This paper outlines a proposal for how to implement Central Bank Digital Currencies (CBDC) based on open banking standards and supports both account-based and token-based CBDC models, transacting online and offline with immediate finality, while recognising the European PSD2 requirements, including (multi-factor) strong customer authentication (SCA).
The authors recognise the limitations with current smartphone technologies with respect to deploying trusted applications and in performing the role of a qualified signature creation device – highly relevant to offline scenarios.
In some cases, the authors recommend regulatory review, in others they recommend taking full advantage of the existing capabilities of the separated secure execution environment by dividing the control of a CBDC transaction between both payee and payer devices, so that if one device was compromised, this does not undermine the whole transaction.
It balances the need for anonymity with financial crime regulatory requirements and suggests that a CBDC wallet can be enriched with eID capabilities, or vice versa.
The wallet is bound to the person’s identity, their device and software via a chain of trust (eIDAS for the EU or similar for non-EU countries). The authors combine this with self-sovereign identity (SSI) principles to maximize privacy and minimize information sharing with a third party.
CBDC, identity, eID, SCA, electronic signatures, verifiable credentials, offline transactions.
- Michael Adams: Founder, Quali-Sign, UK
- Luca Boldrin: Innovation Manager, InfoCert, Italy
- Ralf Ohlhausen: Founder, PayPractice, Germany
- Eric Wagner: Group Product Owner Compliance Advanced Analytics, Erste Group Bank, Austria