SHCs are sick, as the kids say

Now, of course, when techno-determinist mirrorshaded hypester commentators (eg, me) say that the future of money might be somewhat different to the Bretton Woods II structure and that perhaps the decentralising nature of computer, communications and cryptographic (CCC) together mean that there might be currency issuers other than central banks (as, for example, I did in Wired magazine two decades ago), this might be dismissed by scenario planners and strategists as cypherpunk-addled babble.

It seems to me, however, that the reflections of sensible, knowledgable and powerful players is tending int the same direction. Mark Carney, governor of the Bank of England, recently gave a speech at Jackson Hole, Wyoming, in which he said that [Central Banking] a form of global digital currency could be “the answer to the destabilising dominance of the US dollar in today’s global monetary system”.

Wow.

Mr. Carney went on to talk about the idea of “synthetic hegemonic currency” (abbreviated to SHC by everyone else but abbreviated to SyHC by me so that I can pronounce it “sick”). An obvious example of such a currency would be an electronic version of the IMF’s Special Drawing Right (SDR). In fact the former boss of SDRs has already put forward such a proposal, asking for the IMF to “develop a procedure for issuing and using market SDRs following currency board rules and backed 100% by official SDRs or by an appropriate mix of sovereign debt of the five basket currencies”. This, of course, sounds a little like Facebucks (or “Libra” as they are more properly designated) and, indeed, it is.

So what would be the difference between holding Facebucks and holding eSDRs? Well, for one thing, Facebuck currency board basket will not include Yuan. In responses to questions from a German legislator, Facebook have said (Reuters, September 20th) that their basket will be:

  • One half US dollar,

  • Euro 18%,

  • Yen 14%,

  • Sterling 11% (although why anyone would be this in “stable” basket right now is beyond me), and

  • Singapore Dollar, 7%.

The composition of the SDR varies from time to time, but the current basket (last reviewed in 2015) is:

  • 41.75% US dollar,

  • 30.93% Euro,

  • Yen 8.33%,

  • Sterling 8.09%, and…

  • Yuan, 10.92$%.

So Libra vs. eSDR (or Libra vs. A Chinese digital currency) comes down to the Yuan. I think the Wall Street Journal (September 23rd) is right to characterise the fascinating future of digital currency as a “coming currency war” between digital money and the Dollar, saying that “The U.S. dollar has been the world’s dominant currency since the 1920s. But if national digital currencies allow for faster, cheaper money transfers across borders, viable alternatives to the U.S. dollar could emerge, embraced by nations and monetary officials concerned about the dollar’s outsize influence on the global economy”.

This is about so much more than permissioned vs. permissionless or proof of work vs. proof of state.

SIBOS, Star Trek and the end of Bretton Woods

Here’s a story I came across that I found so interesting that I discussed it in my book about the history and future of money, “Before Babylon, Beyond Bitcoin”. It is a utopian future fiction that happens to have something to interesting to say about money, which is why it caught my eye. This is somewhat unusual for a utopian vision since, as Nigel Dodd observed in his 2014 book “The Social Life of Money“, utopias from Plato’s Republic to Star Trek don’t seem to include money at all, never mind M-PESA or Bitcoin.

Anyhow, the story that interested me has a ‘guy falls asleep under hypnosis and awakes a century later to find a model society, then finds it’s all a dream’ narrative arc that is hard to read with modern eyes, because the perfect society that the author imagines is a communist superstate that looks like Disneyland but run by Stalin. Everyone works for the government, and since government planners can optimize production, the ‘inefficiency’ of the free market is gone.

During his adventures in this new world the narrator, the time travelling protagonist, is told by his host in the modern era (the good Doctor Edward Leete), that cash no longer exists. Instead, the Doctor informs him, the populace use ‘credit cards’ for retail transactions. (He then, as it happens, goes on to describe what are in fact offline pre-authorized debit cards imagined in the technology of the day, but that is by-the-by.)

While the author does not talk about the telephone, laser beams or the knowledge economy, he does make a some insightful predictions about the evolution of money. When talking about an American going to visit Berlin, the good Doctor notes how convenient it is for international travellers to use these ‘credit cards’ instead of foreign currency: ‘An American credit card,’ replied Dr Leete, ‘is just as good as American gold used to be’.

This is an excellent description of our world after the end of the gold standard and the rise of a dominant reserve currency, what economists call the  “Bretton Woods II” era of monetary history. A clever prediction indeed. However, I think that the most fascinating insight into the future of money comes later in the book, when the time traveller asks his twenty-first-century host ‘Are credit cards issued to the women just as to the men?’ and the answer comes back ‘certainly’.

That answer might alert you to the age of the text, which in fact contains the earliest mention of a credit card that I have found anywhere as part of a fictional narrative. The book is by the American author Edward Bellamy and is called “Looking Backward, 2000–1887“. It was written in 1886, a century before the credit card became the iconic representation modern money, and it was one of the best-selling books of its day. I had a 1940s edition in front of me as I wrote my book, so it was still being reprinted sixty years later!

I cannot help but reflect that the discourse on money in that book is a wonderful example of how science fiction is not really about the future at all but about the present: the retort ‘certainly’ is clearly intended to surprise the Victorian reader as much, if not more, than the his prediction of glass tunnels that surround pavements when it rains.  It took a writer, not an economist or a technologist, to ask a simple question about money and get a surprising answer. Hold that thought.

Predictions are hard, especially about the future of money

Now let us have a go at predicting the financial system half a century onwards. Where do we start? Well, a good rule of thumb for futurologists is that if you want to look 50 years forward, you need to look at hundred years back because of the increasing pace of change. A hundred years back we had the telephone and global markets connected by instant, global communications. We had the Bank of England and the Federal Reserve. We had wire transfers. We had the world’s first commercial aviation service, created as it happened to accelerate the clearing of cheques between Chicago and New York.

A century ago we were also coming to the end of the era of the classical gold standard. The demise of that global financial system was brought about by the pressures of global conflict and depression that ultimately led Britain to abandon it permanently in 1931 after a temporary suspension that began in the middle of First World War and lasted until 1925. Some people think we are now coming to the end of the Bretton Woods II era and, as The Economist observed recently (“Into the woods”, 17th August), saying that international trade is complicated because “most countries have their own currencies, which move in idiosyncratic ways and can be held down to boost competitiveness”, it is not at all clear what is coming next!

If this is correct, and it seems likely that it is, then then what will replace the IMF, central banks and commercial banks offering credit when it comes to creating money, facilitating payments and prosperity? The reaction of regulators around the world to one alternative, Facebook’s proposed “Libra” digital currency, seems to indicate that the incumbents are not going to give up with out a fight. Yet given the history of financial markets and institutions, and given that we know that change is inevitable as the structures reshape under social, regulatory and technological pressures, it is not good enough to simply say that the incumbents are wrong. We (ie, the financial industry) must help to create a vision of future banking that helps us all – and I include the regulators in this – to shape strategies that lead to a financial sector that serves society better.

But what vision?

If we set aside both the misplaced view that the status quo will prevail and the Bitcoin maximalists fantasies of a completely decentralised society, where do we look to find believable alternatives? We all hear the speeches of the regulators, read the annual reports from the bankers, see the demos of the technologists and the slide decks of entrepreneurs. But have any of these created a vision in your mind? Perhaps it’s time to return to my opening observations to develop a narrative just as surprising to contemporary audiences Bellamy’s was to a Victorian one.

So. What do we now see a couple of generations from now. The world of Star Wars with a “galactic credit” that is universally accepted. That doesn’t seem right to me. A single currency doesn’t really work between Germany and Greece, so how it would work between Earth and LV-426? Would the use of a Synthetic Hegemonic Currency (SHC), to use Mark Carney’s words in the Financial Times (“Mark Carney calls for global monetary system to replace dollar”, 23rd August 2019), function in these circumstances as a trade currency for the universe?

 

What about the world of Star Trek with no money at all, save the gold pressed latinum of the Ferengi (shown above), valuable because it’s the only substance that the replicators can’t produce? How about the world of Charles Stross’ “Neptune’s Brood” where there is fast money and slow money that relies on cryptography so it only travels at one-third the speed of light?

How will people transact? Will it be the world in Robert Heinlein’s “Beyond the Horizon” where the government has an “integrated accumulator” (what we would now call a blockchain) to record all transactions and the finance minister has dashboard to see just how the economy is doing? The integrated accumulator sounds very much like the “compubank” in Margaret Attwood’s “The Handmaid’s Tale” which tells what happens if this machinery falls under the influence of fanatics, in that case as theocratic US administration that bans and blocks women’s payment cards? Will cash, indeed, be banned or will it simple be cash as in William Gibson’s “Count Zero” where the protagonist finds himself in a near future where he  “had his cash money, but you couldn’t pay for food with that. It wasn’t actually illegal to have the stuff, it was just that no- body ever did anything legitimate with it”. (Which, frankly, sounds like Sweden rather than some future dystopia.)

What if money as we know it vanishes as a transactional medium of exchange? Will it be the world of Bruce Sterling’s “Distraction” in which distributed servers manage reputation as a currency, a theme also present in Cory Doctorow’s “Down and Out in the Magic Kingdom”. I am naturally attracted to these images of a future in which identity, trust and reputation reconnect us with our neolithic heritage (indeed, a few years ago I wrote a book called “Identity is the New Money”) and dispense with many kinds of intermediaries! Will this free us or will it fulfil the prophecy of the Book Of Revelation 13:16-17 that “no man might buy of sell save that he has the mark, or the name of the beast, or the number of his name” enslave us? Should we begin our scenario planning for these transactional environments now (hint: yes) or should we leave the technologists to choose a future for us?

Next week, for the Innotribe closing keynote of most important global banking conference of the year SIBOS, my good friend Brett King and I will be looking how writers have thought about the future of payments, banking and money to see if their narratives can help us to formulate strategies in this space and to see if we can find the hard question and surprising answer for the world of 50 years from now. I have an idea of what it might be, but let’s see how Brett, me and the Innotrible audience develop our thinking on the day. See you there.

China’s digital currency may set the benchmark, not Libra

As I wrote a while ago, the Chinese were first with the great transition from commodity money to paper money. They had the necessary technologies (you can’t have paper money without paper and you can’t do it at scale without printing) and, more importantly, they had the bureaucracy. In 1260, Kublai Khan became Emporer and determined that it was a burden to commerce and taxation to have all sorts of currencies in use, ranging from copper ‘cash’ to iron bars, to pearls to salt to specie, so he decided to implement a new currency. Then, as now, a new and growing economy needed a new kind of money to support trade and therefore prosperity. The Khan decided to replace copper, iron, commodity and specie cash with a paper currency. A paper currency! Imagine how crazy that must have sounded! Replacing physical, valuable stuff with bits of paper!

 

Just as Marco Polo and other medieval travellers returned along the Silk Road breathless with astonishing tales of paper money, so commentators (e.g., me) began tumbling off of flights from Beijing and Shanghai with equally astonishing tales of a land of mobile payments, where paper money is vanishing and consumers pay for everything with smartphones. China is well on the way to becoming a cashless society, with the end of its thousand year experiment with paper money in sight. Already a significant proportion of the population rely wholly on mobile payments and carry no cash at all, much as I do when heading into London.

The natural step from here is to create digital currency so that settlement is in central bank money and there are no credit risks. Now, the People’s Bank of China (PBoC) is run by smart people and as you might imagine they have been looking at this strategy since back in 2014. It now looks as if Facebook’s Libra initiative has stimulated or accelerated their tactics. I read in Central Banking [PBoC sounds alarm over Facebook’s Libra] that PBoC officials had “voiced worries” that [Libra] could have destabilising effects on the financial system and further stated that the bank would step up its own efforts to create an e-currency.

This is no knee-jerk reaction. Way back in 2016, the then-Governor of PBoC, Zhou Xiaochuan, very clearly set out their thinking about digital currency, saying that “it is an irresistible trend that paper money will be replaced by new products and new technologies”. He went on to say that as a legal tender, digital currency should be issued by the central bank (my emphasis) and after noting that he thought it would take a decade or so for digital currency to completely replace cash in cash went to state clearly that “he has plans how to gradually phase out paper money”.

(As I have written before, I don’t think a “cashless society” means a society in which notes and coins are outlawed, but a society in which they are irrelevant. Under this definition the PBoC could easily achieve this goal for China.)

What would be the impact of phasing out paper money? Yao Qian, from the PBOC technology department wrote on this subject back in 2017, noting (as I have done) that a central bank digital currency (CBDC) would have some consequences for commercial banks, so that it might be better to keep those banks as part of the new monetary arrangement. He described what has been called the “two tier” approach, noting that to offset the shock to the current banking system imposed by an independent digital currency system (and to protect the investment made by commercial banks on infrastructure), it is possible to incorporate digital currency wallet attributes into the existing commercial bank account system “so that electronic currency and digital currency are managed under the same account“.

I understand the rationale completely. The Chinese central bank wants the efficiencies that come from having a digital currency but also understands the implications of removing the exorbitant privilege of money creation from the commercial banks. If the commercial banks cannot create money by creating credit, then they can only provide loans from their deposits. Imagine if Bitcoin were the only currency in the world: I’d still need to borrow a few of them to buy a new car, but since Barclays can’t create Bitcoins they can only lend me Bitcoins that they have taken in deposit from other people. Fair enough. But here, as in so many other things, China is a window into the future.

Whether you think CBDC is a good idea or not, you can see that it’s a big step to take and therefore understand the PBoC position. There is a significant potential problem with digital currency created by the central bank. If commercial banks lose deposits and the privilege of creating money, then their functionality and role in the economy is much reduced. We already see this happening because “Alipay, WeChat Wallet, and other Chinese third party payment platforms use financial incentives to encourage users to take money out of their bank accounts and temporarily store it on the platform itself” [China’s Future is Definitely Cashless].

In summary, then, a couple of year ago I wrote that the PBoC were not going to issue cryptocurrencies and they were not going to issue digital currencies either (at least in the foreseeable future). What I said was that what they might do is to allow commercial banks to create digital currency under central bank control. And this indeed what seems to be happening. According to the South China Morning Post, the new Chinese digital currency “would be centrally controlled by the PBoC, with commercial banks having to hold reserves at the central bank for assets valued in the digital yuan“.

How will this work? Well, you could have the central bank provide commercial banks with some sort of cryptographic doodah that would allow them swap electronic money for digital currency under the control of the central bank. Wait a moment, that reminds me of something…

Yep, that’s how Mondex was structured 25 years ago. (If you don’t know what Mondex was, here’s something I wrote about it 20 years on.) There was one big different between Mondex and other electronic money schemes of the time, which was that Mondex would allow offline transfers, chip to chip, without bank (or central bank) intermediation. Would a central bank go for this today? Some form of digital cash that can be passed directly from person to person like Bitcoin rather than some form of electronic money like M-PESA, using hardware rather than proof of work to prevent double spending? Well, it was being tried in Uruguay, but I’m not sure how that pilot is going, although is was not quite the same thing as Mondex because the phones would not be exchanging fungible value but tokens that could ultimately be traced and tracked and monitored, but it’s interesting nonetheless.

 Mondex Paraphanalia

When I wrote about this back in 2018, I said that I thought it was unlikely that the PBoC would allow anonymous peer-to-peer transfers, so I was very surprised to see a Reuters report [6th September 2019] quoting Mu Changchun, deputy director of the PBoC’s payments department, saying about the proposed Chinese digital currency that “its ability to be used without an internet connection would also allow transactions to continue in situations in which communications have broken down, such as an earthquake”.

This would seem to mean that the system will allow offline transactions, which means that value can be transferred from one phone to another via local interfaces such as NFC or Bluetooth. If so, this would be truly radical. I wondered if something was mistranslated in the Reuter’s piece so I went to the source speech (albeit via Google Translate!) and I discovered that this is in fact precisely what he said. Talking about the project, which is called the DC/EP (digital currency and electronic payment) tool, he said that it is functionally “exactly the same as paper money, but it is just a digital form” and went on to confirm that

DC/EP can realize value transfer without an account. In the specific scenario, as long as there is a DC/EP digital wallet on the mobile phone, no network is needed, and as long as the two mobile phones touch each other, the transfer function can be realized… “Even Libra can’t do this,” Mu Changchun said”.

Wow. That’s huge. Libra can’t do it, and never will be able to. To understand why, note that there are basically two ways to transfer value between devices and keep the system secure against double-spending. You can do it in hardware (ie, Mondex or the Bank of Canada’s Mintchip) or you can do it in software. If you do it in software you either need a central databse (eg DigiCash) or a decentralised alternative (eg, blockchain). But if you use either of these, you need to be online. I don’t see how to get the offline functionality without hardware security.

If you do have hardware security and can go offline, then we are back to the question of fungibility again. Here the PBoCs principle is both clear and very surprising.

Mu Changchun said that the public has the need for anonymous payment, but today’s payment tools are closely tied to the traditional bank account system, can not meet the consumer’s anonymous payment needs, and can not completely replace the cash payment. The central bank’s digital currency can solve these problems. It can maintain the attributes and main value characteristics of cash and meet the demands of portability and anonymity.

Wow. They are serious. He goes on to say DC/EP will work the same way as banknotes.

Commercial banks open accounts at the central bank, paying 100% of the total amount, and individuals and businesses open digital wallets through commercial banks or commercial organizations. DC/EP is still replaced by M0 and is legally compensated. For users, just download an app to register, you can use a digital wallet, and recharge cash withdrawals need to dock traditional bank accounts.

I wonder if this will bring interoperability? If DC/EP is really to work as banknotes do then the e-RMB in my bank app and my Alipay app and my WeChat app much be interoperable. I must be able to transfer value from my Alipay app to your WeChat app. If PBoC crack that they will be on the way to one of the world’s most efficient electronic payment infrastructures.

There was a final part to the speech which I did not understand at all, so perhaps a Chinese correspondent more familiar with DC/EP can clarify the meaning. The speech covers “smart” “contract” by which I assume PBoC means apps that use the DC/EP to execute on the handset (since there is no blockchain), but this is my assumption.

Mu Changchun said on several occasions that the central bank’s digital currency can load smart contracts. However, if a smart contract that exceeds its monetary function is loaded, it will be degraded into a value-for-money ticket, reducing its usable level, which will adversely affect the internationalization of the RMB. Therefore, digital currencies will load smart contracts that favor the monetary function, but remain cautious about smart contracts that exceed the monetary function.

I am baffled by this, which I am sure reflects my ignorace of advanced electronic money technologies, but I don’t think that this deflects from my overall observation that if the PBoC goes ahead and launches a person-to-person offline capable CBDC then that will be not only a nail in the coffin of cash but an event as significant and momentous in monetary history as the paper notes of the Khan a millennium ago.

SCA and SSCA

We’re seeing a lot about strong customer authentication (SCA) at the moment because of the requirement of the Second Payment Services Directive (PSD2) that comes into force next week on Black Friday (Friday 13th September). That’s because there’s a lot of fraud online, it’s getting worse and the strong authentication of people (in this case, online customers) is seen as being a way to tackle it. PSD2 demands SCA, and this means that European banks and Payment Service Providers (PSPs) have had to up their game.

Strong authentication, in this context, means “two factor authentication” (2FA). What 2FA means is that you must present two “factors” to demonstrate you are who you say you are. The three factors you can choose from are something you have, something you are and something you know (or, in my case, something I had, something I was and something I’ve forgotten). When you buy something in a shop, for example, you present a credit card (something you have) and put in a PIN (something you know). When you enter the country, you present something you have (a passport) and show your face (something you are). SCA is already being implemented by the UK banks, although in an unpredictable manner. Some banks send a code via their mobile banking app, some send a text, some allow you to choose e-mail instead, some will call a landline and some require the use of a card-reader dongle-thingy. As far as I can tell, none of them use a common app such as Microsoft Authenticator.

I’m actually quite surprised to see that some of them are still using text messaging to send a “one time password” (OTP) to customers for authentication. It’s not because, as the British newspapers were quick to point out, people who can’t get a mobile signal or don’t own a mobile phone face, as The Guardian put, it being “frozen out of internet shopping as banks are increasingly insisting that online payments are verified by text”. This is indeed a valid concern, but what I find most disturbing about this report is that anyone is verifying online payments, or indeed any other important online transaction, by insisting that they are authenticated by text messages! With the explosion of “smishing” (ie, phishing attacks via SMS) and the daily tales of account takeover, bitcoin theft and payment fraud carried out via SMS, you really do have to wonder why text messaging is still being used in this context.

This is hardly a new issue. More than a decade ago I wrote about the comments of Charles Brookson, then the head of the GSMA security group who, when talking about the use of SMS for financial services, made the point that SMS has, to all intents and purposes, no security whatsoever. Structurally, it has always seemed to me to be irresponsible for financial institutions to rely for security on something that is not secure and over which they have no control. Given the prevalence of smart phones, you would think that SMS would be long gone, but it is only now that German banks, for example, are giving up on SMS OTP in response to the PSD2 requirements for SCA.

How will this SMS-less strong authentication be implemented? For payments it will be through the new version of the scheme’s “Three Domain Security” (3DS). 3DS version 2 introduces “frictionless authentication” and will be the main card authentication method used to deliver SCA in Europe. It works by allowing retailers and their PSP to send many more data elements with each transaction. These data elements – such as the shipping address, customer’s device identity and their transaction history – mean that the issuer can carry out more sophisticated risk management.to decide whether SCA is needed or not. In most cases, I would guess (since the issuers will use sophisticated risk management platforms with machine learning and all that sort of thing), no further authentication will be needed. But where it will be needed, Barclaycard (for example) can send a message to the Barclaycard app on my phone and ask me to authenticate myself.

(As it happens, Barclaycard have just sent me another “PINsentry” card reader together with an instructional pamphlet, so I will make every effort to use my Barclaycard online just so I can see how it works. Of course it means I’ll will have to carry the card reader and my Barclaycard around with me at all times in case I want to buy something online, but remember I do this so you don’t have to.)

Barclaycard PSD2 SCA 2FA

In my opinion, the best way forward now is through the bank apps themselves. Google found in their research on authentication for account recovery that whereas 2FA SMS stopped three-quarters of targeted attacks, in-app solutions stopped 90% (and 99% of bulk phishing attacks). It would be good if this approach was adopted across the board – not only for retail payments but for logging in to bank accounts, authorising transfers and everything else. But if customers get mixed up between expecting an e-mail or getting a text, seeing an in-app message sometimes but not other times, then fraudsters will be quick to exploit the situation. In which case (as I suspect) the introduction of strong authentication will actually leader to more fraud. We need both a better and more consistent approach to authentication for financial services. We need to standardise on the approach and the execution and the UX so that consumers can be confident that they are communicating with their bank or whoever.

Standard Strong Customer Authentication

My Consult Hyperion colleague Tim Richards recently set out this problem in a very clear way [The Paypers, 27th August 2019]. He asks us to imagine what would have happened if SCA had been mandated for face-to-face commerce but, as with PSD2, no technological solution was provided. In that case, instead of our EMV-standard chip and PIN payment system we would have had each bank creating its own solution. Then, as has happened online, every time a consumer went into a shop to buy something they would face a different authentication depending on their bank! Tim’s good advice is that regulators need to take a step back, “temporarily drop anti-competition laws and insist that banks come up with a minimum standard for SCA” to support growth in online commerce that is accompanied by real security because customers know what to expect and retailers aren’t disadvantaged by variable SCA experiences leading to cart abandonment.

He’s right, of course. And it terms of implementation it has long been clear that the best architecture for what I am now labelling Standard Strong Customer Authentication (or SSCA) is biometric authentication against a revocable token stored in tamper-resistant local storage. We all carry a device capable of implementing this design at a manageable cost: the mobile phone.

(As an aside, since the mobile phone operators control a standard item of tamper-resistant hardware in all phones — the SIM — why we are not all using a standard authentication from our mobile operators already is a mystery, but that’s a different point and I don’t want to get diverted by Mobile ID Connect here.)

This point is that with really strong authentication, your bank shouldn’t be sending you a text message or an e-mail or whatever, it should be using real cryptography to send a message to the bank app on your mobile phone. So, when you ty to buy something online with your Barclaycard your Barclaycard app pops up on your phone and asks you to authenticate.

If the bank (or anyone else) cannot reach the mobile app then there should be a standard fallback across all service providers which would probably be a voice call thus opening up the use of voice recognition and authentication. And if you are online buying something or transferring money to someone or closing an account and you can’t be reached via the mobile app or by a voice call well… then what are you doing buying things online in the first place?

Surely this is the most practical way forward now that the Financial Conduct Authority (FCA) has confirmed that it will not take enforcement action against businesses who do not implement SCA until March 2021, there is now some time to prepare a mobile-centric SSCA pathway for UK banks and businesses.