011, 07:48:08 PM
Quote from: Keyur on July 05, 2011, 07:30:53 PM
Quote from: Slimquick on July 05, 2011, 07:20:56 PM
Quote from: joepie91 on July 05, 2011, 05:20:39 PM
How do you deal with stolen funds? If the account of a user gets broken into due to something that is not obviously user error, is there any insurance for these funds?



I second this question.

SQ and JoePie,
    If funds get stolen due to any issues on server side, we will stand behind our product and cover the losses.  Any user side compromises of the account will of course not be covered.  You can request stricter limits on BTC and USD transfers on your account to prevent hacker from making away with too much cash.

Hope this helps,
    Keyur

And what if it is unclear where the issue was? For example, when my $200 was stolen from my Mt. Gox account it was impossible to undeniably prove that it was an issue on their side (as all data that was recorded was an IP and a destination address) - however, it was extremely unlikely that it was an issue on my side (as I had a 20 character alphanumeric mixed case password that was not reused anywhere, and did hours of manual analysis on my machine to verify that I had no malware issues). What action would be taken on CampBX' side in such a case?

As to two-factor authentication,  a very basic way to prevent thefts from an account would be by offering two-factor auth through a confirmation email when the user tries to withdraw funds anywhere. A slightly better (but although cheap, not free) option would be sending out texts. A slightly more expensive but still fairly cheap option would be offering a digital one-time pad dongle (much like the dongles and calculators provided by other online banks).

In my opinion the optimal solution would be automatic (free) two-factor authentication for all users using e-mail or SMS (this is likely cheap enough to be covered by transaction fees), and an optional 'upgrade' to a hardware dongle for a one-time fee/purchase.

EDIT: Almost forgot to mention this. In my opinion two-factor authentication is absolutely essential for any serious exchange that acts like a bank to some degree - and from a business perspective of view it would give you an immediate headstart in the Bitcoin exchange market, it being a more-or-less "exclusive feature".

Joe,
      Thank you for the insightful post - we are researching available 2-factor options and implementation costs.  I will keep you posted on this.

As for the unclear-hack issue, unfortunately there is no clear solution there.  We tend to take the southern approach in situations like these, and go based on our relationship with the user.

Thank you,
     Keyur