A Key Milestone towards CBDC Wallets - The eIDAS 2.0 Payment-Authorising Wallets

With that I'd love to invite up our next speakers to this stage. We have Michael Adams and Stefan Moy. Yeah. And they'll be discussing a little more on the financial aspects here or some financial applications. So let me hand it over to you. Thanks. Maybe a word of introduction. I am the founder in president of SGM consulting, which is a consultancy focusing on the digital transition for the financial sector. But I do a fair amount of work for the European commission.

Typically, namely DJ SMA, which is the director act involved in the financial sector. And Michael is what are you doing, Michael?

Well, my background is banking corporate payments. And about eight years ago, I founded qualify and we specialize in mobile apps for payment authorization. And then over the years, this has morphed into a digital wallet and we built an example, digital identity, wallet, there's payment enabled. So we are going to approach and discuss the AI does two payment authorizing wallet. I gather there was a presentation in made yesterday, but the AI does two draft proposal, which is likely to be implemented later this year and becoming it's it's.

If you're not aware red of it already, it's really is a landmark piece of regulation that will effectively transform the life of European citizens by introducing digital wallets. And we're going to see how these digital wallets can work, especially when it comes to payment authorizing capabilities and how that can pave the way for sunbank digital currencies and the digital year. One thing you are not going to hear from us is zero trust or zero knowledge. I'm afraid on the country will try to provide as much trustworthy information as possible and as much knowledge as possible.

So let's start with that. The, the first thing we'd like to say is that as you know, for the last seven, eight years payment wallets have been commonplace, they've been starting, I guess, with the apple pay wallet in 2014, followed by a number of other wallets, Sampe, Google pay and, and others.

And, and basically one of the thing that is important to bear in mind that they are of course used on a, on a, on a fairly freaking basis. And they offer the capability to make payments at point of sales using offline connectivity. We're going to explain this a little bit more.

The arrival of AI dash two, the regulation will, and especially AI dash two wallet will introduce a big change because they will also bring digital identity, wallets, IE wallets that will able, will be able to communicate store, communicate, and convey identity attributes, but also status attributes and payment attributes all in one go. And that will have transf fairly transformational impact on many customer journey. Take the example of someone who'd like to rent a car. For example, that person would be requested to provide or basic attributes.

First name, last name, date of birth, place of birth, plus driving license, plus maybe a proof of address plus a telephone number plus a loyalty program. If she, if that entitles her to bonus plus payment details, and then everything can be wrapped in one single sequence, allowing direct, fully seamless interactions at, at point of sale. The other thing that happens is in the background, not so much in Europe, but we know that the European, some bank is looking, this is CBDC some bank digital currencies. This is something that is not fully specified by any means in Europe.

But as you probably know, it's already reality in China. The sun bank of, of China has been quite active on that front.

And, but one thing that is increasingly clear that C C first of all, will use wallets and in order, and they will have to somehow meet AML K Y C requirements. And for these are basically you will need to be able to use identity attributes. So there is a likely convergence of identity attributes and payment attributes in, in, in wallets. So we have, that's basically where we are now.

We, we, we are a number of countries are starting to implement digital identity wallets that effectively store and communicate attributes to relying bodies with the EU to project and, and regulation. What is likely to happen? What will happen is that these wallets will become payment to enabling, and they will allow on top of that, the signing of contract, because part of the year specifications, they will effectively authorized well, that will effectively allow the offer a qualified electronic signature under E does.

And the first step, which is not a reality today, but looking forward is that an, it would be an extended digital identity wallet that not only would support typical payment rails like card payments, or account to account payments, but would also support digital currencies Over, over to me. So I thought very briefly, we do have a bit of level set with a different actors, and you've got a business context diagram here. So on the left, we've got the wallet user that, you know, downloads and installs the wallet app from the app store.

And the app has concept of allowing multiple identity profiles within it. The app is issued by a wallet app developer, and the app is certified at a country level. And so there may only be one app per country. We don't know.

And, but, but it's going to have to support multiple identity services providers and attribute service providers, all sharing the same wallet potentially. So the app, the role of the attribute, the role of the identity service provider is the I, the first role is the identity proofing. So they're the one that is binding the real person to their digital identity. So the holder, the true holder of the identity is the one that's touching the fingerprint sensor and creating the qualified electronic signature.

The wallet is useless without attributes in it because you can't actually transact with relying parties unless you can present attributes. So another key role of the identity service provider is to go and procure the core identity attributes, preferably from authentic sources, you know, government departments to load into the wallet.

And, and so those, those are the two main functions of the identity service provider. Then we've got attribute service providers. So in a self-sovereign way, if you choose, you want to load your cinema tickets or your hotel room booking, or your digital car keys, or your bank account, or card credit card, debit card attributes into the wallet, you can go directly to an attribute service provider. You perform. They basically perform an E I D they're acting as the relying party.

And once you've presented them with some core identity attributes, they will issue with whatever you have asked for into the wallet and the identity service provider, the wallet provider, or the other attribute service providers have absolutely no visibility of the attributes that you are loading into the wallet. So it's you between you and each attribute service provider that has that visibility. Now we've got relying parties. Now there's a multitude of use cases here.

You know, you're logging into websites online, you know, going through a turn style, you're paying to a merchant point of sale or online. And so it is a multipurpose wallet.

And again, the transaction between the wallet and the relying party is direct. There's a mutual authentication between the wallet and the relying party, even while offline. And that's really important. And you're establishing probably, you know, it's likely to establish an end-to-end encrypted session between the wallet and relying party, not only the other actors have any visibility of the transactions, the user is transacting with the relying parties. I think that's it. I'll hand back to you Stephan. Okay. So why is this a big, is this a big thing?

First of all, for the Schutze on the specifications of the wallets, I'm not going to go through each and every of them, these are in fact, the main ones, as you probably know, they will have to be issued or approved by member states. So there's a kind of software into element in all of this. There will, the identity attributes will offer and comply with a high level of assurance as currently defined by the S regulation.

They would put the wallets in full control of the users, an important aspect that they will have to be four identity proofing by relying parties, offering key services and the list of key services quite long. It includes virtually everybody, including very large online platforms, meaning the, the GFA and the B a TX, they will accept as mentioned by Michael, they will accept electronically tested attributes, whether these either qualified that's the highest level or unqualified we mentioned before, they will create qualified electronic signature.

This is very important to ensure legal, aerobic ability. They have to be able to support online and offline connectivity. And that is a massive requirement because it has a lot of technical technology implications.

Typically, without being too blunt, it doesn't work offline connectivity doesn't work with, with DLT. It doesn't work with blockchain. So you have to find something else. And last but not least, certainly for the payment, looking at it from the payment industry, the wallet will support strong customer authentication requirements, including for payment authorization. And that's quite important because that will effectively reduce the need to implement the so-called redirect authentication mode to payment service providers. On top of that, you have a number of nights to haves.

They should strengthen privacy. This is not quite clear today. Exactly how this will happen. There's also language on the draft that requires a unique identifier. So this is a little bit in conflict. So there's, we're expecting more clarity on this. They should allow several identity profiles and less, but not least they should support CBDC, but that how far they will support. CBDC also depends upon how the European sound bank is going to look at this. And as you probably know, there are currently interactions between the European commission on one side, the European sound bank.

On the other side, on this specific topic, why are it a big issue for the financial sector? First, as mentioned before, the banks will have to provide, to accept the wallets for identity proofing processes, and let's say KYC processes. So instead of if you want to open a bank account, instead of presenting your physical ID, credential passports ID card, whatever, you will be able to simply communicate with your wallet, your ID credential, and they will have to be accepted on the data.

Providing side financial institution will be able to provide electronically tested attribute, and one important aspect that we are expecting banks to provide IBAN account information, card information as electronically tested attributes, a technical point that because digital or identity wallets will effectively allow customers to store and, and communicate identity payments and status attributes directly, they will not. That will facilitate so-called KYC or C D D data portability.

That's important because from a regulatory standpoint, instead of requiring your bank a to transfer your information to bank B, which is cumbersome and regulatory difficult, you will be able to do that simply because you have a wallet that allows you to do that directly. They will have to, they will authorize payment online and offline. This is quite a structural impact on the, on the second payment directive and redirection will no longer be needed. And lastly, they will facilitate CBD deployments.

So as you probably know, back in February, the, the first architecture reference framework document for the Wallace was prepared. This is a draft. It defines the authorization, the main use case. It defines the key roles in the ecosystems. Now more than the five than Michael did mention it defines the functional requirements. There are two of them that are important to mention. The first one is that whether the identification, the attributes managed by the wallets should be stored locally or remotely currently, there's a debate as to how they should happen.

We'll see, we have a view person. I mean, we, the two of us have a view on this, but it's not clear cut as to how this will happen. An important point is that mutual authentication between the wallet and the external entities will have to be implemented. And we've just put the reference to the ARF document here. And there are a number of other nonfunctional requirements, typically dealing with privacy, data minimization and the prevention of usage tracking and so forth.

Now, just to moving to Michael, he's going to show you a demo explaining how well it could work in, in practical terms. So, so This was a couple of years ago now actually, well, at least a year, anyway, we collaborated with ULA BG. Who's a FinTech in Bulgaria, and they offer small business accounting platform online to their customers. Could the technician play the demo?

So here, what Nola's going to do is the customer is gonna log in to Nula to start with using their European digital identity wallet. They scan a QR code, establish an internet connection. They select a, a profile that logs them in, and then they're presented with a list of payments they need to authorize, and they're gonna make a tax payment scan the QR code.

Again, it, it displays the payment details. They decide to authorize it.

And it's, it's the procedures complete. What's also very important. Here is in Bulgaria for tax payments. The government needs a qualified electronic signature. So at the moment they have to sign it with a bank credential and then separately create a qualified electronic signature, send that to the bank. So to the government, now that we've got the European digital identity wallet, when it comes, they'll have one procedure, create a qualified signature transmit to the bank, transmit it to the government. There we go. Move to the next one, please. Okay.

CBDC one of the key differentiators of CBDC over bank money is that you've got two or three people in their line, a B and C person A's got 50 euros. They can pay person B person to person completely offline. And even while offline person B can then pay person C that 50 yours, or however much they want. And that is because we have settlement at payment. There is no central settlement system system. So the whole thing can be completely offline. You you're handing is equivalent to handing people notes. That is the main driver for CBDC.

So the next demo is we're going to show person to person payments offline between two wallets. Can We just one comment, as you know, probably the CBDs are being considered discussed. Experimented studied by European summer bank, but in China, it's already reality. They've been deployed for 18 months, nearly two years now. And they do offer this offline connectivity, wallet to wallet, P2P connectivity that Michael was, was presenting. So technician, please, can we move?

Oh, here go. So, oh, that was you Stefan, wasn't it. So we're gonna share a demo on the left. We've got the payee on the right. We've got the pay. The payee is going to set up the payment, specify the amount, specify the account they want to credit. They may ask for some attributes in the process because why not?

They, because it's a person to person payment. We are proposing that the payee also has to perform strong user authentication, as well as the payer and the connection between the wallets, all mutual authentication encryption, the data's transmitted, the payment data's transmitted displayed to the payer payer reviews. It chooses their identity, their account, and authorizes it, transmitted back job done.

So can we, can we play it please? It happens very quickly. So on the left, where the payee, we select an account to credit. We type in an amount, we then select some attributes that they quite fancy receiving and those two required. And then the last one is optional. So the procedure can happen even if they choose not to provide this health phone. So it's a QR code. We're establishing a BLE connection between the two wallets. And there you go.

And one, now we've got the on the right hand side, they're operating two profiles, a business identity, and a personal identity. You need to set decide who am I? Am I person or a business? How to use the person?

Oh, sorry, he's carried on quite quickly. Now what we're going to see, we're going to view, view the payment. So on both sides, the pay and the payer can see the same payment details.

The pay, the pay. You can see the chain of signatures. It's five signatures here. I'll just let it run. And I'll just describe them. So the first one is proof of origin. That's a combination of proof of creation and proof of approval. Then we have two essentially mutual ath authentication signatures, which are Q seals. Then we have the payer approving it. And finally, the payee provides receipt. It's a chain of five signatures, all bundled into an XY package, associated signature container. It's a qualified signature.

If the device is certified as a qualified device, how many minutes is that it? Okay. That's about it. I think one, no one comment here before we finish, you can see a lot of data being exchanged here. Now this is an identity procedure. There's a lot more data exchanged than happens in an EMV transaction today, which has been operating for the last 20 or so years. So what we're seeing is there's probably likely to be a shift here with a new, the ER, desk proximity standards, potentially being adopted and replacing EMV over time. Cuz you need the extra data. Okay. Back to the presentation.

I think if we run outta time. Yeah. Well we've, we've run outta time's. There's quite quite a lot of interest from the audience and, and questions to ask, so, Okay. We're allowed.

Yeah, We could stay here and we can ask you some questions. So first of all, what standards are going to be really essential in, in enabling this to happen?

The, the question mentions the w three C verifiable credential standards. How does that fit in what others would be very fitting? Do You want me to have a go? Do you want start?

No, go ahead. Well, if you ask that question to the commission, they will never, at the moment, they're not giving a straight answer. So is this gonna be based on blockchain? Is this gonna based on X 5 0 9 or w three C and they don't see you Selin. And I have a view, which is w three C and blockchain, neither of which work offline because you need mutual authentication between the two devices with a root of trust, an offline route of trust. We can't see WC working. So we think our personal view is going to be based on the traditional I da Etsy digital signature standards.

And that's what the, the demo was was Built with. And, and I think there's another point also, Michael, is that the, for payments you need to ensure not only you need to support their flying mode, but you also need to ensure a mutual agreement between the payer and the pay. This is required for legal reasons.

You know, if you're, if I'm transferring 50 amount to 50 years to Michael, I wanna make sure that we all agree to the same direct transaction and we want to record effectively the, the mutual consent. And that is currently. So this kind of mutual agreement is not processed, is not currently supported by W3C specification. It may be in the future, but currently it's difficult to Achieve.

And, and obviously the XY standards are incredibly rich in terms of the chains of counter signatures that they support. Great.

Well, this leads quite nicely into the next question from the audience regarding liability between member states, perhaps in an instance of fraud, how would this be handled? All right. That's we don't have all the answers to this. It's I think the, the question of liability will certainly be addressed in your course, part of the implementation guidelines put in place. I think what will happen, certainly on the payment side, this will fit with the requirements of the PSD two, the second payment service directive, that piece of regulation itself is going to be revisited.

It's been announced now, and that will most likely include provision on the, on the, on liability. Having said that it's clear that the wallet itself and the, the will have to offer UMCA and that will not be therefore the prime responsibility of the banks anymore, because technically that will have to be done by the way, the identity attribute will have to offer high LOA. That will again, not be the responsibility of the, of the banks anymore. So the responsibility will gradually shift from the banks to the identity.

Well, either the wallet provider or the identity service provider or the member state that has approved and authorized the wallet. Very interesting. Do we have any questions from the audience? There was one here. Yeah. The question about the, the qualified signature, you mentioned like it's merging into one and, and yeah. But how do you think, or do you see the, the issue of having the qualified device is going to be addressed there though?

So even though, especially offline, so, Or essentially that is the, the job, the challenge or the, you know, the commission and the IDs expert group have set themselves. They're very keen to do this. We don't To make this search. Yeah.

Well, I, I can't, I can tell you that, that in, we asked that question directly to the DG connect people and they said, you know, the Germany has got this all singing, all dancing, smart card does everything, and nobody uses it. You know, if you were to point a sale terminal and you've got, you've chopping your phone, you're gonna touch the phone. That's the card on the phone and it's just not gonna work. Is it? So they've, they've got that challenge. I hope they pull it off, but it's their challenge to fix. Wonderful. Then thank you very much to both of you, of round of applause. Thank.