When the Bank of International Settlements (BIS) published its annual central bank digital currency survey in January, it was probably not a surprise to most observers that the percentage of central banks exploring a CBDC made a year-on-year jump from 80% to 86% (Boar, C.and Wehrli, A., 2021). However, as the thinking along the exploratory scale moves from the conceptual to the pilot stage, so do concerns that such an undertaking can be done securely and have the proper consumer protections. For instance, one of the challenges identified by many central banks is how to ensure that the digital currencies that central banks issue can still be accessed “offline,” and be resilient and secure enough to protect against cyber threats and the risk of a potential new type of financial crime: counterfeiting central bank digital currencies. For a central bank that is exploring or progressing toward a CBDC, these organizations need tools to combat a twenty first century version of a millennia old problem. With these problems in mind, on December 14, 2020, Visa Research and Visa Product teams released a white paper that addresses some of the security problems of offline payments. In the three months since publishing that paper, there has been a rapid interest in the report’s findings, and it is worth reacquainting our readers with this excellent analysis. At a basic level, the authors propose a solution to the technically challenging problem of a potential future everyday occurrence: how to use a digital currency when both the payer and the payee are not connected to a payment network.
The paper’s objective is to educate central banks how using an online payment system protocol, or a set of rules or procedures for transmitting data between electronic devices, can allow a user to make a digital payment in CBDC while both users are temporarily offline. This offline payment system, or OPS, can be used to instantly complete a transaction involving any form of digital currency over a point-to-point channel without communicating with any payment intermediary. These are not abstract concerns for regulators and policy makers. Last year, the Bank of England (2020) warned that a CBDC without offline capability, “would limit the usability and usefulness of CBDC” by exposing the buyer, seller, or the central bank itself to the risk that a payment may not be settled.
Even though these are innovative technologies, there is still a risk that criminals may try to exploit these new forms of money and platforms. Not surprisingly, many central banks have pointed out that offline payments, or CBDC in general, must be secure against digital counterfeiting, fraud, and other types of cybersecurity risk and criminal exploitation. In October 2020, the Bank of Japan expressed concern that offline CBDC usage, without proper security protocols, could deteriorate CBDC security and make it more prone to counterfeiting. We know that people will not use technology they don’t trust, which is why the Visa team grounded this technology in tried and true security architecture.
As a first step, the foundation for security in this offline system builds upon the principles of public-key cryptography. Today, most mobile devices, for example smartphones and tablets, are equipped with secure hardware to store keys and other sensitive material that can only be accessed through strong user authentication measures, such as biometrics. It has been shown that compromising these hardware-protected mobile devices without help from their manufacturers is very difficult. This secure environment can potentially make mobile devices a viable option to store a user’s CBDC funds and send offline payments using hardware-protected credentials provisioned by the central bank or one of its delegates. The security of the device hardware is critically important, but provided it has not been tampered with, the process detailed by the Visa team in this paper significantly mitigates the risk against double-spending attacks, or the attempt by an individual – usually in a coordinated fashion with other actors – to spend his or her digital currency more than once.
For the many central banks that are exploring CBDC, the opportunity to make a secure and reliable digital version of cash for their citizens, regardless whether that person is connected to the internet, is critically important. If central banks want to develop a CBDC, it must be made widely available, and in a manner that connects every citizen to the rapid innovations in financial services. Digital transformation holds great promise for society and the broader economy, but only if the technology is accessible to everyone, everywhere.