The Bank of England and the UK Treasury have announced a Central Bank Digital Currency (CBDC) Taskforce to coordinate the exploration of a potential British CBDC. But how could a digital Pound actually work? As it happens, this is something that Consult Hyperion knows rather a lot about. Apart from our work on the first British central bank digital currency (Mondex) back in the 1990s, our work on the first population-scale mobile money scheme (M-PESA) in the 2000s and our work on the most transformational contactless payment roll-out (Transport for London) in the 2010s, our practical experience across implementation platforms means that we understand the architectural options better than anyone.
This weekend marks an anniversary. Although Consult Hyperion’s romance with smart cards had started many years before that, it will be fifteen years on Sunday that chip and PIN went live in the UK. I remember St. Valentine’s Day 2006 as if it was yesterday!
When we look forward to 2021, it is no surprise that COVID-19 is the dominant factor. So far as the merchant payments world is concerned, the shape of the post-pandemic new normal transaction environment must be the key strategic consideration for stakeholders and I am desperately keen to hear the variety of informed opinion on this topic that I have come to expect at Merchant Payments Ecosystem every year. At Consult Hyperion we like to contribute to these conversations by providing a useful framework for discussion: our annual “Live 5”, our yearly set of suggestions for strategic focus. This year, we choose to look at the key issue of pandemic transformation and its impact of on the three key domains where our clients operate: Payment, Identity and Transit, together with (as is traditional!) a suggestion as to a technology that the POS world may not be thinking about but probably should be.
At the (sadly, virtual) Fintech South event the year, I was asked to chair a discussion on identity and privacy with three extremely well-qualified experts who had informed perspectives on the state of, and trends in, those important pillars of a digital society. These were Adam Gunther (SVP, Digital Identity for Equifax), Andrew Gowasack (Co-Founder and President at TrustStamp) and Megan Heinze (President, Financial Institutions, North America for IDEMIA). It was great to talk to a group of people who were not only well-informed on these topics but had some passion for them too.
I won’t go over everything that was discussed, but I do want to pick up on a comment that was made in passing when I was chatting to the panelists: someone said that a guiding principle should be “no scary systems”. Hear hear! But what is a scary system? It is, in my opinion, a system that privileges security over privacy. This is not how we should be designing the identity systems for the 21st century!
Early on in the pandemic my colleagues at Consult Hyperion and I did a lot of research to explore how it might impact our customers and our customers’ customers, just as I am sure every other organisation in the payments sector did. We looked at a lot of speculative forecasts, we looked at research and analysis from quite a wide range of organisations in the financial sector and beyond, we spoke to a number of people in the industry and we took part in a fair few discussions and debates on the topic. As a result of this, we identified a number of strategic areas where stakeholders in the payment space should be developing or at least preparing their strategies and where they should be planning for some changes to take them through and beyond the COVID-19 crisis.
The pandemic has revised interest in a topic that has surfaced repeatedly in Tomorrow’s Transactions events over the years, and that is the issue of local and complementary currencies. The Bristol Pound, the Brixton Pound, the Lewes Pound and many other experiments have sprung up around the country (indeed, around the world) to try to stimulate and regenerate local and regional trade and prosperity in response the changing economic circumstances. We tend to think of currencies as being instruments of the nation state but that’s actually a recent invention in the great scheme of things. There’s no reason to see optimal currency areas as inviolable laws of nature rather than transitional borders under prevailing monetary and financial arrangements.
We’ve just had an important anniversary. I’m sure you are all thinking of July 4th and, of course, who can forget it! It’s a date that is very important to many people because it is the anniversary of the birth of The Clash, who played their first live gig on 4th July 1976. But for me, there is a much more important and personal anniversary. Here is the front page of the Swindon Evening Advertiser from 4th July 1995. The day I finally made the front page of my home town newspaper. Got to see my picture on the cover, got to buy five copies for my mother…
Yes, I was there on 3rd July 1995 in Swindon town centre when the Swindon Evening Advertiser vendor Mr. Don Stanley (then 72) made the first ever live Mondex sale. And here is the photographic evidence of same — in case you don’t happen to have copy of that Swindon Evening Advertiser — as I emerge Zelig-style from the crowd to watch Don take the e-cash. It was a very exciting day because by the time this launch came, my colleagues at Consult Hyperion, who were instrumental in creating Mondex devices and software, had been working on the project for some years (and for the first three or four years it was entirely in secret).
So for those of you who don’t remember what all of the fuss was about: Mondex was an electronic purse, a pre-paid payment instrument based on a tamper-resistant chip. This chip could be integrated into all sorts of things, one of them being a smart card for consumers. Somewhat ahead of its time, Mondex was a peer-to-peer proposition. The value was transferred directly from one chip to another with no intermediary and therefore no cost. In other words, people could pay each other without going through a third party and without paying a charge. It was true cash replacement, invented at National Westminster Bank (NatWest) in 1990 by Tim Jones and Graham Higgins. Swindon had been chosen for the launch because, essentially, it was the most average place in Britain. Since I’d grown up there, I was rather excited about this, and while my colleagues carried out important work for Mondex (software specification, development and testing for all of the core components), I watched as the fever grew out in the West Country.
Many of the retailers were quite enthusiastic because there was no transaction charge and for some of them the costs of cash handling and management were high. I can remember talking to a hairdresser who was keen to get rid of cash because it was dirty and she had to keep washing her hands, a baker who was worried about staff “shrinkage” and so on.
The retailers were OK about it.
“From a retailer’s point of view it’s very good,” said news-stand manager Richard Jackson. “But less than one per cent of my actual customers use it. Lots of people get confused about what it actually is, they think it’s a Switch card or a credit card.”
That’s if they thought about it all.
It just never worked for consumers. It was a pain to get hold of, for one thing. I can remember the first time I walked into a bank to get a Mondex card. I wandered in with 50 quid and had expected to wander out with a card with 50 quid loaded onto it but it didn’t work like that. I had to set up an account and fill out some forms and then wait for the card to be posted to me. Most people couldn’t be bothered to do any of this so ultimately only around 14,000 cards were issued.
So, why I am wallowing in this nostalgia again? Why do I think more people should be celebrating the Mondex Silver Jubilee? Well, look East, where the first reports have appeared concerning the Digital Currency/Electronic Payment (DC/EP) system being tested in four cities: Shenzen, Chengdu, Suzhou and Xiong’an. DC/EP is the Chinese Central Bank Digital Currency (CBDC).
with the kind permission of Matthew Graham @mattysino
The implementation follows the trajectory that I talk about in my book The Currency Cold War, with the digital currency being delivered to customers via commercial banks. The Deputy Governor of the People’s Bank of China, Fan Yifei, recently gave an interview to Central Banking magazine in which he expanded on the “two tier” approach to central bank digital currency (CBDC). His main points were that this approach, in which the central bank controls the digital currency but it is the commercial banks that distribute it, is that is allow “more effective exploitation of existing business resources, human resources and technologies” and that “a two-tier model could also boost the public’s acceptance of a CBDC”.
He went on to say that the circulation of the digital Yuan should be “based on ‘loosely coupled account links’ so that transactional reliance on accounts could be significantly reduced”. What he means by this is that the currency can be transferred wallet-to-wallet without going through bank accounts. Why? Well, so that the electronic cash “could attain a similar function of currency to cash… The public could use it directly for various purchases, and it would prove conducive to the yuan’s circulation”. How will this work? Well, you could have the central bank provide commercial banks with some sort of cryptographic doodah that would allow them to swap electronic money for digital currency under the control of the central bank. Wait a moment, that reminds me of something because… yep, that’s how Mondex worked.
That was the big difference between Mondex and other electronic money schemes of the time, which was that Mondex would allow offline transfers, chip to chip, without bank (or central bank) intermediation. Offline person to person transfers. Just like cash. That’s huge. Libra can’t do it, and never will be able to because, like Bitcoin, it needs to be online to check for “double spending”.
Mondex was a window into the future of money.
That’s why this week’s special webinar is a Mondex reunion! Tim Jones, one of the co-inventors and Mondex CEO, will be joining with Debbie Gamble who was head of Mondex North America. On our side, our CEO, Neil McEvoy (who led the Mondex specification and implementation team) and Tim Richards (who designed the underlying portable, secure operating system), will join Tim and Debbie to reminisce and have a bit of fun, but much more importantly, to talk about the lessons learned from that incredible experiment, and to share ideas for the coming generation of digital currency innovators. And there may be one or two special guests…
[Dave Birch] Anyone in the e-payment space will not have failed to notice the attention that Bitcoin has been attracting over the last few weeks. I have to say that I was surprised by the interest from journalists—I was even interviewed for the Wired podcast and for New Scientist—for what is, after all, pretty small potatoes. Thanks to its open and transparent nature, it’s easy to see just how big the Bitcoin economy is. This is how it looked on one of the biggest exchanges on 18th May 2011 when I was talking to a European journalist:
Last Price: 7.285; High:7.98; Low: 6.9799; Volume: 34428
[From Mt Gox – Bitcoin Exchange]
So that’s a quarter of a million dollars in trades, although you can’t tell how much of that is people shifting bitcoins between their own accounts and how much is new money coming in. That’s not a huge business. Yet in some of the more hysterical reporting—the most dangerous idea ever, etc etc—you’d think that China was switching its reserves from dollars to bitcoins.
Because on Friday, the Bitcoin experienced a rather dramatic drop. In the words of one anonymous commenter: “it looks like it lost 1/3 of its value in the last 24 hours. Lots of big sells, complaints of liquidity, and pissed off nerds.”
A couple of weeks later, then, the value has fallen and the first bitcoin heist has been reported.
In the first Bitcoin theft of its size, a user has lost 25,000 BTC — or nearly $487,749 at today’s market rates — to an unknown thief.
As I somewhat uncharitably posted on Twitter, “help I want my anonymous, untraceable digital cash back!”. Now we read that Bitcoin is dead, it’s a scam, it’s a bubble etc etc. So what’s the truth? What strategy, if any, should stakeholders in the e-payments space consider?
The only thing that’s even kept Bitcoin alive this long is its novelty. Either it will remain a novelty forever or it will transition from novelty status to dead faster than you can blink.
I think it’s more than a novelty. I’d actually started writing something about Bitcoin a while back, when twitter friends pointed me to a paper “Mobile Payment Systems and Services: An Introduction” by Mahil Carr which says that (with no evidence at all to support the assertion) “mobile payments have to be as anonymous as cash transactions” and I’d been involved in a subsequent discussion about whether bitcoin might be suited to this environment. I couldn’t help but observe that cash is the wrong benchmark: it isn’t as anonymous as some people think.
On April 26, a state police trooper was called to the Subway after the owner said one of her employees found three “obviously counterfeit” $20s in the safe. The owner checked the surveillance video and saw one of her employees, the 17-year-old boy, take bills from his pocket and exchange it for money in the cash register… Before exchanging the bills, the employee marked the bills with a counterfeit marking pen, which resulted in a dark brown mark, meaning they were fake.
In a world of mobile phones, twitter and CCTV, anonymity is a high bar to set. In the virtual world, however, anonymity can be an implementation choice, should it be a requirement for a payment system. Personally, I don’t think it is. Transactions need to be private, not anonymous, and that means a different set of design principles. In all of my experience, even during my days as an firm proponent of anonymity as a key element of retail transaction schemes, I never saw the slightest demand for this from any of the stakeholders, including consumers. Nevertheless, that doesn’t mean that new technology could not, quite easily, lead to entirely new ways of making payments recognising the fact that the underlying technology has changed beyond all recognition in the previous generation.
Visa processed 37 billion transactions in FY2008, or an average of 100 million transactions per day. That many transactions would take 100GB of bandwidth, or the size of 12 DVD or 2 HD quality movies, or about $18 worth of bandwidth at current prices.
Will Bitcoin be the new technology to revolutionise money? To answer that, I have to step back a little. Generally speaking, I think there is a problem with language, because people (I mean normal people, not people like us) never think about what money is or how it works. Sterling (the currency) could continue to exist even if there were no notes printed by the Bank of England or coins produced by the Royal Mint. People could sign contracts for Sterling payments, but those payments would be commuted for execution: when the payment falls due, the counterparties agree on a mechanism for exchange (which might be Dollars in a bank account, Euro bank notes or cowrie shells). Why would they, then, sign a contract in Sterling in the first place? Well, it’s because they expect the currency to serve as a means for deferred payment in that its value in the future is predictable. I’m not saying that this always works well, because currencies are not as stable as might be hoped, but that’s the theory.
Now let’s move on to this specifc implementation. Bitcoin is a decentralised, peer-to-peer means of exchange. If you have a bitcoin, which is just a string of numbers, you can send that bitcoin (or a subdivision of it) to anyone else on the interweb. If you want to understand how Bitcoin works, a good place to start is the original paper on the topic, “Bitcoin: A Peer-to-Peer Electronic Cash System” by Satoshi Nakamoto. I’m no expert on cryptography but there’s no reason I know of to question the basic idea: use a computationally difficult challenge to create strings of bits that it’s hard to make but easy to copy, then use digital signatures for transactions. I get my bitcoin (a string of bits) and then in order to transfer them to you I add a digital signature and send them to you. Every time we do a transactions, we tell (essentially) everybody else that the bits now belong to you. The closest analogy to this is the stone currency of the island of Yap, in the South Pacific. The huge stones that represented money never went anywhere, people just remembered who they belonged to.
Every transfer of ownership is public knowledge, and the physical stone can stay in place.
Rather like Bitcoin, in some ways. So far so good. But why would people use Bitcoin? There seem to be three key reasons: one is that they want a cheap, irreversible online means of exchange (cash for the 21st century), another is that they want an anonymous means of exchange (coins for the 21st century) and yet another is that they want to use of non-government currency because they don’t trust governments to manage money properly. Let’s have a quick look at each of these.
Frictionless low-value payments
Now, having been involved in a previous attempt to create a global, decentralised, peer-to-peer means of exchange that addressed the first two of these issues, Mondex, I’m naturally interested to see how Bitcoin develops. I’m frankly sympathetic to many of its goals, because I too believe that a “frictionless” means of exchange for the online world would stimulate a new era of trade, and therefore prosperity. In an essentially frictionless system, where the transfer of value is simply the transfer of bits, the key problem to overcome is that of “double spending”. In other words, if I send you some value (bits), how do you know that I haven’t already sent that value (ie, a copy of those bits) to someone else? There are a number of different approaches.
- The usual solution is to have a central register.
- The Mondex solution was to use tamper-resistant hardware (smartcard chips) to store the balances.
- The Bitcoin solution is to distribute the transaction record across the network (every node knows every transaction), which works provided that the timestamps can be co-ordinated properly (otherwise the nodes wouldn’t know the order of the transactions). When you get a bitcoin, it takes a few minutes before you can spend it again because the network needs to be updated.
Which is best? It’s not really the topic of this post, but I’d say a combination of 1 and 2: a central register plus tamper-resistant hardware so that low-value payments can handled quickly, offline in some environments.
What the general public want is privacy, not anonymity. If I lose my wallet, I want my money back. This is why I always carry prepaid cards when I travel, rather than carrying cash. In fact I’ve just been through the very process of getting my money back because I gave my son a prepaid Euro card to use on a school trip in Spain (a Thomson MasterCard) and he lost it when there were still €70 on the card. No-one else can use that card (they don’t know the PIN and it has no name on it so they can’t pass AVS online) and I am getting the money back. Personally, I think this is closer to the kind of cash that makes sense in the new economy. It’s economically infeasible (although not computationally infeasible) to track and research every payment, but when something goes wrong it can be restored. And if I did use the card for some illegal purpose, the police could get a warrant and Thomson would of course point them to me.
I’m not sure that I want to live in a society where unconditional anonymity exists for payments. I don’t want the bad guys to be able to operate with impunity. But neither do I want every little transaction I make trawled by corporates, the media, the government. The solution has to be payment systems with privacy built-in, so that
This may well be the most contentious area for debate. I am a Hayekian, in that I would prefer to see a system of competing private currencies rather than government monopolies, because I think that sound money is an important base for the economy. But this issue is, to my mind, orthogonal to the other two. You could implement competing private currencies in anonymous, pseudonymous or absonymous (note to pedants: this is a word I made up, that’s why it fails the spell-check, not because I spelt it wrong) ways and you could implement the mechanism for exchange using all sorts of systems. Whether transactions are reversible or not has nothing to do with the currency.
Is Bitcoin a good currency? I suspect not, but I’m not an economist, so I must defer to the experts. The question that most of our clients are interested in is whether Bitcoin will form a niche parallel economy or whether they will scale into the mainstream economy. I have a suspicion that this won’t happen, and that’s because the anonymity that is the attractive feature to the early-adopting bitcoiners is not attractive to the mass market.
The best strategy is to learn, and to think about ways that the cryptography at the heart of Bitcoin can be used to deliver new kinds of services in a connected environment. I don’t think cash will be one of them.
These are personal opinions and should not be misunderstood as representing the opinions of
Consult Hyperion or any of its clients or suppliers
[Dave Birch] An interesting series of talks at Biometrics 2010 reminded me how quickly face recognition software is improving. The current state of the art can be illustrated with some of the examples given by NIST in their presentation on testing.
- A 1:1.6m search on 16-core 192Gb blade (about $40k machine) takes less than one second, and the speed of search continues to improve. So if you have a database of a million people, and you’re checking a picture against that database, you can do it in less than second.
- The false non-match rate (in other words, what proportion of searches return the wrong picture) best performance is accelerating: in 2002 it was 20%, by 2006 it was 3% and by 2010 it had fallen to 0.3%. This is an order of magnitude fall every four years and there’s no reason to suspect that it will not continue.
- The results seem to degrade by the log of population size (so that a 10 times bigger database delivers only twice the miss rate). Rather fascinatingly, no-one seems to know why, but I suppose it must be some inherent property of the algorithms used.
We’re still some way from Hollywood-style biometrics where the FBI security camera can spot the assassin in the Superbowl crowd.
What is often overlooked is that biometric systems used to regulate access of one form or another do not provide binary yes/no answers like conventional data systems. Instead, by their very nature, they generate results that are “probabilistic”. That is what makes them inherently fallible. The chance of producing an error can be made small but never eliminated. Therefore, confidence in the results has to be tempered by a proper appreciation of the uncertainties in the system.
So when you put all of this together, you can see that we are heading into some new territory. Even consumer software such as iPhoto has this stuff built in to it.
It’s not perfect, but it’s pretty good. Consumers (and suppliers) do, though, have an unrealistic idea about what biometrics can do as components of a bigger system.
But Microsoft’s new gaming weapon uses “facial and biometric recognition” that creates a 3D model of a player. “It recognises a 3D model that has walked into the room and automatically logs that player in,” Mr Hinton said… “It knows when they are sneakily trying to log into their older brother’s account and trying to cheat the system… You can’t do it. Your face is the ultimate detection for the device.”
This sounds sort of fun. Why doesn’t my bank build this into its branches so that when I walk in?