Barely a day goes by without a digital currency story making the news. From Elon Musk’s tweets about bitcoin and Dogecoin to the latest central bank digital currency (CBDC) projects, it seems only a matter of time before some of these emerging financial instruments become mainstream. But while the price of Ethereum or a press release from the Facebook-backed Diem Association creates clickbait headlines, industry players must continue to focus on the threats to ensure a bright future is achievable.
Security risks, in particular, continue to evolve. In 2020, global cryptocurrency thefts, hacks and fraud totaled $1.9 billion – the second-highest amount on record.1 It is a fact not lost on those central banks and governments assessing whether to launch CBDCs. “The instant nature of CBDC payments means that the system could be an attractive target for hackers or fraudsters who wish to steal funds,” the Bank of England noted in a recent discussion paper.2 “In addition, the CBDC payments system may become a target for hostile attacks with the aim of disrupting the system and, potentially, the wider economy. For these reasons, the security of the CBDC payments system must be of the highest standard.”
Europeans are in agreement. Privacy and security are the two most important features a digital euro should offer, according to a public consultation carried out by the European Central Bank.3
So how can the emerging digital currency ecosystem ensure that CBDCs are as secure as possible? “Security is an essential quality in a CBDC and must be engineered from inception,” the Bank of Canada wrote in a recent analytical note.4 There are various ways to create a CBDC, but when it comes to security, privacy and resilience are two key factors.
To be truly secure, a CBDC requires holistic, defense-grade security. This should cover issuance at the central bank, distribution and storage at commercial banks and other financial service providers, as well as consumers, merchants, and other key third parties. Security is also a lot more than just a technological discussion about appropriate algorithms – it should involve organizational processes as well. Here are some of the key security considerations for stakeholders within the digital cash cycle.