[Goronmon]

I'm not afraid that any of the providers where I have bought things gets hacked, because my identity and payment details is not kept by them.

Aren't you just trading the risk of the merchant being hacked and stealing payment details (which with credit cards, can be fixed by simply issuing a new card) for the risk of someone getting access to where you store your bitcoins (where you effectively have zero recourse)?

That seems like an unbalanced tradeoff from my perspective.

[venaoy]

Which is easier: securing only 1 hardware wallet, or securing the HUNDREDS or THOUSANDS of merchant systems that your credit card information flows through?

[jonknee]

If you fail with your wallet there is no recourse and you're out of luck. If any of the "HUNDREDS or THOUSANDS" of merchant systems fail you are not held responsible and in the worst case get any missing funds back after a small waiting period. Usually the worst thing that happens is you'll have to update a couple recurring payments, but they'll sometimes even help you with that (Amex!).

I'll take the CC please!

[venaoy]

You are wrong, in many cases the customer has no recourse for credit card fraud: https://news.ycombinator.com/item?id=8918865 People think credit card anti-fraud measures are perfect. They are not.

[jonknee]

I don't think anything is perfect, but with BTC there is a 0% chance of recourse. I'll take the option with a ton of consumer protection law and someone to sue over the Wild West any day of the week.

[venaoy]

These consumer protection laws protect you regardless of the manner of payment: bitcoins/dollars/whatever.

You CAN and SHOULD use the legal tools at your disposition (lawsuit, small claim court, FTC/BBB complaints...) if you get scammed after paying in bitcoins. You definitively have a chance of recourse. These tools work, that's why we have them.

For example the U.S. Securities Exchange Commission successfully prosecuted Trendon Shavers (he was running his scam denominated in bitcoins).

[Amezarak]

The consequences of failing to secure my hardware wallet are that I lose all my money.

The consequences of failing to secure a merchant system are that I have to get a new credit card and maybe click the "dispute" button on my bank website a couple times.

[sanswork]

For almost everyone on the planet the second is easier. People are bad at security.

[venaoy]

It is very rare for people in countries where cards have PINs to both lose a card and give away the PIN to the thief. Banks have educated customers well enough to not write the PIN on the card.

Likewise, a PIN-protected Bitcoin hardware wallet is reasonably pretty secure. You would need a thief with professional equipment to decap the secure chip to access data in the EEPROM that would otherwise be PIN-protected. I would trust this any time over the merchants systems which routinely get hacked over and over.

[sanswork]

If it's pin protected then either it has to be used with another system that can lock out pins or I can build a robot to try all pins using simple plans from the internet. Problem solved. So how does this device help again?

Also it's quite common for people to give their pin to thieves it happens at ATM stick ups all the time. The difference there is in cases where they are forced to withdraw money they aren't liable(it's considered the bank being robbed not them) and in cases where the thief takes the info and runs they can call the bank cancel the card and not be out anything.

[venaoy]

Clearly you have no idea how secure or tamper resistant chip technology works. To prevent such brute force approaches, they are designed to limit the maximum number of attempts, before they permanently disable themselves, which prevents you from trying all combinations.

As to liability, I have pointed out in this HN thread multiple instances where customers are in fact held liable (60-day rule, stolen PIN).

[sanswork]

What happens if I forget my pin then?

Your 1 example requires the person to not check their statement for 2 months. That means there is a 2 month safety window. Do you have numbers on how many people actually have that problem vs the numbers for the ones it works fine for? I would put money on the former being less than a hundredth of a percent

Your second one has been debunked where you originally posted it