A Central Bank Digital Currency (CBDC) is being envisioned to replace a major percentage of cash transactions across the world. China, for example, is very close to being a cashless society1PYMNTS.com. (2022, February 4). China nears fully cashless economy. PYMNTS.com. Retrieved January 30, 2023, from https://www.pymnts.com/digital-payments/2022/china-nears-fully-cashless-economy/. As a result, banks are shutting down their branches and discouraging cash deposits and withdrawals in China, to encourage the use of the Chinese Digital Yuan. As and when the CBDCs across the countries launch and start replacing cash transactions, the dependency of a country’s trade and economy shall increase on retail CBDC transactions, and in such a case, a power outage or loss of contact with the ledger, can bring the economy to a still. Therefore, as a backup, CBDCs should also have the capability to transact offline. This functionality shall make Retail CBDC transactions similar to cash transactions.
Problem Statement – What is Exactly an Offline Retail CBDC Payment?
A transaction is defined as an offline transfer if2Abrazhevich, D. (1970, January 1). Classification and characteristics of Electronic Payment Systems. Eindhoven University of Technology research portal. Retrieved January 30, 2023, from https://research.tue.nl/en/publications/classification-and-characteristics-of-electronic-payment-systems: –
a) a transaction between two users can be achieved, if the network is not available
b) a transaction can be achieved in the absence of a third-party arbitrator
An offline CBDC ecosystem consists of a Central Authority, a bank, a merchant, and a spender. The model proposed by VISA3** arxiv:2012.08003v1 [CS.CR] 14 Dec 2020. (n.d.). Retrieved January 30, 2023, from https://arxiv.org/pdf/2012.08003.pdf, works on a Two-Tier Hierarchical Model where the Central Bank, authorizes a bank or a financial institution to provide a cryptographic key to the digital wallets held by the payee and payor. These digital wallets hold balance that is either transferred from the bank account or Central Bank directly.
Accessing a digital wallet and moving money from one digital wallet to another requires an individual to be present online. However, to move money offline, in the absence of an intermediary bank, and during a temporary network outage, an Offline Payment System (OPS) is required.
To put it in simpler terms, Individual A holding Digital Wallet A should be able to transfer money to Individual B holding Digital Wallet A/B (Where A and B are different Digital Wallet Providers), without having to involve Bank or Digital Wallet provider, when the network is temporarily not available.
Before understanding the offline retail CBDC transfer, it is important to understand how retail CBDC works.
Offline CBDC transfer works best with Token Based Retail CBDC transfer, where the actual movement of tokens takes place from the spender/payor to merchant/payee.
How Does Offline CBDC Transfer Work?
The smartphone and tablet’s secure hardware has the capability to store authentication keys and is next to impossible to tamper with the information saved in it. It can only be accessed using strong authentication techniques like biometrics. Therefore VISA in its study4** arxiv:2012.08003v1 [CS.CR] 14 Dec 2020. (n.d.). Retrieved January 30, 2023, from https://arxiv.org/pdf/2012.08003.pdf, recommends the use of Mobile/Tablet’s hardware as a store for CBDC funds, offline. Further, as per IMF5John Kiff. Taking digital currencies offline. IMF. Retrieved January 31, 2023, from https://www.imf.org/en/Publications/fandd/issues/2022/09/kiff-taking-digital-currencies-offline Giesecke+Devrient is working on storing offline CBDC in an offline smart card.
Initialization
The first step to facilitate an Offline CBDC transfer is to register and get an authentication key for the digital wallet, smartphone/tablet’s secured hardware, or smart card. The user shall need to share his/her documents for KYC with the financial institution authorized by the Central bank to issue the authentication certificate key for the digital wallet, smartphone/tablet’s secured hardware, or smart card. These, thereafter become, trusted entities and can participate in the offline CBDC transfer. This is a one-time process.
Withdrawal
The user then needs to transfer the retail CBDCs from his/her digital wallet to a smartphone/tablet’s secured hardware, or smart card. This means, that the user is transferring retail CBDC from his online digital wallet balance to the smartphone/tablet’s secured hardware, or smart card’s offline CBDC balance.
Payment
When the user goes to a merchant to purchase, the merchant using the Mobile app or POS creates a payment request for the user.
Since the network is not available, the payment request generated by the merchant, using Near Field Communication (NFC) or with the help of POS, presents the payment amount and merchant’s certificate to the user’s smart card or smartphone/tablet’s secured hardware.
The Offline Payment System Protocol (built-in smart card and smartphone/tablet’s secured hardware), checks the user’s offline CBDC balance and thereby deducts it and creates a Payment Message for the merchant which contains:-
- Payment Amount
- CBDC coin unique identification number
- Unique transaction number
- Authentication certificate of the User
- Authentication certificate of the Merchant presented at the time of payment request
On presenting the Payment Message to the merchant’s mobile application or POS, the validity of the user’s certificate, CBDC coin unique identification number, the unique transaction number, and payment amount are validated. If all checks are successful and authenticated, the Payment Message is stored in the merchant’s smartphone/tablet’s secured hardware, or offline smart card.
Deposit
After the Payment Message is stored in the merchant’s smartphone/tablet’s secured hardware, or offline smart card, he/she can thereafter transfer it to their digital wallet, when the network is resumed. While initiating the transfer, the digital wallet shall check if the payment message is new and was not previously encashed. On successful verification, the amount gets transferred to the merchant’s digital wallet and starts reflecting as an online CBDC balance.
In case, if the network outage is for a longer duration, and the merchant, has huge offline Payment Messages stored with him, he/she can use already stored Payment Messages to make offline payments for his purchases. This shall act as an incentive for the merchant to remain cashless even during a network outage6Secure untraceable off-line electronic cash system – researchgate.net. (n.d.). Retrieved January 31, 2023, from https://www.researchgate.net/profile/Yaser-Baseri/publication/237044838_Secure_untraceable_off-line_electronic_cash_system/links/5a792725aca2722e4df325b8/Secure-untraceable-off-line-electronic-cash-system.pdf.
What are the Challenges of Offline CBDC Payment in Absence of a Network?
Double Spend
In the absence of a network, while doing an offline retail CBDC transfer, the transactions rely on the transfer of messages. If a single retail CBDC coin, is mischievously used simultaneously for 2 transactions for two different merchants, it is referred to as a ‘double spend’. The problem with ‘double spend’ is that when the network resumes, and the merchant tries to settle the offline retail CBDC coin, it makes the CBDC coin unavailable for the second merchant as it is already settled by the 1st merchant and hence fails the purpose of the offline payment.
How to tackle the problem?
When the merchant sends a payment request to the payor, on successful verification, the offline CBDC balance is deducted from the payor’s smart card or smartphone/tablet’s secured hardware, and a log is created with the CBDC coin’s unique identification number and unique transaction number. The transaction number has a counter and increments with every new successful transaction. These details also get logged in the Payment Message sent to the merchant.
Now, let’s say, another merchant requests payment to the same payor, and the payor tries to use the same CBDC coin, used in the earlier transaction, the Offline Payment Protocol, shall validate the coin as a ‘spent’ CBDC coin in the earlier transaction and will terminate the transaction. This prevents the double spending issue.
Similarly, when the merchant tries to en-cash the Payment Message when the network resumes, the claim protocol (part of the Offline Payment System), logs the details of the Payment Message. This prevents dual encashing of the offline CBDC payment message to the online digital wallet.
Device Loss/ Secured Mobile, Tablet Hardware Tampering
While theft of mobile/tablet is up to the user to safeguard it however for protecting the mobile/tablet hardware from tampering, TEE (Trusted Execution Environment) standard secured hardware needs to be deployed for storing the offline CBDC7** arxiv:2012.08003v1 [CS.CR] 14 Dec 2020. (n.d.). Retrieved January 30, 2023, from https://arxiv.org/pdf/2012.08003.pdf. With this provision, it shall be next to impossible for bad elements to tamper the offline CBDC balance.
How to Tackle it?
Just like physical cash can be stolen or misplaced, the hardware of the smartphone/tablet can tamper or the user can misplace his/her mobile. This can lead to the loss of CBDCs stored in it.
Summary
Countries across the world are at various stages of CBDC development. Some are trying to research and trying to understand the pros and cons of CBDC while some have already launched the CBDC and are working on the offline payment model. Successful implementation of Offline CBDC payment shall take society quite closer to being cashless.