This scenario could be handled nicely with the concept of listening nodes:
Transactions are nearly
instantaneous. It's traditional
network confirmations that require tens of minutes. However, as explained by Satoshi, merchants can significantly reduce the probability of a double-spend through the use of a listening period:
https://en.bitcoin.it/wiki/Myths#Point_of_sale_with_bitcoins_isn_t_possible_because_of_the_10_minute_wait_for_confirmationhttp://forum.bitcoin.org/?topic=423.msg3819#msg3819The longer the listening period the greater the assurance that the transaction will be confirmed as is. 10-30 seconds would probably be sufficient. Theoretically, it's possible that the attacker might have a huge cache of hidden miners that would only accept his version of the transaction. But this seems highly unlikely and a huge waste of effort for skimping on a simple meal. It's so much less likely that a payment processor offering the listening node service could likely guarantee the restaurant's payments for a fee far less than what banks charge for the use of credit cards.
Watching transactions is not good enough. I could easily trick a retailer:
1) I have 10 bitcoins in a bitcoin address
2) I buy something for 6 bitcoins
3) I pay by sending the retailer 6 bitcoins but unbeknownst to the retailer I also send myself 5 bitcoins.
If the retailer doesn't see my transaction to myself, and it gets verified first (10 minutes later, long after the retailer was satisfied with my payment and I've left the point of sale), then the transaction to the retailer will fail and be rejected because the funds weren't there (there were only 5 left).
If the retailer does see my transaction to myself because I sent it 10 seconds before my transaction and it passed by the retailer's listener before I even told the retailer my bitcoin address to watch for the transaction from), then how can they prove that this means that my transaction with them will fail? They can claim it will, but I can claim that it won't. I guess they could have a policy that "if anything looks fishy with a transaction then I don't accept it."
But what if I anticipate making a purchase - say, 5 minutes before I am going to go to the point of sale. Then I "empty" out the bitcoins from a bitcoin address with a transaction 5 minutes before I even walk up to the counter. The retailer doesn't know who I am and of course didn't have their 'listener' tuned into any of my transactions until I walk up to their counter. Their listener watches my transaction (that I know will almost certainly fail because my other transaction had a 5 minute head start), sees it go by, and gives the all clear.
Simply put, unless a transaction is in the block chain, embedded deeply enough that the chances of anyone rewriting the block chain to change it are infinitesimal, accepting that transaction is taking a huge risk. There are probably other ways to game the system also. Retailers will never accept non-validated transactions.