Group items tagged

G+D Filia is intermittently offline. Payments are instantly settled offline, with occasional online reconciliation. But most importantly: funds received offline can be spent offline (consecutive offline payments). Our token format is the same online and offline, therefore the payment protocols are similar across different kinds of wallet (e.g., online wallets hosted at banks and hardware wallets). No conversion between online or offline ledger is needed. Tokens in hardware wallets are stored in tamper-resistant Secure Elements. Each wallet is equipped with a certificate, ensuring end-to-end encryption for every payment transaction. As an additional safety net, wallets keep a record of offline operations to detect counterfeiting.

The Bank of Canada (BoC)published an article that considers the pros and cons  of offline central bank digital currency (CBDC). An offline CBDC would allows users to transact while none of them are connected to the internet and could complement bank notes. A balance must be struck between compliance, security requirements and user needs, for example, by limits on holdings, transaction amounts and the duration of offline functionality. The article mentions that, while some central banks have deployed offline devices as part of pilots, no commercial, turn-key solutions are available to implement lengthy and indeterminate ("extended") offline functionality. I don't know what is meant by "commercial turnkey solutions" but a number of production-ready solutions offer extended offline functionality, such as those of Crunchfish, G+D, IDEMIA and WhisperCash. Also, those firms would disagree with the article's assertion that "adopting a security posture in terms of limits, controls and functionality, where risks are sufficiently mitigated, is still a challenge for technology available today"! But otherwise it's good to see a G20 central bank advocating for offline CBDC functionality, which I view as essential to successful CBDC take-up in many countries.

Crunchfish's Digital Cash Solutions are built on two-tier offline vs. online settlement architecture. The heart of the solution is an offline wallet that may either use the secure element provided by the mobile OS or run as a trusted applications in V-OS virtual secure element. The offline wallet securely maintains an offline balance that is utilised for offline transactions. The transactions are cryptographically signed by the payer, assigned to the payee and guaranteed as they are debited against the offline balance. The payee verifies the guaranteed offline payments in an application running on a mobile, card terminal or personal computer. Transaction logs are settled when either party goes online.

Crunchfish and Lipis Advisors pubished a guide to offline payments design, providing insights to how offline payments relate and can interoperate with online payment system. It provides a way of categorizing offline payment solutions by three design choices which provides the payment ecosystem with a better understanding of the nuances of offline payments: -Online Payment Rail: (i) distributed ledger technology (DLT) based or (ii) centralized account-based. (The paper incorrectly labels DLT-based as token-based (see the 20xx New York Fed article on this misnomer). -Offline Security Protocol: (i) native (layer-1) or (ii) non-native (layer-2) tokens security protocol, described in relation to the underlying online payment rail. -Offline Trusted Environment: (i) hardware-based or (ii) software-based.

Crunchfish published a paper by Lipis Advisors on the challenges of implementing offline payments on smartphones and how to mitigate the risks. Offline payments require a much higher security than what is offered by the smartphone rich execution environment (REE). This higher level of security may be achieved by implementing offline payments as a trusted application (TA) protected by a tamper-resistant element (TRE) that provides a secure runtime and storage for both cryptographic keys and other offline assets, such as the offline balance and risk rules. The TRE can be provided either as a hardware-based standalone TRE or a software-based app-integrated TRE, the trade-off being the higher security of the former versus the greater scalability of the latter.

"Perfinal has partnered with leading payment solution provider IDEMIA, a global leader in offline CBDC wallet solutions, to offer joint solutions for central banks to launch and distribute CBDCs. This partnership represents an exciting step forward in the development of CBDCs, aligning with the European Central Bank's guidelines for greater privacy and financial inclusion through offline transactions. The technical capabilities required for offline CBDCs demand a flexible account management system, and Perfinal's partnership with IDEMIA's offline wallet solution provides an optimal solution to these technical challenges. "

"A Forum Member presented a view on why offline functionality should be a key feature of CBDC. The presentation exposed why offline settlement finality was important in a world where physical cash usage is diminishing. The presenter noted that offline settlement finality offered benefits in terms of availability, throughput and operational infrastructure costs, where existing real time (online) settlement systems encountered the biggest challenges. The presentation also mentioned that, without offline finality, any CBDC system would be difficult to differentiate from any other real time payment system. The presenter also mentioned drawbacks of offline systems, including the higher risk of counterfeiting and double spending due to added technical complexity."

"Built to enable an ideal banknote exchange for Central Bank Digital Currency, the IDEMIA secure offline CBDC wallet makes a highly secure digital cash experience truly available to everyone and at any time. This secure wallet allows a user to make consecutive digital offline payments with immediate settlement. The CBDC wallet user can initiate offline payments using any channel: contactless, email, QR Code, and the same terminals and standards currently used for card payments. The offline CBDC payments can be received by any device (secured or not), with or without an internet connection to the ledger."

The European Central Bank (ECB) is looking for a senior payments industry expert to provide consultancy services on a 40% part-time basis to support the project team designing and developing the digital euro's offline functionality. The successful candidate will support the team in (i) defining the deployment of the digital euro's offline functionality in end users' devices in line with the requirements set in the draft legislative proposal; (ii) designing and implementing an optimal user experience for offline contactless payments via smartphones; (iii) assessing how an offline digital euro can be integrated within the existing terminal landscape at the point of sale; (iv) supporting the drafting of detailed requirements for the digital euro's offline functionality.

Sveriges Riksbank published the fourth and final report on its e-krona proof-of-concept (PoC) work ( the report calls it a "technical pilot" but a "pilot" involves real users transferring real central bank digital currency (CBDC) in limited ways). The solution reserves e-krona for offline use in a "shadow" wallet in the online system. The payment instrument in the form of a payment card records the shadow wallet's balance and subsequent offline transactions. The actual e-kronas issued by the Riksbank never leave the online system and only change hands when the payment instruments are synchronized. The report concludes that offline payments are viable, but "a secure and functional offline solution requires a lot of development work on technology, regulations and processes".

IDEMIA Secure Transactions (IST) demonstrated the first ever offline central bank digital currency (CBDC) payments incorporating enhanced security against quantum threats. Offline CBDC allows digital currency transactions without internet, ensuring cash-like secure and seamless payments in areas with limited connectivity. This offline CBDC payment transaction uses quantum-resistant public key cryptography endorsed by the National Institute of Standards and Technology (NIST). The offline transactions demonstrated as part of this quantum-safe solution are performed using two smartphones thanks to NFC. Money is stored inside a secure element fortified with quantum-safe cryptography to guarantee security and prevent the risks of double spending or unauthorized money creation.

The Reserve Bank of India (RBI) has introduced a framework to enable small value digital payments in offline mode using cards, wallets, mobile devices, etc. in proximity (face to face) mode. This followed pilot testing undertaken by some entities between September 2020 and July 2021. The upper limit of an offline payment transaction shall be ₹200. The total limit for offline transactions on a payment instrument shall be ₹2,000 at any point in time. Replenishment of used limit shall be allowed only in online mode with an Additional Factor of Authentication (AFA). The issuer shall send transaction alerts to users as soon as transaction details are received, implying that an online connection is required at some point, so it's not a purely offline payment system.

The regulation proposed by the European Parliament and Council requires both online and offline digital euro payment transactions to be available on the first issuance of the digital euro. However, the European Central Bank (ECB) says that "further testing by the Eurosystem will be necessary to guarantee that all relevant digital euro models offer sufficient security and maturity… Enshrining the ECB's intent in a legally binding provision will constrain its capacity to react to the higher level of uncertainty that the offline digital euro model involves, as well as to react to exceptional circumstances necessitating an imminent issuance of any available model. If trade-offs that have not yet been identified arise, postponing the overall issuance of the digital euro would be the only option available to the ECB… For these reasons, the ECB invites the co-legislators to consider the imposition of a requirement upon the ECB to deliver both online and offline versions of the digital euro, coupled with a 'best efforts' provision under which the ECB would make available both online and offline models as of the first issuance of the digital euro."

"We argue that operating a bearer-based payment system to complement an account-based CBDC in order to gain offline and privacy features is not a good trade-off. Adding permanent, regular offline capabilities via the bearer-based payment instrument constantly exposes the CBDC to the severe issues inherent in offline-capable payment systems. Instead, the offline mode of operation should be restricted to scenarios where it is actually required, which mitigates the risks."

"Crunchfish have today released Digital Cash 2.2 enabling consecutive offline payments, in which the payer and payee exchange a transaction offline, and the payee can immediately spend the received funds in another offline transaction without going online. This feature may be the most desirable approach for CBDC given its resemblance to the properties of cash."

In this month's Central Bank Payment News (CBPN) spotlight, I wrote about past experiments with offline digital payments, technical considerations for offline digital currency, and what the future might hold for offline central bank digital currency (CBDC).

Japanese card payments network JCB, identity firm IDEMIA and Malaysia's Soft Space are exploring offline digital currency functionality. A first phase of the project demonstrated connectivity between existing card and payment infrastructures, and a potential [central bank?] digital currency, showing that current point of sale solutions don't need adaptation. The new phase will test using mobile wallets to transfer digital currency between them without an internet connection using near field communications (NFC). Another scenario will test the offline use of stored value payment cards that transfer digital currency via mobile phones using NFC to transfer funds. https://www.idemia.com/press-release/jcb-idemia-and-soft-space-launch-jcbdc-phase-2-pilot-trial-cbdc-offline-p2p-payments-2023-12-13

Lipis Advisors in partnership with Crunchfish published a paper that outlines the key security aspects relating to offline digital currency payments. Unlike other offline payment platforms that operate in various devices' secure elements, Crunchfish advocates a software-based approach that operates in smartphone trusted execution environments (TEEs). The need for hardware-based digital cash (e.g., on cards, wearables and feature phones) is acknowledged, but as peripheral bearers that need to be able to exchange digital cash with the smartphone as the main bearer, even in full offline-mode.

"Banco do Brasil is to work with German firm Giesecke+Devrient (G+D) to test offline payments as part of pilot trials of the Drex central banking digital currency (CBDC)". At this point you may be thinking that we're talking about the central bank, Banco Central do Brasil (BCB). However, Banco do Brasil is a commercial bank that purports to be part of the BCB's Drex pilot. It may be true that this offline payment test is done with the BCB's blessing, but the press release could make that clearer. https://www.bb.com.br/pbb/pagina-inicial/imprensa/n/67840/bb-e-gd-firmam-parceria-para-testar-pagamentos-offline-com-drex#/

Idemia is working with Qualcomm to offer users offline payments on smartphones for central bank digital currencies (CBDCs) through the Snapdragon 8-series Mobile Platform which requires a Qualcomm Secure Processor Unit. Customers can make payments with traditional cards, biometric cards, smart phones, or smart watches. Idemia has already demonstrated offline CBDC on different payment devices. Now it can handle credentials and conduct payments offline, leveraging an integrated secure element in users' phones.