[bisq-network/proposals] Implementation of protection tools: strengthening Account Age by requiring payments from 2 Bank Accounts (#93)

Christoph Atteneder notifications at github.com
Fri Jun 21 09:50:11 UTC 2019 

> This is optional, right? This is very nice to have.

Yes, I would have put it into the advanced options section when creating an offer

> I don´t fully understand this. I would say that the account shouldn´t be able to sign until the account age (based on the new account age algorithm) reaches 90 days. Maybe this should be implemented as a parameter and we should discuss the value of this parameter.

At the moment implementation details oft the account age and limits are as follows:
- At creation of the payment account an account age witness is created and dated
- The age of the payment account is calculated based on the current time and the creation time
- For accounts younger than one month (< 30 days) the trade limit is 25% of the max trade limit (e.g. MAX 0.25 BTC for SEPA -> 25%: 0.0625 BTC)
- For accounts between one to two months (>= 30 day and < 60 days) the trade limit is 50% of the max trade limit
- For account older than two months (>= 60 days ) the max trade limit is used (e.g. 0.25 BTC for SEPA).

After the implementation of the protection tools it would be:
- At creation of the payment account an account age witness is created and dated
- At signing of the payment account witness an signed witness is created and dated
- ATM for the trade limits the account age date is used. That means as soon as the account gets signed, 30 days later the tolerated small trade amount of 0.01 BTC gets lifted and the regular trade limits based on the account age are applied.

Example:
**I have created an account after 1st of March**
- My account age is between 1 - 2 months
- If my account gets signed, I have to wait 30 more days until the 0.01 BTC limit will be lifted. So I'll be able to trade 100% of max trade amount (account age 60+ days) 30 days after my account got signed.

**I have created an account before 1st of March**
- My account age is older than 2 months
- If my account gets signed by an arbitrator, do we also want the user to wait 30 more days until the 0.01 BTC limit will be lifted?
- If the 0.01 BTC limit will be lifted immediately for accounts signed by arbitrators we could get rid of the hard coded 1st of March ruleset in the code. So all old accounts continue to be able to trade 100% of max trade amount.

@m52go @mpolavieja If we show the age since signing in a separate column in the offer book it will be the same for all arbitrator signed users. On the first day everyone will have 0 days age since signing. Might look weird in the beginning, but I think it should be fine on the long run. 

QUESTION: Do we want to continue to calculate the trade limits as mentioned above based on the account creation date or based on the signing of the account age?

> I would wait to implement this until more methods are available.
👍  Yes, we can wait until the 2FA is implemented

> Are the allowed trade time limits going to change?
ATM I wasn't thinking about changing them. If we extend them it should only be for trades with an unsigned buyer account. In that case we could think about a factor that increases the existing trade limit only on the seller side (we don't want the buyer to be able to wait even longer). So there also needs to be some information popup for the buyer that the payout is delayed up to x amount of days because of security reasons. But that is something that should be actually presented to the buyer upfront as it might be disappointing to see this only after you already wired the money and expected the trade to complete soon. Also we need to display this additional waiting time to buyer and disable the ability to open a dispute in that case. So adding this would increase the workload for this feature quite a lot. We had this requirement already in the past and it made it quite complicated from the UI perspective. I agree that this might be a good functionality to protect the seller from getting scammed in the first place, but I would start working on it as an add-on after the account signing feature.

> Are the allowed trade time limits going to change?
ATM I wouldn't change them to reduce risk if a scammer is able to abuse a stolen bank account for longer.

> I would say that the easiest way to handle this is that arbitrators sign all accounts prior to 1 March, and all the other accounts are all 0 age until they get signed by other users, and then the account age will begin on 1 day, no matter when the account was created. Not very fair, but that way we can ensure the scammer does not sneak in as a signer without first having conducted a trade with a signer. This is always under the assumption that the scammer does not own an account prior to 1 March, which is fair to assume because the scammer has been inactive since the 1 March cut was made.

For accounts that where created after 1st of March I do agree. I meant the accounts prior to 1st of March. Are they also age 0 after signing? I personally would be a little bit upset that I have to start again trading 0.0625 BTC amounts again for couple of months.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/bisq-network/proposals/issues/93#issuecomment-504366201
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.bisq.network/pipermail/bisq-github/attachments/20190621/8f6143f3/attachment.html>

More information about the bisq-github mailing list