Lewis' Blog Tales from the trenches of information technology

4Dec/170

Navigating Coinbase’s customer support

Download PDF

A company with which I am involved recently reconfigured its Coinbase account. This was precipitated by a change in the Stripe API, where Stripe shifted away from Coinpayments.net to another exchange for handling cryptocurrencies.

So, while this company had a prior arm's length arrangement with Coinbase, it never actually had to deal with the entity directly...until recently.

Payments flow through WooCommerce to Coinpayments.net. From there, in order to convert BTC (and other cryptos) to USD, everything is handed off to Coinbase. So far, so good.

Unfortunately, Coinbase is a bit overwhelmed, and dealing with entities (what they call "institutional" customers) is not their strong suit. After practically jumping through hoops to get my own personal information verified (they essentially require one to use Chrome on Windows to provide a webcam-produced photo to match against a similarly-snapped photo ID - though for some reason, a US passport will not suffice as such), the company account was still stuck, with $0 limits for both buying and selling.

Logging into the site, I am first greeted with a warning that I must configure another secondary verification method, as SMS is not secure enough. So, what's the "more secure" method? Why Google Authenticator or some other "mobile app," of course.

More frequent readers of this site and those who know me know of my disdain for "mobile apps" which are inherently less secure than their desktop counterparts, and let's not even get into the terms "secure" and "Google" (keeping that word intact for search hits, you know) being used together in the same sentence.

So, I continue to skip this process, hoping that I can just avoid it altogether.

Meanwhile, although all of my other information seems to be complete, limits for buying and selling continue to show $0 with the reason provided being that my account is still missing some critical information.

Attempts to open a support ticket (multiple browsers, multiple platforms - though not Windows + Chrome, for obvious reasons) proved impossible. I had an open ticket about the whole personal ID validation (see webcam fun, above - I had to do an entire Windows 7 install to get that worked out; neither ArcaOS nor Linux would cut it, including the latest Firefox builds avilable for each), so apologetically, I followed onto one of those emails reporting my "further plight," hoping for the best. No response.

Finally, I happened upon this post on their blog, which listed an actual customer support phone number (not listed here, in case it changes). Calling the number and getting past the first "If this call is to report a possible breach of your account..." message, I received a less-than-helpful, "Phone volume is unusually high...your call cannot be answered at this time." Huh?

The first few times I got that, I just hung up and tried the next day. I had the weekend to stew on it, however. This morning, I took a different approach. When I got the second message, I hung up...then dialed back immediately. This got me into the hold queue, at least (I called 10 minutes before the start of phone support hours).

After about a half hour on hold, I finally reached Chase. He was very nice and genuinely helpful. He advised that there was indeed some additional information required, and asked if I'd received an email with a link. I told him that I had not, so he offered to send the link again. We said our goodbyes and I waited for the email.

Within 10 minutes or so, the message arrived (not surprising; the Sophos UTM - formerly Astaro Security Linux - does greylisting, so incoming messages from unknown senders can be delayed for several minutes; hey, it's email, not instant messaging!). I copied the text link in the email and pasted it into SeaMonkey, which took me...to the Account page where the coin wallets are listed (unexpected due to the link text). I tried from a different browser; same thing. I booted to Windows and tried Chrome; same thing.

At the bottom of the email was a clickable link:

This message was sent to <my address> in reference to Case #<case number>
Follow this link to view the status of your case and add additional comments:
http://support.coinbase.com/customer/portal/private/cases/<case number>

So, I clicked the link. Instead of this bringing me to an actual case, it routed me all the way around to the main support page and their list of FAQs and articles (no login, no "portal" no "private" no "cases").

Coinbase contracts with Desk.com for at least some of their support. So, I backed through the URL to see if I could get to the case anywhere. Nope. I did get to Desk.com's nice 404 page a few times, however.

Finally, I gave up and phoned again. This time, it took me three tries (dial, "your call cannot be answered," hang up, dial again) to get into the call queue. Another 30-45 minutes on hold, and Sally picked up. Sally was also very helpful, and went the extra mile. She politely asked me if I minded her puting me on hold agin, to which I responded, "please do!" She then did some more digging, even touching base with Chase to discuss my previous call.

It turns out that even since the end of October, when all of this account rearranging took place, they have yet to finish validating the company itself. As this was not properly presented to me on the front end of the website, of course, I had no way of knowing. So, we're still on hold for a few more days, or so it would appear.

The point of this post isn't to complain about Coinbase or their customer service. Clearly, when I was able to get through to humans my experiences were good (I don't fault Chase for not providing me with more accurate information; I suspect that the system merely indicated that company validation was lacking, so he followed through with what he thought was appropriate). Instead, my annoyances with Coinbase are the following:

  1. Failure to clearly identify the nature of the problem in their accessible online documentation (and they do have a lot of FAQs and support articles).
  2. Failure to clearly state the nature of the information missing (not from me!) and to route my login appropriately.
  3. Inane reliance on webcams (webcams? really?) to advisedly "verify" my identity against a fuzzy, eight-year-old picture from my driver's license (huh?), and failure to accept a valid (and much more recent) US passport (ultimately, I used the office network scanner to take the highest resolution TIFF I could of both sides of my license, converted each to JPG, and uploaded those, as snapping a picture with a webcam of a worn driver's license was not cutting it).
  4. Failure to follow through with clear status notifications of the state of the account along the way. This is a company account, which could potentially handle a large volume of currency flow. Unlike a wallet, a business which makes its money on the inflow and the outflow should look forward to customers looking to do both, as this is how the bills get paid.
  5. Claim that somehow SMS 2-factor auth is less secure than some other second factor (of the types they suggest) is ludacrous, at best.
  6. Claim that a mobile app is somehow secure at all is ludacrous, at best.
  7. Claim that Google technology is somehow private and secure is beyond ludacrous.
  8. Expecting that every customer they have has an Android or iOS device is, well, shortsighted, at best. (They deal in crypotocurrency, used specifically because people want to remain anonymous, so why would I use a mobile platform which bleeds my personal information everywhere I go?)

So, what's my take-away from this experience before the process concludes?

If Coinpayments.net offered any other way of handling fiat currency transfers beside Coinbase, I would switch. I like Coinpayments.net (despite their lumping New York State in with NoKo and China in their list of blocked locations - I understand their frustration, but the situaiton isn't nearly as black-and-white as they portend). I wish they had a better option. If I felt more ambitious, I would reexamine Stripe's current API (which unfortunately now requires PHP 5.6, which for this company is not yet a viable option, due to a number of factors).

I would have to carefully consider whether I would recommend Coinbase to clients or other companies looking to accomplsih similar goals (accept a range of cryptocurrencies in an online store and immediately convert to USD).

More on all of this when the situation is finally resolved.

Comments (0) Trackbacks (0)

No comments yet.


Leave a comment

No trackbacks yet.