Leader in bitcoin news.

Bitcoin and Buyer Protection: a problem even after ten years

lifebuoy. Picture of Matt Buck via flickr.com. License: Creative Commons

Paying on the Internet is often quite a pain. Bitcoin could do better – but it does not do it yet. What is missing is the buyer protection. There are so many and more ways to put it elegantly into digital transactions. We'll consider what the perfect solution would be.

Recently, I had the pleasure of having to make two slightly larger online orders at two stores I did not really know. The shopping was nice, but the paying paid off.

At the first shop I wanted to pay by direct debit. I was not sure how trustworthy the shop is, and wanted to reserve the option to cancel the direct debit with one click in my account. However, the direct debit was processed via the PayPal suite, which for some reason did not work for me. So I chose the next option, Sofortüberweisung. Here I have experienced the new EU guideline P2D2 in action.

After logging into Sofort with your bank account, you not only get a one-time password via SMS, as before, to confirm the payment, but also an SMS to log in to the account. That is now mandatory. The result was that it confused me, I entered the wrong one-time password twice, and then my account was suspended for Immediately for a few hours. Since my PayPal balance was not sufficient, and I wanted a payment method that happens immediately, I finally paid by credit card. An SMS from my bank later, the payment was finally completed.

The second shop was not better: Here was no direct debit or PayPal offered, but only GiroPay, credit card, advance payment and immediate. Because I do not have a GiroPay account and I could not go right now, I tried the credit card again. But something in the shop's system went awry, so it did not recognize my credit card. What remained was, therefore, the advance payment: Log into the bank account, once-password by SMS confirm, enter the transaction data in the form, request the next one-time password by SMS, and then wait another day. The prepayment is the opposite of the direct debit – a tedious method that takes a long time and forces me to trust the seller.

The whole thing has swallowed quite a lot of time, cost nerves and led in the end to a partly unsatisfactory solution. So you pay in 264. Century? Feeling that is a huge step backwards. You have five or six tools to pay for – bank transfer, instant, credit card, PayPal, direct debit – but each needs – if it works – security checks like multiple SMS to go through. The problem is simply that all these payment methods are not or hardly native on the internet, so there is a web of supports and procedures around them for them to function properly.

Bitcoin would be the perfect solution for this. The cryptocurrency is natively digital, the wallet is local, and one payment pushes a digital coin to the other account rather than giving the other party the right to deduct something from their own account.

Payment in advance and cash on delivery

On the other hand, I also realized that Bitcoin just not the solution. At least not currently, and at least not for the payer. Because with Bitcoin one is pushed in the online trade just into the model, which one would like to avoid actually as customer: The Vorkasse.

There are two basic models for the execution of payments: The prepayment and cash on delivery. The two models differ mainly in who trusts who from the two sides, and who has to go to court if the trade goes wrong. It is – at least for smaller amounts – the one who has to go to court.

When paying in advance, the customer gives the merchant an advance of trust. If the merchant cheats – by failing to deliver the merchandise in spite of the payment received – the customer must see where he stays and, in the last resort, go to court. This is a rather uncomfortable situation for the customer. The bank transfer and also Sofort are relatively pure variants of the prepayment. It is quite difficult to undo a SEPA transaction. This is easier with credit card transactions, and with PayPal, thanks to Buyer Protection, it's just a click away. This makes PayPal, although the payment is carried out immediately, rather cash on delivery than on payment in advance. Bitcoin, on the other hand, is the prepayment in its purest form, because there is nobody here except the seller, who can send the money back to the customer. It is more or less the unfavorable method of payment for the buyer.

The opposite of the prepayment is cash on delivery: The customer pays only after he has received the goods. Here the dealer gives his customers an advance of trust. In the most extreme case, this is done by an enclosed invoice, in other cases, such as the direct debit or PayPal, the customer agrees to the transaction, but has the ability to reverse them for a certain period of time with a very manageable effort and without the help of the judiciary close. In online trading, cash on delivery is the exception, while offline, for example in the service sector, is the rule. Even if the bookstore ordered my book, I deliver this as a matter of course by cash on delivery. Presumably, this is because a small percentage of unpaid bills – say, 1-2 percent – are at a statistically acceptable risk for a trader – whereas for private individuals it is usually much less acceptable when an order is paid for but not delivered has been. Statistics works only for larger quantities.

Online trading is often handled on platforms such as Amazon, where the marketplace manages the revenues of the merchants and distributes them only after some time. When a customer applies for a refund, Amazon usually releases it without review. Thus, this trade also takes place on a mixed model, similar to PayPal and the direct debit, in which the customer pays but in itself, but can take back the payment at any time without the court of law.

The worst of all payment methods

When you pay with Bitcoin, this usually happens as pure prepayment. There are also middlemen such as BitPay or CoinGate, which are basically the ones who manage the paid bitcoins until they forward them to the traders or exchange them for euros or dollars.

Presumably it will somehow be possible to go through the support against dealers who do not deliver after a payment. There is no formalized and guaranteed buyer protection like Ebay. All I found in BitPay's support information was a refund program triggered by the seller. If a merchant accepts Bitcoins directly – via a self-checkout or the BTCPayServer, for example – the buyer will be unable to defend himself against a fraudulent merchant out of court. The fewer middlemen in the game, the worse it looks for the buyer.

The way how to pay in online shops with bitcoins in the rule, is for the customer so the worst of all conceivable variants. That this is the norm even after ten years of Bitcoin is a bit embarrassing, right?


Of course, I'm not the first one to realize this problem. Buyer protection at Bitcoin has been discussed for a long time, and there are numerous models to catch up with the standards elsewhere. An example is the payment service provider UTRUST from Switzerland, which offers a PayPal-like buyer protection for payments with multiple crypto-wallets: It holds the credit until a commodity has been delivered (or there was no complaint after a certain time). However, I have never encountered UTRUST while shopping with Bitcoin.

There has long been a strong awareness of the problem. This is especially pronounced in the Darknet. For example, if you buy drugs there, you are dealing with an anonymous trader, who is extremely untrustworthy as a criminal, and since you also make yourself a criminal offense when you buy drugs, the courtroom remains categorically closed. This constellation invites formally to a dealer fraud by advance payment.

Therefore, there are several practices that reduce or eliminate the risk: Firstly, the Darknet marketplaces have always had an Amazon-like function – they manage the bitcoins and give the buyer time to complain. When it comes to the complaint, the market place mediates. In terms of game theory, the buyers are in a situation that does not invite them to use the option, for example, to obtain a refund of the purchase amount despite a delivered product: they are dealing with a criminal trader, who is anonymous himself, but under certain circumstances knows the mailing address of the buyer. Therefore, this model should work relatively well.

Often – in the Darknet and also in larger legal transactions – a trust service is used. Such a service provider replaces a platform such as Amazon or PayPal or even the Darknet marketplace by keeping the purchase amount for a certain period of time within which the buyer has the chance to apply for the refund. Of course you have to trust the trustee; While the large volume of available vendors demonstrates the level of awareness, it makes choosing a trusted trustee difficult. Especially if this takes over the full control of the coins, you shift as a buyer – and as a seller – the risk of fraud to a third party.

Therefore, there are other, more sophisticated methods.

Satoshi's Trust Model

Bitcoin is often referred to as “programmable money,” and that's what makes it possible to develop new types of trust designs. A basic method has already been described by Satoshi on Bitcointalk:

So you make a payment that requires both the signature of the recipient and the sender to be able to be issued. To release the coins from the trust, you give the recipient their own signature, or the recipient can refer them back by handing over his signature. You do not need an intermediary for this simple case. In the worst case, one of the two parties refuses to ever release the coins, which essentially burns money.

Two days later, on the 7th of August The buyer may refuse to release the payment, which does not allow him to get the money back. “But it gives him the option to burn the money out of sheer baseness.” This system does not guarantee that the parties will lose anything, “but it removes the profit from the fraud.” If the seller does not send the goods, he will not paid; “The buyer does not get his money back, but at least the seller has no financial incentive to cheat.” Of course, a scammer could begin to bargain and demand about half of the money to get it back. But Satoshi says that at that time, every trust is lost so far that there is little chance of success.

In a sense, the Satoshi model is like the car radio or smartphone that needs a code to be activated: you can steal it, but the thief has none of it. “Imagine,” Satoshi explains, “someone steals something from you. You can not get it back, but if you had the option to press a remote-controlled self-destruct button, would you do it? Would it be a good thing if the thieves knew that everything you have has such a button, and that it would be useless to steal from you even if you continued to lose it? … Imagine gold becoming lead when stolen. If the thief returns, it will become gold again. “

2 out of 3

Game-theoretically, Satoshi's solution may work, and it has the great advantage of not requiring a third party. However, neither the buyer nor the seller is really satisfied that the other side has the option to burn the money. Being right does not mean that you have your right but that the other person does not make a profit.

Therefore, the “2 of 3” solution has long since prevailed. This consists of a multisig transaction, the coins you can spend again, if you have two out of three keys. This makes it possible to expand the construction of Satoshi by a third party to act as mediator. If buyers and sellers agree, the agent does not have to do anything, if not, he checks the evidence from both sides and decides whether to sign it or not. Such multisig solutions are so obvious and attractive that a Forbes blogger has already asked These solutions are ideal for centralized platforms or payment providers who, instead of managing the funds, manage only the third key and act as intermediaries.

In Darknet, there are probably marketplaces that use this method. In doing so, they are responding to a common problem, namely that the platform operators themselves are anonymous and criminal, and tend to do the “exit scam” when things get hot – they disappear with the bitcoins they hold in trust. With a 2-of-3 Multisig solution, the exit scam should become impossible. However, I do not know how widespread this is. In the legal area, especially BitGo is known to offer the custody solutions, mostly for stock exchanges, and in the process rely on such a multi-stake: The three keys are distributed among the user, the stock exchange and BitGo. While Multisig is often used for the safekeeping of coins, one does not even find it when shopping online.

A multisig solution in which a payment service provider acts as a mediator suffers from having to re-trust a central instance. Therefore, there are also attempts to make it more decentralized: for example, the decentralized marketplace OpenBazaar or the platform Bitrated. In both cases, the platform does not assume the role of mediator, but lets the buyer choose from a list of available intermediaries, while merely providing the technology to form the usually too complex multisig transactions for ordinary wallets. While OpenBazaar barely reaches more than a few dozen sales per week (if any) after about three years, BitRated is reasonably popular, but appears to be used primarily for trading bitcoins or other cryptocurrencies.

How would you do it right?

Bitcoin is still far from providing broad standards that can match those of established online payment methods 2019 away. Why do payment providers like BitPay or CoinGate, which are already used by many merchants, fail to provide buyer protection? Why is not it standard that you have the power to design Bitcoin transactions to have automatic buyer protection?

For the first question, I find it hard to find a good answer. It would be in itself – technically – easy for BitPay to set up a buyer protection like PayPal: the company pays out the revenue only after two weeks, and each user gets a link with which he can withdraw the payment. Why does not BitPay do that? Eventually, the company fears being dragged too far into disputes between buyer and seller. Or she promotes her service to retailers by saying that there's no way for customers to get the money back. I can only speculate at this point.

The second question, however, is easier to answer: the wallets are not ready yet. To implement even Satoshi's simple Multisig solution, one would have to drive around the village several times with the church: First, the buyer must send the seller the public key of a Bitcoin address in his possession. Then the buyer forms a multisig address from which the buyer pays. This already requires a communication channel between the two parties, which is usually not given. But it only gets really wild when the seller finally wants to pay off the money: For this he has to sign the transaction and send it to the buyer. He then has to sign them and then send them either to the Bitcoin network or the seller.

First, a communication channel between buyer and seller is necessary. With the payment protocol that is given, even if it does not support Multisig to my knowledge. It would be theoretically feasible. Much more difficult, however, is the second step – the completion of the payment. To do this, you need another communication channel between the buyer and the merchant, and the buyer's wallet must be able to import half-signed transactions. With the current technology that is incredibly expensive. Possibly it would be conceivable that the seller sends the buyer already at the time of purchase over the payment protocol the follow-up transaction, so that the buyer must confirm only in his wallet, to have received the commodity, after which the Wallet then finalizes the transaction and sends .

Ideally, Multisig would run so that each party sent their transaction to the network, and the other's wallet would recognize and complete it. However, this would require that the communication system in the network be changed or expanded, which would be a relatively large infrastructure update. It is also questionable whether this is what the Bitcoin developers want: Only recently have they decided to remove the payment protocol from the core software. The hope that this will once become one of the basis of Buyer Protection at Bitcoin should be buried with it.

Time locks

Another, technically almost more interesting, but almost unused option is timelocks, ie transactions with a time lock: It is possible to send bitcoins in such a way that they only start at a certain block height – ie a certain date – can be output. You could see a lot of the Smart Contracts behind the Lightning network here.

Lightning uses 2-of-2 Multisig addresses, as Satoshi sketched it. However, Lightning avoids the hostage-name issue: before the two parties deposit money into a channel, they sign each other the follow-up transaction that closes the channel so that both are able to pay off the deposit. In addition, a transaction can only be issued after a specific time has expired; while at the same time it is possible to pay off the entire contents of the channel if the other party submits an outdated transaction to close the channel.

Complicated technology, simple sense: One could mimic many different models by combining Multisig addresses and time locks. For example, one could form a transaction that the seller can issue after two weeks, but the buyer can withdraw, freeze or transfer in a multisig contract with an intermediary. There are relatively many options here that allow the buyer to remain passive in order to confirm the completion of a payment, but an active action prevents the seller from receiving the money. You could also create designs where the buyer has to retire a simple password to withdraw a payment, which may then take his computer to run for one night.

There are many ideas and options here, as Bitcoin emulates established models of payment or invents new ones. That this has not happened yet, is regrettable.