[cgjaro]

"But that's rarely good enough"

Yes it is. The vast majority of Bitcoin services and users wait for only 1 confirmation. Waiting for 6 confirmations is "excellent" whereas 1 confirmation is "good enough" (when was the last time we saw a Bitcoin double spend attempt? Never!). But arguing whether 1 confirmation is good enough is a moot point. Bitcoin competes with traditional international payment systems where it is common for transfers to post in 1-3 days especially across weekends or bank holidays ("post" has a specific definition, look it up). So even waiting for 6 confirmations makes Bitcoin faster than traditional systems.

On the other point, true, many people rely on 1 exchange, or place their coins in 1 online wallet service, which makes them vulnerable to incidents typically affecting centralized systems. But this is not a problem inherent to Bitcoin. Not at all. This is solved by educating users, by new services (eg. hardware wallets like Trezor), and by "natural selection" (eg. people who lost coins on MtGox tend to learn their lessons, weak exchanges die, secure ones remain in use, merchants can very easily use multiple Bitcoin processors at once, etc).

[eridius]

> The vast majority of Bitcoin services and users wait for only 1 confirmation.

They do? Before posting that comment I looked up information on transaction confirmations to check that my "1 hour" figure was correct, and the documentation I found stated that the recommendation is still to wait for 6 transactions, and that you may choose to use as little as 1 transaction for low-risk situations where e.g. you're selling cheap easily-replacable items, but that you should use more confirmations for other transactions.

> So even waiting for 6 confirmations makes Bitcoin faster than traditional systems.

But we're not talking about Bitcoin compared to other traditional systems. The context here is in comparison to Stellar, where conformation happens in seconds (worst case would be minutes, if there's network issues).

[cgjaro]

Correct, best practices and doc says to wait for 6 confirmations. But in practice, very few people do this. For example you can send bitcoins to your Coinbase wallet and sell them without even waiting for 6 confirmations.

Let me explain to you why this is okay in practice. A merchant will in general send something to the customer (a seller would ship an item, Coinbase would send an ACH bank transfer, etc). But because sending the service or product to the customer takes time, this gives time to catch double spend attempts. So a merchant considers 1 confirmation as sufficient, and prepares the shipment right away, or initiates the ACH right away. But if in the next hour the 2nd-6th confirmations never come (eg. the 1st confirmation ends up in an orphaned block) then the merchant can cancel the shipment of the item, or cancel the pending ACH.

[eridius]

But that only works when the merchant's half of the transaction is cancelable/reversible. That would never work in, say, a retail store, because the merchant can't catch the guy an hour after he's walked off with that $2000 computer.

[cgjaro]

Merchants are ALREADY taking a risk with credit cards if, after walking away with a $2000 computer, the guy issues a fraudulent chargeback.

So if a merchant accepts the (non-negligible) risk of credit cards chargebacks, he will accept the (even smaller) risk of a Bitcoin double spend :)

[eridius]

Yes there's a risk, but it's a relatively small one. There's a chargeback arbitration process, so the guy can't "just issue a chargeback" and be done with it. Also, credit cards are tied to identity, and anyone that issues fraudulent chargebacks may lose their credit card or have other penalties applied. Heck, if it's for a large enough value, maybe they'll get arrested for fraud!

Regarding bitcoin double-spending, FWIW, a few years ago when MyBitcoin.com shut down, they claimed it was due to a series of double-spend attacks that were successful because they were only using 1 confirmation: https://bitcointalk.org/index.php?topic=34770.0. More recently, GHash.IO successfully executed double-spend attacks against BetCoin Dice, although it looks like they may have been using 0 confirmations?

[cgjaro]

The risk for credit cards is there. And yes it really is as easy as issuing a chargeback and maybe claiming your card was stolen. The only reason it is not occuring more often is because most people are honest, that's all.

I demonstrated to you that accepting bitcoins is safer than accepting CCs in most scenarios like (1) when the merchant's half of the transaction is cancellable, or (2) when the merchant waits for enough confirmations. Now in the last scenario (3) where not only the merchant does not wait for confirmations but the transaction is non-cancellable (eg. guy walking away with laptop), nothing inherent to Bitcoin PREVENTS the merchant from taking all the same precautions he takes for credit cards: for example he could check your ID, check your credit score, verify your presence in his own database of high-risk customers, etc. Bottom line is neither in (1), nor in (2), nor in (3) is Bitcoin inferior/riskier than CCs. In fact it is clearly superior to CCs in 2 out of 3 scenarios. There was a great Mashable article recently explaining merchants love Bitcoin precisely for this reason: http://mashable.com/2014/08/06/bitcoin-retailers/

MyBitcoin claim they were using 0 confirmations, not 1. (But many in the community and myself included think their whole story was a lie and that instead MyBitcoin stole the bitcoins, but I digress...) BetCoin also was using 0 confirmations.