Today Sweden’s Riksbank published the results of the fourth phase of its e-Krona central bank digital currency (CBDC). The focus was on offline CBDC payments using account balances. In a previous phase it trialed offline token-based payments. While the central bank concluded offline payments are viable, the security requirements are significant. For some types of offline payments, this impacts usability.
Mobile phones are considered too insecure to be the sole offline payment device. Instead, consumers use payment cards that are compatible with the EMV standard used by most card networks. A key reason cards are considered more secure is that code is stored on the card and can’t be altered.
Hence, the central bank imposed limits in the code, such as a maximum wallet amount of SEK 3,000 ($286) and no more than five consecutive offline transactions before connecting to the internet. The challenge is that if the central bank wants to change those limits, the cards must be replaced.
Some of the usability issues are significant. For example, P2P payments involve users possessing both physical payment cards and mobile phones. They have to let their phones read their cards and bring their phones together twice. For a secure payment, the recipient has to perform four steps and the payer three.
Another usability issue could arise at the point of sale. Even if the consumer is within their five offline transaction limit, the merchant may have used up their limit (of 12 transactions). That could be confusing for some users.
One feature of several offline solutions, including this one, is the need to be online to top up the offline wallet (payment card). Sometimes people can predict they are likely to go offline. However, others might not plan ahead and a lack of internet availability isn’t always predictable.
Synchronizing offline CBDC wallets
The offline solution’s backend used the existing e-Krona pilot system based on the Corda enterprise blockchain. Every user has two wallets, and the offline one is counted as a ‘shadow wallet’.
Ultimately, users must go online to synchronize their wallets with their shadow account on the backend system and finalize the payments. However, a problem arises where there’s a chain of transactions and some users go online while others don’t.
For example, if a user (Bob) had a zero balance when he was last online, but received money offline and then paid the money to a third person. The backend will still record his original zero balance if Bob remains offline. Hence, if the third person goes online, the backend can’t finalize the transfer to the third person because it thinks that Bob doesn’t have sufficient money to make the payment.
Meanwhile, the Riksbank was one of the first central banks to seriously explore CBDCs. Its previous report explored giving payment providers considerable flexibility in designing their own CBDC-based solutions. It was also involved in an innovative cross border CBDC trial, Project IceBreaker, that explored using retail CBDC. Most cross border CBDC solutions are wholesale.
