Tuesday, October 21, 2014

Requirements for International Standards for Bank Issued Digital Currency

Once banks realize that issuing digital currency in local denominations is the same as receiving interest free loans (with surcharges paid by the lenders) for indefinite periods then there will be a rush to issue the stuff.  The major hurdle may be the lack of infrastructure for customers to spend the currency and without standards that hurdle may prove to be an innovation killer.

Issued digital currency requires a defined business object. The object needs required functions such as “Verify Currency”, “Currency Amount Remaining”, ”Currency Denomination”, ”Pay To”, “Receive From”, and “View Transaction Log”. Each function needs defined parameters. Knowing the haphazard development of innovation though and the protection of the status quo from powerful industry players, what the world will likely get is a single (probably small) financial institution (FI) creating a proprietary standard and trying to fly the beast with a small initial base of paying consumers that likely will not gain needed momentum before failure.

There is a way to avoid the fail fate but it requires the cooperation of a nation’s FIs, the design and publication of  standards, and the simultaneous launch of a ubiquitous service offering throughout the entire nation. Witnessing the squabbles of the Kenyan mobile payment service providers, does not give great hope that a profitable, popular, and safe digital currency will emerge within an environment of FIs competing for mobile accounts and transaction fees.  If, on the other hand, FI compete by allowing their issued digital currency to freely circulate, and use the cash paid to buy the currency for loans, then the entire economic situation improves for all the FIs within the implementing nation.

For the infrastructure to be complete the payment services community also needs to create a data protocol standard. Earlier reader(s) know of my call for such a standard based on tagged based data protocols such as ISO 20022 for a payment push from a payer account to a payee account. The same data standard developed for payment data originating from a personal electronic device (PED) can double as a data protocol moving digital currency between PEDs.

The one risk for developing financial payment standards is the homogeneous environment provided to attackers. That is why FI must customize the security modules within the digital currencies. For example, some FI may require biometric proof for authentication, while others may leave authentication completely to the PED hosting the digital currency. If the standard provides for multiple security posture it forces attackers to limit their attacks to a single FI. Such a standard naturally leads to increased chance that the issuing FI will discover the attack before an attack succeeds.

FI also mitigate risks also by adding optional insurance modules to the digital currency object. The standard will define a module whereby holders of digital currency have insurance protecting their funds from damage, loss, or theft.   The insurer thus needs access to currency they insure on a real time basis or as soon as possible after a transfer event.

The costs for assembling technical people around a table to hammer out the details of these types of standards with no immediate demand and no proof that the idea will succeed may prove to be too much for an innovative nation, but the alternative, a haphazard launch without government support, seems far riskier.

Next Blog: The poor judgment of the US issuing EMV cards

No comments:

Post a Comment