> If a criminal spies on my credit card # as I make a purchase and uses that to go on a spending spree I can fix it with the credit card company with little cost but a few hours of time and frustration.
I'll take this one step further.
My credit card company has caught every instance of fraud on my card. So I've had zero hours of frustration yet multiple instances of people trying to use my credit card number. One time they even had the card - they had stolen it that night and tried to use it at a local gas station. A fraud alert woke me up.
This is not a shining example of the security of credit cards, but an example of how insecure they are. We regularly carry passwords into our bank accounts in our pockets, and punch them into random ATM machines on the street in a foreign country, say them over the phone, or type them in while using the coffee shop WiFi. It is no wonder our cards are frequently compromised and the total cost of card fraud is many dozens of billions of dollars per year.
Usually, the credit card company is the one absorbing the cost of this fraud - the food or physical goods that the fraudster purchased doesn't just magically leave their possession.
It is entirely possible to build a company that holds custody of your crypto, extracts rent on transactions or borrows with your deposits, and uses their profits to give you some financial protection up to a certain limit. Most likely within 10+ years your local bank will have some account that will custodially hold some limited amount of funds in crypto that are FDIC insured. But not everybody in the world wants this system, and not everybody wants all of their assets to be held in this way.
Perhaps, but it IS a good example of a system that protects the end user from monetary loss in the event of fraud due to leaked credentials (in this case the card number + CVV + exp date). In my opinion, any system that seeks to replace credit cards needs to have a similar ability to recover user funds in the case of inevitable security leaks, which is something many crypto systems struggle with.
> due to leaked credentials (in this case the card number + CVV + exp date)
That information is practically public already, since you have to provide it to everyone you purchase from online with your card. If you regularly buy things online with your credit or debit card it's less a matter of if the credentials will leak than when. Regular checking and savings accounts are at least as bad given the existence of Direct Debit, a system where practically anyone can take money out of any account just by knowing the routing number (public information) and account number (printed on every check).
Cryptocurrency aside, just compare that to something like PayPal, where the authorization happens directly between you and the payment processor: the merchant never gets your credentials and can't take money out of your account without your express permission. The traditional banking system has the worst security procedures; the design is reminiscent of the early days of the Internet where plaintext passwords were commonplace in protocols like rlogin, FTP, SMTP, and unencrypted HTTP, when authentication was used at all. The only thing keeping it from complete collapse is the absolute fortune they spend on statistical anti-fraud analysis, which completely coincidentally requires them to have deep insight into every transaction passing through their network. Not that they would ever think of using that immensely valuable data for their own gain, of course. Perish the thought.
In any case, Bitcoin and most other cryptocurrencies weren't built to replace credit cards, but rather to replace cash. If someone steals your cash or you somehow manage to hand it to the wrong person or simply destroy it you can't just call up the U.S. Treasury and expect them to put things right. Holding cash and transacting in cash has its downsides, and yet those same risky properties can be extremely useful if proper care is taken. Escrow and human-mediated reversible payments can be implemented on top of a system of irreversible transactions. The reverse doesn't work; you can't very well run an escrow service where the payer can reverse their payment into the escrow account without following the escrow procedures after getting the goods.
Compared to physical cash, as a digital good crypto has several advantages and a few disadvantages. In the latter category you have the obvious risk of hackers compromising the wallet; IMHO a separate, secure, hardware wallet is mandatory if you keep any significant amount of self-custodial crypto. On the flip side, however, it's not all that difficult or expensive to make your crypto more secure against would-be thieves than the gold in Fort Knox if you're willing to put in a modicum of effort, and the possibility of geographically-distributed encrypted backups makes it much harder to separate you from your money if you plan ahead a bit.
That's because they're far more convenient and user friendly, and the fraud detection makes up for that compromise in security. As far as user experience goes, it's a win-win and a superior experience to paying with cryptocurrency.
There can't be fraud of the sort that you get with credit cards on a blockchain unless you leak your private keys.
The fact that security is built around a 16 digit number and 3 digit pin that you share with everyone and can be reused is embarrassing for credit card companies, not a win. Amazing.
good luck building a good UX for a financial system where a small OpsSec error can wipe out your family's fortune.
And you need the private keys to conduct business so obvi they can exit the HSM
And if my 1M USD bitcoin is in some hardware wallet, won't that just incentivize someone to kidnap my kids until i send bitcoin, much like bitcoin breathed new life into ransonware economy after banks mostly shut it down?
Perhaps, despite the examples of ICOs, EVM smart contracts, NFT rugs, and the general flood of fake discords and so on, people assume the central banks and retail banks are a bigger threat than the criminal minds attracted to untraceable and unreversable payment methods?
> And you need the private keys to conduct business so obvi they can exit the HSM
While I agree with you in general, this is false; the whole point is that the HSM can sign transactions using the keys inside it but will never expose them to outside.
Touché on the use, but you propose a non transferable wallet? Or will it replicate to other HSMs with certain credentials? Will the car dealership owner people them replicated cross availability zones or to diverse geolocations? And will the HSM replicate the keys to a hacked HSM if I get the signing keys from an employee of the HSM with a promise of 10% of the winnings?
I'm not proposing anything, and I think these are hard problems. Potentially there are solutions to some of the things you say, but ultimately it's hard to escape the choice between trusting some entity and being able to lose your keys.
My point is that for large important financial amounts, irrevocable transactions are terrible UX.
For instance, my retirement now such as it is, remains pretty safe. I would have to read some financial meme (in the old sense of reproductive ideas) online and go thru a number of complex paper work steps to remove it from the boring fiat place it is now and send it to a much riskier place. The massive too big to fail institution could fail and not have 401ks bailed out, or society could collapse.
If it were some digital wallet, I could loose it just by signing something unrelated to “take all my money” with my private key and boom my wife and my self and my kids and other dependents are SOL.
Given that I have to trust society not to fail anyways to enjoy “stored value” where all value is embodied in and protected by society, i can’t find a way in which the irrevocable transactions benefit me more than the risk of my own laxness and occasional errors endangers the well being of my loved ones.
I don't understand your response. I wasn't debating the intricacies of self-sovereignty. I was pointing out that your understanding of hardware wallets is wrong.
> good luck building a good UX for a financial system where a small OpsSec error can wipe out your family's fortune
You are correct that the key need not leave the HSM to transact, touché. However it is an essential property of valuable keys that they can be extracted for backup or replacement of the HSM, and often for availability. At least the various HSM systems I have worked with.
As I understand it, people have lost their wallet contents due to trusting email, Discord, DNS and SSL protected websites. So if there is no basis for trusting the other parties in an online transaction, it seems any action whatsoever could lead to financial ruin. Even moving my assets to cold storage makes the scenario that my heirs forget how multiparty sig recovery works or just some eager relative throwing away the box of USB drives away.
Mine are minimal; I pay no annual fee and no interest if I pay off in time. So they're effectively just the transaction overhead, which debit demands as well.
Minimal in terms of direct costs to you, but merchants pay 2-3% on EVERY transaction, and I can guarantee you that does end up baked into the prices you pay.
I'll take this one step further.
My credit card company has caught every instance of fraud on my card. So I've had zero hours of frustration yet multiple instances of people trying to use my credit card number. One time they even had the card - they had stolen it that night and tried to use it at a local gas station. A fraud alert woke me up.