Blockchain Voting System
How current system works
Users are allowed to vote after their identity is confirmed by an authority.
Votes are collected and counted by an authority.
The person who has the most votes, have the power for ~4 years, then we vote again.
Problems
The elected person can become irresponsible and corrupt within the ~4 year period and the citizens can't do much about this, they just have to wait until the ~4 years will expire.
A lot of money are spent for election campaigns because everybody is trying to get power for ~4 years.
How the new system works
Users are allowed to vote after their identity is registered in blockchain and confirmed by an authority.
Votes are stored anonymously on a blockchain.
It's possible to check if an user voted, but it's impossible to check for whom he gave his vote.
Votes are "realtime" (a new block is mined every XX minutes) and can be displayed on a billboard in the center of the town, so the elected person will watch it every day and work hard to maintain people's trust.
Users are allowed to change their vote every week (Sunday).
If the user didn't changed or updated his vote for X weeks, the vote is expired and deleted. That way the citizens will be more active (also this fixes the problem with dead users)
Problems
How to implement: It's possible to check if an user voted, but it's impossible to check for whom he gave his vote ?
How to implement users?
Authentication: biometric or just a key give by an authority. It must be very simple and secure for non technical users.
New user creation - new people who reach 18 years
Anybody must be able to verify if the user who voted is a real person (prevent flood from corrupted central authority who has the ability to create new users)
https://gist.github.com/moldcraft/e2eb508e10b9ae7e70d1
A voter produces a statement of how they wish to vote.
The voter blinds the vote, attaches the blinded vote to a proof of their identity, and signs it.
The central authority receives the blinded vote and verifies the signature. If the signature is correct, the central authority signs the blinded vote.
The voter unblinds the signed vote and uploads it to a repository or adds it to a blockchain anonymously.
The central authority must be able to produce one signed, blinded vote for every unblinded vote produced. So if there are 50,000 votes signed by the central authority collected, the central authority must be able to produce 50,000 blinded votes signed by voters.
The signed, blinded votes show who voted. The unblinded votes show how many votes each candidate or proposal got. There is no way to map the blinded votes to the unblinded votes, so there is no way to tell who voted for what.
Related
let's take the case of a client refusing to pay for incidentals for a car-rental example from strip's documentation.
what if the customer's bank requests the client's authentication, but the client refuses to do so... (refuses to pay)
before, we could directly bill the client even if he refuses to pay. but with 3DS I can't see a way to do that
In that instance you'd sadly probably need to get the law involved, as after September 14th there will be no way to charge a credit card in the EU without 3DS.
in our application we allow users to link card to their profile and use it later for payments inside our system. Recently we had a couple fraud attempts when users added stolen credit cards (so they knew all information about card, including CVV).
The only thing that we came up with is to make temporary payment of some small random amount so user can check bank transactions report and verify ownership by providing exact authorized amount.
Is there any other common proven ways to verify card ownership?
Yes, there are a couple of things you can do at the very least:
Validating the house number and postcode/zipcode provided to you with the result returned to your from your payment processor on the pre-auth (AVS - Address Verification Service).
3D secure verification (Mastercard SecureCode or Verified by Visa) - the user is redirected to their issuer's site (or one ran for them by e.g. Arcot) and has to enter a secret only known to them.
Validating a small random amount is also a good check to make, however this takes a few days whereas the above can be validated instantly.
I would like to implement a guarantee payment system on a website I'm working on. By that I mean that the user would insert his credit card information but no money would be drawn from it at the moment he does so. The money could only be drawn if the client does not show up at the hotel to actually pay for it. In that case the owner should be able to get some amount back. I was looking at Braintree payments but haven't found anything in their doc mentioning a system like this. How should I go about it?
You want to do an Auth Only transaction. Auth Only transactions are very similar to Authorize & Capture transactions except the transaction is not captured. The merchant is issued a six digit authorization number indicating that the funds are available and the transaction is approved. However, the merchant will not receive those funds until they capture the transaction.
Authorizations are only valid for up to 30 days from when they are issued and for up to the amount they were authorized for. For example, if an authorization was obtained for $100, the merchant may use this authorization for any transaction up to $100 for that customer. However, they cannot go over $100 with that authorization number.
An Important thing to note is that the funds from authorizations are frozen on a customer's credit card and cannot be access by that customer. From the customer's point of view, that money is essential spent. Authorizations should not be used without a customer's consent and with care.
Authorizations are captured when a Force transaction is processed.
I’m integrating authorize.net into my web application. I’ve used the direct post method (DPM)to charge the account initially. However, for each transaction I also need to set up automated reoccurring billing. How would I go about doing this without asking for the information again, particularly when after DPM posts the initial transaction, the credit card data is no longer available?
I also would like to get the status of each reoccurring transaction so it can be confirmed and followed up on if necessary.
You can't do that with DPM as it takes the user's credit card information off of your website so you don't have access to it. If you want to make an initial payment and then use ARB to create a subscription you need to use AIM with ARB.
You need to use the ARB interface in order to do recurring transactions but there are a lot of problems with it, like lack of support (send an email and wait a couple of weeks for a non-helpful response for example) and weak documentation.
Documentation for SOAP interface for Authorize.net ARB:
http://www.authorize.net/support/ARB_SOAP_guide.pdf
And for the XMl interface:
http://www.authorize.net/support/ARB_guide.pdf
ARB programming documentation:
http://developer.authorize.net/api/arb/
I just switched off of Authorize.net to USAEPAY. Here are some reasons why:
1. When you use Authorize.net ARB, your customer comes on the site to sign up, and you send the ARB request to create the subscription and you get back a success code so you give the user the subscription. Then later that night they actually try to collect the first payment and a lot of times this fails, so you get a spreadsheet emailed to you the next day about the problem. This is terrible because now you lost the opportunity to say to the customer at sign up time that the card is declined. Goodbye sale!
2. I don't know if they added this recently but they didn't have a way to verify if a customer's credit card is still valid. Imagine 3 months into a subscription the card is over the limit, or cancelled, or expired etc. You don't know so how do you prompt the customer to put in a new card? You just stop getting paid, unless you want to manually open these spreadsheets and start emailing customers. YUCK.
USAEPAY works much better, the API is easier, its much better documented and you get email responses in 1-2 days and its less expensive. For example, you can query USAEPAY to get a list of successful payments, and verify that you shouldn't deactivate the account for non-payment:
http://wiki.usaepay.com/developer/soap-1.4/methods/getcustomerreport
Before you go too far with AuthNet I highly encourage you to save yourself a lot of pain and contact FranchisePaymentNetwork (FPN) to get set up with USAEpay.
They can even POST BACK to your website to let you know if a transaction is successful or not for recurring billing transactions and you can query it to verify that customer payments are getting collected so you know if you should expire an account or not.
I am not affiliated with USAEpay or Franchise Payment Network except as a satisfied paying customer / consumer of their services.
I am developing an e-commerce website where some customers will be making frequent online purchases. With that said, I am trying to find a solution that will allow me to securely store credit card information, using Website Payments Pro, so customers do not need to re-enter credit card information every time that they make a purchase. I am aware of credit card "tokenization" services like Braintree, but they require you to use their entire payment platform. PayPal has confirmed that there are third party shopping carts out there that work with Website Payments Pro, that would securely store credit card information (as long as I am PCI compliant), but would not point me in the direction of one.
Does anyone know of a third party service that would fit my needs for this? Thanks for your time and help!
David
You can make use of PayPal's Reference Transactions API that makes a transaction ID as reference to make future transactions without entering their credit card information.This way your customers can make payments throughout the year.
Alternatively you can also make the billing agreement ID as the reference for future transactions.This way PayPal Payments Pro will pick the required details automatically from the previous transaction.Billing agreement ID has the benefit that it is not time bound for 1 year unlike transaction ID
It is very, very difficult to securely store credit card information. In fact, it was announced just two days ago that 130 million credit card numbers were stolen from major retail and finance companies that have far more resources than you probably do to secure that data.
I fully understand the desire to easily facilitate recurring payments. However, think though and understand the risk related to storing of credit card numbers before deciding to do so.
If you decide that you need to store the card numbers, I recommend hiring a security expert with a proven track record to help design your solution and then audit it once it's in place.
I think the better solution would be using paypal Vault
The Vault API provides a secure way to store customer credit cards. By storing cards with PayPal, you can avoid storing them on your servers.
so the flow should be as follow
you store customer credit card to vault, and get a card id back from paypal.
You can use that card id to make a transaction or save that card id with customer info in your database to make future transactions
Note:
A reference transaction must have occurred within the past 730 days because the ID may not be available after two years.
in the past, I have used aspdotnetstorefront, but it is an entire storefront application, including the payment gateway.
You can do this with PayPal Express if you don't want to use Pro.
https://www.paypal.com/cgi-bin/webscr?cmd=xpt/Marketing/general/RecurringPaymentFAQs-outside#Q9
Is that what you're looking for or are you looking for the actual code that uses their API?