Central Bank Digital Currencies Introduce New Cybersecurity Challenges, Privacy Issues

Central Bank Digital Currencies Introduce New Cybersecurity Challenges, Privacy Issues

by October 27, 2022

Interest in central bank digital currencies (CBDCs) has grown over the past few years in response to changes in payments and technology, as well as the disruption caused by COVID-19.

A 2021 survey conducted by the Bank for International Settlements (BIS) found that 86% of central banks polled were actively researching the potential of CBDCs, 60% were experimenting with the technology and 14% were deploying pilot projects.

Atlantic Council GeoEconomics Center research shows that about 100 countries and currency unions are currently exploring the possibility of launching a CBDC, either retail and issued to the general public, or wholesale and intended to be used primarily for interbank transactions.

Central Bank Digital Currency Tracker, Source: Atlantic Council, 2022

Central Bank Digital Currency Tracker, Source: Atlantic Council, 2022

CBDCs are essentially digital versions of a country’s physical currency. Instead of printing money, central banks issue widely accessible digital coins which users can utilize to make digital transactions and transfers.

Efforts towards CBDCs have accelerated these past few years, driven by a number of factors. First, COVID-19 has brought about a shift in payment habits towards digital payments and e-commerce, accelerating the decline of cash use and prompting central banks to consider issuing a new form of money that would best suit new consumer preferences.

Second, cryptocurrencies developed by private companies or communities like bitcoin have seen significant developments and value gain. In 2021, the market capitalization of cryptocurrencies grew by nearly three times to US$3 trillion. This rapid rise, combined with the vulnerabilities of crypto markets, has raised financial stability concerns among central banks and regulators, pushing authorities to pursue CBDC ambitions.

For central banks involved in CBDC projects, there are many opportunities relating to digital coins. Most are confident CBDCs could help them reach their public good objectives, including safeguarding trust in money, maintaining price stability and ensuring safe and resilient payment systems and infrastructure. Some also believe CBDCs could significantly help economies go digital, make cross-border payments faster and cheaper, and increase financial inclusion.

The risks of issuing a CBDC

But despite the positive prospects, experts and industry observers have also warned of possible risks relating to CBDCs, including security considerations, as well as surveillance and privacy.

A recent US Federal Reserve report listed “security” as an “important consideration for a CBDC,” citing risks relating to counterfeiting, fraud, and double spending, but also cyber risks. In fact, a UK House of Lords paper specifically described cybersecurity and privacy risks as potential reasons not to develop a CBDC.

Results of a 2021 survey conducted by BIS revealed similar concerns among the broader central banks’ community. The study, which polled 21 central banks from around the world, found that most respondents believe that the introduction of a CBDC could add to the complexity of the IT environment and necessitate greater resources devoted to cybersecurity.

More than 60% of central banks in emerging markets believe a CBDC could generate an increase of between 10% to 20% in cyber budgets. Advanced economies showed greater concerns, with more than 30% of respondents estimating an increase between 20% to 50% in cyber budgets because of a CBDC. An equal proportion estimated an increase in the 10%-20% bracket.

Estimated increase in cyber budgets due to CBDC (As a percentage of respondents), Source: Bank for International Settlements, 2022

Estimated increase in cyber budgets due to CBDC (As a percentage of respondents), Source: Bank for International Settlements, 2022

Concerns over security aren’t groundless and implications could be disastrous. Vulnerabilities in CBDC systems could be exploited to compromise a country’s entire financial system, a new report authored by representatives from the Atlantic Council GeoEconomics Center points out.

In addition, CBDCs would be able to accumulate sensitive payment and user data at an unprecedented scale. In the wrong hands, these data could be used to spy on citizens’ private transactions, obtain security-sensitive details about individuals and organizations, and even steal money, the experts say.

A recent whitepaper by the Bitcoin Policy Institute makes a case of why the US shouldn’t issue a CBDC, citing risks and issues relating to surveillance, censorship and excessive government control.

“While the United States remains a liberal democracy for now, all indicators show that we are on path to the kind of authoritarianism characteristic of strong states like China,” the paper reads.

“CBDCs provide governments with direct access to every transaction in that currency conducted by any individual anywhere in the world. As governments worldwide routinely share data with one another, individual transaction data will quickly become known to any government in a data sharing arrangement … CBDCs also enable governments to prohibit, require, disincentivize, incentivize, or reverse transactions, making them tools of financial censorship and control.”

Recognizing the need to better understand the risks and challenges arising from CBDCs, the BIS opened the Eurosystem Centre earlier this year. With locations in Frankfurt and Paris, the center will see the BIS working together with all 19 euro area central banks and the European Central Bank to explore cyber security issues surrounding CBDCs and conduct experiments.


Featured image credit: edited from Freepik here and here