How to Elevate the Security of Central Bank Digital Currency
This article is published in collaboration with Tata Consultancy Services.
Digital currencies are gaining currency around the world.
Central bank digital currency (CBDC), a digital version of currency that a central bank issues instead of its paper or polymer forms, can change the world of money as we know it. CBDC enables faster and efficient transactions while reducing the reliance on traditional banking systems. It also promotes financial inclusion, bridging the gap between banked and unbanked populations.
This form of money enhances economic efficiency as it reduces the costs of printing and distributing physical currency. With CBDCs, central banks can have direct control over the supply of money and gain insights into monetary flows, bolstering the implementation of monetary policies and economic stability. CBDCs are traceable and offer transparency during transactions, which can curb illicit activities such as money laundering. Cross-border transactions can be simplified as CBDCs cut complexities in international transfers. They enable all this while also maintaining the stability and trust associated with traditional currencies.
Designed with advanced security features, encryption, and privacy controls, CBDCs secure digital transactions. Amid global competition and the rise of private digital currencies, CBDCs maintain currency sovereignty. Moreover, CBDCs furnish central banks with valuable data to take policy-related decisions based on spending patterns and economic behaviors.
Recognizing the immense possibilities they present, several countries around the world are adopting digital currencies. Whether it is the People's Republic of China’s trials of its digital yuan, Sweden's research of the e-Krona, or the European Central Bank’s experiment with a digital euro, digital currencies are gaining traction. In December 2022, the Government of India announced its retail central bank digital currency, called the digital rupee. It would be issued in the form of a digital token that represents legal tender and comes in the same denominations in which paper currency and coins are currently issued.
CBDCs can be stored in digital wallets on customers’ mobile phones.
Intermediaries, such as banks, distribute digital currency. To carry out transactions, customers can use the intermediaries’ digital wallets stored on their mobile phones. So, when making payments for purchased items, the customer can simply send the digital currency to the shop’s digital wallet. Transactions can also be person-to-person (P2P) and person-to-merchant (P2M), where payments to merchants can be made using QR codes displayed at merchant locations.
In an increasingly interconnected world, CBDCs offer a step toward a digital economy by providing easy access to digital currency for underserved populations while also reinforcing the resilience of financial systems. It can offer stability and security, reducing reliance on less stable cryptocurrencies and enabling swift central bank support during economic crises. CBDCs’ transparency and traceability can combat fraud and illicit activities, fortifying the integrity of the financial system.
Enterprises need to understand the cybersecurity and privacy challenges of CBDC.
Enterprises need to be on guard when transferring CBDC tokens, as they can be vulnerable to hacking, cyberattacks, counterfeiting, and the double-spending of tokens.
Below are key cybersecurity and privacy challenges in CBDCs that enterprises need to overcome:
- Fraud and counterfeiting: These involve illicit activities aimed at deceiving or undermining the integrity of the digital currency system. The result can be significant financial losses to customers and central banks. Encryption and authentication techniques prevent counterfeiting.
- Cyberattacks: This includes phishing, malware, ransomware, distributed denial-of-service (DDoS) attacks, and more. Implementing strong security measures such as encryption, multi-factor authentication, regular audits, and rapid response plans ensure the safety and integrity of CBDC systems.
- Money laundering: This involves the use of digital currency to conceal the source of illegal funds. Blockchain and advanced transaction monitoring systems enable real-time tracking of funds, making it harder for illicit funds to be hidden. Integrating user identity verification and transaction reporting into CBDC systems can detect and prevent suspicious activities while complying with anti-money laundering (AML) regulations.
- Privacy and anonymity: Implementation of a combination of blind and ring signatures ensures that CBDC transactions remain anonymous, while also preventing double-spending.
- Offline transactions: To prevent attackers from intercepting and accessing offline CBDC transactions on users’ devices, banks need to use multi-signature protocols. This requires seeking approval from multiple parties before processing such transactions and implementing strong encryption controls.
The way forward
Securing CBDC transactions is paramount for the future of finance.
It necessitates cutting-edge cybersecurity technology, multi-layered security measures, and user education to ensure safe practices.
Collaboration among stakeholders, robust regulatory frameworks, and a balance between privacy and transparency are essential. Contingency plans and global cooperation can bolster resilience, while ethical considerations guide responsible development.
Continuous research and development efforts remain vital to stay ahead of emerging threats, ensuring CBDCs remain a secure cornerstone of the digital economy.
This article was first published by Tata Consultancy Services on 25 September 2023.
Senior Cybersecurity and Privacy Consultant, Cybersecurity, Tata Consultancy Services
Satish Kulkarni is a cybersecurity consultant, architect, and data privacy lead in TCS’ Cybersecurity unit. He has over 35 years of IT experience, including 18 years in the field of cybersecurity and data privacy. He holds a range of professional certificates, including Certified Information Systems Security Professional (CISSP) and Certified Information Systems Auditor® (CISA®).