Digital currencies all have a potential flaw known as 'double-spending'. As the name suggests, this is the process of a digital currency being spent twice.
Double-spending can cause problems, especially if accepting digital currencies as a payment method, as it can result in an order being placed, 'paid for' and dispatched without any payment actually being received.
Merchants need to be wary of malicious customers trying to utilise this to receive an order that hasn't been paid for.
How does double-spending work?
Bitcoin transactions require confirmations on the blockchain before any funds are considered as spent/received, this means that any Bitcoin transactions that have received confirmations are considered safe and final. Those that haven't received any confirmations are seen as pending.
E-commerce platforms that accept Bitcoin as a payment method will be set up to mark an order as complete once a payment (Bitcoin transaction) has been confirmed as sent (received confirmations), however customers acting with malicious intent can try and capitalise on this if the merchant has not set their platform up correctly.
This can be taken advantage of by sending a transaction from a wallet with a small fee and, before this transaction has been included in a block, sending the same funds elsewhere with a larger transaction fee attached. Miners will prioritise the transaction with the larger fee, and once it is included in a block, the earlier transaction will become invalidated and therefore won't be received in the recipient wallet.
This can result in a merchant expecting a payment that will not arrive, but still dispatching a product as their site is set up to complete and dispatch an order without first awaiting a confirmation on the incoming transaction.
How can I prevent this from happening?
Our CoinCorner Checkout plugins offer merchants the ability to set parameters during integration where possible to ensure that any orders are not marked as complete until incoming payments have been confirmed. We would always recommend to our merchants that you set incoming payments to receive at least one confirmation before being marked as complete to eliminate the possibility of a double-spend occurring.
Have any questions? Get in touch!