• Forum has been upgraded, all links, images, etc are as they were. Please see Official Announcements for more information

DashDirect Virtual Visa/MC Proposal Updates

I'm not familiar enough with what you're calling the "Visa Rewards Local" program (and others) to know what exactly this all means. I like the Dash Back (not the real name) feature, and that much is new to me, but could you please give us the "diff" (to use a coding term) between what is planned to land and the old Dash Direct MasterCard feature?

Will I be able buy things at (all?, most?) Visa-accepting merchants using Dash and without giving up any personal data?
 
I'm not familiar enough with what you're calling the "Visa Rewards Local" program (and others) to know what exactly this all means. I like the Dash Back (not the real name) feature, and that much is new to me, but could you please give us the "diff" (to use a coding term) between what is planned to land and the old Dash Direct MasterCard feature?

Will I be able buy things at (all?, most?) Visa-accepting merchants using Dash and without giving up any personal data?

The details of each of our 3 programs are posted here:

We will only be launching Visa Rewards Local and Visa Rewards Plus within DashDirect. There is no KYC in these programs and the cards will work at any Visa merchant in the US (Plus) or globally (Local; exceptions for sanctioned regions).
 
That sounds like what's now called "Local" is the *global* version. Not confusing at all :) - glad they will be renaming that.

The name was originally due to supporting local currency. It was not global, as it worked in the region where you live. The new program is easier and has a better UX, but is only in USD. It can be used globally, so we will rename it Visa Rewards Global.
 
Can't say any of them inspire me, sorry. Any other designs that didn't make it to this shortlist?

At this point, I would prefer a simple plain card with no pattern. I understand you are following brand style guidelines for the words "DashDirect", but maybe you could experiment with a plain black card with "DashDirect" in a bright green, a kind of reverse of the Wise card. Am just saying, you don't have to strictly follow brand style guidelines, there's plenty of room for artistic discretion.

Is there a special edition for those proving they are an MNO? I don't care for exotic materials such as metal, just a distinguishing design.
 
It's my pleasure to share a prototype for the new DashDirect, with the Visa Rewards Plus program integrated. A few very important notes about prototypes and how to use them and a few notes on this specific prototype:

1. A prototype is not a working application; it is a mock-up to show the user experience at a high level
2. A prototype does not include all features of the application, just specific features you desire to showcase
3. You can see which features/areas are clickable in the prototype, by clicking outside of the prototype (desktop viewing) or clicking in a non-interactive area of the prototype (for mobile viewing).

This prototype has the following features available to showcase at a high level:
1. Instant Creation of a Visa with no KYC with less than $1,000
2. Viewing the card
3. Adding the card to your Apple Pay wallet
4. Locking and unlocking the card
5. Instant Creation of multiple Visa cards with no KYC with an aggregate amount over $1,000
6. Scrolling through and viewing each card
7. Locking and Unlocking the cards

You can start your prototype journey here:

https://www.figma.com/proto/m5QfFRf...ng-point-node-id=50:7448&show-proto-sidebar=1
 
Do you mean for the DashDirect app, or for the prototype? The prototype works on desktop. DashDirect uses the Dash Core mobile wallet, and is only for mobile devices.

This is a deficiency, because in many parts of the world, revealing your phone number equals to KYC.
At least, we can use a wifi tablet, cant we?
 
This is a deficiency, because in many parts of the world, revealing your phone number equals to KYC.
At least, we can use a wifi tablet, cant we?

I believe you are conflating mobile app, phone number collection for 2FA, and KYC. We do support WIFI only devices. We just don't yet have a version for desktop use. For now, we do ask for a phone number to secure your account with 2FA, but we may be able to change that in the future. That is unrelated to the above and also unrelated to KYC. It doesn't matter where you are in the world, sending an OTP via SMS is NOT KYC. DashDirect does not perform any KYC for any users in any way.
 
I don't want to be so picky but for someone like me - which I accept is possibly the minority - when a financial service demands SMS OTP and refuses point blank to implement TOTP or U2F as an alternative, then yes, I definitely see this as soft KYC. It is compatible with "follow the money", knowing various logs will be created, even if it's not by the financial service themselves.

A working example of how negative SMS OTP is for foreign travel. The act of logging into a bank or the processing of transactions may at some point trigger an SMS OTP verification. For the customer this means:
  1. Use your home country SIM, which probably works but...
    1. it reveals and links who and where you are to the telcos and to all the people they share your data with.

    2. your home country SIM will expire if your stay is extended (definitely someone like me).

    3. you only have one SIM slot / phone and it's a PITA to switch SIM / drop the SIM / misplace it.

    4. Roaming may still be active even though you have disabled it in settings! This is 100% true, and the only way to be sure is to physically remove the SIM.
  2. I travel abroad and I don't know what my foreign phone number will be ahead of time, which is probably everyone.
    1. place a long distance call and sit in a queue for an hour before you can inform them of your new number and thereby reveal your current location, which should be none of their business. Assuming access to banking services but no forign ATM / in-store payments (which is also me).

    2. go online and upload new photos holding ID and so on. Not to mention the PITA it is to deal with time zones and weekends.
I realize I am the edge case here and many people are just super compliant, and the banks take advantage of this. And I'm definitely not saying Dash Direct is in the same league as these banks! But I think if you have a technically savvy customer that is familiar with TOTP / U2P, then I think, why not offer it as an option? It doesn't strike me as particularly high maintenance code.

Regarding app usage vs the web. A lot of services have a nasty habit of building a captive audience and then adding all sorts of required permissions later. Again, I am not saying this is Dash Direct!!! But this behavior grows general caution and distrust among certain users.
 
I don't want to be so picky but for someone like me - which I accept is possibly the minority - when a financial service demands SMS OTP and refuses point blank to implement TOTP or U2F as an alternative, then yes, I definitely see this as soft KYC. It is compatible with "follow the money", knowing various logs will be created, even if it's not by the financial service themselves.

A working example of how negative SMS OTP is for foreign travel. The act of logging into a bank or the processing of transactions may at some point trigger an SMS OTP verification. For the customer this means:
  1. Use your home country SIM, which probably works but...
    1. it reveals and links who and where you are to the telcos and to all the people they share your data with.

    2. your home country SIM will expire if your stay is extended (definitely someone like me).

    3. you only have one SIM slot / phone and it's a PITA to switch SIM / drop the SIM / misplace it.

    4. Roaming may still be active even though you have disabled it in settings! This is 100% true, and the only way to be sure is to physically remove the SIM.
  2. I travel abroad and I don't know what my foreign phone number will be ahead of time, which is probably everyone.
    1. place a long distance call and sit in a queue for an hour before you can inform them of your new number and thereby reveal your current location, which should be none of their business. Assuming access to banking services but no forign ATM / in-store payments (which is also me).

    2. go online and upload new photos holding ID and so on. Not to mention the PITA it is to deal with time zones and weekends.
I realize I am the edge case here and many people are just super compliant, and the banks take advantage of this. And I'm definitely not saying Dash Direct is in the same league as these banks! But I think if you have a technically savvy customer that is familiar with TOTP / U2P, then I think, why not offer it as an option? It doesn't strike me as particularly high maintenance code.

Regarding app usage vs the web. A lot of services have a nasty habit of building a captive audience and then adding all sorts of required permissions later. Again, I am not saying this is Dash Direct!!! But this behavior grows general caution and distrust among certain users.


And smth similar applies to Crowdnode and @ndrezza . For some strange reason, all these services rely on OTP (or even on TOTP) which could be considered as a soft KYC.

And for another strange reason, I cannot find an opensource command line interface(cli) software for OTP or TOTP. Me and @xkcd were trying hard to compile an (T)OTP cli software, but it requires a lot of irrelevant (and suspicious?) libraries that I wonder whether they reveal information about the hardware used to perform the (T)OTP procedure.

If someone knows an opensource cli (T)OTP software that does not reveal hardware information, let me know. I want to use it to subscribe both in Crowdnode and in DashDirect, while ensuring that my anonymity is safely preserved.


TOTP
TOTP credentials are also based on a shared secret known to both the client and the server, creating multiple locations from which a secret can be stolen.[4] An attacker with access to this shared secret could generate new, valid TOTP codes at will. This can be a particular problem if the attacker breaches a large authentication database.[5]
For the above reason, many TOTP implementations are also tied to the hardware. And because they are tied to the hardware, they can be considered a soft KYC.
 
Last edited:
I'm pretty sure I've seen TOTP as a script before, possibly php. IIRC the algo is quite straight forward. I'll take a look sometime.

I'm not sure I would describe TOTP as soft KYC, though it depends on how it's offered. For example, some services, such as tax services, will direct people to their own app for the OTP when in fact you can switch it out for an open source alternative. Of course, your average person would blindly install the app which might be sending home all sorts of sensitive data.
 
Back
Top