The way that central bank digital currencies will work is a matter of great importance and there needs be informed discussion and debate about the requirements, goals and constraints of practical population-scale fiat electronic cash. But the fact is that CBDC is a complicated, emotive and (frankly) poorly-understood subject that needs collaboration across public and private sectors to deliver benefits to all stakeholders. With the interest the subject growing from all directions, Mastercard’s announcement of a new CBDC Partner Program to foster collaboration with key players in the space is very welcome.
Their inaugural set of partners includes the remittance platform Ripple, blockchain and Web3 software company Consensys, multi-CBDC and tokenized assets solution provider Fluency, digital identity technology provider Idemia, security technology group Giesecke+Devrient, digital asset operations platform Fireblocks and, of course, Consult Hyperion. We were delighted to be asked to join the program and, given our considerable experience in the design and development of mass-market electronic alternatives to cash – for clients ranging central banks, through commercial banks, to telecommunications operators and mass transit schemes – around the world, we will work with the partners to tackle key questions and advance the state of the art.
One of the key questions is, of course, the fundamental need for CBDC at all. Here, we are far from global consensus. Writing in the Financial Times earlier this year, a senior advisor to the Bank of England said that as CBDC is the digital equivalent of cash and that since we already have electronic commercial bank money, we don’t really need it. Similarly, in the Wall Street Journal, a technology writer said that a retail CBDC isn’t any different from the electronic money in bank accounts today—it’s just a digital dollar. But they are both wrong: there is a fundamental difference between electronic money that lives in bank accounts and electronic cash that lives… well, anywhere. In phones, USB sticks, laptops, smart cards, cars or wherever else we can put a microchip capable of secure processing.
Why does this matter? Well, when I sent my sister the money that I owed her recently, it went from my bank account through the banking system to her bank account. But in the future, I will send her electronic cash from the wallet in my laptop to the wallet in her phone and it will never go anywhere near banks or the banking system. There won’t be any clearing or settlement, which is why the existence of instant payment networks has nothing to do with the need for CBDC.
The modern economy needs both electronic money and CBDC. We need a safe and sound banking system but we also need safe and sound money that can move around outside that banking system to provide not only resilience in the infrastructue but, most importantly in my opinion, a platform for new products and services. This is where the real excitement should be. If there is going to be a digital dollar, it should be in a form that is a platform for open innovation. Electronic cash, like cash, is a pre-paid product with no credit risk. Anyone should be able to use a digital dollar API to create not mere emulations of the payment services that we have now, but new ways of transacting: micropayments, smart payments, conditional payments, whatever.
Jesse McWaters, who leads global regulatory advocacy at Mastercard, says that there are questions about the role of the private sector in CBDC issuance, security, privacy and interoperability. He is right, and Mastercard is looking to help answer some of these questions by fostering industry collaboration to draw on (for example) Fluency’s work to build interoperability among different CBDCs, Consult Hyperion’s work with central banks and payment processors to define their CBDC requirements and Ripple’s launch of an inaugural government-issued national stablecoin in collaboration with the Republic of Palau. Mastercard are to be applauded for their initiative to bring these questions forward for serious discussion and informed debate.
Consult Hyperion and Osmodal Group partner to deliver combined mass transit payment expertise to new markets.
Today is International Identity Day supported by the many organisations around the world seeking to address the huge inclusion issues caused by a lack of digital identity. It is tempting to think that this is a mainly developing world issue and that in the developed world the lack of digital identity services is more of an inconvenience than a real problem. Here in the UK, however there are still up to 5m people who struggle to access financial services because they do not have the right documents or data. More on that in our recent report.
Something I’ve been thinking about quite a bit this year is interplay between Digital Identity and Central Bank Digital Currency (CBDC). What’s that got to do with the pressing need to give effective digital identity to those that need it most? Two things really:
- Firstly, a significant factor in the development of a CDBC will be to ensure it is inclusive. After all one of the main objectives in CDBCs is to provide a digital alternative to cash. The financially excluded rely on cash and so a CDBC may have an important role to play in addressing their needs.
- Secondly, whilst the need is pressing, making it happen will take time. The UN Sustainable development goal 16.9 calls for the provision of legal identity for all by 2030. Many CDBC initiatives are operating on a similar timeframe.
The beauty of CDBCs is that, in the main, central banks are starting from a blank sheet of paper, which creates the opportunity to design something well from the start. A big problem in digital identity has been trying to retrofit it into a digital world after the fact.
Another interesting thing is that the emerging model for CDBCs has close similarities to the decentralised model for digital identity, which is the direction of travel in that space. Let me explain a little.
This following picture illustrates 2-tier model for CDBC:
Senders and receivers will have wallets that interact with each other. They will hold the identifiers (backed by private keys) that allow the parties to control the use of their CDBC value. The actual system of record will be a ledger provided by (or on behalf of) the central bank. Wallets will use tokens, which are cryptographic representations of the value managed by the ledger, which are bound to the identifiers (and keys) belonging to the parties.
Now look at the standard model for decentralised identity:
Identity information is sent from holders to verifiers. The information is sent in the form of cryptographic credentials (you could think of them as identity “tokens”) that are bound to identifiers which can be checked in a registry. Of course for those credentials to have any value they need to come from a trusted source – an issuer.
So you can see there is a strong correlation between CDBC and decentralised identity systems. The content of the two grey boxes is basically the same.
Furthermore, CDBC systems will have some very particular digital identity and privacy requirements:
- There will need to be controls in place to prevent AML.
- The CDBC must not become a mass surveillance system.
- The system must allow anonymous transactions in some circumstances but not all.
- Users must have control over how much data is shared (and in some cases if the user is not willing to share data the transaction will not be able to be completed).
These requirements could be met very well through the use of decentralised identity technologies such as those being developed in W3C, which support the presentation of verifiable identity information whilst employing strong privacy controls. There seems to be a strong case for the CDBC community to collaborate with the identity community. We have a foot in both camps and are working hard to ensure that the years of work put into decentralised identity is leveraged effectively in CDBCs.
It really is the case that Identity is the New Money.
Everyone seems to think that MaaS (Mobility-as-a-Service) is a brand-new business model, when in fact, Transit Agencies have been providing mobility as a service for years, just without the hyphens. When I ride transit I just pay for the service when I need it or purchase a monthly pass if I expect to use it regularly. This is similar to the “as-a-Service” model that has been popularized by software companies who moved away from the license model where users pay a one-time fee to purchase the software. They now offer a subscription model where users pay a recurring fee to use the software. I’ve ridden transit for many years and have never had to buy a bus or train. Sounds like Mobility-as-a-Service to me.
As Consult Hyperion, and as many other analysts, predicted, Covid-19 has driven the adoption and use of contact-free technology at the point of service. A recent survey funded by the National Retail Foundation, found that no-touch payments have increased for 69 percent of US retailers surveyed, since January 2020. In May, Mastercard reported that 78% of all their transactions across Europe were contactless.
Fraudsters are always looking for ways to take advantage of potential weaknesses or even inexperience in new payment devices. A recent news story promoted a man in the middle attack in which two phones are used to transfer and manipulate the transaction message between a stolen contactless card and the point of sale terminal.