DECAF - Proposal for Divi's Decentralized Electronic Claim Adjudication Fund

(Geoff McCabe) #1

We would like to discuss setting up a Decentralized Electronic Claim Adjudication Fund (DECAF) for Divi, and are asking for input. While this is an idea that is designed to be practical and helpful to our Divi community, it’s also a BRANDING move to show that Divi is uniquely taking care of its users, and there’s potential PR and Marketing value here too if we can successfully be the first to launch a program like this.

The DECAF would not be set up by or controlled by the Divi team, but would be a community project.

The idea is to have a yearly fee of a percentage of DIVI. If someone gets hacked, they could get reimbursed by the DECAF, for up the amount they contributed, perhaps multiplied by 50. So in other words, if a user puts in 10,000 DIVI they could be refunded up to 500,000 by the fund.

Privacy: no disclosure is required about how much Divi users actually have or where it’s held, until after a theft of it actually takes place.

The DECAF would be run by Divi community volunteers, non-anonymously, through a non-profit entity or foundation. All would be under NDA to do the work.

The DECAF should have a forensics expert or two (paid? volunteer?) to review hacks/scams and recommended to the board, who would vote whether it was real or not, and how much to reimburse. For example, a user who takes the required precautions to protect themselves might get more than someone who ignored all the safety recommendations.

The DECAF should have an educational team that keeps an updated document of very specific safety requirements that members should take, such as keylogger protection, MetaCert, VPN, etc organized in a user-friendly way. As much of this as possible will also be built into Divi’s SmartWallet eventually, but there will always be other steps to take.

The DECAF could have an offensive “grey ops” team as well. Setting up honeypots and other techniques to go after scammers directly that target our community. The idea here is to be a “hard target” cryptocurrency community, so scammers pick other cryptos to target once they learn there’s some danger of trying to scam our people.

It would be very helpful to get an idea of how many people will participate in this, if it’s set up, to see how big the fund would be, so please fill out this form to help us:

1 Like

(Nick Saponaro) #2

It would be interesting to see this built into the core itself.

For example, you could start your masternode or staking node with an additional parameter that sends 1% of your rewards to the insurance fund address and registers the transaction on the blockchain. This would, of course, need to be a binary switch so that users can stop sending their rewards to the DECAF (decentralized electronic claim adjudication fund) if they so choose.

I imagine the insurance fund being governed by the voting powers of the masternodes, but which nodes are able to vote? This will set a precedent for future governance IMO.

1 Like

(OriZ) #3

My take:

I’ll start by being a pain and repeating what I’ve been saying for a while now: Like it or not, but we will not accomplish mass adoption without some sort of consumer protection. It is what people have come to expect, and most of them won’t want to “downgrade” their buying experience. Immutability and decentralization are both great and should be guarded as much as possible; However, people are used to knowing they can reverse transactions if the business sold them bad goods or they did not receive the service they were expecting and the business refused to compensate on its own. Why am I bringing this into this conversation?

I made two suggestions in the past before this thread went live, that both follow the same lines, for both cases. Theft, as well as loss. I think the scope of this should be larger than just hacks and encompass many cases where users might need protection. I’ll admit I called it insurance myself in the past, but, a better term might be better suited for it to not give too much of a sense of another “centralized, old world” and maybe even scary solution. DIVI is an innovative ecosystem, with many services to offer: HRA’s, one click masternode, atomic swaps, plug in for marketplace, and many more. This can be another service that will add value to the ecosystem as a whole. This is the way I see it working best:

  1. Community needs to vote and approve its existence to start with. This means we will likely need at least some sort of governance in place by then.

  2. Contribution to the fund will be voluntary of course. I don’t think it should be paid out yearly, but rather weekly or monthly, as it could end up needing that cash flow before the year is over.

  3. Factor of 50 times is fine, but need to have a way to verify how much funds the people contributing have. For example, someone could pay in 100,000, expecting to receive 5 million, while actually owning 2 million at the time. Sure, each case will be reviewed, but fraud exists and we won’t to deter it.

  4. I do not believe those with weaker security should be “penalized” for it. While initially it makes sense, in order to encourage people to follow best practices and not drain the fund, at the end of the day it will be bad PR if two people paid the same amount in but got different amounts out. It should go by what you paid, only, imo.

  5. To add to the above and naturally, payout will only be up to the amount lost, even if that means less than 50 times what was paid in. Not a DIVI more.

  6. Amounts contributed should be split into “tiers”. Under 10k tier 1, 10k-20k tier 2, etc indefinitely. One member of each tier should be picked to be on the board that reviews cases and decides. It is imperative we do this in a decentralized manner, as It would be horrible if someone paid in and was told sorry can’t help you by a centralized team. There can still be experts that present that info to them; but they’ll be the jury. Who will pay the experts? Depends on when this is implemented. In the future, it might be alot easier for a portion of the treasury to pay for it. Until then, the community might have to fund it.

  7. The community, or at least part of it will vote for those members. This needs to be community run and operated. Maybe only masternodes, maybe only top 3 masternode tiers, maybe something else…but members need to be voted in. This vote can either be manual by each individual owning the masternode picking someone they would like in there, or, it could be done via blockchain consensus, in a random manner, similar to the lottery(only contributors who expressed explicit interest to be on the team should be entered).

  8. Every six months there should be a new vote for new members.

  9. Now we get to the interesting part. I think merchants should be a part of this as well, for a couple of reasons: the first is chargebacks. We should find a decentralized way for customers to get their money back if they run into issues. Since we know transactions on the blockchain cannot be reversed, and we also know centralized bodies like banks deciding the outcome is not the way to go, I think this could be a good mechanism. The second reason: we need alot of funds going into this fund in order for it to be able to support payouts. We don’t want another “pension crisis” of our own, and we’re not going to be social security.

  10. Merchants who agree to accept DIVI as payment should have an option whether or not to opt into this system. Merchants who opt in to it, will pay a certain fee per week or month to the fund, which will still keep the fees they pay lower than FIAT, but higher than other merchants who won’t opt into this. DIVI will publish a list of merchants where those who opted in/out will be clearly indicated. The benefit for the merchants is:

-Those who don’t opt in, have the lowest fees, but might have less consumers use them. If a consumer doesn’t like one of their products or services, they will not be charged back, so this is a much better situation for them than fiat.

-Those who do opt in, the benefit to them is more customers who want to be protected will be inclined to go through them, and in the case they were not happy, they still don’t have to be charged because they already paid into it via the fee. Still better than FIAT.

  1. Benefit to customers:

-A customer who also pays for “loss protection” and goes through a merchant who pays for “chargeback protection”: will receive 100% of loss, theft, or “customer satisfaction” funds back(there will need to be a minimal fee paid by the customer so that the factor of 50 covers the product or service). This is at least as good as FIAT.

-A customer who doesn’t pay for their own loss protection but went through the merchant who does: will receive 50% of lost funds. This is not as good as FIAT because they don’t receive 100%, but they also didn’t pay anything in. When you use a credit or debit card, there are fees you pay. Here they paid nothing. So still better in that sense, because it’s like using cash and still receiving a partial refund.

-A customer who doesn’t pay and goes through a merchant who doesn’t pay: will receive nothing.

-A customer who pays and goes through a merchant who doesn’t pay: Will receive nothing for an issue with the merchant, but the factor of 50 in case of a hack. Not as good as fiat since they paid in, but they chose a merchant that was clearly marked as not compliant, so they knew the risks.

  1. Benefit to DIVI - DIVI customers and users will know that DIVI is an ecosystem that protects its participants in a variety of ways, providing them with many needed services all in one place, in a convenient and comfortable manner, while not sacrificing decentralization as community appointed volunteers will be voting on all dispute resolutions(whether hacks or other losses). The members will have a vested interest in making the best decision that would benefit the project: if they are too lenient and approve every request without investigating properly, not only will they attract fraudsters which will tarnish the fund’s reputation and drain it of funds, they will also run out of funds to pay themselves should in the future this occur to them. However, if they are too strict, then they will also tarnish the reputation by people complaining they paid in and got nothing out of it when they needed it, thus deterring others from using the system in the future. This will allow for a very balanced and measured approach for the benefit of all.

  2. I understand this is walking a very thin line between the same old centralized solutions we are used to and something truly new and innovative, at least perception wise. Some might initially raise an eyebrow but if they dig deep enough, they will realize this is truly yet another innovative initiative by divi to set it apart from the rest and make the world, ecosystem, and blockchain as a whole a better and safer place, more ripe for mass adoption.

  3. The idea with adding merchants to the same pool is that usually chargebacks are much lower than hacks. A hacker can steal millions of coins, whereas a chargeback transaction could be a mere hundreds or a few thousands of divi at most. The fees they pay will also be lower, but not proportionally, so it will help make the fund more robust. Imagine running out of money to pay someone because too many people got hacked and not enough paid in or something, the difficulty of properly addressing that should not be underestimated and cannot be understated. Adding these extra merchant funds essentially kills two birds with one stone here.

  4. If all, or most of the above is implemented, every user of the DIVI ecosystem as opposed to others will know that DIVI community will do everything in its power to protect them in any event that a theft or loss could occur. This should give them peace of mind which will allow them to transact more frequently and with larger sums using DIVI. divi is supposed to be crypto made easy and secure. Part of that is giving the general population, that thinks crypto is scary right now and every day someone gets hacked and loses all their funds, the peace of mind that with divi - they are safe. but in a Decentralized manner(well, as much as possible).

  5. Issues: Will need KYC to claim; Need to be able to verify how much someone is putting into the fund, If it sends automatically it could be from so many addresses, good luck proving they’re all yours - maybe use named accounts; Need to make sure there’s enough funds to be able to pay out; Need to make sure decisions are made correctly and fairly without sacrificing decentralization.

1 Like

(Ben) #4

Great ideas guys. @oriz123 your a machine. I like the way you think and believe getting it right now (to include future ecommerce/chargeback support) would be a great move and almost essential where Divi is heading.

A Divi led educational series in regards to general security/best practice would also benefit the wider crypto community and could be used for marketing/divi awareness ontop of protection for our community. A security tab in wallet might be something to look at to drive it home.

Chargebacks are inevitable but general hacks for the most part can and should be prevented through education and any means possible during development.

Maybe an eventual benefit of this fund could be it grows to a sizeable amount where it has a positive effect on circulating supply/price/demand, etc and through governance a different use for it could be decided upon (ie. charity, etc).

That said, its a massive undertaking at this stage of the game. Im only aware of the one recent sizable theft. Has this occurred before? Would it be worth trying to educate first and work on this in the background and get it right with more a focus on the ecommerce side of things with added benefits to the community if they decide to participate?


(Geoff McCabe) #5
  1. I don’t think this needs to be voted on by “the community”. The Divi blockchain will be open and decentralized. Anyone can build something for it. If any person or group wants to make DECAF, or a centralized insurance plan, or anything else, they have every right to do it. Whether users choose to use it or not is up to them. The governance system will be in place and is only for issues regarding the Divi blockchain protocol and treasury funds. The “first layer” issues. Second-layer and above, such as wallets, wallet add-ons, aren’t controlled directly by governance. But, these things could be funded by the governance votes. So in this case, DECAF, if it doesn’t happen now, could be something that’s funded as an independent entity (Foundation or non-profit) later by governance vote, and would be a wallet add-on. As part of that, a proposal like this could also include changes to the Divi protocol itself, such as adding a meta-data category for DECAF registration or something like that. But again, this is just an option and DECAF could be done completely independently.

More on this: DECAF is a good idea and doesn’t necessarily need to be Divi only. We could include other cryptocurrencies, all of which are faced with the same problem.

  1. Fund contributions: I think it needs to start yearly, in order to build the fund. Then could be quarterly or monthly after that. Nick also brought up the idea to make this automatic from awards and yes we could do that, but it doesn’t need to be a DECAF thing only. The protocol should allow the user to set 1-2% or whatever, to be paid automatically to anywhere, whether it’s DECAF or your kid’s wallet or whatever.

  2. REFUND RATES - It’s been proven time and again that “incentives” work much better than “education” and I think that DECAF participants need to be held to a certain standard of minimum security, or the project won’t work. If people can just pay their 2% and then not worry about security, it’s doomed to fail. So in other words, there needs to be an incentive on the side of the user to take the right precautions or else they don’t get reimbursed. How strict those are, would be the question. Because there’s almost an infinite number of things that are possible to do to protect against hacks that are also very time-consuming and create a ton of friction in the way we use our computers, the internet, and cryptos. Finding the right balance would be essential.

  3. Voting and leadership: I think DECAF should be independent of everything else. Not a Divi thing. Like John Slater said, Divi’s brand is about “Security Made Easy” but the “Refunds Made Easy” isn’t part of the Divi brand, it’s an independent project. So it can have any structure it wants, unrelated to Divi or could be multi-coin. If we can get the idea articulated well, we can present it to a few other CEOs that face the same problem, to gauge their interest.

  4. DECAF could actually be a for-profit company. It might be better managed and I believe it might be easier to build a group of people interested in making this happen multi-coin. A bigger entity would be able to afford the right security teams (offensive and defensive) to protect DECAF participants, and produce better educational content.

  5. CHARGEBACKS - yes this is an important issue too but I think is an independent discussion, requiring different technology and would need to be part of the Divi core protocol. We should create a new thread for this and not mix up the two subjects.