Retailers looking to accept bitcoin face many challenges. While Point of Sale and Payment Service providers have become industry titans through simplifying the process, there are still risks that need to be considered.
An integral part of the retail payment process is the need for speed. While bitcoin transactions are considered almost instant, new transactions can’t be considered secure due to a lack of network confirmations.
The first confirmation occurs when a transaction is included in the blockchain, which takes no longer than ten minutes under ideal conditions. Every time a new block is added to the blockchain, every transaction gets another confirmation. The industry standard for accepting a payment as secure is six confirmations, which would typically take an hour.
Accepting instant bitcoin payments requires a merchant to accept zero confirmation transactions, which is a risky proposition due to double spending, where a devious customer can change a payment before a block is added to the blockchain.
“For a low value item such as a candy bar, the risk may be manageable.”
As soon as the goods are handed over, the buyer can send another, far-smaller payment with a larger fee than the original payment, bumping it to the front of the processing queue. If the fraudster is quick enough, the second, tiny payment will become the one cemented in the blockchain, thus stealing the value back from the vendor. There is even a free online tool designed to create double-spending attacks, which has been a great educational resource for the community.
Bitcoin risk mitigation services can offset this risk. The CEO of popular exchange ShapeShift, Erik Voorhees, said that “Many businesses, like ShapeShift, are built around risk mitigation strategies for instantaneous payments.”
The nascent industry started with BlockCypher in 2014. The company offers many services in addition to risk mitigation, such as easy ways to build customized wallets, run analytics, and use microtransactions on the blockchain. Their most basic plan costs $75 per month, however, which includes a Confidence Factor score for zero confirmation transactions, and guarantees payments up to $9.
“By monitoring transaction propagation, the number of nodes that have received it, and how quickly they received it, we can calculate its probability to be the “winning” transaction at any given point in time,” states BlockCypher.
The company has picked up several big partners including Deloitte, Capgemini, EY, PwC, and a client list that reads like a who’s who in the bitcoin-accepting business world. BlockCypher is used behind the scenes at exchanges like Coinbase and OKCoin, at Wallets like Xapo and Vaulturo, and BTMs like Lamassu and Bitaccess.
When dealing with transactions of high value, however, the company still recommends waiting for more time to add security while using their product. “Double spending attacks, while extremely unlikely, can still occur,” the company admits.
“Blockchain confirmations ultimately provide the highest level of security, especially when dealing with higher value addresses.”
Merchants looking for risk mitigation services above amounts of nine dollars turn to GAP600. Founded by Daniel Lipshitz in 2015, the company guarantees transactions with no need to be concerned about block confirmation times and double spending. GAP600 processes tens of millions in USD valued transactions per month.
The company is a global bitcoin underwriting service that goes beyond BlockCypher’s offering by adding an insurance product to a risk mitigation score. Their offering will “confirm a transaction within seconds of it hitting our environment,” according to founder and CEO Daniel Lipshitz. The CEO told BraveNewCoin that they guarantee the value of the transactions they confirm, “Should we get this wrong, we would reimburse the value of the transactions.”
The system offers a few different tiers of membership covering larger levels of risk for higher premiums. “We have a web interface for account management and statistical analysis,” Lipshitz explains. The end results is that GAP600 underwriting is the first to offer, “instant acceptance of bitcoin transactions with no financial risk.”
His company does this without requiring any Anti-Money Laundering (AML) or Know Your Customer (KYC) identification checks. “At no time do we control or hold the bitcoins,” Lipshitz states. “It is pure analysis on whether the transaction is good or will be a failed or double spend.”
Much like BlockCypher, the whole process is done through code behind the scenes. The process is automatic once integrated into websites and businesses. However, the company is currently self-funding the insurance, which incurs risk that the tiered subscriptions are designed to cover.
“We currently are self-financed and manage the risk on our own books,” Lipshitz admitted, while stipulating that they “have sufficient capacity to meet our commitments.” As the company grows, more insurance products for their own protection should become available, too. “We are in discussion with underwriters to acquire further insurance to enable greater growth.”
“As bitcoin becomes more and more a part of our financial landscape, and is adopted by large financial institutions, GAP600 will be able to offer this service to clear out the ambiguity of zero confirmed bitcoin transaction acceptance.”
- Daniel Lipshitz, GAP600 CEO
Another service attempting some measure of mitigating Bitcoin transactional risk is the web wallet GreenAddress. The service has worked out instant confirmations with at least ten of the more established bitcoin exchanges, which has been especially handy to many bitcoin traders.
Instead of assigning scores, however, GreenAddress operates by securing each wallet with a multi-signature address, and then having the partner exchanges recognize GreenAddress’ key, so they know the source and they can be secure in the fact that GreenAddress won’t allow its’ users to make double-spent payments.