Resilient infrastructure and offline payments are key to the Battle of Britcoin

Some analysts, such as Juniper Research, expect payment value in CBDCs to grow from around $100m in 2023 to as much as $213bn by 2030. The Bank of England’s consultation closed in June 2023 and its conclusions should be published before the end of the year.

Far from being a novel idea, CBDCs have been both explored and launched by many other countries. The European Central Bank (ECB) is already progressing towards a ‘digital Euro’, and several other countries, including China, have already launched their own CBDCs over the last few years, paving the way for the UK to devise its own digital coin.

The potential benefits of a CBDC include:

• Lower transaction costs for cross-border payments.
• A reduction in money laundering by ensuring an unfalsifiable audit trail for transactions.
• The expansion of access to finance for those who, for whatever reason, currently lack a bank account.

The national discussion around CBDCs has now moved past theory and into practice. The current Bank of England consultation marks the moment when UK monetary authorities are putting serious thought into how they might establish a national digital currency. To do so, authorities need to address two practical issues; how to both ensure the resilience of physical infrastructure and resolve the problem of offline transactions.

Building infrastructure security and resilience

The attraction of digital currencies has always been that since they are ‘decentralised’, they remove the need for intermediaries such as banks and merchant providers. However, this ignores that digital currencies rely on different sets of intermediaries – the technicians, computer networks, and internet networks that allow digital transactions to clear through the online ledger. As much as digital currencies benefit from the strengths of these networks, they also suffer the same vulnerabilities, including the possibility of hacks and natural disasters. Any such breaches in the network of a CBDC could cause financial distress for users and the central bank and lead to an erosion of confidence in the digital currency.

PA Consulting recently supported a paper written by the Bank of International Settlements (BIS) on how central banks could ensure the resilience of their network. The resulting Polaris framework stresses the importance of modern cybersecurity techniques such as security-as-code, network segmentation, identity validation and security guardrails enforced at the network infrastructure. A dedicated security and resilience team within the central bank would lead to analysing technical architecture and scanning for new threats under the governance of a Chief Security Officer (CSO), who in turn would establish regular communication with all financial institutions and technological enablers taking part in the CBDC system. The key to ensuring success is a constant cycle of preparing, protecting and adapting the network to incoming threats as and when they emerge to incoming threats as and when they emerge.

Reducing the friction of offline payments

As discussed above, the potential for network outages could lead to owners of digital coins being unable to transact until a connection is re-established. This lessens the attractiveness of CBDCs, as there is a risk that the user may not be able to exchange them for goods and services through no fault of their own. Therefore, some sort of offline functionality is essential for any CBDC put into practice. This raises two problems: 

1. It raises the possibility of the same coin being spent multiple times.

2. A transaction risk is placed on the vendor, as they bear 100 percent of the transaction risk.

This is not a unique problem for CBDCs – payments through Visa and Mastercard already have contingencies for transactions when the system cannot be reached. Such transactions are rare (e.g. on a ship) with limited risk for providers; therefore, a different type of solution may be required for CBDCs. The solution will likely come from hardware, specifically trusted execution environments (TEEs). TEEs are encrypted enclaves within secure hardware devices (for example, mobile phones) which allow transactions with pre-loaded digital currency. Such TEEs are enabled by a trusted delegate of the central bank, which guarantees security and bears the risk of failure (see the diagram). TEEs are already in use, with examples including Intel Software Guard Extensions (SGX), ARM TrustZone and Keystone.

Infrastructure holds the key to UK CBDC implementation

As the Bank of England and others start the consultation process for creating their own CBDCs, such analysis needs to include perceived consumer benefits and an assessment of the likely physical and technical infrastructure necessary to make any digital coin reliable and secure. The technology to protect the network and allow offline payments already exists but ensuring that it is scalable and affordable will be a large part of any business case for introducing a full national CBDC.