The resilience of payments is one of the key cited benefits of the Eastern Caribbean central bank digital currency (CBDC). However, consumers and businesses were unable to use their DCash due to a system crash, casting doubt on this key aspect of the platform.
In mid-January, the Eastern Caribbean Central Bank (ECCB) announced that the platform running the region’s digital fiat called DCash had “an interruption in service that has affected all users.”
Karina Johnson, the ECCB project manager for the DCash pilot, told the press the interruption was caused by the expiration of the certificate of the network that hosts the DCash distributed ledger.
The ECCB took the news on a positive note, saying the interruption “is unfortunate but is providing a useful opportunity for testing the resilience of our platform ahead of commercial deployment and integration.”
Currently in a pilot phase, DCash represents the first retail digital fiat issued within a formal currency union. The pilot launched last March and was originally intended to last for 12 months. However, the experiment proved to be such a success that the ECCB now believes that ending the pilot in March as planned might impair the payments system.
The central bank is, therefore, weighing the possibility of formally launching DCash rather than ending the pilot.
Resilience is key
As in many countries in the region, financial inclusion is one of the core use cases in the development of the CBDC.
However, the resilience of payments and improving the efficiency of existing payment and banking services have also motivated the ECCB to develop a digital fiat.
DCash is aimed at “achieving three policy goals: payments system efficiency, financial inclusion of the unbanked and underbanked populations, and increased resilience and competitiveness in the ECCU,” the central bank said.
Resilience is a particularly important topic in the region, as Caribbean islands are more exposed to natural disasters.
It is not uncommon that physical financial infrastructure gets destroyed or cash is hindered by natural phenomena.
Similar to how a 2019 hurricane in the Bahamas accelerated the start of the Sand Dollar pilot, the ECCB expanded DCash to areas affected by a volcano eruption in St. Vincent and the Grenadines in 2021.
Nonetheless, the current outage shows that regardless of the necessity, CBDC platforms are not absent of disruptions.
In the current form, DCash requires an online connection to the blockchain to work. This has become evident in the recent crash where the central network went down, and therefore no new transaction could be conducted, Candid Wüest, vice president of cyber protection research at Acronis, told VIXIO.
“Such single point of failures are one of the biggest risks for centralised digital currencies, but technically there are options to make P2P transactions possible in offline mode as well,” he added.
The ability to pay offline is important in crisis situations and is often linked to the policy goal of resilience.
The Bahamas was carrying out tests to enable off-line functionality but the pilot revealed that the planned solution to introduce local redundancies to the main telecommunications system was as vulnerable to weather conditions as the main telecommunications system.
In the Caribbean, there are also issues resulting from the geographical reach of the local networks, which makes it difficult to make payments between islands.
Apart from resilience to technical failure, protections against fraud and cyber risks should also be built in CBDC platforms.
Scams are probably the likeliest attacks against digital currencies, Wüest said.
“From fake mobile wallets that steal all your wealth, to swapping out recipient wallet addresses in memory through malware, there are many plausible attack scenarios.”
“Most of them are well known from traditional systems, like phishing attacks or social engineering attacks.”
It cannot be excluded that the implementation has some weaknesses that would allow a direct attack against the distributed ledger through some attacks against the cryptographic protocols used for signing or the consensus mechanisms, Wüest explained.
“Last but not least, there could be insider attacks inside the companies that control the DCash.”
Although the ECCB may still need to work on improving the resilience of its CBDC platform, its website assures all funds on the platform are insured against losses resulting from infrastructure failure.