namecheap has become the first merchant to accept bitcoin payments without waiting for confirmations.
How about EVR bar? Cups & Cakes Bakery? Room 77 and the rest at Bitcoin Kiez? The Pao Cafe? Green Ave Market?
All these are bricks & mortar businesses that don't wait for confirmation.
None have reported any double spending having occurred.
I'd like to know what you think of the recent namecheap move? Do you think other merchants will follow suit?
A merchant category that would have the highest risk of loss from accepting payment on 0/unconfirmed would be the quarter machine at an unattended laundromat. In that instance, there is little (or no) profit from each sale, and thus any losses due to double spend translate directly into losses to the merchant. If the attacker has to try twenty-five times before finally succeeding at a double spend attempt with try #26, the attack is profitable to the attacker -- the attacker has both the loot and the bitcoins that were double spent. Since the merchant won't know about the double spend until after the attacker has left (at the soonest), it can be presumed the chance of the attacker getting caught is nil.
Namecheap is a merchant that is on the other end of the spectrum. Namecheap registers domain names, provides web hosting, etc. If an attacker is successful at a double spend, as soon as Namecheap learns of the double spend they have at their disposal their full control of the domain and any hosting services they provide. So at most an attacker would get hours (or maybe a day) of domain registration or hosting and then lose access to the domain. Thus there's absolutely no benefit from attempting to double spend against a merchant like Namecheap.
As long as there's no significant economic benefit from performing the attack, then the merchant will probably be able to absorb any resulting losses when a double spend occurs.
But this is a developing situation.
Currently the stock client doesn't relay double spends and miners and pools aren't for the most part using customized clients that could make double spending easier, such as the "replace by fee" patch:
So if there is a decent amount of hashing capacity using this software, the risk of loss due to double spending against merchants increases. Even if 100% of hashing capacity were to adopt this patch though, for instance, a sit-down restaurant would still have little risk as maybe only 5% of purchases would be by the dishonest, cheating types yet restaurant margins are 30%, let's say.
But what does a grocery store with razor-thin margins do? Well, I see that the merchant processor BIPS also has an E-Wallet. So if the grocery used BIPS as its payment processor it would know right away that the payment is using confirmed funds. For others, the grocery could require identification, for instance. Or restrict to wallets that are supported with green addresses. Or Ripple payments.
Gyft, right now, is the first Bitcoin-accepting merchant that I consider to be the canary in the coal mine. An attacker (thief) can pay for a Gyft card via bitcoin (anonymously, using Tor) , get a QR code for the gift card, send the QR code image as Instagram to a partner (shopper) who uses the QR code to pay for the purchase and leave the premises with the goods.
If Gyft isn't having trouble with 0/unconfirmed double spends, I doubt many other merchants will either.
But that's today. Down the road it may change. In the meantime, merchants accepting Bitcoin payment are gaining new revenue and not suffering payment network losses (due to double spending resulting from 0/unconfirmed transactions) so for now Bitcoin is relatively safe for these transactions for most merchants.