Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Increase buy limit for new accounts from 0.01 to 0.02 BTC #95

Open
flix1 opened this issue May 22, 2019 · 16 comments

Comments

Projects
None yet
8 participants
@flix1
Copy link
Member

commented May 22, 2019

This is a Bisq Network proposal. Please familiarize yourself with the submission and review process.

Please vote this proposal on the DAO.

A restriction on buying more than 0.01 BTC for users with fiat payment accounts created after March 1st 2019 was put into effect to increase security after 1 scammer issue. Such small amounts are uneconomic to trade as mining fees can represent 10%+ of traded amount.

We propose increasing this limit to 0.02 BTC.

This is still low enough to make stolen bank account fraud uneconomic (as each trade increases chance of detection for the scammer) while allowing new users to buy a meaningful amount of BTC with fiat on Bisq.

--Clarification: we propose enacting this change regardless of what happens with protection tools discussed in #79 #93 #83. The limit should be increased even if these new tools have not yet been implemented, as proposed in #91.

@flix1 flix1 changed the title Increase trade limit for new accounts from 0.01 to 0.05 Increase buy limit for new accounts from 0.01 to 0.05 BTC May 22, 2019

@sqrrm

This comment has been minimized.

Copy link
Member

commented May 22, 2019

I think that 0.05 BTC would be too high considering the amounts used during the previous scam session. Without any further protection I suspect it's not a good idea to increase buy limit.

@m52go

This comment has been minimized.

Copy link
Member

commented May 22, 2019

I think that 0.05 BTC would be too high considering the amounts used during the previous scam session.

Yes, I believe they ranged from ~80 USD on up...

As inconvenient as it is, I think we need to keep limits low for now.

@ManfredKarrer

This comment has been minimized.

Copy link
Member

commented May 22, 2019

FYI there have been one case with 87 EUR and one with 155 EUR. Most others have been in the 400-600 EUR range. We don't know how many scammers have been, but it seems that at least one other was doing a chargebakc on Interact (CAD) which is likely not the same scammer.
To me 0.05 BCT (400 USD at current price) seems too high. We also need to consider rising BTC price and tx fee can be very volatile. I would not recommend to go over 0.02 BTC.

@flix1

This comment has been minimized.

Copy link
Member Author

commented May 22, 2019

FYI there have been one case with 87 EUR and one with 155 EUR. Most others have been in the 400-600 EUR range.

It would be good to have more public data on this. As much as it is safe to disclose.

I would not recommend to go over 0.02 BTC.

If more agree, I will amend the proposal to increase it to 0.02. Even that little would greatly improve the economics (from 10% to 5% cost with current mempool state).

@mpolavieja

This comment has been minimized.

Copy link

commented May 22, 2019

--Clarification: we propose enacting this change regardless of what happens with protection tools discussed in #79 #93 #83. The limit should be increased even if these new tools have not yet been implemented, as proposed in #91.

Depending on the quantity, protection tools might be relevant. 0,05 seems rather high to me at this moment.

If the new minimum is still uneconomical for scammers, I agree for now on making this decission independent from the protection tools. However, the protection tools and the minimum quantity should be considered together in the future. After a long enough period of time after the whatever protection tools are implemented, we will be able to make a much more informed decision about this limit. For example, if protection tools are succesful and widely adopted the limit could be kept to a minimum.

@ManfredKarrer

This comment has been minimized.

Copy link
Member

commented May 22, 2019

It would be good to have more public data on this. As much as it is safe to disclose.

Summary:
The scammer used about 14 different German (90%) and Dutch accounts but could cash out only with 3 accounts (others got blocked before BTC got released). 21 cases with EUR received and BTC already paid out. 16 cases where he could not get the BTC out (disputed). Total damage what we got reported was about 11 000 EUR.
Chargebacks was requested in 12 cases and in 7 cases accepted by seller. In 18 cases the EUR was sent back (either due chargeback or volunatarily). Banks handle chargeback very differently: Some ask, some do it without asking, some block sellers account if seller has transferred the funds already to another account. Often bank have blocked scammers stolen account so the EUR the seller have sent back bounced back to him.

Beside the SEPA stolen bank account scammer there was 1 or 2 Interac (CAD) chargebacks. Not clear if it was releated but happened in same time period, so likely a group might have been active.
Names a those cases sounded eastern European / Russian.

There have been also other suspicious cases where no chargeback happened but user used different accounts (several different German often female account owners with same onion address). They used a similar communication behaviour (broken english, aggressive unfriendly style, lose patience quickly and accused arbitrators as scammers, not providing any evidence to arbitrators,...). It might be that those are money launderer cases and not stolen accounts, which would explain why no chargebacks happened, even after 2 months. Some of those cases are still open in disputes. At least at one case the BTC buyers bank account was blocked when the seller was instructed to send back the EUR (arbitrators instructed sellers to send back the EUR in those cases).

Some of those cases used Transferwise. It seems that one can fund now Transferwise by Credit Card which adds a lot of CC fraud risk. The Transferwise EUR transfer cannot be verified by name and IBAN by the seller as Transferwise uses it's own name/IBAN. I think Bisq should not allow Transferwise anymore as specially with te CC funding option it might become a preferred way for CC scammers to cash out. Not sure how Transferwise would handle such cases, likely they will swollow the damage in case of CC fraud but it might fall back to Bisq if it would be used more frequently and the seller might get reported/blacklisted by banks even if no chargeback happens. It also seems that one can get a SEPA account at Transferwise now, which would make it hard to detect that it is Transferwise (probably by the BIC it can be detected).

@mpolavieja

This comment has been minimized.

Copy link

commented May 22, 2019

Probably part of the scams were not chargebacked (or refunds bounced) because they were from mobile banks. It looks like those banks are not willing to request chargebacks to receiver banks. Not certain about that but there is a clear pattern.

I have a very strong suspicion that what those banks are doing is kicking out clients that are somehow related to the scammer. For example closing accounts of other honest clients that also had transactions with the same honest peers that the scammer had transactions. So even if the bank is assuming the loss of the scammed victim and the seller is not chargebacked, this is very bad for Bisq because if one of the affected peers is a very active trader, that would mean the bank closes a lot of accounts from Bisq users.

So we really need to prevent scams from happening regardless if there are no chargebacks and Sellers are not affected and no one in Bisq notices anything wrong.

An interesting conclusion is that not all, but a significant proportion of chargebacks tend to occur rather quickly. So even if delays are not going to be implemented (as it looks like), we should somehow encourage users to wait as much as possible before confirming payment with new traders (unless they have good reasons to be comfortable confirming fast).

@HarryMacfinned

This comment has been minimized.

Copy link

commented May 23, 2019

@flix1
Thanks for this proposal.
I would support it but, imo, to be coherent, all the measures in favor of freedom must be backed with responsability.
(because there is simply no real freedom without the associated responsability).
In Bisq case this should simply translate in some lines in the general conditions, eg : chargebacks due to the fiat system cannot be handled by Bisq, and are thus completely assumed by the users.

(Bisq provides a free place for traders to trade. Bisq will not trade in lieu of its users. Bisq's job is not to handle the issues (past and coming) of the fiat banking system).

@allowscandinavianbanks

This comment has been minimized.

Copy link

commented May 24, 2019

perhaps allow larger sums for banks in countries that always have to do 2FA to send money? doing a chargeback for one of these banks is VERY difficult(impossible?) because they know that YOU approved of the transaction.

https://www.bankid.com/en/

@ManfredKarrer

This comment has been minimized.

Copy link
Member

commented May 25, 2019

@flix1 Is the proposal with 0.05 BTC or 0.02 BTC? If 0.02 can you change the title and introdution to avoid confusion for voting?

@flix1 flix1 changed the title Increase buy limit for new accounts from 0.01 to 0.05 BTC Increase buy limit for new accounts from 0.01 to 0.02 BTC May 27, 2019

@flix1

This comment has been minimized.

Copy link
Member Author

commented May 31, 2019

I've changed the proposal to an increase to 0.02 as suggested. Am I correct in thinking that this will be acceptable to most?

If so please change your 👎 to 👍 @ManfredKarrer @outis151

@sqrrm

This comment has been minimized.

Copy link
Member

commented Jun 2, 2019

I'm still hesitant to this increase but won't resist if it's implemented.

@m52go

This comment has been minimized.

Copy link
Member

commented Jun 3, 2019

I'm not convinced the benefit will be worth the risk. With the price of bitcoin over 8000 USD, 0.02 BTC is worth enough to be a problem, in my opinion.

@HarryMacfinned

This comment has been minimized.

Copy link

commented Jun 3, 2019

The last scammer made it's minimum scam at ~0.01BTC=~80$ ... and we have currently a limit at 0.01BTC.
If this single guy had made a minimum scam at 0.001BTC, then all Bisq honest users may inherit a 0.001BTC limit.
... imo this is really not serious at all. We should come to our senses again.

Life is a risky thing.
Surely, being dead is the best way to avoid risk.
This makes it still not a good idea.

@ManfredKarrer

This comment has been minimized.

Copy link
Member

commented Jun 11, 2019

I am also a bit more concerned again. If BTC price goes up to 15k then 0.02 is 300 USD - that would not be far away from the average of 400-600 EUR the scammer used. I think losing a few users because of the small amount is less damage as if the scammer returns.

@Giszmo

This comment has been minimized.

Copy link

commented Jun 17, 2019

@ManfredKarrer these limits should maybe be expressed in a more stable unit or otherwise made to auto-adjust. 0.05 * value of median trade of last month or something.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.