Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

How can a customer use a stolen credit card to make payments with crypto? And how does a customer initiate a bogus chargeback on the blockchain?


If credentials are stolen, crypto or otherwise, a scammer can then use those stolen credentials to make a payment.

All non-reversible transactions do is put the risk of fraud on the consumer. IE, if you buy anything with crypto and it turns out to be defective, or just not arrive, you have no recourse. You're just out the money.


>If credentials are stolen, crypto or otherwise, a scammer can then use those stolen credentials to make a payment.

Crypto credentials are not comparable to bank credentials. Crypto credentials are a public key; you still need the secret key in order to authorize a payment. Credentials are insufficient to make a crypto payment.

Bank credentials are usually just open-source information that anyone can get a hold of, and they are usually sufficient to make a bank payment.


No. Cryto credentials are the public and private key both. Losing a credit card credentials is the exact same scenario as losing a private key


1) Yes, much like if someone finds your credit card number, they can't use it without your name, CVC code, and zip code.

2) It doesn't matter how secure you make it, because if your payment system is impenetrable, I'll just steal your account on some site where you've already enabled payments.


I'm trying to understand what you mean with your point (2). How do you think that a crypto wallet works? Could you walk me through a step-by-step of how it would be possible to steal "my account"? What do you mean by "account", and what do you mean by "enabling payments for a site"?


> if you buy anything with crypto and it turns out to be defective, or just not arrive, you have no recourse.

If you buy something with cash and it turns out to be defective or it is never delivered, are you left with no recourse?

"But online shopping could mean someone from some other part of the world!" yeah, then don't buy with crypto.

> All non-reversible transactions do is put the risk of fraud on the consumer.

"And for everything else, there is Mastercard..."

Yes, the risk goes to the customer. But the point here is that crypto can enable a whole lot of other businesses that don't exist today because of merchant risk.

Patreon "exists", but as TFA shows is stupidly expensive. I have a SaaS that I'd like to charge $0,50/per month. I can not do that because Stripe would eat 80% of it in fees. The minimum payment amount is $5, but from that Stripe still gets 9%!

If crypto payments were normalized (and if scaling solutions get more adopted to reduce tx fees), customers would think "well, if fifty-cent service is a scammer, it will be on reddit already. If it is not, then it is only fifty cents and I can get a lot of karma for it"


> But the point here is that crypto can enable a whole lot of other businesses that don't exist today because of merchant risk.

This doesn't address the primary risk that merchants take on: fraud. Either crypto or credit card, if you end up taking a payment via stolen credentials, you will refund the money.

The risk that the middleman in a two-sided takes on is fraud. The scam is pretty simple: steal credit card/crypto key, set up fake seller account, buy stuff from yourself using stolen credit card/crypto key, cash out. The middleman pays the money out to the scammer, and eventually has to pay back the person that was stolen from, credit card or no.

Micro transactions are a huge merchant risk not because angry customers can chargeback, but because one stolen account can undo 1000/X legitimate transaction (where X is your profit per transaction). If your margin is slim, you've just amplified your fraud risk.

And before you say that it's easier to steal credit cards than crypto keys: 1) wait until crypto becomes common and 2) it doesn't matter. If you secure your keys, then scammer finds some user's account credentials and cleans their account out.


> Either crypto or credit card, if you end up taking a payment via stolen credentials, you will refund the money.

This by itself shows that you are making a fundamental confusion: crypto is not to be compared with credit cards. crypto is meant to be cash.

Anyone that steals crypto will wash it before attempting to spend it. And depending on the network, you can't even know what is the origin. So, it would be the same as being robbed of cash.

But okay, let's move on.

> If your margin is slim, you've just amplified your fraud risk.

What if my margin is infinite? Say I want to sell digital goods, with an effective unit cost of zero. Why would I want to worry about the 1/1000 chance of someone "stealing" a copy, when that cost is nothing compared with credit card processor fees and the only thing I am trying to avoid is being hit with chargeback fees?

> wait until crypto becomes common

Crypto becoming common does not mean that people should be keeping large amounts in their wallets. A wallet is not a bank account.

Even those crazy enough to keep substantial amounts of funds in crypto would have (at least) two separate set of keys. One to use for their "hot wallet" and one for cold storage. This is almost basic practice. In a world where crypto "becomes common", what could happen is that your "bank" would be a service that is responsible (and properly paid) to be a trusted custodian of larger funds.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: