
How To Accept Bitcoin On Your Website - barmstrong
http://blog.coinbase.com/post/37274999622/how-to-accept-bitcoin-on-your-website
======
javert
Suggestion: I found the option "Send to a bitcoin address" to be confusing. I
would have expected it to say "Send from a bitcoin address."

Upon further reflection, it's clear why I expected that.

First, when a user goes through a typical online checkout/payment, they are
not concerned about where the money is going _to_ , they are concerned about
where it is coming _from_ , i.e., putting their credit card info in.

Second, the prior option is "Send using my coinbase account," which reinforces
what I was talking about in the other point I just made. For the sake of
consistency, both options should be about sending _from_ somewhere, not
sending _to_ somewhere.

An alternative way to do this would be having the first option say "Send using
Coinbase" and the second option be "Send using the Bitcoin network," or
something to that effect.

~~~
barmstrong
Ok good feedback. While technically it is correct that you are sending _to_ a
single bitcoin address (your payment can actually come _from_ multiple bitcoin
addresses) I agree it's confusing and the the distinction isn't important to
more users.

It now reads like this: <http://cl.ly/image/2n3Y3F261o1s>

~~~
javert
Sweet, I like it much better that way.

Good point that your payment likely would come _from_ multiple addresses, I
had overlooked that.

------
mtgx
Have you taken note of this possible vulnerability? You guys need to be more
careful about security. You may only get one shot at this, if you get bad PR
this early by getting hacked.

[http://www.reddit.com/r/Bitcoin/comments/14c7q0/coinbase_lau...](http://www.reddit.com/r/Bitcoin/comments/14c7q0/coinbase_launches_payment_buttons_an_easy_way_to/c7bwmzt)

~~~
DoubleMalt
This is another case of convenience vs. security.

The Stripe button poses a similar problem, even if credit card number and cvc
are arguably not as bad as actual login data.

But it is much easier to create a frictionless user experience if you do not
have to redirect people to somewhere outside your side.

I recently implemented paymill payments and also there the only assurance for
the customers is the 3D-Secure iFrame, if their credit card is 3D secure
enabled ...

~~~
dlitz
> But it is much easier to create a frictionless user experience if you do not
> have to redirect people to somewhere outside your side.

Under this model, how do you train ordinary users to avoid phishing?

~~~
DoubleMalt
Beats me.

Of course the situation is unsatisfactory. But I like the 3D-Secure approach.

Unfortunately the implementation is card provider specific and quality varies.

I had a VISA once where I could enter a custom phrase that was displayed to me
on every "verified by VISA" dialog.

Combined with displaying the dialogue in an iframe this practice seems strike
the best balance between usability and security.

Of course as coinbase would have to implement something like this by
themselves, but I that seems feasible.

------
e1ven
I'd love to transparently accept BTC on a website I'm building, and have the
merchant company send me a check every month..

I'm really hesitant to use (and thus implicitly recommend) Coinbase, since
they're asking for Bank username/passwords from users.

Even thought it's not necessary, it makes these guys really look rather Shady
to me, so I'm really reluctant to use their solution.

Has anyone else worked with Bitpay or other providers in this space? I'd love
to hear how things went for you.

~~~
barmstrong
Founder here - just wanted to clarify that bank username/password is not
required, you can also use deposit verification. But glad to hear you're
interested in accepting bitcoin. Thanks!

~~~
clark-kent
I think it is reasonable to remove the bank username/password requirement. All
it does is raise red flags for potential users.

------
josscrowcroft
Congrats Brian! I'll be integrating this on <https://openexchangerates.org>
pretty soon (as well as including the BTC rate in the OXR API)

#edit - just wondering, would it be necessary to include another BTC checkout
button, e.g. from mtgox? Or can _any_ BTC user _anywhere_ use this button to
checkout?

Also - a big one - is there/will there be support for recurring payments?
Actually, is that even possible?

------
Osiris
Are there plans to make it possible to just receive the bitcoins directly
rather than a cash payment in a bank account? I'd like to accept bitcoins but
have the coins transferred to my wallet.

~~~
barmstrong
The default is just to receive bitcoins.

Cashing out to a bank account is optional and not on by default.

~~~
Osiris
Can you set the price in BTC rather than USD?

------
ww520
How does refund work with Bitcoin? Since Bitcoin can have big swing, some
users might opt to get the refund of bitcoin after a while.

~~~
wmf
Merchants should refund an equivalent value of BTC, not the same amount paid.

~~~
DrStalker
Why? Serious question, if I get a refund the amount isn't compensated for
changes in the Australian dollar.

Either the buyer or seller will lose out if the value of bit-coins change, so
is there a compelling reason for picking which party that is other than
"merchants have the control to give whatever refund amount they want"

~~~
wmf
Considering that customers generally get to choose whether and when (within a
certain window) to ask for a refund, refunding the same amount of BTC gives
customers a license to steal.

------
mtgx
What are the limitations regarding the location of the users or merchants, if
there are any? Can I send and receive Bitcoin through Coinbase to and from
anywhere? I assume the bank thing only works with US banks?

I'm not sure about the color of the button. Seems rather dull to me, and might
be easily missed. You might want to A/B test that.

I like what you're doing, though. An easy to use Paypal-like service is very
needed in the Bitcoin world. Wasn't Reddit a YC company, too? Maybe you can
convince them to use your service instead of Bitpay, since they were thinking
about using Bitcoin anyway.

------
te
What is coinbase's strategy re dispute resolution?

------
kirian
Bitcoin merchant services sector is really heating up. Bitpay.com making big
news with the recent Wordpress announcement, Walletbit
([http://bitcoinmagazine.net/walletbit-launches-bank-
transfers...](http://bitcoinmagazine.net/walletbit-launches-bank-transfers-
for-merchants-in-europe/)) growing and adding more features and now Coinbase
joining in. This open competition allowed by the open source nature of Bitcoin
is great to see.

------
MarxGames
I am almost ready to use this service but have some questions first:

1\. Are Instant Payment Notifications sent only once with 0 confirmations?
(hoping no)

2\. How do I verify that the IPN is really coming from Coinbase? (hoping some
simple signature check)

3\. If I created a button worth 1.99$ then will it adjust BTC amount based on
the current exchange rate or will it be static? (hoping it will adjust itself
over time)

4\. Also is it possible to see and edit buttons at a later time(hoping yes)

------
jacoblyles
This looks amazing. I've held off using bitcoins until now because of
usability issues. This product looks like it can change that. I'm signing up
today.

------
UnFundedHype
Now how about a one button way for my users to buy bit coins. Buying bitcoins
is an exhausting user experience

~~~
yebyen
You should just ask them to mail you cash. It's about equally reliable, from a
buyer's perspective.

~~~
drivingmenuts
I can spend cash at the corner store if it comes down to it. Bitcoin, not so
much.

~~~
yebyen
Now, there's an argument for greenbacks. McDonalds takes greenbacks. Brb
guys... fry cravings.

------
kragen
Hi Brian, cool, congratulations on making it this far! Do you think the
several hours latency to the bank account deposit is going to expose people to
too much exchange rate volatility?

~~~
wmf
Since Bitcoin is unregulated, if they wanted to I guess Coinbase could lock in
exchange rates at any time they choose (e.g. the time of the transaction) and
then do the exchange later. Since that effectively shifts the currency risk
from the merchant to Coinbase, they could choose to charge extra for such a
service.

------
fruchtose
Compared to other Bitcoin exchanges, I have high hopes that you guys are more
confident. Taking a page out of Stripe's book is the right move, because you
look less like previous Bitcoin sites and more like a startup. If Coinbase
suffered a security breach I would be very disappointed.

------
kenj0418
Great - now we only need a 'Why To Accept Bitcoin On Your Website' article.

~~~
kirian
Some good "Why To Accept Bitcoin" reasons in this article:
[http://www.forbes.com/sites/jonmatonis/2012/11/16/whats-
your...](http://www.forbes.com/sites/jonmatonis/2012/11/16/whats-your-bitcoin-
strategy-wordpress-now-accepts-bitcoin-across-the-planet/)

------
frozenport
Suggestion 1: Offer to convert user funds to bitcoins (works as an annoying
service). So you act as a money proxy.

Suggestion 2: Explain what bitcoins are for shopping cart users

~~~
Karunamon
#1 puts you in shaky legal territory at least in the united states, since cash
exchange services have a huge litany of regulations.

------
capdiz
Can my bitcoin payments be sent to an external site or external bitcoin
address other than a US bank account since i don't have one.

------
ROFISH
The button is working on Chrome/Windows but not Firefox/Windows. (Amusingly,
it also works in IE9/Windows)

~~~
barmstrong
Thanks for the bug report! Just pushed out a fix for Firefox. Live in 5 min.
Thanks!

------
discountgenius
Are you working on plugins for integration with existing shopping carts?

------
viraj_shah
Great job Brian. Seems similar to one click Stripe button.

------
johnnyjustice
Is this a dangerous thing to put on ones website at all?

~~~
yebyen
Dangerous? The only danger is that you might pay 1% fee when
sending/converting your earnings back to USD. Also possible that the value of
bitcoin tanks overnight, but there are historical charts that show this has
not really happened but just once.

What kind of danger are you thinking?

The exchange could also go under and/or rob you. You should be careful about
to whom you give your bank account numbers.

~~~
tmh88j
>What kind of danger are you thinking?

My guess is he's referring to one of the many "dealers" that were hacked and
had bitcoins stolen.

~~~
yebyen
That would fall into the category of exchange going under.

Similar risk to cash in the mail, except with cash in the mail there's nothing
you can do to protect yourself (or prove that delivery was accepted.)

~~~
Karunamon
> _That would fall into the category of exchange going under._

Bitcoin exchanges are not like Paypal, it's a terrifically bad idea to keep
your coins in a wallet controlled by a third party for any length of time.

~~~
gknoy
What do you do with them, then? I thought the point of Coinbase was to have a
hosted wallet. I'm not sure I trust my security better than theirs. If the
reply to that is that I should not be using Bitcoin, that's probably a sign of
an issue that may limit widespread adoption.

~~~
jlgreco
Treat your local bitcoin wallet like your bank account, and treat your hosted
bitcoin wallet like your leather wallet in your pocket. Only keep what you
need in the leather wallet / hosted wallet.

Local wallets are easy to keep secure. Just keep it on a flashdrive, don't let
it touch your harddrive, and don't use it on a pwnd computer. If you want, you
can even keep that flashdrive in a real bank.

~~~
mcherm
Evidence shows that the track record of hosted bitcoin accounts is a bit
disappointing.

But the evidence seems to show that the track record of bitcoin accounts kept
by individuals is significantly worse. For instance,
[http://arstechnica.com/tech-policy/2012/10/78-percent-of-
bit...](http://arstechnica.com/tech-policy/2012/10/78-percent-of-bitcoin-
currency-stashed-under-digital-mattress-study-finds/) and I think I am safe in
concluding that a significant portion of those "non-circulating" bitcoins are
actually lost.

So my financial advice would be that you are better off trusting an exchange
than trusting your own storage and backup procedures.

~~~
yebyen
7 million bitcoins are "lost" because they haven't circulated in the last 3
months?

Maybe you have found evidence of an elaborate ponzi scheme that we are all
played by, but I don't buy your conclusion, and it's not the conclusion of the
linked article.

If only 90,000 bitcoins held by/moved through a small group is driving most of
a total of 423,000,000 bitcoins transacted, then I'd say the rest of the
owners of the 9mil bitcoins in existence owe those guys a debt for stress-
testing the grid.

You can use a cloud bitcoin wallet, like BitcoinSpinner, which is implemented
on top of the BCCAPI. While I have not read the actual API, and I'm not sure
this program is open source, I can tell you that it promises your bitcoins
cannot be stolen from the cloud!

If that's not good enough for you, and you don't trust your own safe box in
your own house, then I'd suggest you run back to your FDIC insured bank, or
better, start reading. It's shameful to hear Hacker News readers saying they
don't trust their own data to stay safe.

~~~
mcherm
> It's shameful to hear Hacker News readers saying they don't trust their own
> data to stay safe.

Look, I am a reasonably skilled programmer, and I _work_ for a bank. I know a
great deal about keeping data safe and keeping it backed up well. I have
written simple cryptography algorithms for addressing these sorts of issues
(like secret sharing). And I know enough to realize that these are HARD
problems, and leaving them to professionals works better than thinking you are
smarter than the rest of the world.

As an example, it sounds like you store your bitcoins in a safe in your house.
Nice system... I'm going to assume that your safe is fireproof, and that you
were careful about not storing the data elsewhere. Now here's a question: if
you die, will your heirs know how to retrieve the value, or will it be lost
forever? Those are the sorts of hard problems that an institution can probably
handle better than you can.

