I trust Brian Armstrong / Coinbase more than Paypal, and Paypal also requires your routing / account number.

Full disclosure: I run http://howdoyoubuybitcoins.com/ and my wife's cupcake bakery, cupsandcakesbakery.com sells cupcakes for bitcoins in San Francisco (9th/harrison)

Paypal doesn't have my bank account information either.

How many Paypal users do you think there are? How many of those also have given Paypal their account information?

(honestly would like to know)

No idea. Lots. Paypal invests a lot in security. It's not reasonable to simply say, "if Paypal does X, it must be safe to do X"; for that to hold, you have to be putting effort comparable to Paypal's into security. Most startups don't, and can't.

Why do you think Coinbase is less likely than Paypal to lose your routing / account number?

There's a huge difference between supplying an account number and giving a service the login credentials for your bank account.

As far as I can remember, PayPal has never asked me for my bank account login details.

Looks like Paypal will also asks for your bank username and password for instant verification and has the same fallback option of 2 Random deposits.

http://www.ecommercebytes.com/C/abblog/blog.pl?/pl/2009/2/12...

PS: That or that blog's part of a great phishing scam.

> Looks like Paypal will also asks for your bank username and password for instant verification and has the same fallback option of 2 Random deposits.

That has not been my experience; the 2 random deposits are the first option, not the last resort. Paypal has never asked me for a user/pass.

What the hell? Seriously, what. Why? Why not use a token? Oh if only there were already protocols written to handle identity and access auth.

On the financial system's technological timeline, those protocols won't happen for another 20-30 years yet.

So, I originally signed up with a local bank, which takes 2-3 days (unfortunately). This is the same model that Paypal follows.

Since there is clearly a demand for buying bitcoins _quickly_, I believe Brian is providing both a good UX for those who want to just use their account / routing numbers, while also allowing people to get bitcoins in LESS THAN 10 MINUTES (I bought 1BTC today with coinbase / wells fargo).

I should note that Mint did the same thing in order to get access to transaction history, and they had 5 million registered users as of 2011 (source: http://qr.ae/8QB9G).

If the big banks addressed the need for APIs, startups like Mint and Coinbase could do this in a more sane way, but we're talking about big banks, and in the case of Wells Fargo they actually charge users a monthly fee for using Quicken to talk to their backend.

tl;dr- Mint asked users for bank passwords and got 5 million registrations. Likewise, Coinbase is just providing a "quick" ux path for the people who want to act quickly.

Mint was a read-only consumer of banking information. Nevertheless, the access Mint required from banks was so unusual that they were written up all over the news media for doing that, and apparently operated their own secure data center to hold that information. Further, Mint attested to doing quarterly external audits.

I'm not trying to militate against using Coinbase; I'm just saying, Coinbase and Mint aren't directly comparable for more than one reason.

"Mint attested to doing quarterly external audits?" Really? It seems they didn't, or at least I can't find evidence or mention of it, and Mint support doesn't know about it.

A Hackersafe pen test is not a security audit. A public company SEC-required annual audit is not a security audit either.

There is no audit if there is no public audit statement from the auditor. Without one, whatever security measures were taken cannot be called an audit.

Perhaps some reporters (like the ones that reported on the WMD-based justification for going to war against Iraq) didn't do their jobs properly.

Paypal is an established service, and you can check its track record. Coinbase is a new site, so we have no information about its track record.

It's not just that Paypal is established; it's also that Paypal has put millions of dollars into its security program. Most startups haven't even seen the amount of money Paypal spends on security in combined revenue and investment.

I trust my banks with all my money. That doesn't mean it's safe to trust any company with my money, simply because banks manage to do it. I don't trust arbitrary banks, either.

Yes, I agree.

I do think that a lot of Hacker News contributors have blinders on, wherein they devalue the work a big, established service has done, and compare smaller, less-established companies favorably to the same, because they have this narrative of young, smart developers "disrupting" old and established businesses. Its useful to remember that sometimes those big, old businesses are not actually brittle and incompetent, and may actually know more than you think. Don't fall into Dunning-Kruger.

I cannot count the number of times I have heard someone question why I couldn't do something when Google seemed perfectly capable of it. Do I look like I have a couple datacenters and an elite math squad in my pants?

Anyone you have every written a check to has your account & ABA numbers, printed on the bottom of the check.

In practice, the ACH system relies on fraud detection & prosecution rather than secrecy.

Like I said: ACH transactions can often be reversed; it is reasonable (though not entirely accurate --- in particular, business bank customers have few if any real protections) to model the risks of ACH transfers the way you think of credit cards. The same is not true of your bank account login information.

Agreed, and thanks for bringing this up. I added a response below with some more info: http://news.ycombinator.com/item?id=4703853