You don't care that your system is insecure ?

Everything is done in plain text.

Do you plan on sending user::password pairs in plain text [sniff... sniff...]?

GFY reviewers was useful this time. Better be ready before to post new sites in gfy :)

There is OAuth2 Authentication in place. Placing your user::password is optional, it would be the case if you wanted to generate new token via API. The base AccessToken is generated automatically.

coinsbill.com/developers
coinsbill.com/dashboard/api-tokens

Not only username:password pairs but everything else.

Here's the code to create a new invoice

Email, First Name, Last Name, What Was Purchased, Email Address, Price Paid, Quantity

All in plain text.

There's also no data sanitisation that I can see.


Personally I would not trust a tech company offering billing services who can't even edit a $23 ThemeForest Web Page builder output correctly.

Then there's the single chair and desk with a computer in an otherwise empty looking apartment.

Then there's the address discrepancies that seem to pop up.

This guy has used the following addresses:

Apartment 710 / 3575 AVENUE DU PARC
MONTREAL
QC
H2X 3P9
CA

Apartment 512 / 3575 AVENUE DU PARC
MONTREAL
QC
H2X 3P9
CA

AV. GENERAL JUSTO, 151
RIO DE JANEIRO
RIO DE JANEIRO
200021-130
BRAZIL

PO BOX 8669
ABU DHABI
ABU DHABI
UNITED ARAB EMERITES

Then there's the fact that when he was asked who developed website he said he did and some others when in fact it's a $23 page builder output.

In his press release he claims the "company" has over 20 years experience in the payment processing industry however he is not in any of the LinkedIn Payment Processing or Risk Management Groups I am aware of.

He claims to have been on GFY before but "forgot the username".

He claims to have been in Mainstream but has a 2010 registered account on WarriorForum, 4 posts, all of which are gone because like the most recent one they were spam against WF rules.

Then you can look at his Github account and wonder why he has so many empty API's implementations for this service he is spruiking as the answer to everyone's Bitcoin processing needs.

Doesn't pass the smell test. :2 cents:

GFY Reviewers have been really helpful. We are new start-up in early stage, reviewers are only helping improve the service.

Lets take a look at examples of other processors that provide API services.

Here is an example of Stripe, exactly the same format, PLAIN TEXT


And Bitpay, same format, PLAIN TEXT

CoinsBill Data sanitation is done when the Data is posted via API.

Actually neither are true.

Both Bitpay and Stripe implement HTTPS so the data is encrypted during network traversal, unlike yours which is PLAIN TEXT.

Are you a complete idiot ?

Stripe uses SSL, you do not, how do you not understand the difference.

If anyone from GFY uses your service they are asking for trouble because it's obvious you have NO IDEA about what you are doing or security.

https://38.media.tumblr.com/323fe47f...vzrko1_500.gif

"We are launching!"

"are you sure?"

"no but we are launching anyway"

"That's strange we are not taking off"

"someone is kicking us back"

"you should not have forgot to take the fucking SSL with you"

"What's SSL"?

classic gfy beatdown :1orglaugh

For anyone who wants to understand why bobr is making a big mistake in his examples simply type the following into your browser address bar.

You will see the session automatically turns from a port 80 http session to a port 443 https session. In other words it defaults to SSL meaning communication to and from the API is encrypted.

Now do the same on his API

The session stays on port 80 as HTTP in plain text over the Internet.

No single transaction made on his platform is secure.

Worse still - and I'm not going to post how this can be done for obvious reasons - his entire system is exposed because he has an XSS vulnerability that took me about 5 minutes to work out.

(disclaimer for tech heads: ssl & http can go over any port but in this case 80 & 443 are the ones that apply here)

CoinsBill now has dramatically dropped it's Fees to 0.19% + $0.29 per successful transaction.

For Current Merchants at CoinsBill, the New Low Fees will be adjusted from Today, the August 28, 2015 per successful transaction.

Pricing still is 0 USD per / month. $0 Setup Fees.

But it's still insecure.

Anyone using your platform, especially in the wake of the Ashley Madison hack, might as well paste their customer's details in 20 foot high letters with fireworks and dancing girls.

:1orglaugh:1orglaugh

May I suggest getting a large sponsorship at one of the upcoming tradeshows in europe, then buy lots of bro drinks.

Should solve all the troubles and questions.

Great idea, except that he can't even afford an SSL certificate. :1orglaugh

The SSL has been setup long time ago.

We wish you a happy new year 2016, good health and success with bitcoin payments. With the start of 2016, tons of new features in place, we wanted show you new tools.

Brand New Developer Docs
CoinsBill API Reference

New Integrations
Integrations | CoinsBill


Lowest pricing. Transaction Successful charge of 0.19% + $0.29.

CoinsBill at the moment is the only Bitcoin Payment Service that caters to truly global merchant and sellers from all over the world, including the smallest countries. We accept all industries as well!

CoinsBill - Join the Digital Currency | CoinsBill

Ready to get started?

You came back for MORE ??