Bitcoin Core developers Gavin Andresen and Mike Hearn introduced Payment Protocol back in 2013 in Bitcoin Improvement Proposal (BIP) 70. While Payment Protocol is now a few years old, its security and usability enhancements are still new to many people.
Since wallets must be compatible with Payment Protocol in order to pay BitPay invoice, we're taking some time in this post to answer some of your most common questions about Payment Protocol.
Basic Glossary
- Wallet – the software app you're using to make a payment
- Merchant – a business accepting your payment
- BitPay Invoice – the BitPay payment screen
- Address – a string of number or letters from which and to which you can send Bitcoin
- Bitcoin Network – the network that processes Bitcoin transactions
- Blockchain – the open record of past Bitcoin transaction
- Miner Fees – the fees wallets pay to get transactions added to the blockchain
- Exchange Rate – how much Bitcoin is worth in US dollars, or another currency
The Basics of Payment Protocol
Q. What is Payment Protocol?
Payment Protocol does for blockchain payments what HTTPS did for the internet. It is a method for secure communication between Bitcoin wallets and websites receiving payments from those wallets.
Payment Protocol-compatible wallets communicate directly with a website's (the payment recipient) servers about the content of the payment request: the address and the amount, as well as other details which might be relevant to the payment. Wallets and payment services using Payment Protocol can automatically and securely lock in verified payment information directly from merchants.
View how a Payment Protocol Bitcoin payment works:
Q. What is this address format? Why can't I send to a bitcoin address?
bitcoin:?r=https://bitpay.com/i/XJ6Sv1EcdGVYUeiztNfWN
This is a Payment Protocol URL. Your Payment Protocol-compatible wallet processes this URL to fetch the payment information from BitPay's system.
You are still sending to a Bitcoin address, and funds are still recorded on the Bitcoin blockchain like with any other transaction. But Payment Protocol lets your wallet find out other important details besides just the address.
Is a BitPay invoice still valid and unexpired? What miner fee should you include so that the payment will be confirmed in time? With Payment Protocol, your wallet can know this.
The Why of Payment Protocol
Q. What are the benefits of Payment Protocol?
The Payment Protocol conventions offer several improvements over the use of raw addresses and amounts for payments. The authors of the original BIP-70 proposal – Mike Hearn and Gavin Andresen – said it best. Payment Protocol provides the following:
- Human-readable, secure payment destinations-- customers will be asked to authorize payment to "example.com" instead of an inscrutable, 34-character bitcoin address.
- Secure proof of payment, which the customer can use in case of a dispute with the merchant.
- Resistance from man-in-the-middle attacks that replace a merchant's bitcoin address with an attacker's address before a transaction is authorized with a hardware wallet.
- Payment received messages, so the customer knows immediately that the merchant has received, and has processed (or is processing) their payment.
- Refund addresses, automatically given to the merchant by the customer's wallet software, so merchants do not have to contact customers before refunding overpayments or orders that cannot be fulfilled for some reason.
Interested in learning more about Payment Protocol? Read the specs released in 2013.
Q. Why is BitPay requiring Payment Protocol payments?
BitPay introduced a Payment Protocol wallet requirement to reduce and eliminate the risk of three common and expensive payment errors which were common with payments to raw Bitcoin addresses.
There are three main kinds of payment errors that can happen when someone pays a BitPay merchant:
- Underpayments: payments that don't include enough Bitcoin to finish the order. These have to be refunded, and the order doesn't complete.
- Overpayments: payments that include too much Bitcoin. The overpaid amount needs to be refunded, but the order does complete.
- Late payments: payments sent to expired BitPay invoices or to addresses associated with old BitPay invoices. The order does not complete unless the merchant authorizes . This process is manual.
Before BitPay began to require Payment Protocol wallets for payments, the BitPay platform (and BitPay merchants) often had error rates often ranging around a few percentage points or even higher.
We have manually refunded and automatically refunded tens of thousands of these payments. We and our merchants have answered tens of thousands of customer complaints and support tickets around these bad payment experiences. Payment Protocol allows us to dramatically reduce the risk of these payment mistakes, among other benefits.
- Learn more about why we moved to adopt Payment Protocol URLs and QR codes in place of bitcoin addresses.
- Read our CEO's recent post on the security and usability gains Payment Protocol brings to BitPay users.
Q. How do underpayments and overpayments happen?
Underpayments and overpayments typically happen for one of a few reasons:
- Customers enter a dollar amount instead of the exact Bitcoin amount shown on the BitPay invoice. Because their wallets use a different USD <> BTC exchange rate than BitPay, a different amount arrives than is needed to fully pay the BitPay merchant.
- A customer sends a payment from an exchange that deducts a withdrawal fee from the outgoing payment.
- A customer accidentally or purposefully enters an incorrect Bitcoin amount.
Q. Why do late payments cause BitPay payments to fail?
The prices of cryptocurrencies like Bitcoin and Bitcoin Cash are always changing. To make sure these price fluctuations don’t harm our merchants, BitPay guarantees an exchange rate for each invoice for 15 minutes. This gives the buyer an exact BTC amount to send to pay a certain USD amount – for instance, for 15 minutes, a BitPay invoice would lock in a $10 USD product as worth 0.0015 Bitcoin.

This payment window helps to make accepting payments with Bitcoin or Bitcoin Cash stable and predictable – even when the price of either is not. That stability makes easier for new merchants to start accepting cryptocurrency.
When someone sends ("broadcasts")* a payment to a BitPay invoice after that 15-minute window, the payment is late and either has to be refunded or applied to the invoice. If and when we apply the payment to the order after 15 minutes, the price of Bitcoin or Bitcoin Cash has sometimes changed enough for the payment to underpay or overpay the invoice.
Payment Protocol is helping us to eliminate the problem of late payments. Wallets can check the status of a BitPay invoice and prevent broadcasting of late payments.
* Payments do not have to be confirmed in order to fall within the 15 minute payment window. They only need to be broadcast to the Bitcoin or Bitcoin Cash networks.
Q. Why are payment errors such a problem?
Payment errors create a terrible user experience for Bitcoin purchasers, and they create headaches that can make businesses reconsider accept Bitcoin at all.
Imagine a customer whose wallet or exchange sends an underpayment. The order fails, and the customer is out the time and money (in miner fees) sent to attempt the order. BitPay refunds the payment, but since it costs money to send a refund on a blockchain, the customer gets less money back than they started with. If miner fee levels rise above than the original payment amount, they may not get a refund at all.
The customer may try again, but after this many delays and frustrations, some customers and merchants may give up on Bitcoin or Bitcoin Cash for that particular purchase. They may give up on blockchain payments altogether. Non-refundable underpayments and late payments (typically broadcast late from exchanges or Coinbase accounts) contributed to Valve's (Steam) decision to stop accepting Bitcoin in 2017, for instance.
Q. Why would businesses care about payment errors?
Underpayments and overpayments and late payments create serious issues for merchants who are deciding whether they want to add or keep support for Bitcoin payments. When orders aren't completing and customers are losing time and/or money, businesses care.
Imagine if similar payment error types happened with credit cards. If even 5 in every 100 credit card transactions required a refund due to a payment error, most businesses (especially ones processing tens of thousands of transactions a day) would refuse to take them. There have been times when error rates on BitPay's bitcoin payment processing platform have exceeded that 5% rate.
We want to be able to use blockchains like Bitcoin to process payments for the world. But at the pre-Payment Protocol error rates, this would simply be impossible. If we kept this error rate and scaled to process the hundred million+ transactions processed on credit card networks like Visa daily, our support team and our merchants might be processing support issues in the millions.
Q. Why don't you just refund the payment errors, or credit small underpayments?
When payments don't complete, our merchants have upset customers and no completed order.
While BitPay's system already has an automatic refund claim process for most payment errors, refunds are not a good experience for either the buyer or the merchant.
Like all bitcoin transactions, refunds cost miner fees to send. Since this cost (and the Network Cost of the initial payment) is deducted from the refund amount sent back, any buyer who makes a payment error won't just lose time - they will also lose money.
Q. Is Payment Protocol actually making a difference?
Yes! When we began requiring payment protocol wallets, we saw the count of payment errors fall significantly. Underpayment errors once made up several percent or more of the payments users sent to BitPay invoices. Now underpayments make up less than a tenth of a percent.
All payment error types only make up 0.27% of the total dollar volume received by BitPay, vs 8.45% in the month leading up to Payment Protocol.
We've seen this change reflected across our company and product. At one point, developing underpayment and overpayment acceptance tools was an urgent need for our business and for our merchants. Now these errors have declined so much that we have been able to remove these tools from our codebase (and make the features people really want).
Payment Protocol and Wallet Compatibility
Q. What wallets support Payment Protocol?
Quite a few popular and highly-rated wallets now support Payment Protocol payments. View the full list.
Q. Why isn't there a backwards-compatible raw address option for advanced users?
Before we introduced a Payment Protocol requirement, we modified the BitPay payment experience to warn non-advanced users about the risk of underpayments.

Unfortunately, this wasn't enough to reduce payment errors. When it's easy to bypass a warning, most users will continue to make the same payment errors.
Sometimes these mistakes result from incorrect user entry, but they more often results from poor wallet design or bad payment architecture.
For instance, cryptocurrency exchanges are not meant to be used for commerce payments (they can take hours to send transactions), but many cryptocurrency adopters try to use them to pay. Some wallets also use different bitcoin exchange rates than BitPay's. So if a user selects to send a dollar amount in his wallet, it may be received as a different amount.
Wallets or exchanges which still use manual payments often are not taking measures to make sure that payments are sent exactly. When commerce is involved, this really matters. We need to create a consistent, convenient payment flow that works every time. Payment Protocol offers that for all users, from advanced to beginner.
Q. What if my wallet doesn't support Payment Protocol?
There is no need to leave your wallet behind. If you need to pay a BitPay merchant, just send the appropriate amount of funds to a compatible wallet to use for your payment.
Not sure how to do this? We have created a video that shows how to move funds out of exchange services.
Q. Isn't Payment Protocol hard to implement in wallets?
One big reason some wallets haven't implemented Payment Protocol is simply the development time required to do it. Payment Protocol wasn't easy for us to implement either, so this is a valid criticism.
Fortunately, we have cut that development time significantly with our simplified Payment Protocol JSON interface for wallet developers. Any wallet can use this new interface to quickly become fully compatible with BitPay invoices.
- Learn more about BitPay's JSON Payment Protocol interface.
- View the JSON Payment Protocol interface on GitHub.
If you are a wallet developer, we would love to get your feedback, answer your questions, and learn how to make implementation of Payment Protocol easier for you. Reach out to our team!
Q. Why are there so few Bitcoin Cash (BCH) wallets that support Payment Protocol?
Bitcoin Cash is still relatively new, so many wallets have not yet adopted Payment Protocol. However, we have already seen the Electron Cash, Bitcoin Cash (Schildbach fork), and Bitcoin.com wallets become fully compatible with BitPay invoices, joining BitPay and Copay. And more are coming! Follow us on Twitter or Facebook for news as more wallets implement Payment Protocol.
Payment Protocol and Security
Q. How does Payment Protocol make my payments more secure?
Payment Protocol removes the risk of "man in the middle attacks" - special kinds of attacks in which fraudsters insert themselves into your transaction and replace the real bitcoin address with their own. These man in the middle attacks can take the form of malicious third-party scripts and extensions, malicious Tor exit nodes, or viruses.
This was quite a common occurrence, and it is still possible for services using bitcoin addresses to be compromised by this attack. By requiring authentication of the receiver (in our case, BitPay), Payment Protocol ensures that you do not send money to people you aren't intending to pay.
Q. How does Payment Protocol affect my privacy?
Since your wallet communicates with a server for a Payment Protocol payment, the payment recipient (BitPay's) server will know and log your wallet's IP address. This does not expose any additional personally identifiable information about you, but many privacy-minded Internet users are understandably concerned about revealing their IP addresses.
Since your computer's IP address is already logged by BitPay.com (and the merchant's website) whenever you view and pay a BitPay invoice, the only new IP address logging happens if you are using a wallet on another device with a separate IP address.
It is possible to mask your wallet's IP address with a VPN or Tor whenever you connect to the Internet pay. BitPay processes payments for a number of great VPN providers.
Q. Doesn't Payment Protocol rely on "legacy signature security"? (ADVANCED)
Some wallet developers have questioned Payment Protocol's use of SSL and PKI (public key infrastructure) for signing bitcoin payment requests.
x509 SSL certificates are the same certificates used to verify the identity of sites like Google.com and Amazon.com and BitPay.com. SSL isn't perfect, but it's the technology that keeps you safe while you're browsing all of the websites you rely on everyday, from your bank's site and your HR provider's website to Gmail and Twitter. If PKI is compromised then every https-protected site is compromised as well, including Google, Facebook, and other widely used sites. We have no reason to suspect this.
These criticisms are not new. Thankfully, BIP 70's architect Mike Hearn answered them when BIP 70 was announced. You can read Mike’s response. In it, he concludes:
"Usable security is hard. When tested, widely used systems often turn out to be nothing more than placebos. SSL is one of very few crypto systems that’s in daily usage by hundreds of millions of people."
In short, SSL and PKI may not be perfect, they're very good and very useful for verifying the identity of the person you're paying or visiting on the web.
We have also introduced our own alternative to x509 certificates by enabling wallets to use Bitcoin cryptography (ECDSA signatures) to verify the authenticity of payment requests. From our announcement:
"This new support for ECDSA signatures significantly reduces the development effort required for wallets to support Payment Protocol. The original BIP-70 Payment Protocol spec requires wallet developers to write code to support and verify a PKI/X.509 SSL certificate authority (CA) chain. This can be complex and difficult for many wallets to implement. With BitPay's JSON Payment Protocol interface, wallets can choose to verify the details of payment requests signed by ECDSA signatures, without the need to support X.509 certificate validation."
More Questions and Resources
Is there something we haven't covered that you want to know about Payment Protocol? Send us your tips or article requests at thoughts@bitpay.com. We want to address your questions.
If you want to read more, check out our previous work on Payment Protocol:
- Learn more about why we moved to adopt Payment Protocol URLs and QR codes in place of bitcoin addresses.
- Read our CEO's recent post on the security and usability gains Payment Protocol brings to BitPay users.
- Check out more results from our implementation of a Payment Protocol requirement on BitPay invoices.
Comments
0 comments
Article is closed for comments.