Casascius Bitcoin POS system

From Bitcoin Wiki
Revision as of 23:19, 30 September 2011 by Casascius (talk | contribs) (First draft)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search
The Bitcoin POS system is based on the VeriFone Vx510 or Vx570 (pictured here) model of point-of-sale bankcard machines.

The Casascius Bitcoin POS system is a desktop retail point-of-sale acceptance system for Bitcoin "in a box". The system is based on a VeriFone Vx510 or Vx570 payment terminal, and allows merchants to easily accept Bitcoin payments from customers. It can optionally allow merchants to dispense (sell) Bitcoins.

The POS system features an Ethernet network connection, a 128x64 pixel backlit monochrome display, a receipt printer, and a 25-key keypad, all in a compact terminal. The Vx570 terminal also includes a USB port, to which a QR barcode scanner can be attached.

The POS system acts as a client for a central server run by (Somebody, Inc.). It does not maintain a Bitcoin block chain, but rather, sends SSL-encrypted queries to servers belonging to Somebody, Inc. in order to retrieve rate quotes and perform transactions. Consequently, it requires a constant Internet connection in order to function. Transactions cannot take place and rates cannot be quoted without a functional connection to the Internet.

Functionality

The POS system offers the following functionality for retail merchants:

  • Instant notification of received Bitcoin payments on the network - audible (beeps), and a receipt ticket printed
  • Real-time quote of exchange rates, automatically updated continuously from the source of the merchant's choice, and optionally computed with a merchant-definable spread.
  • Exchange-rate calculator, converts between local currency and BTC, prints rate quotes.
  • Printing of unique Bitcoin receiving addresses for accepting customer payments (receipt prints address both in text and QR code)
  • Ability to accept payments by scanning a QR-coded private key presented by the customer (requires USB barcode scanner)
  • Security from hackers and thieves: POS system doesn't store bitcoins or private keys, and cannot send or dispense the bitcoins it receives.

The POS system also offers the following functionality for merchants who wish to use the system to sell or dispense bitcoins.

  • Complete isolation from the receiving functionality. Dispensed bitcoins always come from a separate account dedicated to this feature.
  • Two-factor authentication: a PIN number and a fingerprint verification are required to dispense bitcoins. (Serial fingerprint module sold separately)
  • Two admin-configurable ways to dispense bitcoins:
    1. As a new private key printed on a receipt
    2. To load a Bitcoin stored-value or "gift" card, upon which a private key is printed under a scratchoff. Simply swipe the magstripe on the card. The bitcoin address is on the magstripe.
  • No bitcoins are stored on the terminal. Bitcoin purchases are executed on a remote server in real time.
  • Anti-theft tamper-resistance. The built-in tamper-resistance features of the Vx510/Vx570 terminals are used to safeguard a single private key that is checked by the server. If the terminal is opened or tampered with, this key is erased.

Usage

To use the Bitcoin POS system, simply power it up. After the boot screen, you will receive the main screen.

On the main screen, the following is shown:

  • Menu choices for F1 thru F4: (F1-New Address F2-Alerts F3-Scan Payment F4-Utils)
  • Time and date, and network status
  • Current exchange rate (use Setup to choose sources and to choose optional spreads)
  • Number of alerts (including new incoming transactions)
  • Number of transactions awaiting 6 confirmations

Initial setup

Initial setup is simple. Just take it out of the box, load the paper roll, and plug the unit into power and an Ethernet network. If you are using a barcode scanner, this connects to the USB port. If you are using a fingerprint reader (to dispense Bitcoins), this connects to the port with a calculator icon (this is normally considered the "PIN Pad" port in debit card processing environments). Please note that the Ethernet port and the PIN pad port look identical, and the plugs may fit interchangeably, but they are not compatible.

The Bitcoin POS system requires an Ethernet connection to the Internet to perform any functions. Without a good Internet connection, the network status will show "No network available", the exchange rate will be missing, and transactions will not be possible.

The POS system will automatically acquire an IP address from your network via DHCP, but if you need to set a static IP, press the * key twice, and enter the network configuration password (default: "2663") to access the network setup menu. When you change the IP settings, the terminal will reboot.

The clock is set automatically from the Somebody, Inc. servers. Use the web interface to set your local time zone. Daylight Saving Time is automatically adjusted where appropriate.

Accepting payments

From a smartphone user

To accept a payment from someone who intends to transfer Bitcoins using a smartphone, press F1. If you are expecting a certain amount of Bitcoins or local currency, enter the amount now, otherwise press Enter. Use the purple softkeys to select the appropriate currency units. A new bitcoin address and the expected amount will be generated and printed in text and as a QR code on the receipt printer. Hand this to the customer so they may initiate their payment.

Note: The same information will be displayed on-screen. If the paper roll is empty, the customer can scan the QR code or type the Bitcoin address directly from the screen.

When the customer makes their payment, this will show up as an alert on the terminal, and the terminal will beep three times. In addition, it will beep once every minute until the alert is viewed.

To view the alert, press F2. When you view the alert, you can see the actual amount that the customer paid, along with the equivalent in local currency. Note that when you print the bitcoin address, the local conversion rate used is locked for five minutes, and will be used if the payment initially arrived within five minutes of printing the address. Otherwise, the conversion rate in effect at the time the payment was received is used.

From someone presenting bearer items

To accept a payment from someone who is presenting bitcoins in the form of a typeable private key or a QR code, press F3. Then:

  • If the customer presented a QR code, scan it now.
  • If the customer presented a printed private key, or you do not have a QR code scanner, you may type it now. Enter each character on the numeric pad, pressing the keys repeatedly where you need a letter in place of a number. Private keys are case sensitive. Use the appropriate purple softkey to switch between upper and lower case.
  • If you are using the Vx570, you can optionally connect a full-size PC keyboard to its USB port.

After you scan a code, the total for all code(s) the customer has scanned is shown on screen. If there are more codes to scan, scan them now. Otherwise, press Enter.

Once you press Enter, the total Bitcoin value of all the scanned codes will be displayed. You will be asked what amount you want to capture. If you want to capture the entire amount, press Enter. If you only want to capture some of the amount and give change back to the customer, enter the amount now. If you enter an amount and have scanned more than one private key, you will be asked which of those keys the change should be returned.

Review and commit (accept) the transaction at the next step. Once you have accepted the transaction, it will be initiated on the Bitcoin network and will appear as "unconfirmed".

Notes:

  • Pay special attention to the confirmation status when customers present their own private key codes for scanning. The balance isn't swept from the private key until you actually accept the transaction.
  • It is possible that the funds on the private key can be spent by another person between the time you scan the code and the time you commit (accept) it. The Bitcoin POS system will show a zero balance upon the initial scan if the funds have already been spent, but it is possible, for example, that another person could spend the funds after they are scanned but before the transaction is committed. In most cases, you'll be notified within a minute or two (via the Alerts screen) that a payment was rejected by the network. Also note that if a payment consisted of multiple scans, all of them must be accepted for the transaction to go through. If a single scan gets rejected due to a double-spend attempt, the entire transaction gets rejected.
  • The Bitcoin network may charge a transaction fee under various circumstances. If you sweep all the funds from the keys present, the transaction fee will be deducted from the balance you receive. If you sweep some but not all of the funds, the fee will either be deducted from the balance you receive (default), or the change returned to the customer. This can be changed on the setup screen. Transaction fees charged by Somebody, Inc. are billed separately and are never deducted from transactions directly.

Ensuring transactions confirm

The Bitcoin POS system automatically notifies when transactions arrive. However, the moment they arrive, they are considered "unconfirmed". There is always a possibility that a transaction may be rejected, such as if someone attempts to spend the same funds somewhere else at the same time. This possibility decreases exponentially each time a payment receives a "confirmation" (which you can see by going to F4-Utils, then choosing Recent Incoming Payments). The Alerts screen is used for notifying you of rejected payments.

If a recently received payment is rejected, the terminal will repeatedly beep four times every minute until you view the rejection alert. In addition, the beeps will be in a lower pitch than usual.

Payment rejections are rare, and this is particularly true for low-value transactions. It's even rarer to have a payment be rejected after its first confirmation. The definition of a payment rejection is the receipt of another confirmed transaction on the Bitcoin network that purports to spend the same funds to a different payee, invalidating the original transaction paying you.

Due to the decentralized way Bitcoin works, it is possible (but very difficult and resource-intensive) for people to orchestrate payment rejections. It is believed that the cost of orchestrating a rejection are high enough to preclude it from being cost-effective to attempt on low-value transactions, but becomes a potential concern as transaction size increases. The risk of rejection on higher-value transactions becomes lower each time a confirmation is received. Particularly for valuable purchases, you may consider requiring a wait of several confirmations to ensure that the payment is unlikely to be rejected. It is common for Bitcoin merchants to wait for six (6) confirmations in low-trust environments.

Dispensing Bitcoins

If your account is set up for dispensing Bitcoins, access the Dispense menu by pressing the # key twice at the main menu, and then entering your Dispensing password. Note that there is no visual indication or menu option for dispensing bitcoins - you must memorize the # # sequence.

Note: If you have not yet set up a dispensing password, you may set one up at this point. Before that password can be used for dispensing, you must log on to the Somebody, Inc. website and confirm that password online.

If you have set up fingerprint authentication, touch your finger to the reader to authenticate.

At the Dispense menu, press a softkey. (Note that any or all of these options may be disabled in the setup menu).

  • F1 - Dispense to Printer - to dispense Bitcoins in the form of a private key printed on the printer
  • F2 - Dispense to Card - to add Bitcoins to a stored-value card.
  • F3 - Transfer to Address - to send Bitcoins to a scanned or typed address.
  • F4 - Exit Dispense Mode. Note that the terminal will automatically exit Dispense Mode if you don't make a selection within 15 seconds.

Note that the rate for dispensing is the admin-configurable "sell" rate and may differ from the exchange rate shown on the main screen. If you enter a BTC amount, the exact amount will be dispensed.

Dispensing to Printer

  • Press F1 - Dispense to Printer to dispense to the printer. Enter the amount to dispense (either in BTC or local currency, choosing the currency via the purple softkeys if allowed), and press Enter.
  • The first half of the receipt will print, displaying only the private key in text and QR formats.
  • Visually confirm that the private key is legible. A four-digit code will appear in the upper right corner of the printed code - type this on the keypad, then press Enter. (This helps confirm the code printed properly, because once dispensed, without the private key, the funds are permanently gone).
  • The remainder of the receipt, showing the amount, will print. Hand it to the customer.
  • The Dispensing mode will immediately exit.

Dispensing to Stored Value Card

  • Press F2 - Dispense to Card to dispense to a stored value card.
  • Visually ensure you are using an undamaged, unscratched stored value card, and swipe the card through the magstripe reader.
  • Enter the amount to dispense (either in BTC or local currency, choosing the currency via the purple softkeys if allowed), and press Enter.
  • Confirm that the amount entered is correct, and then press Enter.
  • A confirmation receipt will print, and the Dispensing mode will immediately exit.

Dispensing to a Bitcoin address

  • Press F3 - Transfer to Address.
  • Scan the address with the barcode scanner, or enter it on the keypad or with a USB keyboard.
  • Enter the amount to dispense (either in BTC or local currency, choosing the currency via the purple softkeys if allowed), and press Enter. The amount can only be entered on the terminal keypad, not through the USB keyboard or barcode scanner.
  • Confirm that the amount entered is correct, and then press Enter.
  • A confirmation receipt will print, and the Dispensing mode will immediately exit.

Admin Tools

You can access admin tools to perform functions like fingerprint setup and viewing the amount of BTC available in your dispensing account by pressing the first purple softkey at the Dispense menu.

In the Admin Tools menu, you may do the following:

  • Enable/disable dispensing to printer
  • Enable/disable dispensing to stored value cards
  • Enable/disable transfer to Bitcoin addresses
  • Enable/disable dispensing in BTC denominated amounts
  • Enable/disable dispensing in local currency-denominated amounts
  • Enable/disable display of BTC balance of dispenser account on Dispense menu
  • Fingerprint Functions
    • Activate and initialize a fingerprint reader accessory
    • Enroll a fingerprint and set access rights
    • Delete an enrolled fingerprint