The last time my cc was compromised is when the bad guys injected js into a large e-commerce site and stole the card data. This is a real threat. I’d rather not use any pull based payment mechanism if possible. Push only.
I understand the potential security issues. But the only affect this would have had on you is you would have had to contact your bank to reissue the card and chargeback any fraudulent transaction.
Consider a similar hack on a site that accepted Bitcoin instead of credit cards. The fraudulent JS replaces the payment address with the hacker's address and you send your coin to it. There's no getting your money back now.
I know which outcome I would prefer. However based on your username there is probably some bias in your argument.
Getting new cards is a pain, especially if you are traveling. You are without a card for a bit until it is replaced. And chargebacks are a headache. That is a good point about malware, However I would bet address substitution would be discovered a lot more quickly. Magecart was ripping vendors for weeks before the cc vendors tipped them off. 1 bad purchase flow and the customer complains and the site would investigate. It’s pwned for minutes not weeks. Cc theft can be silent and might only strike its victims months after the compromise.
The difference is the victim. In a malware scenario, cc’s it’s the card holder, with cryptocurrency it’s the vendor that is getting screwed.
> The difference is the victim. In a malware scenario, cc’s it’s the card holder, with cryptocurrency it’s the vendor that is getting screwed.
This makes no sense. The CC holder isn't screwed, they are mildly inconvenienced while they wait for a replacement card. It doesn't matter how many months after a breach it happens - the person who ends up without money is whe merchant who the fraudster used the stolen card with, because they will get a chargeback fee and lose stock (if they sent it out before chargebacks happen).
The vendor isn't screwed in in the cryptocurrency situation. The vendor isn't out of pocket (except for losing a sale). The person who sent the money to the hacked address (i.e you) are. Maybe the vendor will decide to send you the product anyway because their site got hacked, but that would be entirely up to them and not a function of the payment method used.
I can see how it might aid early detection. But I don't see how in that scenario you're safer using Bitcoin. The malware could be on the customers computer rather than the website. It could only be altering one in every 100 transactions. It could not be malware, it could just be a vendor selectively scamming. There are many nice features in cryptocurrency, but consumer protection is not one of them and it's a weird thing to espouse.
> Getting new cards is a pain, especially if you are traveling.
Well, if you lose your crypto wallet - you lose your funds. Generating a new wallet is not going to solve that. Whereas losing fiat cards doesn’t result in my bankruptcy.
