Confirms for me that Bitcoin is on track to disrupt credit card payments, possibly ACH/Wire, and not to be a replacement currency. Credit cards handle about 3.6 trillion/year in transactions. With 3% per transaction fees, chargebacks and equipment costs -- there are plenty of reasons for merchants to increasingly accept BTC provided companies like Coinbase are prepared to take the BTC market risk by sweeping BTC into local currency.
Exactly. I still use plastic even when btc is an option. Credit cards are simply better for the consumer (instantaneous transaction, chargeback/dispute and points)
This suggests you haven't tried paying with bitcoin. Sure, you lose all those things you get with creditcards, but for me some advantages that bitcoin offers over credit cards (and yes I'm a consumer too) are more important, such us:
- I'm not afraid that any of the providers where I have bought things gets hacked, because my identity and payment details is not kept by them.
- Paying with bitcoin is so much easier, I don't need to copy stupid numbers from a card with my keyboard ever again.
- I don't need to check my bank account from time to time to see if I had charges that don't correspond to things I didn't buy.
- I'm not afraid of bank commissions that especially take place when I pay for things abroad.
These are the little things that will make a universal-worldwide-digital-coin succeed. Could be that this coin is bitcoin, or other one.
I'm not afraid that any of the providers where I have bought things gets hacked, because my identity and payment details is not kept by them.
Aren't you just trading the risk of the merchant being hacked and stealing payment details (which with credit cards, can be fixed by simply issuing a new card) for the risk of someone getting access to where you store your bitcoins (where you effectively have zero recourse)?
That seems like an unbalanced tradeoff from my perspective.
Which is easier: securing only 1 hardware wallet, or securing the HUNDREDS or THOUSANDS of merchant systems that your credit card information flows through?
If you fail with your wallet there is no recourse and you're out of luck. If any of the "HUNDREDS or THOUSANDS" of merchant systems fail you are not held responsible and in the worst case get any missing funds back after a small waiting period. Usually the worst thing that happens is you'll have to update a couple recurring payments, but they'll sometimes even help you with that (Amex!).
You are wrong, in many cases the customer has no recourse for credit card fraud: https://news.ycombinator.com/item?id=8918865 People think credit card anti-fraud measures are perfect. They are not.
I don't think anything is perfect, but with BTC there is a 0% chance of recourse. I'll take the option with a ton of consumer protection law and someone to sue over the Wild West any day of the week.
These consumer protection laws protect you regardless of the manner of payment: bitcoins/dollars/whatever.
You CAN and SHOULD use the legal tools at your disposition (lawsuit, small claim court, FTC/BBB complaints...) if you get scammed after paying in bitcoins. You definitively have a chance of recourse. These tools work, that's why we have them.
For example the U.S. Securities Exchange Commission successfully prosecuted Trendon Shavers (he was running his scam denominated in bitcoins).
The consequences of failing to secure my hardware wallet are that I lose all my money.
The consequences of failing to secure a merchant system are that I have to get a new credit card and maybe click the "dispute" button on my bank website a couple times.
It is very rare for people in countries where cards have PINs to both lose a card and give away the PIN to the thief. Banks have educated customers well enough to not write the PIN on the card.
Likewise, a PIN-protected Bitcoin hardware wallet is reasonably pretty secure. You would need a thief with professional equipment to decap the secure chip to access data in the EEPROM that would otherwise be PIN-protected. I would trust this any time over the merchants systems which routinely get hacked over and over.
If it's pin protected then either it has to be used with another system that can lock out pins or I can build a robot to try all pins using simple plans from the internet. Problem solved. So how does this device help again?
Also it's quite common for people to give their pin to thieves it happens at ATM stick ups all the time. The difference there is in cases where they are forced to withdraw money they aren't liable(it's considered the bank being robbed not them) and in cases where the thief takes the info and runs they can call the bank cancel the card and not be out anything.
Clearly you have no idea how secure or tamper resistant chip technology works. To prevent such brute force approaches, they are designed to limit the maximum number of attempts, before they permanently disable themselves, which prevents you from trying all combinations.
As to liability, I have pointed out in this HN thread multiple instances where customers are in fact held liable (60-day rule, stolen PIN).
Your 1 example requires the person to not check their statement for 2 months. That means there is a 2 month safety window. Do you have numbers on how many people actually have that problem vs the numbers for the ones it works fine for? I would put money on the former being less than a hundredth of a percent
Your second one has been debunked where you originally posted it
It could be handled the same way as when you forget your credit card PIN. Contact the company who sold you the hardware wallet and who verified your identity when you purchased it, and they could reset it: each wallet could have a rescue passcode that only the company knows. You see, Bitcoin is flexible enough that it lets us develop whatever infrastructure we want on top of it. Even though this service does not exist yet, if it is something people want it will likely be created.
So if your friend Bob wants no one to know his rescue passcode or his identity for ideological reasons then he would himself be responsible for safeguarding the rescue passcode. But if you, sanswork, don't trust yourself to memorize the passcode, buy a hardware wallet from such a company. Either way, you or Bob have a choice of having a wallet work the way you want it to work.
> Your 1 example requires the person to not check their statement for 2 months.
Not necessarily. There are other tactics that scammers use to defeat chargeback protections. For instance they will delay the shipment after you purchase. They will claim multi-weeks long delays due to depleted warehouse stocks. They will ship to a "wrong" address. They will ship the "wrong" item and take time to re-ship the correct one. During all this time they will be all nice and apologetic to make it look like these are simple honest mistakes. After the 60-day limit passes, they cut contact with you, you realize it's a scam, you try to charge back, and you realize you can't! You were not aware of the 60-day limit. The scammers have your money. You are screwed.
> Paying with bitcoin is so much easier, I don't need to copy stupid numbers from a card with my keyboard ever again.
Things may have changed, and this is by no means a critique of Bitcoin as a protocol, but I've had the opposite experience so far.
For online purchases at best, in order to make a purchase, I've needed to copy the address to send payments to, log into my wallet, paste the address, go back and copy a code from the website and paste that in the memo, and enter the correct payment amount. At worst, it's required multiple emails because things were broken.
For online credit card purchases, it's been as easy as clicking a single button (Saved CC info), and having everything simply work. Entering the CC info is a little more work, but I wouldn't say its significantly easier than the Bitcoin experience.
In person purchases are slightly easier, but it still requires some form of taking a picture of a QR code and waiting a minute or two for the payment to go through. With a credit card its as easy as making a swipe and sometimes signing.
I have hope that one day paying with bitcoin will be easier, but so far I haven't experienced this.
Seems like Apple Pay addresses most of your concerns. But, when you say you are not afraid of getting hacked. What about bitcoins stolen from mt gox/bitstamp ?
Have you ever had your credit card stolen? Have you ever had it frozen and not been able to spend your own money? These things happen constantly but never happen when paying with bitcoin. The more you have to deal with banks the more of a breathe of fresh air it is to pay in btc.
Credit card fraud is incredibly rampant and the security measures in place by banks and sites is so over the top it becomes difficult to even use them. Use ghostery? Your transaction won't go through with an unknown error. Use a VPN? Your transaction won't go through with an unknown error. Paying from a different computer? A different IP? Using a different address? All these things are a recipe for being on hold with your bank for 45 minutes when you all you wanted to do was order $50 of stuff from NewEgg.
I use my credit card a lot for all sorts of things. In the past 3 years I can only remember my card being rejected once. An when this happened I immediately got an automated call that allowed me to confirm my transaction (so I was still able to use that card to pay).
My card was also stolen once (someone copied the magnetic stripe). Once this someone did a transaction on the other side of the country I immediatelly got a call from Amex which proceed to refund that transaction and to send me a new card. IIRC a replacement card arrived in the mail on the next day. In the mean time I just used my debit card to pay for things.
You obviously have no idea what you're talking about. The consumer isn't responsible for Credit Card fraud - if it's stolen my bank reimburses me for transactions I did not commit.
If bitcoins are stolen you get what?
Specifically the lack of fraud protection is obviously advantageous for merchants (who often are the ones, not the banks, paying out in the case of fraud) but for the consumer its distinctly worse.
> The consumer isn't responsible for Credit Card fraud
Wrong. In many cases he is responsible.
Scenario #1: 60 days (typically) after the transaction, the customer has no recourse to report fraud. You were browsing your credit card statements and notice a $50 charge 2 months ago that you never authorized? Tough luck.
Scenario #2: When the card was physically present during the transaction, and when a pin code was used, the customer is always (edit: I meant "typically") held responsible unless he can prove he and his authorized users were definitively not present.
>Scenario #2: When the card was physically present during the transaction, and when a pin code was used, the customer is always held responsible unless he can prove he and his authorized users were definitively not present.
I think you ought to fact check on Scenario #2 (at least in the US), The merchant is responsible for confirming the identity of the customer matches the one stated on the card - the customer does not need to prove anything.
As for Scenario #1 - the 60 day limit is quite reasonable. What kind of investigation of unauthorized usage could a bank possibly conduct 60 days after an unauthorized $50 payment?
Regarding the advisory letter, it just requires the bank to "investigate". The bank can still conclude the transaction was authorized and deny your claim to cancel the transaction. So it will be your responsibility as a customer to prove that you were not present during the transaction.
Regarding scenario #1, it is irrelevant if the amount is $50 or $1000. My point is, you have no recourse. Credit cards won't protect you from fraud in this case.
Again. You are incorrect and you don't what you're talking about, banks need to send a written explanation of a denial and in most cases they aren't partial (because usually they aren't the ones paying the refund) - since legally the merchant is responsible for confirming customer identity (it's not the customer that would have to prove they weren't there).
Anyways, debating the effectiveness of consumer fraud-protection is quite beside the point, since Bitcoin offers absolutely no fraud protection and very circumstantial utility (i.e. the ability to make anonymous or pseudo-anonymous payments).
In other words, if a thief somehow steals my PIN, I will be liable as a customer. If you still don't believe me, read any of the stories reported by journalists explaining how banks reject fraud claims when the PIN was used: http://mymoneycounselor.com/card-fraud-blame-shift Merchants may be responsible for verifying the customer's identity, but often they don't. This is why credit card fraud is prevalent.
> debating the effectiveness of consumer fraud-protection is quite beside the point
On the contrary, this is important in this debate. You can't use "zero-liability" as a reason why credit cards are superiors to Bitcoin when I prove to you customers are actually held liable in many cases.
Bitcoin can be superior to credit cards, because when the wallet is properly secured (for example a passcode-protected hardware wallet), theft and fraud becomes increasingly unlikely, whereas credit card fraud continues to become a bigger and bigger problem, and banks increasingly shift the liability toward customers as I documented above.
Note that the definition does not take into consideration whether you think the victim should have done more to protect themselves, just as the fact that every year thousands of criminals are successfully prosecuted for stealing even in cases where homeowners did not have dogs, 24x7 security guards, etc.
Also the analogy that other person raised ("Your stuff can't be stolen. Period. A different thing is that you may suck at protecting your house") is a good one too.
However, we're talking about different things here.
When do bitcoins really get "stolen"? When terrible things happen, like if people install malware or trojans by accident, or don't apply security updates to their systems.
This, to me, is the equivalent of leaving the door of your house wide open. Not simply not putting an alarm system, you know.
That is, if you want to use bitcoin, have some common sense and minimal computer knowledge, first (minimal includes knowing how to keep your operating system updated, not be a certified sysadmin).
> When do bitcoins really get "stolen"? When terrible things happen, like if people install malware or trojans by accident, or don't apply security updates to their systems.
> This, to me, is the equivalent of leaving the door of your house wide open. Not simply not putting an alarm system, you know.
In that case, you should think more carefully about the problem because you're conflating two unlike things. Even ignoring the fact how many bitcoins have been stolen were compromised by previously-popular third parties, your current position is the equivalent of hearing about someone's house being broken into and saying “Oh, your stuff wasn't really stolen – everyone knows that you shouldn't buy a Kwikset lock/ever invite guests over/forget to arm your alarm”.
Designing a system which assumes humans will perfectly follow the best operating procedures is the security equivalent of hawking a perpetual motion device. In the real world, people delay updates or get let down by an unreliable updater, get hit by zero-days or suckered by scammers, etc. Anyone serious about building a financial system needs to plan for that and build in layers of safety precautions.
I get that you really want Bitcoin to succeed but the way to do that is by taking problems seriously and working to fix them rather than pretending them away.
This is a painfully absurd statement. You aren't doing bitcoin any favors by disingenuously suggesting that it cannot be stolen; everyone knows it can be, and faulting the victim for not properly securing their operating system (a feat that even billion dollar corporations often fail to achieve) is exactly the wrong type of message to be broadcasting to the masses.
So, if someone robs you at knifepoint on the street and takes your wallet, your wallet has not really been stolen, because you failed to wear adequate protective gear?
Obviously if I'm keeping my bitcoins in a private wallet on my computer and the computer is stolen, then I they are probably gone, like cash. But, I would assume that it is possible to have some insurance? If I had my house insured and cash was stolen, I could be reimbursed by the insurance, correct? I would assume the same thing could be done with bitcoin? And what about a situation like with Coinbase, if they are "hacked" or whatever, isn't it at least theoretically possible that the bitcoins could be insured? I think just as bitcoin fanatics are overzealous about the enhanced security of bitcoin, the other side can get a little short-sighted by not imagining any scenario where your bitcoin deposits are insured in some way.
The difference is that I don't go around sharing my bitcoin private keys with Target like I'm forced to do with my credit card details. FWIW I've never had any BTC stolen but I've had multiple credit cards canceled by my bank 'for my protection'.
I have. It was pretty inconvenient, but after a call to the bank, the stolen card was cancelled and the unauthorized transactions were reversed. If your bitcoins are stolen, the money is gone forever without any possibility of recovering the funds.
> Have you ever had it frozen and not been able to spend your own money?
No, that's never happened to me. I have once had a very large transaction automatically declined in the past, which was also inconvenient at the time, but the bank called me about it within 60 seconds of the transaction and I was able to resolve the issue right there. Reflecting on it later, I decided I liked the fact that my bank sought additional verification before authorizing a very large and unusual transaction.
> Credit card fraud is incredibly rampant and the security measures in place by banks and sites is so over the top it becomes difficult to even use them.
This is not an issue for me or anyone I know. I've never had a bank card payment rejected because of ghostery or an IP address or my VPN. Besides, even if I did, there is no reason why a business could not use identical signals for rejecting a bitcoin payment, especially since the consequences of bitcoin fraud or much more severe for the consumer.
For the vast majority of consumers, bitcoin as currency, offers almost nothing in the way of advantages over bank cards; that's just the reality. This isn't to say that bitcoin is useless or that banks always have their customer's best interest at heart, but there's really no denying the fact that banks are safer and more convenient than bitcoin for most people.
That depends on what you're selling. If your store sells "high risk" items (I know electronics are a high risk item, and adult content as well), the fee can exceed 3%, as I understand it.
No, the solution is either for consumers to purchase from trusted stores only, or for a company to take over the role of arbitrageur between buyer and seller -- for a fee, of course.
Basically splitting the functionality of PayPal into two: 1) payment processing and 2) dispute resolution.
Why do people keeping talking about BTC replacing credit card payments? BTC does not offer credit. It might replace debit cards (BIG might), but credit cards exist for a reason.
In order to replicate the credit card payment process you have:
prebuy bitcoins. Not only is this a bitch to deal with, but it costs money. Transaction fees, hidden or not. Sure you can buy on an exchange but that has a small fee plus the risk they'll steal or lose your coins. Buying from an ATM or broker has a fee. Even if it isn't explicit they'll get you on exchange rate spread.
Some sort of escrow service. If Amazon doesn't ship me my TV, I can cancel the charge on Visa. Either you forgo this or you pay for it. This will have a fee.
There is volatility risk.
Then the merchant still has some fees. They have to pay Coinbase their fee.
When accounting for all the risk I doubt it's cheaper.
That isn't even considering that confirmation time is like what? 10-30 minutes?
Bitcoin will be the silk road currency but not much else.
You can buy bitcoins at Circle for free. And sell, too, at the same price. No spread obviously (as that would mean you can arbitrage, as their buy and sell price are exactly the same).
Volatility risk is inherent to every single currency. The swiss franc just had a 30% change in value. Bitcoin's volatility is going down every year, look at the charts, and it makes sense, too. Deeper markets are harder to move. There's nothing particularly unique about bitcoin that makes it volatile except its youth and nascent ecosystem. Over time its predictable supply curve makes it less volatile than most of the world's currencies for most of the world's population that don't live in stable OECD economies with decent currencies. There are numerous countries with 10-20% inflation and wild swings.
Is bitcoin any better? Well again, its volatility is going down every year. But already you can go to Bitreserve and lock in the price to a dollar or euro or gold or yen or whatever value. So if you're in Kenya, instead of 10% inflation, you just keep your money according to the dollar rate if you want, enabled by bitcoin.
Merchant fee? Bitpay offers 0% processing for all. Their most recent merchant taking bitcoin through Bitpay (at 0% fees) was Microsoft.
Transactions are instant, confirmation time can be mitigated as it's a function of risk. Cup of coffee needs no confirmation time. Amazon needs no confirmation time. (if the customer double spends it, you simply cancel 15 minutes later and the item supposed to ship the next day won't arrive.) Xbox Live needs no confirmation time. (account gets shut down after 10 minutes of trying to set up a multiplayer game of Halo, xbox gets fingerprinted and it and the ip gets blacklisted for fraud. Remember only the owner of bitcoin can double spend through careful effort, meaning you can be near certain fraud was intentional.) In short, virtually all of online retail has no real confirmation issues long term. And software solutions are in progress, there was one posted just last week, can't find it atm.
Escrow: it's just an insurance service, no reason there won't be a company offering it. In fact escrow with timelocks and multi-sig already exist. It's a bit of a long discussion but look into Mike Hearn's presentations and articles on this, the short story is that with bitcoin you can get much better and fairer and more specific expert escrow services to fit your particular niche. Paypal and Amazon's systems aren't adequate and allow too much fraud and require too many costs.
Whether the customer or the merchant pays isn't relevant, the customer ALWAYS pays, it's not like the merchant will pay extra fees from his money-tree in his backyard. The customer pays. So if you have an expensive escrow system that screws over merchants and lets criminals chargeback lots of transactions stealing products essentially without paying and the merchant has to pay for expensive processes to get their product/money back, or let it slide, then the company will raise prices to make up for the losses or go out of business. Customers pay.
Same with creditcard theft. Oh you don't have to pay if your CC gets stolen and someone spends $1k of your money? You still pay. Mastercard isn't giving you $1k. They're either taking it from the merchant (see above), or they're paying you money out of revenues. Surprise, in both cases, you're the source of revenue. Banking isn't cheap, there are enough articles on this online just check 'm out. A checking account averages about $200 a year? Credit is hugely overpriced? Paying 15-20% a year on credit when if I put money in a savings account I can barely get 0.5%? That's obviously because there's no peer-to-peer lending, if there was you'd both pay/get 10% and be better off by 10%. But people accept crazy rates on creditcards, why? Because the regular use is free or insured or promoted. All of those things you think are 'free' or 'cheap' are only such because you're getting screwed in other areas of your financial services.
In short, creditcards are a 1950s invention that are hugely unsecure: people walk around with plastic cards with their freaking entire password (doubles as an account number) printed on it. And everytime you want to pay, you show your password. It's insane. And then if something goes wrong, you charge it back. All of this costs money, there's a ton of theft and fraud with this system and the customer ends up paying for it. You're deluding yourself if you think that's cheap, it's like getting a free razor and being oblivious to the fact you're paying a shit ton on the blades.
Let's do this point by point, cause I'm bored at the moment.
> Volatility risk is inherent to every single currency.
Except for the currency that's native to your country. I do not have "volatility" risk holding USD, purchasing things with USD. I do have volatility with BTC, even sans the export to fiat, as BTC is only valued based on it's worth relative to other currencies.
> There's nothing particularly unique about bitcoin that makes it volatile except its youth and nascent ecosystem.
So, you're saying a decentralized, pseudonymous digital currency whose scarcity is not derived from policy mandates and whose trade value is not backed by anything beyond what someone is willing to buy it for in another currency, that can only be acquired by purchasing said currency from a third-party, has no properties that are particularly unique to it that would influence volatility?
> Over time its predictable supply curve makes it less volatile than most of the world's currencies for most of the world's population that don't live in stable OECD economies with decent currencies.
See above.
> Merchant fee? Bitpay offers 0% processing for all. Their most recent merchant taking bitcoin through Bitpay (at 0% fees) was Microsoft.
BitPay offers a 0% processing charge and makes money on the spread. Also, that's basically a "for now" situation. Third, even if you remove that fee, there are miner fees involved with any transaction you'd like to actually have verified in a decent chunk of time (they are tiny, but there.)
So "0% merchant fees" is a completely disingenuous statement.
> Transactions are instant…virtually all of online retail has no real confirmation issues long term.
So, transactions are instant but aren't instant, but that's OK because for most things they don't need to be instant, but it's important that transactions be instant (which they aren't).
Gotcha.
> Escrow: it's just an insurance service, no reason there won't be a company offering it. Paypal and Amazon's systems aren't adequate and allow too much fraud and require too many costs.
So, instead of placing escrow responsibility on the shoulders of the merchant and banks, we should place it on the shoulder of the consumer, and make them pay for it, because that's a great idea.
> Whether the customer or the merchant pays isn't relevant, the customer ALWAYS pays, it's not like the merchant will pay extra fees from his money-tree in his backyard.
The assumption here, and it's so hilariously common I have zero words for it, is that merchants, if you pay with BTC, will discount their products to reflect the 1-3% fee they're saving.
Just like how, when you pay with cash today, people commonly discount things by 1-3%.
> Same with creditcard theft. Oh you don't have to pay if your CC gets stolen and someone spends $1k of your money? You still pay. Mastercard isn't giving you $1k.
Correct, almost, but not at all!
Mastercard isn't actually paying, in many, many cases. More often than not, they simple reverse the transactions and make the merchant deal with absorbing the cost. Otherwise, you're right. MasterCard pays out their revenues, which are funded by interest on debts and merchant fees.
So, I pay a fee to MasterCard for letting me borrow money I don't have, and merchants pay a fee to MasterCard so they can take get money people don't have, and to you, this is a bad arrangement?
> Credit is hugely overpriced? Paying 15-20% a year on credit when if I put money in a savings account I can barely get 0.5%? That's obviously because there's no peer-to-peer lending, if there was you'd both pay/get 10% and be better off by 10%.
In what universe did you find this magic 10% statistic, and how can we borrow money from it?
People pay high interest rates on credit because it's risky to give them credit. If it's not risky, you pay next to nothing.
Peer to peer lending will not magically solve the rate issue. There are peer to peer lenders out there now, and their rates are actually worse than banks in many cases. But they're also willing to loan to a riskier customer base. Huzzah!
> In short, creditcards are a 1950s invention that are hugely unsecure: people walk around with plastic cards with their freaking entire password (doubles as an account number) printed on it. And everytime you want to pay, you show your password. It's insane.
You're absolutely. That's why the CC industry is working very hard to derive new transaction methods which are more secure. Chip and Pin, Apple Pay, etc.
But yes, by all means, let's abandon all the wonderful, painless, things about our current banking structure so that we might bask in the warm glow of an unregulated, barely-beta quality piece of software.
Because there's absolutely no way our banking system can get better, except for all the ways its gotten better for the last 100 years.
