

Ask HN: Rate this start-up: XIPWIRE (xipwire.com) - sjalexandre

XIPWIRE (pronounced Zip Wire) is a mobile payment service that enables people to securely send and receive money using a simple text message.<p>A person "xips" money by sending a text message to XIPWIRE's mobile number (known as a "short code"), 56624.  There are no extra charges to send or receive messages to/from this number.  The money sent is drawn from a bank account or a credit/debit card that's linked to the XIPWIRE account.<p>Signing up starts by the user texting "go" to 56624.  XIPWIRE will reply back with a temporary username (your mobile number) and 4-digit password.  Use those credentials to login to http://xipwire.com to complete the simple registration process.<p>Once signed up, you "xip" money by sending a text message to 56624 with a simple command in the body of the text:  "xip  &#60;username or mobile number&#62;  &#60;amount&#62;".  For example if Violet wants to xip Dash $20, she would text "xip  dash  20".<p>To request money from another user, use the "ping" command.  For example, "ping  dash  20"  would send a text message to Dash requesting $20 to be transferred from his XIPWIRE account to yours.<p>XIPWIRE requires the user to text back a 4-digit PIN to authenticate every payment transaction.  Other commands that can be texted to 56624 include: bal, hist, id<p>Interested in any feedback regarding XIPWIRE's linked account model, security concerns, usability, etc.<p>Thanks!
======
all
I am glad to see somebody new working this niche. The way you go about
handling payments is relatively straight-forward, which is good. However, I
wonder how you (plan to) handle stolen phones being used to send money to
accessories to the crime. That is, Alice steals Bob's mobile and uses it to
send money out of Bob's account to Carol, who is using a throwaway phone for
the purpose. The texting of a four-digit pin would be in the history of the
phone. So how do you mitigate against such theft?

~~~
sjalexandre
It's true that the PIN would be stored in the send history and so we always
include a reminder message after every payment transaction to erase the PIN.

However, human nature being what it is, we've built a few safeguards to
mitigate the risk of a lost or stolen phone:

1) instant phone lock - once you realize that your phone is missing, you can
instantly "lock" your XIPWIRE account online with the click of button. A
locked account will not allow any payments to be made.

2) email receipts - after every payment transaction, the payer and payee
receive a text notification and an email receipt. If you didn't realize your
phone was missing, the email message would alert you that an unauthorized
transaction just occurred and prompt you to lock your account.

3) account limits - per transaction and daily limits on person to person
transfers prevent large sums of money from being transferred in a single
transaction. Increasing the number of transactions to execute the fraud also
increases the risk of the fraud being exposed.

4) bank account verification - in this example, for Carol to make use of the
stolen funds, she would have had to link a bank account to her XIPWIRE
account. The bank account details would need to be verified using a micro-
deposit transaction. Knowing Carol's bank account information gives
authorities the ability to trace the funds to a specific individual.

5) Instead of xipping the money to Carol, if Alice decided to make a purchase
at a merchant that accepts XIPWIRE, the Security Photo Verification mechanism,
which displays a photo of the XIPWIRE user initiating a payment on the
merchant's POS system, would instantly alert the merchant that the someone
other than the legitimate owner of the XIPWIRE account was attempting to make
a purchase and would decline the transaction.

While fraud can never be eliminated, we believe that education and personal
responsibility (i.e. deleting the PIN from your phone's send history) combined
with multiple layers of protection can minimize the risk associated with a
lost or stolen phone.

