Today we talk to Dr. Raoul-Thomas Herborg, Managing Director CBDC at G+D, about the importance and some of the challenges of introducing offline CBDC payments.
Dr. Herborg, why are we even talking about offline payments when we live in an always online digital age?
I think there are three very good reasons why we have to consider offline payments as part of any CBDC ecosystem:
- Legal tender
If a central bank makes merchants accept CBDC as legal tender it has to be as easy as possible for merchants to utilize. It must be universal, accessible, easy to use, regardless of time and place – also in areas without a network connection. - Financial inclusion
Almost half of the world’s population is still offline. For many people it is a question about being able to afford a data contract – so this not just about infrastructure. As of today, these people can only use cash. - Resilience
Unexpected things sometimes happen, and systems can conceivably go down. We need a contingency built into the system for a hopefully never happening situation, where standard payment rails are not available, where we have no network, maybe not even a power supply. It would make a difference if you could still pay.
So, we need CBDC payments to work offline, but won’t that be a challenge from a security perspective?
Security for most users relates to the potential theft of their money. But for central banks security is also an issue in the sense of the risks of counterfeiting in an offline scenario – where you have no back-end system to undertake verification checks.
There are technology-based solutions to these problems. However, we do not believe that secure offline payment is possible just with a standard smartphone app – especially consecutive offline payments, something we make possible with our solution G+D Filia®.
Security is based on the entanglement of software and hardware inside a secure environment, a so-called secure element:
- It allows storage and processing of secret information in a secure way and can be used as an endpoint in an end-to-end security system
- It handles proper symmetric and asymmetric cryptography
- Both hard- and software within the secure element utilize a set of countermeasures in order to resist security attacks
- The resistance against possible attack scenarios is investigated within security certifications such as Common Criteria
Smart cards, wristbands, smartphones, and smartwatches are sample payment devices that can utilize a secure element.