Thursday, January 23, 2014

Marc Andreessen Is Wrong When He Says that Bitcoin is Fraud-Proof for Merchants

Yesterday, I linked to a Marc Andreessen article on Bitcoin. I introduced the link with some skeptical commentary on some of Andreessen's points (See: Marc Andreessen On the Case for Bitcoin)

James J. Angel, Ph.D., CFA, an associate professor of finance at the McDonough School of Business at Georgetown University, brings up another problem with Andreessen's analysis.

Andreessen wrote:
In addition, merchants are highly attracted to Bitcoin because it eliminates the risk of credit card fraud. This is the form of fraud that motivates so many criminals to put so much work into stealing personal customer information and credit card numbers.

Since Bitcoin is a digital bearer instrument, the receiver of a payment does not get any information from the sender that can be used to steal money from the sender in the future, either by that merchant or by a criminal who steals that information from the merchant.
Credit card fraud is such a big deal for merchants, credit card processors and banks that online fraud detection systems are hair-trigger wired to stop transactions that look even slightly suspicious, whether or not they are actually fraudulent. As a result, many online merchants are forced to turn away 5 to 10 percent of incoming orders that they could take without fear if the customers were paying with Bitcoin, where such fraud would not be possible. Since these are orders that were coming in already, they are inherently the highest margin orders a merchant can get, and so being able to take them will drastically increase many merchants’ profit margins.

Bitcoin’s antifraud properties even extend into the physical world of retail stores and shoppers.

For example, with Bitcoin, the huge hack that recently stole 70 million consumers’ credit card information from the Target department store chain would not have been possible. Here’s how that would work:

You fill your cart and go to the checkout station like you do now. But instead of handing over your credit card to pay, you pull out your smartphone and take a snapshot of a QR code displayed by the cash register. The QR code contains all the information required for you to send Bitcoin to Target, including the amount. You click “Confirm” on your phone and the transaction is done (including converting dollars from your account into Bitcoin, if you did not own any Bitcoin).

Target is happy because it has the money in the form of Bitcoin, which it can immediately turn into dollars if it wants, and it paid no or very low payment processing fees; you are happy because there is no way for hackers to steal any of your personal information; and organized crime is unhappy. (Well, maybe criminals are still happy: They can try to steal money directly from poorly-secured merchant computer systems. But even if they succeed, consumers bear no risk of loss, fraud or identity theft.)
But this is not completely accurate. Angel explains:
Andreessen errs in his assertion that Bitcoin is fraud-proof for merchants. It is quite easy to imagine several possible situations resulting in fraud losses to merchants. For example, suppose a customer attempts a purchase from an online merchant, and enters the Bitcoin number. Alas, a hacker has broken into the system, Target style, and grabs and spends the Bitcoin number before the merchant even sees it. Even if the compromised system was on the customer's end, it may be hard to prove and the merchant still ends up eating the loss or facing a lawsuit. And, of course, the merchant's wallet could be hacked and the Bitcoins stolen, with no recourse.
I don't agree with everything in the Angel commentary, but these comments from Angel are noteworthy:
 In a recent New York Times Dealbook post, venture capitalist Marc Andreessen argued that Bitcoin is here to stay because it provides a payment system better than the one we have now, particularly for online merchants and international transfers. He likened Bitcoin to other disruptive technologies such as the personal computer and the Internet.
These are great analogies. The personal computer has revolutionized the world, but Altair was not one of the winners. (Remember Altair? It was one of the many pioneers.) The Internet was not the first or even the only network for connecting computers. There were several other early networks including Bitnet (the "Because Its Time" network), which was started in 1981. It thrived for a while connecting university computers, but was eventually supplanted by the Internet as we know it today. I believe that Bitcoin will suffer the same fate as Bitnet: a technical advance that will soon be surpassed by even better advances.
Our payment system is undergoing an amazing technical revolution. In a few short years, we have evolved from a world in which most payments were made via paper to one in which most are made with electrons. This evolution has not finished and will continue. There is broad dissatisfaction with the fees involved in the Visa MasterCard duopoly, and definitely room for improvement. We will continue to see innovations that provide even better and more cost-effective payment solutions. Recent innovations include PayPal, Popmoney, and Square. Plenty more are still under development, as many innovators compete to come up with a "digital wallet" that people will actually use.

12 comments:

  1. Bitcoin number?

    Angel should read the Satoshi paper before speaking again.

    ReplyDelete
  2. I'm not sure this is correct. Neither the customer nor the merchant needs to reveal their private key to transact business in bitcoin. The customer needs a bitcoin address where he is holding valid bitcoin, plus his private key to transfer the bitcoin to another address, plus the store's "receiving" address. The store needs nothing other than to confirm that the bitcoin was received by its address. A thief who gets the store's address cannot spend the store's bitcoin without the store's private key - which is not needed for the receiving bitcoin from customer transaction at all.

    There can be bitcoin theft, if you get someone's address and private key you can spend their bitcoin. The point is a transaction does not require you to reveal your private key to anyone. So no one can steal your private key from the store.

    With credit cards, the store collects everything needed to spend more customer money from the customer's credit account.

    ReplyDelete
  3. I am not sure how you can get such basic topics so wrong.

    Your use of Mr. Angel's example of a MitM attack is completely irrelevant to Mr. Andreessen's assertion and anyone with a basic understanding of computer security would know that just like anyone who has taken an introduction to computer networking course understood that the Byzantine's General Problem was impossible to solve until Bitcoin did it.

    ReplyDelete
    Replies
    1. Hi Trace,

      I took Angel to mean that a MitM attack could occur,in spite of the Byzantine's General Problem being solved, in the sense that a transferred bitcoins could be grabbed from the merchants computer nearly instantaneously after the transfer is made or if the customers smartphone is compromised. Indeed, Andreessen in his commentary seems to admit that this could occur on the merchants end when he writes:

      "Well, maybe criminals are still happy: They can try to steal money directly from poorly-secured merchant computer systems. But even if they succeed, consumers bear no risk of loss, fraud or identity theft."

      Maybe, technically, Angel shouldn't have implied it was an MitM attack, but it is an attack and is a vulnerability, whatever you call it.

      Delete
    2. He said "Bitcoin is a number with the special property that it can be transferred", the key is not transferred from the customer to the merchant. This error must be fixed before the article can be used by people who understand Bitcoin. He is thinking of it as a shared secret system, like obsolete credit cards and ACH.

      Delete
    3. Hi Bob, hope you do not take this response too personally as it is not meant as such.

      Dr. Angel did not 'imply' anything; read the first sentence of the paragraph you quoted. He made a blatantly wrong misstatement of fact that reveals an incredible lack of comprehension about how the Bitcoin protocol works. It is like someone saying 2+2=7. Anyone who understands how basic addition works can immediately comprehend the blatant misstatement of fact. Remember, Bitcoin is just math.

      That you 'took Angel to mean' simply reveals your lack of ability to comprehend computer security in general and the Bitcoin protocol in specificity.

      Yes, there are attack vectors with Bitcoin but most of the attacks are shared with legacy payment systems. But the point Mr. Andreessen is attempting to make is that the attack surface has been drastically reduced with Bitcoin. This is an imperfect analogy but I think it may help you understand. Draw a three foot circle and then draw a six inch circle within the three foot circle. The three foot circle represents the attack surface with credit cards, bank accounts, etc. while the two inch circle represents the attack surface with Bitcoin.

      To make the point, your response about grabbing the bitcoins instantaneously after the transfer is most likely incorrectly juxtaposing attack vectors and surfaces based on a completely incorrect premise(s) on how Bitcoin functions. The public key displayed to the customer for payment can be completely bifurcated from the associated private key. This is a basic principle of public/private key encryption that is a prerequisite to under the Bitcoin protocol. But I may be incorrect in my assessment but it is because of your inability to intelligently articulate; it is like you are asking 'how big is yellow' and I am attempting to answer the question you should have asked. The solution to have an intelligible discussion is for you to increase your math chops and understand the terminology of the subject matter.

      But back to the issue is that in fact, using a hierarchical deterministic wallet like implemented with Armory, the server can generate as many public keys as needed and meanwhile all of the private keys can be completely secure in 'cold storage'. Thus, the attack vectors and surfaces are greatly reduced.

      Of course, Bitcoin is highly complex and there are better teachers than myself. For example, this interview with Dr. Back is incredible and I have listened to it in entirety a few times and particular parts many times. I would highly recommend it and a relevant part (1:34:37) to this particular issue starts around 1:30:38. If you do not understand particular terms then perhaps be like Rothbard and take the time to research and do some problems so you can comprehend the interview. Otherwise, you will simply remain ignorant, continue being at a disadvantage due to asymmetric knowledge and keep asking questions that make as much sense as 'how big is yellow'.

      http://letstalkbitcoin.com/e77-the-adam-back-interview/

      Delete
    4. Trace,

      1.This is Angel's first sentence of the paragraph I quoted, "Andreessen errs in his assertion that Bitcoin is fraud-proof for merchants." It states a fact that I believe is accurate.This has nothing to do with Bitcoin protocol, you may interpret this to mean he is discussing ONLY Bitcoin protocol, I take it to mean a more broad-based potential for fraud with bitcoins.

      2.Your statement that "Bitcoin is just math." Is totally worthless. I view almost all the math of Bitcoin to be nothing more than promoter's double talk. You know as well as I do that an e-currency can emerge without the mathematical gymnastics of Bitcoin. If you recall, we both sat together in a meeting in San Francisco at the office of the CEO of Ripple, Chris Larsen. He walked us through what Ripple is, which is an e-currency without the mathematical gymnastics of Bitcoin.

      I view all the mathematical dressing on Bitcoin as major league misdirection. The fact of the matter is that: A. Bitcoin will have a serious problem in dealing with regulators. You are incredibly naive if you think the 100 billion dollar credit card industry is not going to get to legislators and other government officials, and cause serious problems for Bitcoin.

      In fact, I recall at another meeting that we both attended in Mountainview at Silicon Valley Bank, where a briefing was staged on Bitcoin with presenters that included FBI agents and the IRS, in which the topic of chargebacks was brought up and how the lack of the ability to make chargebacks was one of the problem areas that regulators might object to with Bitcoin. Indeed,after the meeting I discussed that specifically to you and you told me that if necessary the Bitcoin code could be changed to accommodate chargebacks. Which, as you know, will raise the cost of Bitcoin merchant transaction fees. Further, there is another scary thing about Bitcoin, the code can be CHANGED, which means what a Bitcoin actually is can... be changed. Do I have to add that no one can change what gold is? Given the crazy world we live in, do you really want a currency that can be changed as to its basic characteristic by some group of people?

      BTW, I have no problem writing with clarity in English. I find that people, who tend to use as much technical jargon as you do, are often trying to hide the basic facts. I have dealt with jargon hurlers before and when I slow them down and I ask them step by step questions they tend to stutter.

      Finally, you write: "Of course, Bitcoin is highly complex and there are better teachers than myself." That is very scary. I consider you one of the most knowledgeable people with regard to Bitcoin, but if you don't understand it completely, then there is little hope for the rest of us. Which means you are asking people to put their wealth in a currency that hardly anyone fully understands. Does that really make sense to you?



      Delete
    5. 1. The Bitcoin protocol has been in operation for more than five years and there have been no demonstrable examples of Mr. Angel's assertion being implemented. If you really believe Mr. Angel's assertion is accurate then please submit the mathematical proof for peer review that your belief is founded upon. And I mean that seriously and am not assuming your opinion is founded upon turtles all the way down since the great thing about math is that you can submit a proof and the logic stands on its own. Thus, then if there is in fact a security vulnerability it can be patched.

      Your attempt to broaden the sentence's meaning is not found in its plain text of Mr. Angel's argument that, 'Bitcoin is [not] fraud-proof for merchants'. The logic is pretty simple. And in the surrounding dicta from Mr. Andreessen he mentions that frauds can take place using Bitcoin. But that is a completely separate issue.

      Thus, if you want a more correct sentence then it should be 'Bitcoin is fraud-proof or trust-less (to use Satoshi's adjective in the whitepaper) and fraud schemes can be perpetrated using using Bitcoin or gold.'

      2. Is your opinion about Bitcoin just being math and that assertion being totally worthless based upon your understanding and comprehension of the underlying math and its relationship to computer security that is being asserted?

      I agree there can be misdirection dressed up in mathematical or technical jargon. But misdirection should be easily discerned by someone who understands and comprehends the underlying subject matter and mathematical or technical language it is being described in. For example, if someone brings a biologist 3 dogs and 7 dolphins and asserts 'Here are 14 insects.' then the biologist should be able to easily discern there are only 10 organisms and the organisms are not insects. However, if someone is ignorant of binomial nomenclature and basic addition then they may have a very difficult time discerning the error particularly if it is dressed up in fancy Latin and equations.

      And your political predictions are fairly cute since it is not Bitcoin that will have any problems because Bitcoin is just a math equation that has created a decentralized distributed network that is censorship resistant. Instead, it is individuals and companies that attempt to use Bitcoin that would have the problems, if any. In the interview Dr. Back articulates many of the potential attacks and what can be done, from a technical standpoint, to reduce the attack surface and for-close any attack vectors.

      Regarding chargebacks there are already creative ways of implementing consumer protection in the protocol like multi-signature and changes in 0.9 will further this development (https://bitcoinfoundation.org/blog/?p=290).

      Regarding extensibility (https://en.wikipedia.org/wiki/Extensibility), I think this is a tremendous advantage. I agree that gold is not extensible. I assert, this is a primary reason fiat currency, which is extensible, has been able to out compete gold. Bitcoin is both extensible and limited in amount as a result of solving the Byzantine's General Problem. In effect possessing the advantages of gold and fiat currency. Thus, it is interesting that you consider 'totally worthless' the assertion and mathematical proof of this solution that was previously thought to be impossible.

      Finally, Bitcoin has developed rapidly to such a point that it is likely beyond the ability of any single person to completely comprehend, if anyone ever did. And I have no issue either admitting that or that I understand Bitcoin less than Dr. Back or others.

      Regarding the trust element, I see no issue as that is how society uses and applies protocols like DHCP, DHCPv6, DNS, FTP, HTTP, IMAP, IRC, LDAP, MGCP, NNTP, BGP, NTP, POP, RPC, RTP, RTSP, RIP, SIP, SMTP, SNMP, SOCKS, SSH, Telnet, TLS/SSL,TCP, UDP, DCCP, SCTP, RSVP, IP, IPv4, IPv6, ICMP, ICMPv6, ECN, IGMP, IPsec, ARP/InARP, NDP, OSPF, L2TP, PTPP, DSL, ISDN, FDDI, DOCSIS and etc.

      Delete
  4. Have to try again: If a thief gets the store's private key they can only spend the store's bitcoin - that is the store's problem and no business of the customer. Hacking the system of the store does not make it possible for the thief to spend bitcoin of the customer, or to incur debt on behalf of the customer, or to even put into doubt or mess up the wallets or good credit of the customer.

    If the customer's private key is stolen the thief can only harm the customer.

    Target had the break in or security breach but the customers suffered problems. Credit card payment system means your security is only as good as the poorest security of anyone you purchase from.

    France had minital, and countless international standards commissions set internetworking standards that ciso routers dutifully incorporated in their routers, but after tcp/ip (the protocol; of the Internet) got a certain market share it became the only protocol.

    ReplyDelete
  5. One could write a better tcp/ip protocol (the main Internet protocol) in minutes and may have, successfully. The only problem is that ten hundred million computers have adopted the existing tcp/ip.

    The current IP number scheme is too small and numbers were running out tens of years ago. The International bodies and the governments of the world signed on to IP version 6 with more numbers than atoms in the universe. No one adopter IPv6. There are work a rounds to conserve and reuse the existing insufficient number of numbers.

    Technical superiority does not equal market acceptance. Sony Betamax was better than VHS but Betamax died. A better bitcoin could be irrelevant if the real bitcoin achieves sufficient network effect.

    ReplyDelete
  6. Lord support me:

    RW writes "a transferred bitcoins could be grabbed from the merchants computer nearly instantaneously after the transfer is made or if the customers smartphone is compromised."

    nearly instantaneously after the transfer is made is no different than if a thief empties the cash register of a 7-11 after you purchase your six-pack It is the store's problem, as well it should be because they left a thief in - you did not.

    If your smartphone is compromised? Come on, yes if your payment transfer system is compromised someone else can transfer your payments. Different from if Target's obamacare like web presence is compromised your credit and life is messed up and you have no say in what Target does to protect your life.

    Entities with security poor enough to be defeated should suffer the loss. Target customers should not suffer any loss because of the poor security of Target. Bitcoin makes your security your affair.

    ReplyDelete
    Replies
    1. Nowhere did I say that it wouldn't be the merchants fault if their computer was hacked. I was only addressing the fact that there is vulnerability.

      Delete