Facebook

An integrated approach for electronic identification and central bank digital currencies

Download this Paper and learn how to implement Central Bank Digital Currencies (CBDC) based on open banking standards, balancing the need for anonymity with financial crime regulatory requirements.

Overview

Cetelem promotes access to responsible and sustainable consumption

This paper outlines a proposal for how to implement Central Bank Digital Currencies (CBDC) based on open banking standards and supports both account-based and token-based CBDC models, transacting online and offline with immediate finality, while recognising the European PSD2 requirements, including (multi-factor) strong customer authentication (SCA).

The authors recognise the limitations with current smartphone technologies with respect to deploying trusted applications and in performing the role of a qualified signature creation device – highly relevant to offline scenarios.

In some cases, the authors recommend regulatory review, in others they recommend taking full advantage of the existing capabilities of the separated secure execution environment by dividing the control of a CBDC transaction between both payee and payer devices, so that if one device was compromised, this does not undermine the whole transaction.

It balances the need for anonymity with financial crime regulatory requirements and suggests that a CBDC wallet can be enriched with eID capabilities, or vice versa.

The wallet is bound to the person’s identity, their device and software via a chain of trust (eIDAS for the EU or similar for non-EU countries). The authors combine this with self-sovereign identity (SSI) principles to maximize privacy and minimize information sharing with a third party.

Keywords:

CBDC, identity, eID, SCA, electronic signatures, verifiable credentials, offline transactions.

Authors:

Michael Adams: Founder, Quali-Sign, UK
Luca Boldrin: Innovation Manager, InfoCert, Italy
Ralf Ohlhausen: Founder, PayPractice, Germany
Eric Wagner: Group Product Owner Compliance Advanced Analytics, Erste Group Bank, Austria

First Name

Last Name

Company

Country

Telephone

I HEREBY DECLARE that I have read the information notice provided by InfoCert S.p.A. pursuant to article 13, GDPR.

In addition, as to the purpose set forth under paragraph 4, letters e), and f) of the information notice:

I AGREE to the processing of Data carried out by the Data Controller for the purpose of sending promotional communications of products/services of the Data Controller or of the Group and/or third parties, and invitations to participate in thematic events and meetings, and in the context of online campaings carried out jointly with third party digital services providers.
Yes No
I AGREE to the communication and/or transfer of Data to other Group companies or to third parties operating in the sectors indicated in the information notice, which will use them for their own commercial purposes as independent data controllers.
Yes No

The consent given may be revoked at any time by contacting the Joint Data Controllers at the contact details given in the Privacy Notice.