This week Visa published a paper that outlines a potential offline payments solution for central bank digital currencies (CBDC). Most CBDC solutions seek to enable offline payments. For example, the latest Chinese digital yuan trial involved testing offline person-to-person (p2p) payments by touching phones, although it was recently claimed the digital yuan is not a CBDC.
And Japan’s central bank recently explored this offline digital currency payment issue because of its 2011 experience with the Tsunami.
It’s also noteworthy that Visa’s biggest competitor Mastercard launched a platform to enable central banks to test CBDCs. It seems mainstream CBDCs are now a foregone conclusion, so payments networks and technology companies are positioning themselves to land central banks as clients.
Visa’s solution uses trusted execution environments (TEE). These are partitioned areas in phones and computers where other applications shouldn’t be able to snoop and are usually used by wallet applications.
The payment network also uses typical public key infrastructures (PKI), not dissimilar to SSL certificates used by websites to encrypt communications with web browsers.
For phones to communicate, they would use Bluetooth or Near Field Communication (NFC).
A combination of TEE and encryption keys aims to ensure that the person paying funds when their phone is offline can’t double or triple spend the money.
Notably, the recipient doesn’t need to have a TEE, so potentially wouldn’t need a phone, but the Visa solution requires the sender to have a more sophisticated device.
On the one hand, Visa’s solution talks about tokenized CBDC. But at the same time, it assumes that the digital cash is held in an account at a wallet provider. And to execute these offline payments, the user has to deposit money from the wallet provider ‘account’ into the secure device.
In fact, with the Visa design, this offline mechanism seems to be the only way to enable truly private transactions without an intermediary having access to all the user’s payment information. Arguably, the need to have an intermediary also removes one of the benefits of a tokenized payment.
These secure areas, TEEs or enclaves, are a topic that has been deeply explored by Visa for a very different sort of application, LucidiTEE.