In a previous article commenting on the key characteristics announced for the Digital Euro, I went through the main concerns on 10 points announced by the ECB. In the days following the publication of the report A stocktake on the digital euro, many commentators discarded concerns with the remarks that no final specifications have been issued by the ECB and that the outlined direction is all good and exciting. One can of course adopt this point of view, which may be true and comforting, but is it prudent not to address the concerns that the current technical direction outlined in the report will not lead to the desired end goal nor to the 'promised' characteristics?
I will try to outline the elements of interest or concern in the next paragraphs for everyone to assess for themself within this added context. It is not too late yet for the ECB to address them better prior to a digital euro launch.
Digital euro - an evolution of our money
"A digital euro would be designed to have the highest possible level of privacy in line with the provisions to be decided by legislators. The central bank has no interest in people’s payment patterns or in commercialising any of their information. It would not have access to or store any personal data that would directly identify end users. (p.8)"
Clearly we do not know yet what this means exactly, but as addressed in my previous article, the digital euro will obviously not have the highest possible level of privacy, as the highest possible level is anonymity, like cash, and that has already been ruled out.
Is it comforting to know that the current central bank executive board has no interest in your data? Yes, but that does not mean it won't be collected in the planned digital euro ecosystem. What about the next board or the one thereafter?If the ECB wants citizens to take them seriously, then it could proclaim that the Eurosystem will ensure 'real spender privacy in the full digital euro ecosystem' in ALL use cases.
The fact that "a digital euro would bring the key features of cash into the digital era (p.8)" is interesting. The plans to introduce an offline digital euro that will work if both spender and receiver are offline and also allow multiple consecutive (transitive) payments while offline, could introduce at least one use case with real privacy. The questions that will need to be answered around these offline plans are about security and usability. Can this inherently insecure (offline) use case (which is mathematically impossible to make 100% secure) be mitigated sufficiently and offer a simple enough user experience, so that adoption can become significant? Or will 'offline use' be the unusable Trojan horse that is presented to the public to sell the citizens cash-like privacy, while the digital euro online system will conduct 99.99% of the transactions and record every detail thereof?
When it comes to merchants, the proposed compensation model is interesting as well. In the current payment world, merchants carry the brunt of the 2 trillion in payment fees around the world. The digital euro will also be distributed by private payments service providers (likely the usual suspects in financial services plus maybe a few new entrants).
The paper claims "It would also put merchants in a stronger position to negotiate more favourable conditions with private payment service providers (PSPs), as transaction costs for merchants would probably be lower with digital euro than with other private payment solutions. It would also enable instant payments, giving merchants instant access to their funds – just like cash. (p.9)"
The merchant needs to negotiate with these players and could probably, maybe get a better deal. It is totally not clear why and sounds quite complicated for the merchant to go and negotiate with all these PSPs for the best deal.
Do PSPs have any good reason to offer much better deals and to sacrifice their high fees for lower fees? Not if they can prevent it. In addition we have the same fraud risks as with debit cards and credit cards today, as the new digital euro (except for the offline part) is a full-fledged account based system accessed via (legally mandated) multi-factor authentication of the user. Hence it seems not unreasonable to expect a similar level of fraud for the online part of the system. And the offline solution will heighten the fraud levels, as it is a less secure solution than online solutions. But the merchants will get instant access to their cash instead of 30 or so days later. This again will require fraud detection and remediation in real time, not within a month. And adding the much riskier offline system will make the total fraud that needs to be absorbed and compensated possibly much worse. We shall see what that will do to the usability of the digital euro and to the bottomline of the PSPs (which will again impact the final fees charged to merchants, as "the Eurosystem shall not take on liabilities of other stakeholders. (p.27)"). We do not expect the merchants to see any benefits based on the content of the report, which already clearly states that "PSPs would be able to charge merchants for their services, in line with cash and other payment methods where merchants also face costs". While it must not excite merchants, it at least provides some breathing space to Europe's largest PSP Worldline, whose shares have just dropped by 58% on worse than expected results announced on October 25th. Imagine what impact an announcement of totally free payments in digital euros would have...
Onboarding and more...
"Under the draft legislation, digital euro users should not be required to have or open non-digital euro payment accounts with, or accept other non-digital euro products from, their provider of digital euro payment services. (p.12)"
This confirms that very digital euro user would have a digital euro account with a digital euro account number (DEAN). "The DEAN would be the identifier of the digital euro account holder, serving a number of purposes. (p.20)". That makes its online version absolutely not cash-like, but bank account-like. This is something that for example the US Federal Reserve Bank is not allowed to do. To make onboarding easier, users are additionally nudged to do so with the PSP, where they already have their bank account.
The user also needs to decide (for a reason that I do not understand) at onboarding if he wants to hold digital euros both online or offline. Would a user be able to opt for offline usage exclusively?
The expected low holding limits of €3000 (currently discussed) make the system likely unusable - user may want to keep their wallet rather empty to be able to receive money, but they also want to keep it rather full, so that they can do some decent shopping when they want to. Maybe €3000 is a lower workable limit for motivated user. Nevertheless such a digital euro wallet is much less convenient than any cash wallet, which never refuses incoming cash because it is 'full'.
This may or may not be by design to push the user to connect the digital euro wallet/account to his bank account, in order to benefit from the waterfall funding and defunding. This takes the digital euro further down to "the privacy of bank accounts and credit cards" (the official politically correct statement) or as I would put it, to ZERO privacy and direct identification. But as the ECB does not receive all the detailed data from the PSP, it can always claim 'privacy from the ECB' is ensured in the digital euro. Although (potentially) correct, it is completely without benefit for the user as all his data is fully visible and exploitable in the digital euro ecosystem.
Interestingly, a defunding method via cash by ATM is described too (p.22). This free cash defunding/funding sounds like a great idea. I just wonder how such a model would be realised - when the money is coming in instantly, I may not be next to an ATM machine that can spit out the overflow amount at this same moment. So either the wallet has to accept more than the limit, in order for me, at some point in the future, to defund it via cash. Can I not in the meantime make another payment? Can I defund my overflowing online wallet into my offline wallet? If I do nothing, does the whole or partial payment go back to the sender? When does that happen?
Cash funding is contemplated too, but it sounds like it still is at an idea stage. Funding with cash at an ATM for free sounds great for both offline and online holdings. Let's see how this will turn out when AML, CFT, etc. topics come in.
Privacy, security,...
As we have seen, the digital euro will be an account-based system with every user having his DEAN number.
The report also states that "The Eurosystem maintains the ledger which determines the “root of title” of all the money it issues and executes instant settlement of digital euro transactions. An end user’s digital euro holdings as recorded in the Eurosystem infrastructure cannot be falsified by a PSP and would therefore be accurate at all times. Data available to the Eurosystem would be limited to what is necessary to perform critical digital euro-related tasks within the regulatory framework and would also be pseudonymised. (p.27)"
The above clarifies that the euro system will record every individual transaction (at least the ins and outs in the DEAN account) but it will do this in a pseudonymized manner. In simple words, the ECB could maintain a ledger with the following for each user: DEAN, credits, debits and balances. This already fulfills all of the above promises.
Fraud and risk management will be handled by a central system as "a dedicated digital euro central fraud detection and prevention function should be in place for the launch of the digital euro... It would include tools for the secure exchange of information among PSPs, collecting fraud-related statistics, fraud monitoring, and risk scoring for transactions.(p.29)" So a central monitoring system will look at each and every transaction and assign each a risk score. Of cause all of it will be pseudonymized. Probably by the pseudonym DEAN and analyzed by AI?
In addition, there will be an another central dispute management system provided by the ECB. The operations do not seem trivial nor cheap.
Remember that the pseudonymity of Blockchain has been removed by Chainalysis et al. in a fully decentralised blockchain. Seeing all these different systems operated by the ECB, would anyone be surprised if any user could be identified with the exclusive data of these ECB systems, despite data segregation and pseudonymity? AI and big data can do marvellous things these days...
Digital inclusion
The digital euro will have 2 different usage models - online and offline, adding complexity to the mix.
As it is an account-based system, at least the online system will have to implement EU mandated multi-factor authentication, not improving on the usability of today's payment tools. In addition significant risk management systems will be in use to fight ID Theft and other attack vectors, leading to the same challenges I face with erroneously blocked transactions in fraud protection today.
Why will the PSP give those individuals digital euro accounts, when they refused to give them euro accounts? Unlikely to increase inclusion, no?
This is all acknowledged in the report saying "barriers to digital euro inclusivity are not expected to differ from those observed for other digital payment solutions (p.34)".
Next steps
The report hands over the responsibility for the level of privacy, data protection, AML and CFT to the politicians, by saying "It is up to co-legislators to determine where to establish the appropriate balance amongst these objectives. A digital euro would comply with the legal framework in place at the time of its potential issuance".
Therefore I repeat myself in saying: It is important for people to learn what is actually possible today in CBDCs, so that citizens and politicians can come to a point where they are able to make decisions, that they understand the long term consequences of.
Here I close with the statement that I would want to see guaranteed by ECB / Eurosystem in a digital euro for all our sakes:
The Eurosystem will ensure 'real' spender privacy in the complete digital euro ecosystem for ALL use cases.
This is possible while addressing money laundering, tax evasion and terrorism financing at the same time. Anything else - including the current model of proclaiming "privacy from the central bank" with data segregation and pseudonymisation, where the digital euro PSPs collect every single data element and run them through central ECB monitoring systems - amounts to telling 'fairy tales' to European citizens, as privacy that can be removed is no privacy at all.
