1. There is no such thing as a "pending" ban or Steam admin. Anyone threatening your account is a scammer trying to scare you. Read more.

A hypothetical escrow service

Discussion in 'SteamRep General Discussion' started by Salmon, Apr 26, 2016.

  1. Salmon

    Salmon Caution on SteamRep

    Messages:
    1,926
    Steam:
    STEAM_0:1:21003377
    Before I even begin, let me ask that you keep an open mind. I'm not saying that something like this would be perfect or even work how I think it would, I'm just asking for opinions on it.

    Many people have asked about the creation of an automated middleman service. This is sort of a potential way to do that, by attempting to solve some of the (severe) issues that would plague a naive automated middleman.

    The idea of the hypothetical escrow service is to provide 3rd party identification of users in a unique per person manner, and transaction security by having static escrow for both sides of the trade.

    The escrow service aims to solve two problems:
    1. Scammer alts are a plague - it's relatively hard to link a scammer to a new account if they take any time to hide.
    2. There aren't enough trustable, active people available to middleman for the entire community, and even if there were impersonators are one of the more common scams
    First, user identification. This is a hairy issue - right now, our ability to identify someone extends to their (volunteered) steam account and their (easily VPN'd) IP address. Though other methods of identification exist, such as keeping a database of user paypal addresses, bitcoin addresses or heatware profiles none of them solve the issue of "uniqueness." In a perfect world, users would be asked to provide a photo of some form of government issued ID - driver's license, passport etc. Simple OCR allows for reading of name & ID #s off of the documents. The photos would never been shown to other users, simply used to verify users. Some say this is extravagant. I think it's a viable optional method of verifying an account.

    Second, "static escrow." A normal escrow is very similar to our current middleman ideology. When a deal is ready to be done, the escrow takes both side's goods/payment and then gives the goods/payment to the correct parties. In this "static escrow" assets are always held by the escrow service, and the deals are done normally with the escrow stepping in only if a deal does not go well. After establishing an account, users can deposit into escrow (using non-refundable payment sources, such as bitcoin or checks). Beginning a deal "locks" the established amount of escrow from both sides, not just the side going second, and then "unlocks" it once both sides agree the deal is completed. If anything goes wrong, both sides are asked to provide full copies of communication and proof of transaction. The key difference from a naive automated middleman is that in order to attempt to manipulate the escrow, the scammer must put up assets of at least however much they want to attempt to scam, and would only make a profit if they can successfully convince the escrow that a scam did not happen. As well, the "locking" means that they cannot attempt to double-utilize their escrow'd assets.

    Trolls would still potentially be an issue, but again, they would have to put up money in order to troll and proper identification means that they would be hard pressed to do it more than once. There is also the idea that the static escrow alone, using just normal identification methods would be enough - hence, why hardcore ID may only need to be optional.

    Just some thoughts I wanted to put out there. Opinions?
  2. Horse

    Horse Administrator SteamRep Admin

    Messages:
    76,831
    SteamRep Admin:
    STEAM_0:1:34690691
    It would be the most impersonated account EVER!
    Roudydogg1 and schmed like this.
  3. Salmon

    Salmon Caution on SteamRep

    Messages:
    1,926
    Steam:
    STEAM_0:1:21003377
    Not an account, a website.
  4. Nebras

    Nebras New User

    Messages:
    249
    Steam:
    STEAM_0:0:92811415
    it is a good idea that will go terribly wrong if not done right
  5. Roudydogg1

    Roudydogg1 SteamRep Admin Friend Community

    Messages:
    1,846
    SteamRep Admin:
    STEAM_0:0:58227918
    Always very hairy, I don't believe in automatic escrow services and (insert related subject here)'s, I still hold firm that a human would need to check every transaction, which, of course would make the 'automatic" part redundant.
  6. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,991
    SteamRep Admin:
    STEAM_0:0:89705646
    • If doing escrow via a website, it has to handle and safe keep both sides of the trade, which means both the traded items and the money. It will be hard to evade the chargebacks from scammers as such without applying a "cost" of a % that people will find too often too high (they'll find any % too high is my impression, even if I could condone such escrow).
    • As you might be aware off, some electronic payment systems like Paypal and others are... cumbersome at best with the charge backs having them occur even sometimes over a year after the transaction.
    • Verification of both sides of the users will need to check both sides of the trade. Sellers might be alternate accounts of scammers, buyers might be scammers that will charge back. Verification measures will in part need to be secret, and based on a lot of different external information sources.
    • Impersonation of the bot handling item trades will become a problem which may be evaded by a smart procedure. (bot should be empty, so no bug can be abused, and maybe even get the item to a 2nd bot to prevent either party abusing the bot or w/e if something goes wrong or they can "hack" it etc, like seller Trade Offers it to "seller" bot, Bot moves to a in-between (hidden) account, buyer pays, then the item is moved to the "buyer" bot, or w/e safety can be made up)
    • Usage of the system should be layered for higher amounts over time, at start only can do like things for up to $ 50, a week later for up to $ 100, or whatever scheme has been come up with. Influenced by the # of trades done over what period etc.
    • Higher value trades should be manually checked or given permission manually etc.
    • Outside all of that, escrow services have some hefty fees per country / state etc. You might want to look into that before even considering such.
  7. Salmon

    Salmon Caution on SteamRep

    Messages:
    1,926
    Steam:
    STEAM_0:1:21003377
    A human would only need to check the transactions if one side of the deal requests it. If one side requests it, both sides have their assets locked up, which would reduce trolls/scammers attempting this (especially since once a human does come verify, it's highly likely the troll/scammer would get found out).


    It's not a normal escrow service. There is no bot. It's not steam dependent, it will work for any game. It holds non-refundable assets long term and never touches the assets being traded in any given trade.

    I think an example might help people understand better.

    Alice and Bob want to make a trade. Alice wants to pay Bob $100 for a CS:GO knife. Alice, being a long time member of the escrow, already has $300 deposited. Bob is new and hasn't deposited anything yet, so he quickly sends $100 in bitcoin to the site. Once his escrow balance is updated, they initiate the trade. On the escrow site, Alice sends Bob a "trade request", detailing that she will pay him $100 via paypal for his CS:GO knife and requests $100 be locked in escrow. Bob accepts the request. The escrow "locks" $100 from both Alice and Bob, meaning that neither can pull money out of escrow, Alice can only escrow up to $200 and Bob cannot escrow any trade. Alice pays Bob the $100, and Bob trades Alice the knife. They both click "trade confirmed" on the escrow service, and their $100 unlocks. Now they can both pull out their full $300 or $100 respectively, or ensure trades via escrow of up to $300 or $100 respectively.

    If Alice tries to scam Bob or Bob tries to scam Alice, both of their $100s stays "locked" until a human comes and reviews the case. Both sides would be asked to provide all details of communications and proof of payments, similar to an SR report right now.
  8. Salmon

    Salmon Caution on SteamRep

    Messages:
    1,926
    Steam:
    STEAM_0:1:21003377
    Extra note on the Alice/Bob trade above: Even when the trade goes smoothly, both sides are asked to upload full details of communications for potential later verification. Though the trade is only $100, they could have agreed to a higher escrow amount with $100 set as the "actual value" amount - this is a further method to stop trolls and scammers, especially when dealing with new accounts. Even though the escrow service is providing help, there is still a question of who goes first - in this case, Alice's long time membership of the site (and assumedly many past, verified trades) would mean that Bob (with a new account) trades the knife before Alice pays via paypal. This is also another method of stopping trolls & scammers, since to even attempt the (very low % success chance) scheme, they would have to heavily establish their account. Finally, since the deal is happening via paypal, Alice would be shown Bob's paypal address directly by the site. Bob must verify and link his paypal to the site, preventing trolls/scammers/hackers/typos from interfering. As well, Bob is shown what address to expect the money to come from, to help prevent account switchouts for chargebacks. As mentioned earlier, once completed this trade would be in the history of both members, allowing for the site to also give a verifiable form of rep.

    Other examples of things the escrow service could handle:

    James and Dan want to make a trade. James wants to pay Dan 200g World of Warcraft gold for a $10 League of Legends RP code. Since neither of them have a Steam account, James is logged in with a username that has been verified via mobile number, and Dan is logged in via a username verified by his driver's license.

    Sean and Kate want to make a trade. Sean wants to pay Kate 2 BTC ($900) for her to build a gambling website for Sean to run. The escrow terms state the expected timeframe of three weeks. As well, since Sean wants to pay via non-refundable BTC, he sets the escrow to pay upon delivery - rather than paying Kate directly, when the website is finished Kate gets the $500 added directly to her escrow balance, to cash out in any way she sees fit.

    Colin and Mark want to make a trade. However, Mark is a dirty scammer and tries to give Colin a link to a fake version of the website to trick him and steal his $300 deposited already in escrow. Unfortunately for Mark, all users are required to use email 2 factor authentication, and are prompted to create phone 2fa when they make their first deposit. As well, even if Mark bypasses the 2fa, deposits can only be withdrawn to the same source they were paid in with unless they manually add a new method, which requires a few days wait and sends notifications to all contact methods the user has in place. Attempting to remove a contact method sends notifications to all contact methods, and requires a few days wait. If Mark wants to troll and lock up all of Colin's deposited escrow he can't, since any attempt to open a trade requires 2fa with the registered email address, or phone if phone is set up. As well, since locking up Colin's escrow requires locking up someone else's escrow as well, Mark has to have another account hacked as well.
  9. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,991
    SteamRep Admin:
    STEAM_0:0:89705646
    You mean they both can use each their $200 then. (100 was transferred from Alice to Bob, alice had 300, now 200, Bob had 100, now 200...). And you need quite a few "confirms" nowadays on BTC

    new reply: well, the problem arises with other deals that are not "visible" like on steam later on (trade history) or any "evidence" to them to be possible to check. There is no trade history in a lot of other environments, you will end up in a lot of "he said vs she said" arguments, neither can provide the proof needed to decide upon. It's why we don't do reports of trades outside of Steam trading, its simply not valid.

    Your other example of someone delivering a website for money, requires for the person reviewing it knowledge on the matter, and able to check stuff of it. I remember a case asked here in General Discussions about someone wanting a website, the "programmer" copied some code for from someone else and threw that to the buyer, and then blamed the buyer for "not knowing how to use it" and hadn't even bothered to edit out the remarks of the original maker in the code. But people can be smarter with that crap, and deliver a barely working crappy thing. There are thousands of scenario's where the knowledge of the person to judge upon the question isn't high enough on that specific subject. Especially when its "generic". We already run in problems with this sometimes with some outlandish traded stuff of games we don't know, and have to ask more information.
  10. Salmon

    Salmon Caution on SteamRep

    Messages:
    1,926
    Steam:
    STEAM_0:1:21003377
    It is not a payment service. The payment is external. So Alice has $300 in escrow and Bob has $100 in escrow. This is not spendable money. They create the trade request and both agree to it. Now Alice has $200 available in escrow to escrow other trades, and Bob has $0. Both have $100 locked by escrow. Let's say Alice is also a new account, and decides to go first. Alice pays Bob $100 in paypal. If Bob runs, then Alice shows the evidence to escrow and gets the $100 that Bob had locked in escrow. Bob gets a net of $0 and an IP ban. However, if Alice has more verified trades or a more verified account, then Bob would have to go first. If Alice runs, not only would her remaining $200 be lost (realized now that while anything is locked by escrow users should not be able to withdraw, only use in further escrow) but she would have still essentially paid the $100 for the knife, since Bob would then get the $100 escrow locked.

    This is always a risk. However, in order for a troll/scammer to get into this situation, they have to deposit however much money they want the deal to be, and then find someone who will go first with them despite likely having a newer and lesser verified account.

    This comes down to the buyer/seller. As soon as the website is up to snuff by the buyer's standard, they can hit accept. There is no need for the escrow to ever look at the website unless the buyer is unhappy. In this case, it is up to the buyer to have carefully set terms in their trade request. Something like that is actually cleaner cut than say trading of Steam codes, since a website is so easily visible and requested features can be enumerated from the start.
  11. Salmon

    Salmon Caution on SteamRep

    Messages:
    1,926
    Steam:
    STEAM_0:1:21003377
    By and large, the main "no-history" issue would be with game codes. (Steam wallet codes, league RP codes etc) A solution to this is a form of remote desktop - rather than enter codes in themselves, users are given a remote desktop view of a desktop that has the game/service installed, completely refreshed after each use. They don't ever even see the code, they just log in and the escrow puts in the code given by the seller. In this way the buyer has no ability to use the code elsewhere and then claim it was fake, and the seller cannot give a fake code and blame the buyer. Of course, this requires some additional resources on behalf of the escrow.
  12. SilentReaper(SR)

    SilentReaper(SR) Retired Staff

    Messages:
    11,991
    SteamRep Admin:
    STEAM_0:0:89705646
    Ah, you mean the money in escrow is not the money transferred, but a held upon amount by the site that isn't transferred at all, the real transfer is outside of that... Hmm, that won't hold back Chargeback scammers... they got at least 3 months, and up to over a year.

    Can't really condone remote desktop usage. We really do not want to promote such usage by day2day trading.

    But anyhow, tired and other things to do. maybe I'll re-read later.
    Roudydogg1 likes this.
  13. Salmon

    Salmon Caution on SteamRep

    Messages:
    1,926
    Steam:
    STEAM_0:1:21003377
    Unfortunately, I don't think there's any way for us to stop chargeback scammers. It'll always be up to the seller to verify their buyer.

    Remote desktop is the wrong term, I completely agree with keeping a very strong line against remote desktop in normal trading. More that it would provide a method for users allow the escrow to log in and redeem codes on behalf of the users. Obviously, would need a lot of careful design to make it secure.

    Thanks for giving input on this, any help & feedback is greatly appreciated.
    Roudydogg1 likes this.
  14. Sebastian Nielsen

    Sebastian Nielsen New User

    Messages:
    36
    Steam:
    STEAM_0:0:5443765
    One thing related to this:
    How does it work when a human middlemen gets trade banned due to chargebacked items that he "middlemenned" with? Im not talking about the payment now, but the items, when the items was purchased with a stolen CC and then send through a middleman to a trade partner, to "convert" the stolen CC into usable paypal money that will not be refunded.
    And how does bots on for example CS:GO lounge solve the same thing?


    If those items can be solved (with some formal agreement with valve or something), I think its better to design the system like valve's "trade request" system.
    -----
    So you can depoist money, bitcoins and such, and then some system so you can convert the depoisted bitcoin, money or something, into a "tradeable object" (that is of course only visible and available on the escrow site).
    Of course, system needs to be protected against chargebacks on the money part,this could be done by only accepting "safe" payments, like uKash, PaySafeCard,Bitcoin, and such.

    The system is completely anonymous, each people login with their steam account to the system, BUT, theres no visible user profiles, no user communication, and no possibility to link to accounts, the only way you see is trade requests that fit "your items" (see later).

    The only thing you can do in the system is:
    Publish a trade request.
    View, delete or change your trade requests.
    Withdraw or depoist items and/or money.
    Accept someone elses trade request (that fit your depoisted items).
    (Note: all trade requests are simply anonymous, nobody can se who have published a trade request)

    Then you create a trade request, in the exact same way as the valve's system work, but in a somewhat more complicated way.
    The trade request is made public, and you can create as much trade requests as you want, the only thing that is required, is that you can only select items you have currently depoisted, on "your side".

    The interface for setting up a trade request would be very complicated, where you can check boxes for with items qualities to accept, in a automated fashion, so you can define exactly how you want to trade. Somewhat like "market" but with items instead, and this interface will internally build up a string like this:
    I want to trade away a AWP | Asiimov - Factory new against:
    ( 0,1 bitcoin ) OR (money: 200$) OR (CSGO KEY TYPE(Any))x25 OR ((AWP | Case hardened - IQ(Any) AND (P90 | Case hardened - IQ(Factory new OR Battle Scarred)) OR (Karambit | Any) OR (SteamGames (REQUIREDTAGS(Action AND FPS AND Puzzle) OR REQUIREDTAGS(RPG)) AND STOREVALUE(>250$) AND NOTOWNED=true)

    (Notowned = true will simply hide the trade request for people that cannot fullfill the trade request with games that you don't own. If Notowned = false, it will only acccept games that you already own - for the purpose of further trading. Omitted = accepts any game that match the other tags)

    And, then when you login to the service, you only see trade requests that you could fulfill, where the "request string" matches one or more items you have currently depoisted. And if you want something, you just click a single button, then any outstanding trade requests that you have published that no longer can be fulfiled, will be autodeleted, same will happen at the other party, and items will change hands.
    After this has happened, you are at square 1 again, and can continue clicking "accept buttons" to trade your received items against other items, until you decide to withdraw.

    By creating a anonymous system where you simply create static trade requests that any other person can accept, you prevent any communication between users, theres no quickswitching, no scamming, nothing.
    The only "scam" you could be victim of, is sharking/lowballing, but its your own responsibility to write a receive-item definition that will fit your tastes.
    Roudydogg1 likes this.
  15. Salmon

    Salmon Caution on SteamRep

    Messages:
    1,926
    Steam:
    STEAM_0:1:21003377
    I don't think you quite understand what it's trying to do. It's not a trading site. It's not a bot. It's not even going to be locked to Steam, much less CS:GO, any digital trade that requires trust would be able to use it. The writing is a little long, but read what I told SilentReaper. Remember: The escrow never touches anything during an actual trade. It only takes assets from users before a trade, so that users have something held escrow by a third party when an actual trade takes place.

    Side note, the trade system you described I actually mostly built out but with another layer of ingenuity. It allows for users to post instantly fulfilable, completely anonymous trades without having to give their items to a bot - you could keep playing until someone fulfilled your trade. Buyers could instantly find the best price for a given search parameter and buy instantly without having to wait for the seller. Ended up not being feasible due to Valve's outbound trade limit per account, as well as largely only allowing automated checking of trades for the sake of accepting trades. As well, the real fun part comes from the fact that any item can be priced by any other item when you have enough people buying and selling any given item. I don't want to clutter the thread with details, but you can piece together the idea from two concepts. One, publishing a trade to a website can be accomplished by sending a trade request to a bot with your item on your side, empty on the bot's side and some text (generated by the trading website) denoting what item/payment you're aiming to get. Two, the triangle of trades theorem - that if person A has X and wants Y, person B has Y and wants Z, and person C has Z and wants X, a trusted fourth party can make all three happy by spinning the triangle. If you have questions, please just PM me, I want to keep this thread about the escrow system.
  16. Sebastian Nielsen

    Sebastian Nielsen New User

    Messages:
    36
    Steam:
    STEAM_0:0:5443765
    @Salmon
    aah, so basically, you want to have a escrow service where the user depoist the item value of the other side (like "collateral" but to a third party), so if that user runs with the items, theres money or assets locked in to release to the scammed user.

    I see some big problems with such a service:
    What is "value"? When it comes to digital items, its very subjective.
    Letting the partner that "goes first" set the collateral/escrow, means theres a high risk of abuse of setting that price "extremely too high", and then abusing it, in the form of rejecting payment for the purpose of collecting the collateral/escrow. (Like blocking the trade partner before he could even send "his side" of the agreement, so you could then claim you got scammed).

    Making the system fair and no prone for abuse can be very difficult. The collateral needs to be slightly higher than the value of the person that "goes first", so theres no incentive to run with the items if they happen to increase in value, but the difference between collateral and items of "going first" does need to be low enough, so the losing partner cannot gain any advantage of collecting the collateral instead of the intended items.

    For an escrow to work without creating new scammer loopholes, it must touch the items of both parties.
  17. Salmon

    Salmon Caution on SteamRep

    Messages:
    1,926
    Steam:
    STEAM_0:1:21003377
    Please actually read through the thread before commenting. I've already covered all of those.

    To give a quick answer:

    1. Both parties have assets in escrow. Both parties must agree to the terms of a trade before the trade begins - this includes escrow amount.

    2. "Value" is in hard, non-refundable assets. Things like bitcoin, or even check deposit. Potentially keys or other stable game currencies if the service grows enough.

    3. The escrow is not fully automatic in the case of scams, only in the case where deals go smoothly. If either side believes the deal is not being met (as set in the original agreement both sides must agree to before escrow begins) then an admin can be called in. The idea is that by having both sides have assets locked in escrow neither can run.