CBDC Design Needs to Address Risk to Users, Says Bank of Canada
Building an anonymous central bank digital currency (CBDC) presents security risks – not only to the issuer but to the users themselves, says the Bank of Canada.
Updated Aug 19, 2021 at 4:46 a.m. UTC
Building an anonymous central bank digital currency (CBDC) presents "particular" security risks – not only to the issuer but to the users themselves, according to the Bank of Canada (BoC).
- In a new analytical note published Monday, the BoC said the users of a central bank token would have a tendency to "economize" on security, as they may not bear the full cost of any losses.
- The note raised the potential of users to lose the private keys to their addresses, or become victim to hacks or fraud through their own actions or bugs in the code of wallets, exchanges and other services.
- These issues are generally not due to the protocols behind digital currencies, which the BoC says are normally "extremely secure."
- If the central bank sets up liability rules for losses similar to those for cash and bank accounts, CBDC users may be incentivized to comply with stricter security standards.
- Even so, it may be hard to enforce such rules as determining responsibility for losses of digital currencies can be "difficult," according to the note.
- A solution proposed for further investigation by the BoC would be to limit users to storing their CBDC holdings only at "approved intermediaries."
- Another challenge to a CBDC issuance raised in the note is that digital currencies are aggregated in anonymous addresses on a large scale, beyond what is possible with cash.
- This means there would be "trade-offs" between security and convenience that are not a factor in traditional banking, the central bank says.
- Further, competition between providers of third party solutions and the use of different security protocols brings the risk that they may not interact securely.
- The central bank therefore proposes that limiting user balances and enforcing security protocols on third-party providers could solve these potential problems.
STORY CONTINUES BELOW