I\u00e2\u20ac\u2122ve touched on the idea before, but I thought it was time I made it explicit. I want to compare customer-not-present purchases using bitcoins and using credit cards.<\/p>\n
In particular: security.<\/p>\n
Consider a modern web site, accepting a credit card. You fill up your basket and press \u00e2\u20ac\u0153buy\u00e2\u20ac\u009d. You have<\/em> to supply:<\/p>\n These bits of information are almost certainly stored by the company you\u00e2\u20ac\u2122re purchasing from. Let\u00e2\u20ac\u2122s think about how they get their money. They take these details, plus one other,<\/p>\n \u00e2\u20ac\u00a6 and head off to their payment processor (often the supplier\u00e2\u20ac\u2122s bank), having made up a payment authorisation request using your details. Their payment processor is not necessarily someone you have a deal with; they are another intermediary. That processor gets in touch with VISA (or Mastercard or even Amex I suppose) and hands over your details again with a request for a certain amount of money. VISA and Mastercard are clearing houses; they have a deal with your actual card provider (probably your bank) as well as the payment processor. All card transactions pass through their hands \u00e2\u20ac\u201d it\u00e2\u20ac\u2122s the only way to make it so your supplier doesn\u00e2\u20ac\u2122t have to have a payment arrangement with every bank on the planet.<\/p>\n Bear in mind, there is nothing that forces the price on the page where you clicked \u00e2\u20ac\u0153pay by credit card\u00e2\u20ac\u009d equal the amount being requested from the clearing house. Note also that your details are in at least three company\u00e2\u20ac\u2122s hands. Note that the \u00e2\u20ac\u0153secret\u00e2\u20ac\u009d number is in their hands too.<\/p>\n At this point, VISA pops up a page in your browser asking that you confirm your identity by using the card number to look up a VISA account, which has a password associated with it. This password is never shown to the original supplier or payment processor. (Not that a bit of Javascript from the supplier couldn\u00e2\u20ac\u2122t easily scrape it as you type).<\/p>\n The request gets authorised and the supplier can ship your goods. The supplier now waits for VISA to get in touch with your card issuer (they can work out who this is from the card number) and request payment via the banking systems own payment system. That payment eventually clears, VISA take their cut, the payment processor takes their cut, and the money ends up in the supplier\u00e2\u20ac\u2122s account.<\/p>\n This is a PULL<\/strong> system of payment. Your supplier has to ask (via some proxies) your bank for the money. They request whatever they want, they retain all your details, and nothing prevents them from making another request tomorrow. The fact that they store all these details means that if any of the sites you purchase from ever gets hacked, your card details are compromised and the thief can start making requests for your money just as the supplier can. In short: your money is completely out of your control. What\u00e2\u20ac\u2122s more, VISA see everything; your privacy is non-existent.<\/p>\n Consider a web site accepting bitcoins. You fill up your basket and press \u00e2\u20ac\u0153buy\u00e2\u20ac\u009d. You have to supply:<\/p>\n They might ask you for your email address, but it\u00e2\u20ac\u2122s not necessary. You don\u00e2\u20ac\u2122t even need an account on the website; just this one basket of goods.<\/p>\n Their website gets in touch with their bitcoin software; which provides them with a unique bitcoin address for this order. They probably write that address in their orders database along with your delivery address. Then they tell you that address, and the number of coins needed to complete the order.<\/p>\n You go to your bitcoin wallet, and send the appropriate amount to the appropriate address. You choose how much to send, and from what source it is sent. You could, if you wished, send the bitcoin address to your gran and say \u00e2\u20ac\u0153hey gran, buy this for me for my birthday\u00e2\u20ac\u009d. Or you could pay part from your desktop wallet, part from your online wallet<\/a>, and part from your mobile wallet.<\/p>\n Done.<\/p>\n The supplier is free to monitor that address until it has received enough to pay for the goods, and then ships when they have it.<\/p>\n The supplier is happy because when there is no messing around with authorisation then clearing. Bitcoin clears transactions in ten minutes \u00e2\u20ac\u201d not just authorised, cleared<\/em>. The supplier has the money and it can\u00e2\u20ac\u2122t be taken away from him. What\u00e2\u20ac\u2122s more, VISA didn\u00e2\u20ac\u2122t get a cut. He can charge you a lower price.<\/p>\n You are happy because you didn\u00e2\u20ac\u2122t have to hand over information that would be valuable to a hacker. If the supplier subsequently gets hacked all the hacker learns is a way to pay your bill for you.<\/p>\n This is a PUSH<\/strong> system of payment. You choose to send money; the supplier does not get to just suck it from your account because they happen to know the card number.<\/p>\n Your privacy is protected because all that can be seen by third parties is a transfer from random account A to random account B. What\u00e2\u20ac\u2122s more, because each new order creates a new payment address, it can\u00e2\u20ac\u2122t even be seen whether you\u00e2\u20ac\u2122re using the same supplier.<\/p>\n The only advantage the card payment systems have is historic: they are what we already use. If we were starting again today, we would consider them antiquated.<\/p>\n \u00e2\u20ac\u0153Discount for cash\u00e2\u20ac\u009d is about to become \u00e2\u20ac\u0153discount for bitcoin\u00e2\u20ac\u009d.<\/p>\n","protected":false},"excerpt":{"rendered":" I\u00e2\u20ac\u2122ve touched on the idea before, but I thought it was time I made it explicit. I want to compare customer-not-present purchases using bitcoins and using credit cards. In particular: security. Consider a modern web site, accepting a credit card. You fill up your basket and press \u00e2\u20ac\u0153buy\u00e2\u20ac\u009d. You have to supply: Name Address Email\u2026 Read More »<\/a><\/span><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":[],"categories":[24,53],"tags":[20],"_links":{"self":[{"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/posts\/362"}],"collection":[{"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=362"}],"version-history":[{"count":9,"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/posts\/362\/revisions"}],"predecessor-version":[{"id":947,"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=\/wp\/v2\/posts\/362\/revisions\/947"}],"wp:attachment":[{"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=362"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=362"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.fussylogic.co.uk\/blog\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=362"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}\n
\n
\n\n
\n