Coinbase CEO here, I can sympathize that this was probably frustrating but I think it stems from a misunderstanding about the service that Coinbase provides. In a purely bitcoin to bitcoin world, this sort of transaction would not be an issue and you wouldn't have a risk of an account being closed. But you're not trying to do a purely bitcoin transaction here - you are trying to exchange bitcoin into your local currency and put the funds in your bank account (this is what we offer with our merchant tools).
To offer this service, we (Coinbase) work with those bank rules and that is why you are seeing our service act much like the traditional financial world. You might not like this, but we didn't make those rules, and it is the only way I know of that works if you want to exchange bitcoin in the traditional financial world. (John's answer from the support thread you linked also explains this).
Accepting purely bitcoin-to-bitcoin payments would be one solution that might work for this if that is what you want (there are plenty of other solutions other than Coinbase for this). I should mention that we are probably at fault for marketing it more as a bitcoin wallet vs an exchange which has different implications to people (I think this is part of the reason for the confusion).
It's worth pointing out that we never converted our Bitcoin to any other currency (other than Bitcoin), it just sat in our account accumulating. We never actually tried to exchange into our local currency. Nowhere in your documentation or user agreements does Coinbase mention denying companies like ours (adult comic publisher). https://www.coinbase.com/legal/user_agreement (see APPENDIX 1)
I appreciate the response, but honestly I’m still disappointed. You have an opportunity here to create a new breed of payment processor and you are squandering it. I’m sure Coinbase is successful, but is that all you want? Are you okay being just another payment processor that happens to accept Bitcoin?
I am quite familiar with banks having varying levels of comfort with different industries (ours being adult comics), but that didn’t stop us from finding banks that were okay with what we publish and working with them. You should have relationships with multiple banks for situations like this. The fact that your company is locked into a bank that can arbitrarily deny merchant accounts, based on how comfortable they are with each business, is concerning.
More concerning is the fact that the first support email we received tried to pass our account closure off as a FinCEN issue, which only showed how little research was put into our case before the account was closed. How much effort is put into defending your merchants in situations like this?
Instead of closing accounts of small publishers or artists you should be defending them. You’d no doubt have a lot more adamant supporters. If you really do care, and you’re not just commenting to save face, I encourage you to reach out to the Comic Book Legal Defense Fund (http://cbldf.org/). They provide legal support and counsel for censorship issues like this. They have legally defended countless adult publishers, artists, and readers over the years.
As the CEO of Coinbase you have the resources to make a difference and fix situations like this for the future. Don’t be afraid to stand up and defend merchants, publishers, artists, or whoever else decides to use your service. If you want to be another payment processor that’s fine, but you could be so much more.
I think I did answer the question. He can't do business with us because our bank partners don't want to support certain types of businesses. If you are wondering why the banks don't want to support certain types of businesses, I could only speculate but I'd guess it is reputation risk and they may have seen that category as a front for other illegal activity in the past. But that is their decision to make, not ours.
That's the first time you've stated clearly why his account was closed.
It's still unclear to me why, if you have multiple banking partners, you don't have even one that would support an adult business. There is a lot of adult video and website business - they must have banks.
Furthermore, it's really the lack of transparency that rubs people the wrong way. When your customers are told that their accounts are frozen or closed all of a sudden and with almost no explanation, they are left flailing to try to understand what the heck is going on. It's like being kicked out of a restaurant half way through dinner and when you ask why, they just say "sorry, we can't continue to serve you..." I consider that method of dealing with your honest customers disrespectful.
This is another cloud service that allows free public API access, but it's the first one I'm aware of that is also open source. Much better to build a service or business on something you are in control of.
Very sorry for the trouble on this, the blame goes squarely on me for this - those emails should never have gone out. YC had nothing to do with this, and it was completely our fault in using this private list for marketing purposes.
There is really no excuse other than poor judgement and rushed decisions. I apologize and we will make an effort to be much more careful about this in the future.
To give an opposing view, as an applicant, I personally didn't feel there was any privacy breach. Everyone that applied knew they were applying to the entire conglomerate of YC companies, so when one sends a nice email, thanking all the applicants, there really should be no privacy issue. If anything, sending a more official looking email, explaining what it was for instead of just a transaction could have preempted any concerns.
Those systems are insured, and a lot more effort to steal and clean funds. Bitcoin is one stop fraud: get the coins and you're good to go. Don't need a drop to ship electronics, don't need proxies or remote desktop IPs to fool paypal/stripe fraud filters.
If I were a criminal blackhat would be nice to have user enumeration to confirm names on Coinbase so I could send personalized wallet stealing emails pretending to be from Coinbase.
Interac e-Transfers (the only widely used method for doing this I'm aware of) do let you send money to someone via an email address, but it's a notification channel, nothing more. An account enumeration isn't possible with it, the actual email is sent some time after the money for the transfer has left the source account, and the sender doesn't get any information about the delivery of the email.
I suppose you could send e-Transfers to random email addresses and then see if any are accepted, but that would cost you an absolute minimum of $0.01 per attempt and would probably have a terrible response rate.
Source: this is my day job.
Edit: sorry, forgot to mention this is Canada-specific.
I apologize in advance for the following unsolicited advice, but if there's anything that should have been learned from the press after the Gox implosion, it's that you absolutely must stay ahead on security and the perception of security. If you don't, the entire cryptocurrency ecosystem ultimately suffers. You have a responsibility far beyond your active userbase to be responsive and professional, rather than dismissive, especially when a whitehat is just offering up auditing. There's no obvious downside to rate limiting some types of API requests, so why not simply be responsive and do it?
We work with a community of security researchers who help us test these sort of things https://coinbase.com/whitehat including quite a lot on race conditions. We use a variety of datastores for different parts of the app where they are best suited.