CBDC FAQs Series: Privacy and Security

May 16, 2022

ProgressSoft Contributor

CBDC FAQs Series: Privacy and Security

Numerous questions are on the minds of central banks as they embark on issuing Central Bank Digital Currency (CBDC), therefore, we gathered the most frequently asked questions during our meetings and their answers by our experts in an enlightening CBDC frequently asked questions series starting with CBDC transactions and now CBDC privacy and security.

Q1. How do new users enroll to use CBDC?

Solutions such as PS-CBDC, keep a unique ID for each wallet with its own public and private key. New users can enroll in different ways, depending on the central bank’s preference to adopt a direct or indirect model.

In the indirect model, commercial banks play a vital role in enrolling the users and creating their wallets using their mobile number, identification cards, national ID, etc. to identify themselves either in-person or electronically.

Q1. How do new users enroll to use CBDC?

Q2. How can we ensure that the information provided by new users is authentic?

There are two approaches to ensuring that the information provided by the new user enrolling in CBDC is authentic. To start with, the system complies with two-factor authentication using SMS and email for one-time passwords. Secondly, a country can choose to complete this process in-person through gateways and agents. The central bank can choose to implement both approaches to reinforce authenticity.

Q2. How can we ensure that the information provided by new users is authentic?

Q3. Is user information in CBDC encrypted?

By default, individual information on CBDC transactions should be encrypted and not available for third parties. If there are any country-specific encryption requirements for third party management and oversight, CBDC solutions should be flexible to accommodate for it.

For example, there is encryption for the data on the ledger, where all participants share the same ledger and data is encrypted so that only the concerned participant can decrypt the relevant data using a private key. Another example is encryption on multiple ledgers where participant financial institutions such as commercial banks communicate with the central bank via private ledgers.

Q3. Is user information in CBDC encrypted?

Q4. How is the anonymity of transactions ensured, and how can we guarantee that only the right people have access to this information?

Data stored on the blockchain network does not store the specific user data. A directory is needed to link the accounts with the holders. All transactions are expected to be anonymous unless a certain amount is exceeded.

Pseudo anonymity used in CBDC allows anonymous posting and commenting as users do not have a visible identifier and any information linked to them is available to service providers or administrators only, making it an excellent tool for privacy and security.

Q4. How is the anonymity of transactions ensured, and how can we guarantee that only the right people have access to this information?

Q5. Can CBDC help combat money laundering?

Money laundering can easily be controlled by the adoption of CBDCs as transactions are monitored by the central bank or the authorized entity in that country. The authority can also reveal a user’s true identity depending on country-specific jurisdictions. Furthermore, solutions such as PS-CBDC can connect all transactions to any external Anti-Money Laundering system, in which they are able to send details and receive reports for optimal monitoring and risk mitigating.

Q5. Can CBDC help combat money laundering?
Subscribe to The ProgressSoft Blog