The financial system bears much of the cost of fraud, and avoids externalizing the cost of poor security. That's not true of Bitcoin, where losses are for the most part irrevocable. Bitcoin might be more "secure" in some fiddly sense, but the credit card system is much safer for normal people.
> ...and avoids externalizing the cost of poor security.
This is not true in the case of at least one major brokerage firm in the United States for account thefts via cyber-attack (I know this through first-hand experience helping the victim file reports with various LE and regulatory agencies), and all brokerage firms if my read of the regulatory requirements is correct. As the regulatory environment stands today in the United States, if your account is broken into via computer hacking and drained, then you have no recourse other than to appeal to the brokerage institution. It is completely up to the institution whether or not to engage restitution, when (in the case I'm familiar with, no word other than "we're still investigating" for the past five months), and in what manner they treat the case and communicate with you.
Elsewhere in this thread, patio11 already pointed out the cost to mount various attacks. After some quiet questions around some Wall Street contacts confirmed other accounts (but not a massive number of accounts) were also drained at the same institution, I'm reasonably convinced that at least one black hat or black hat team has figured out to use this regulatory hole to their advantage, to wit:
Drain only a few accounts, and the institutions externalize the cost of the poor security upon the account holders themselves.
This points out an interesting problem: apart from sheer trust in traditions of financial institutions, how does an account holder prove that they themselves did not drain their own account, when the financial institution's own computer systems and potentially even their logs have been subverted?
If you are a tech journalist that wants to research this story, I'm happy to respond to questions over PM, and direct you to the actual victim.
Bitcoin might be more "secure" in some fiddly sense, but the credit card system is much safer for normal people.
A chargeback system is a protocol requiring centralized trust. A company will no doubt implement this.
Centralized trust is of course necessary. One could argue that it defeats the point of bitcoin. Yet that's not true, if you think of bitcoin as being a currency (rather than a "secure" currency, or any other label). If it's a currency, then a chargeback protocol is simply a company waiting to happen. And the company would necessarily have to be large, because it has to bear the cost of fraud. Luckily, PayPal has already done a lot of the homework necessary to pull off such an endeavor.
Lastly, it doesn't matter what normal people use. It matters what will become convenient for normal people to use. That's a subtle distinction, because it means as soon as infrastructure is built then people may start using it by default.
For the case of buyer-seller disputes, Bitcoin has a really neat way of handling escrow with its m-of-n transactions [1]. You can make a payment that requires 2 of 3 public keys (the 3 keys being the buyer's, the seller's, and a trusted third party) to be redeemed. If the buyer/seller agree, they can move the money on their own. If they don't, they can go the the third party and solve it with them. Yet, the third party never controls the money and can't take it without one of the buyer/seller signing the transaction. Indeed, all is needed is some trusted company to start doing that.
With Paypal you get one option for dispute resolution: Paypal. With Bitcoin, you can have any number of companies compete to be the arbitrator for your transactions. May the most even handed one win.
How? By paying higher APRs for their credit cards? It's a competitive market. If companies are going to guard their margins by passing fraud costs to users, the companies that do a better job of mitigating fraud will capture market share by offering lower rates.
I submit that that hasn't happened because financial institutions don't in fact pass these costs straight back to consumers.
Really? I think it's more subtle - fraud detection is big business (Palantir et al) and presumably companies have to find a cost / benefit compromise between building their own solutions vs. contracting it out to experts. It might well end up cheaper and easier to add a .5% APR penalty to all their customers and take the hit on retention; it's not THAT competitive out there (at least here in the UK) IMO.
Plus, even though credit card companies compete individually, as an industry they all have a strong incentive to work together to prevent fraud. Loss of trust in Visa/Mastercard as a brand would be catastrophic to all issuing banks.
> as an industry they all have a strong incentive to work together to prevent fraud.
Do they? It looks to me like the industry has treated the fraud problem (which they created) as an opportunity to sell more services (credit monitoring, fraud protection, etc.) without addressing the security problems with their antiquated technology.
Lots of different cards! Blue ones, red ones, green ones, silver ones, ones with kittens on them, ones with a picture of my choosing. None of them have much in the way of material differences though.
And where do you think that money comes from? The financial system bears the cost of fraud by taking more money from everyone. That's an horrible replacement for proper security.
I'd much rather to simply pay insurance to cover for fraud, or avoid paying that if I know that I'm storing my money securely - mostly offline and encrypted with a password that only exists in my head, and small amounts for day-to-day usage somewhere more accessible.
Facile. Where do you think security comes from? It comes from money: engineering interlocking distributing systems to be free of vulnerabilities is extraordinarily expensive.
The question isn't whether systems are or aren't secure. Security is a function of the capital invested in making systems secure. The question is who bears the cost of securing systems. The financial system puts much of the burden of that cost onto the financial system itself; it is thus incentivized to mitigate fraud.
