It is very rare for people in countries where cards have PINs to both lose a card and give away the PIN to the thief. Banks have educated customers well enough to not write the PIN on the card.
Likewise, a PIN-protected Bitcoin hardware wallet is reasonably pretty secure. You would need a thief with professional equipment to decap the secure chip to access data in the EEPROM that would otherwise be PIN-protected. I would trust this any time over the merchants systems which routinely get hacked over and over.
If it's pin protected then either it has to be used with another system that can lock out pins or I can build a robot to try all pins using simple plans from the internet. Problem solved. So how does this device help again?
Also it's quite common for people to give their pin to thieves it happens at ATM stick ups all the time. The difference there is in cases where they are forced to withdraw money they aren't liable(it's considered the bank being robbed not them) and in cases where the thief takes the info and runs they can call the bank cancel the card and not be out anything.
Clearly you have no idea how secure or tamper resistant chip technology works. To prevent such brute force approaches, they are designed to limit the maximum number of attempts, before they permanently disable themselves, which prevents you from trying all combinations.
As to liability, I have pointed out in this HN thread multiple instances where customers are in fact held liable (60-day rule, stolen PIN).
Your 1 example requires the person to not check their statement for 2 months. That means there is a 2 month safety window. Do you have numbers on how many people actually have that problem vs the numbers for the ones it works fine for? I would put money on the former being less than a hundredth of a percent
Your second one has been debunked where you originally posted it
It could be handled the same way as when you forget your credit card PIN. Contact the company who sold you the hardware wallet and who verified your identity when you purchased it, and they could reset it: each wallet could have a rescue passcode that only the company knows. You see, Bitcoin is flexible enough that it lets us develop whatever infrastructure we want on top of it. Even though this service does not exist yet, if it is something people want it will likely be created.
So if your friend Bob wants no one to know his rescue passcode or his identity for ideological reasons then he would himself be responsible for safeguarding the rescue passcode. But if you, sanswork, don't trust yourself to memorize the passcode, buy a hardware wallet from such a company. Either way, you or Bob have a choice of having a wallet work the way you want it to work.
> Your 1 example requires the person to not check their statement for 2 months.
Not necessarily. There are other tactics that scammers use to defeat chargeback protections. For instance they will delay the shipment after you purchase. They will claim multi-weeks long delays due to depleted warehouse stocks. They will ship to a "wrong" address. They will ship the "wrong" item and take time to re-ship the correct one. During all this time they will be all nice and apologetic to make it look like these are simple honest mistakes. After the 60-day limit passes, they cut contact with you, you realize it's a scam, you try to charge back, and you realize you can't! You were not aware of the 60-day limit. The scammers have your money. You are screwed.
Likewise, a PIN-protected Bitcoin hardware wallet is reasonably pretty secure. You would need a thief with professional equipment to decap the secure chip to access data in the EEPROM that would otherwise be PIN-protected. I would trust this any time over the merchants systems which routinely get hacked over and over.