Login | Register

Coinbase online payment system

Coinbase
https://coinbase.com/

Updated on October 11, 2012
Views: 6301 | Clicks: 270


Website Screenshot



General Information

 

 

Glyphicons_055_stopwatch
Instant Payments

Payments arrive at the speed of an email (just a few seconds) and are confirmed within the hour. No more waiting three business days for checks.

Glyphicons_037_credit
Low Transaction Fees

Coinbase charges just 0.5% when you buy or sell bitcoin via bank account transfer. After that all bitcoin-to-bitcoin transactions are free.

Glyphicons_163_iphone
Pay By Phone

Our website works great on modern smartphones (iPhone, Android, etc). Just visit coinbase.com from your mobile browser.

 

Glyphicons_263_bank
Simple Transfers

Use your bank account to purchase bitcoins. Transactions are processed within two to three business days. (coming soon)

Glyphicons_280_settings
Merchant Tools

Easily create "buy now" or donate buttons. We also offer full shopping cart integration. (coming soon)

Glyphicons_040_stats
Widespread Adoption

About $2 million a day (USD) is already being transacted in bitcoin. It's quickly becoming an international currency.

Currencies

Bitcoin

Countries of use

USA

Users

private and business

Fees

0.5% when you buy or sell bitcoin via bank account transfer

Recent news

Posted on December 15, 2018
Powering a cryptocurrency economy for Syrian refugees

Day 6 of 12 Days of Coinbase: Powering a cryptocurrency economy for Syrian refugees

Cryptocurrencies provide the easiest and most accessible way to give money directly to those in need. With GiveCrypto.org’s innovative approach, recipients can actually turn around and use crypto to buy what they need — immediately, without fees and delays. That’s why we’re using Day 6 of the 12 Days of Coinbase to support their new project that provides a basic income to more than 150 Syrian refugees in Greece.

Our $10,000 gift in Bitcoin ($BTC) allows GiveCrypto.org to significantly expand on a model that has already allowed them and partner Sempo to support 15 Yazidi families in Kurdistan and 5 Syrian families in Beirut in 2018. While organizations could provide this support in local currency, many in the refugee community don’t have access to financial institutions where they could receive and store donations. Meanwhile, even with access, fees end up eating into the cash aid.

Enter cryptocurrencies. Sempo and Givecrypto.org establish relationships with local vendors who are willing to act as providers of cash or goods in exchange for crypto. When paid via a program recipient’s wallet, the vendor can request to exchange their cryptocurrency for fiat. This system allows recipients to quickly put their donations to use, with crypto as the bridge.

With Coinbase’s support, GiveCrypto.org is poised to support even more refugee families in Greece, where crypto transfers can do even more to support those rocked by unstable financial institutions and lack of access. This donation is just a start as Sempo and GiveCrypto.org get on the ground in Greece and understand how much they can scale their support. As they do, their capacity to offer financial support to more families will improve. We encourage you to consider joining us in donating to organizations making open financial transactions possible for people everywhere:

This website may contain links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of Coinbase, Inc., and its affiliates (“Coinbase”), and Coinbase is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. Coinbase is not responsible for webcasting or any other form of transmission received from any Third-Party Site. Coinbase is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by Coinbase of the site or any association with its operators.


Powering a cryptocurrency economy for Syrian refugees was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Read more on Coinbase
Posted on December 14, 2018
Coinbase is for everyone,  Coinbase Pro is for experts

Coinbase is for everyone,
Coinbase Pro is for experts

We will list a subset of assets in our consumer Coinbase product, and make advanced features and more assets available to experts via Coinbase Pro.

We are at an interesting juncture in the evolution of the blockchain sector.

On the one hand, estimates indicate that as of 2018 only a small percentage of internet users hold any cryptocurrency. This means that the vast majority of people have yet to discover the blockchain-based internet, which means that the ecosystem will need a safe, easy-to-use, and compliant on-ramp for cryptocurrency for the indefinite future.

On the other hand, innovation is accelerating and the space continues to grow dramatically. A few years ago, there was only one major cryptocurrency: Bitcoin. Today there are thousands of tokens and blockchain startups. Soon there will be a large variety of digital assets spanning utility tokens, asset tokens, collectibles, derivatives, decentralized financial instruments and prediction markets. There are already millions of users who have discovered the potential of blockchain and need powerful tools to trade and use the expanding number of digital assets.

This is why we have Coinbase and Coinbase Pro.

Coinbase offers consumers a trusted and easy-to-use place to buy, sell, and discover cryptocurrencies.

Coinbase is our flagship app, available at coinbase.com and on iOS and Android. It is the most trusted and easiest to use on-ramp to cryptocurrency, and the place that you can refer your friends and family members who are new to the world of crypto. We’ll introduce the most proven features here, with a real focus on education and quality.

Coinbase Pro offers experienced customers the ability to trade a wider variety of crypto assets.

By contrast, Coinbase Pro is the interface for expert traders and crypto enthusiasts. The interface includes tools for the power user: candlestick charts, depth charts, market data feeds, and the like. Coinbase Pro is the trusted and compliant environment where we will roll out more advanced features along with a wider selection of assets to offer expert traders the greatest flexibility in building and managing their crypto portfolios.

All assets listed on any of our products are subject to our digital asset framework, but some assets listed on Coinbase Pro may be more appropriate for experienced traders due to, for example, higher volatility or less volume than assets listed on Coinbase.

With these two options, both the mainstream user and the crypto expert alike have access to product experiences that are optimized for their needs.

Ultimately we want to support a broader range of digital assets, and to do so we’ll give our customers tools, ratings, and reviews to help them make informed decisions. Our goal is to maintain the trusted experience our customers have come to expect while adding the assets our customers have come to demand.

Please visit Coinbase and Coinbase Pro today to decide which one is right for you.


Coinbase is for everyone,  Coinbase Pro is for experts was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Read more on Coinbase
Posted on December 14, 2018
Instant PayPal withdrawals now available for all U.S. customers

Starting today, U.S. customers can instantly withdraw Coinbase balances to PayPal, providing even faster access to their funds through one of the world’s easiest and most widely-used payment platforms. These withdrawals are not only fast; they’re free and incur no fees. We work hard to make Coinbase the easiest and most trusted platform around — and now, moving your cryptocurrency to cash is easier and more affordable than ever.

PayPal offers U.S. customers an alternative. Before today, you needed an ACH or Federal Wire account to withdraw funds. These traditional finance networks can add up to two business days to a withdrawal. We’re always looking for ways to not only meet the bar set by traditional finance, but raise it. That’s why we rebuilt our integration to ensure that the speed and reliability of PayPal withdrawals does just that.

To get started, simply sign in to Coinbase and link your PayPal account to your Coinbase account. Select your PayPal account as a payment option when withdrawing your cash balance to move your funds instantly.

Coinbase customers have been clear: you want to be a part of the open financial system. We believe that means more than just owning cryptocurrency — it means having the flexibility to use it how and when you want. This integration is a big step forward in realizing that vision, allowing you to smoothly and instantly transfer your funds to cash.

Not in the U.S.? Support for PayPal will be rolling out across more countries in 2019, so stay tuned.


Instant PayPal withdrawals now available for all U.S. customers was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Read more on Coinbase
Posted on December 13, 2018
Watchlist lets you customize your dashboard

Day 4 of 12 Days of Coinbase: Watchlist lets you customize your dashboard

The crypto industry moves fast, and it can be hard to filter the signal from the noise every day. With watchlist, customers can click the star icon on any asset pages to indicate you’re interested in those cryptocurrencies, and your dashboard will feature key information about those assets on a new Following tab.

We also know that historic pricing charts aren’t for everyone. Once you’ve created your watchlist, you decide what asset information is most helpful to view first. Choose traditional price charts or a list of market data. If you’re no longer interested in a particular asset, un-starring will remove it from your watchlist.

This feature isn’t limited to the assets formally supported on Coinbase. Once logged in, customers can star any of the assets featured on our informational prices page. Additionally, we’ve increased the precision of our price charts, added a feed of industry news articles and we’re experimenting with price summary widgets on the dashboard.

Over the past 6 months, we’ve made several investments in customers’ logged-in experience. Each new feature serves a greater purpose: to give customers the ability to tailor the Coinbase app to their crypto interests. We look forward to building more features that make your dashboard more personal.

Set Your Watchlist


Watchlist lets you customize your dashboard was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Read more on Coinbase
Posted on December 13, 2018
Single Sign On via Consensus

The Infrastructure Team at Coinbase has the goal of enabling any engineer in the company to quickly and securely access and deploy complex infrastructure. This effort started with our secure deployment pipeline Codeflow, was extended by our codification tooling GeoEngineer, and utilized by our blockchain infrastructure project Snapchain.

Our latest project to empower engineers was to make it easy and safe to elevate their own permissions temporarily to perform complex infrastructure changes.

Everything that engineers do at Coinbase is locked down by a mechanism that implements consensus. In order to interact with any production environment you must have a quorum of engineers approve the permissions, code, and configuration. This creates strict guardrails around making changes to our production environments along with an audit trail. This also enables us to secure customers funds with confidence.

Our philosophy of consensus also applies to access to critical services such as AWS and GitHub since our production services depend on them. In the past we have manually onboarded employees onto such services with consensus and an audit trail. Manually provisioning accounts to services has been easy for us to do until this year. In 2018 Coinbase has experienced incredible hypergrowth growing from 200 to almost 600 employees. This means that the number of employees joining per week has increased dramatically. Manually provisioning accounts resulted in operational toil. This is an obvious place for us to eliminate toil through automation.

We have built a Single Sign On (SSO) system that fulfills our consensus philosophy by protecting all changes to a user’s permissions via consensus to eliminate this source of toil. The system that we built had the following requirements to meet our high security and productivity standards:

  • Reduce the manual toil to maintain user accounts through centralized management
  • Full codification of users’ permissions
  • Audit trail of users’ permissions over time
  • MFA for all authentication, ideally push based
  • Highly available and 12 factor, allowing for blue/green deploys
  • Minimal surface area for vulnerabilities
  • Help us scale 10x more engineers to 10x more critical services with ease
  • Work with our current workflows e.g. `assume-role`

To build this identity provider (a service that authenticates users on behalf of other services) we use a combination of SAML, LDAP, and consensus.

SAML (Security Assertion Markup Language) is the defacto enterprise SSO protocol. It is used to send cryptographically signed assertions about a principal (ie. their permissions) to service providers like AWS and GitHub. These assertions are used to authorize users into their platform. SAML profiles describe the different request-response protocols that identity providers and service providers can use to communicate with each other. SAML bindings describe which lower level communication and messaging mechanisms are used in the steps of SAML profile specifications.

LDAP is a tried-and-true directory service that is typically used to represent organizations in a tree-like structure. It also has secure native authentication mechanisms for users.

In order to understand how consensus is used to protect changes to users’ permissions, we will first explain how consensus is used at Coinbase.

Consensus at Coinbase

Software development process at Coinbase utilizing consensus. (Heimdall is licensed under CC BY-SA 3.0).

In the software development process at Coinbase engineers can only deploy code to production environments that meet a specific set of checks and requirements. These checks and requirements are numerous but one of the key requirements is that all deployed git branches much be checked via consensus by a tool we wrote called Heimdall. This tool enforces an immutable git history that has ensured all commits have consensus.

The general software development process to deploy code to production environments is as follows:

  1. Engineer creates a pull request to a protected branch with immutable history (ie. master).
  2. N qualified reviewers engage in a code review process, where N is configurable on a per-repository basis. N depends on how sensitive the repository is or is not.
  3. After all qualified reviewers ensure that the code is of high quality they may approve the pull request (ensuring consensus). A webhook triggers to notify Heimdall that all commits of the pull request have consensus.
  4. The engineer merges the pull request into the git branch with immutable history. Heimdall marks the new merge commit with consensus. This ensures that all commits to the protected branch have consensus.
  5. The engineer attempts to deploy a commit to a production environment with our secure deployment pipeline Codeflow.
  6. Codeflow asks Heimdall if the commit has consensus. If and only if it has consensus the deploy initiates!

The Single Sign On System

Architecture of the Single Sign On system.

In our configuration of LDAP we have two directories — users and groups.

The groups directory describes which groups users are a part of. Service providers use this to translate into permissions specific to that service.

When an engineer would like to elevate their permissions to a service they make a pull request to a repository that is used to build the groups directory. This repository is protected by consensus with Heimdall. This repository then updates the groups directory which is served from a read-only filesystem. The git commit history creates an audit trail which is one of our requirements for compliance.

The users directory contains information about users as well as their cryptographically hashed passwords. Users authenticate against this directory as well as MFA with a push notification from Duo Push.

To allow LDAP to be blue/green deployed in a highly available mode by fulfilling the 12 factor requirement of having stateless instances we use the slapd-sql module for the user directory. We store the data in Postgres (Amazon’s RDS) instead of on disk.

In our SAML identity provider which service providers interact with, we use LDAP as the source of truth when authenticating and authorizing users.

We decided to create a custom SAML identity provider instead of using any third-party SAML identity provider for these critical services because they require an administrative user/account to provision permissions. This would violate our requirement of consensus because a single user/account would have access to make changes. An administrative user/account could maliciously elevate a user’s permissions and compromise our system. Using a third-party also introduces vendor risk. We were not willing to compromise on this risk for our identity service. If they were compromised they could maliciously create SAML responses to elevate an unauthorized user’s permissions to a critical service, and perform malicious infrastructure changes.

Creating a custom SAML identity provider also allowed for future flexibility and integrations with various service providers.

Putting It All Together

Full process of signing into a service provider.

To setup a service provider to integrate with our system, we use consensus mechanisms to create a Trust Relationship between a service provider and our identity provider, as described in the diagram. We configure both with public X.509 certificates as well as SAML metadata. This allows them to communicate with each other and prove each other’s authenticity.

We use the very popular SAML profile, Web Browser SSO Profile, to integrate with service providers. The process to sign into a service provider is as follows:

  1. The user agent requests to authenticate with the identity provider.
  2. The identity provider delegates to LDAP for authentication. In our implementation, we use Duo Push for MFA. If the user successfully authenticates, information about that user’s groups is returned.
  3. The identity provider then packages this information in a signed SAML response and returns it to the user agent.
  4. The user agent sends the SAML response to the service provider on behalf of the identity provider. The service provider interprets the response and authorizes the user. This grants the user the requested permissions based on the response.

This process allows engineers at Coinbase to seamlessly login to critical services where their permissions are protected via consensus.

Conclusion

Using our SAML identity provider has automated onboarding engineers onto our critical services instead of requiring us to manually provision them. In addition to the security benefits this saves us a lot of time and is one of the best ways to handle the hypergrowth of our engineering team. This enables us to focus on what we do best — building the most secure and innovative cryptocurrency platform in the industry.

If you are interested in cool infrastructure challenges such as this, and want to create a platform that empowers engineers with both speed and security, we’re hiring! Check out the careers page at coinbase.com/careers.

Unless otherwise indicated, all images provided herein are by Coinbase.

This website may contain links to third-party websites or other content for information purposes only (“Third-Party Sites”). The Third-Party Sites are not under the control of Coinbase, Inc., and its affiliates (“Coinbase”), and Coinbase is not responsible for the content of any Third-Party Site, including without limitation any link contained in a Third-Party Site, or any changes or updates to a Third-Party Site. Coinbase is not responsible for webcasting or any other form of transmission received from any Third-Party Site. Coinbase is providing these links to you only as a convenience, and the inclusion of any link does not imply endorsement, approval or recommendation by Coinbase of the site or any association with its operators.


Single Sign On via Consensus was originally published in The Coinbase Blog on Medium, where people are continuing the conversation by highlighting and responding to this story.

Read more on Coinbase

See all news of Coinbase

Coinbase Comments:

Add your comment