On planes they often accept credit cards even when there's no internet. I assume this is a trust in-credit-based system because they don't accept debit cards, i.e. if you are worth being trusted with a card you can have your sandwich now and we will take care of the bank processing once we are on the ground. So maybe this will be like we trust you enough with basic goods that once we get a connection things will be sorted out situation?
The card has a variety of risk counters on it that allow it to securely decide whether an offline transaction can proceed, at least some of which are also exposed to the terminal which can have its own separate policy. I imagine internally the banks and payment gateways have a huge variety of internal related tuneables.
Your experiences in the UK are almost certainly linked to the card issuer you were using (was it a Monzo card by any chance), and nothing to do with it being the UK. The vast majority of the legacy banks have always used offline transactions for contactless.
However there has been a bit of shift towards online transactions, driven by EU rules likes strong customer authentication, which requires regular pin entries determined by cumulative spending and duration limits (which ever is hit first). It’s a lot easier to reliably meet the requirements of SCA using online transactions.
As for how offline transactions work. It’s reasonable simply. The terminal asks the card to sign the transaction using the cards private key. Now there is an extremely complicated set of rules around how liability shifts in the event of a fraud claim, depending on many factors like the type of transaction, if a pin was entered and validated by the card, if the card ask to go online and the terminal ignored the request, they type of merchant, the exact region your in etc etc.
But regardless of all that nonsense. The technical process is very simple. The terminal has the transaction cryptographically signed using symmetric encryption with a private key that is only known to the card and the issuer of the card. That signed transaction can later be presented to the issuer so the merchant gets paid.
Given it’s a symmetric key, you may wonder what happens in the event of a dispute between the issuer and the merchant, where the issuer claims they received a forged transaction. To which the answer is, the issuer sends a signed and sealed letter to card network operator saying they have double checked the transaction signature, and believe it to be forged. And if anyone doesn’t believe them, they can sue em (this is not at all a joke, it’s literally the documented and contractual process used by the major banks and card networks).
Here,
Calling a call centre to verify every transaction is too expensive so only purchases over certain limits came in following BofA/Visa - and that stated that way till the late eighties when larger stores started using back office to talk to Visa network etc. but even so the ability to do live updates and verification was too much and there were weird cacheing tricks
So banks could easily approve or be liable for transactions they would prefer not to approve - so they only gave credit to the rich at first, and then to those who paid back regularly. This info was shared and became credit reference agencies - because the credit card companies shared it initially like casinos but the abuse and mistakes brought legislation
I think what i am saying is our consumer credit culture was not designed, it just grew.
Gave me a bit of a surprise when he cashed in the paper copy two years later and I hadn't been to Australia since...
In the past embossed credit and debit cards were both accepted on planes. That's why they were embossed in the first place: for offline processing which in even more distant path was the only option. Later CC machines and offline chip/stripe transactions co-existed with online transactions.
Normally (at least in Europe) you couldn't get an embossed card, even a debit one, without proving your credit worthiness. The possibility of offline transactions assumes overdraft — the same as with check books.
When online transactions appeared, banks started to issue Visa Electron and Maestro cards which didn't work offline, could explicitly prohibit overdraft and were easier to get.
But nowadays all boundaries gradually disappeared. Nothing is embossed, Visa Electron doesn't exist, bank issue debit cards with credit codes. It's all much simpler and more confusing at the same time.
star/plus/cirrus etc - pure debit-only networks - aren't accepted on a plane
debit cards that are on one of the credit card rails (visa, mastercard, etc) are very common. those work because they're just a normal visa transaction
Edit: OK maybe there's different level of trust and some take a leap of faith :) In my experience debit didn't work but it appears that its not the same everywhere.
What would asking for the ZIP code help if it can't be validated on the spot? If the terminal submits the transaction in batch later, it's too late for that to catch a stolen card.
Providing an incorrect ZIP code also makes the transaction more likely to be declined than not providing one at all for card-not-present transactions (and is also allowed), so it really makes no sense for a merchant to do that.
In-flight credit card fraud is an incredibly bad idea, given that most countries check your ID at least at some point during getting on the plane, and seats are usually assigned as well. (Doesn't mean that nobody tries, of course [1]).
Sometimes airlines also use ACARS (basically airline-specific telex over VHF, HF, or satellite) to send the card number to their backoffice for authorizations of large amounts, such as business class upgrades.
These days, of course, Internet connectivity is getting more common, and with that the problem will likely go away.
[1] https://www.sunderlandecho.com/news/pair-spared-jail-after-a...
I still remember them taking my card which I think was a debit card on a flight and shoving it into carbon copy paper and basically billing me whenever we landed. This was late 2000s. From Puerto Rico to Florida.
Paying offline used to be the norm for credit cards, from their introduction in the 1960s until some two decades ago.
Wikipedia: [...] until always-connected payment terminals became ubiquitous at the beginning of the 21st century, many merchants accepted all charges, especially those below a threshold value or from known and trusted customers, without verifying them by phone. Books with lists of stolen card numbers were distributed to merchants who were expected in any case to check cards against the list before accepting them, as well as verifying the signature on the charge slip against that on the card.
https://fragrant.mobiletransaction.org/wp-content/uploads/20...
I remember a bar I worked at had trouble because some customers had begun writing wrong signatures and the receipt had been rejected by the bank the following week.
Essentially, you (the merchant) just write down their card number, and how much they paid you, and then later you send that list to your bank who sends it to the credit card network.
There is no big technical hurdle. There is a big social hurdle in convincing your bank and the network that you should be allowed to do this. Also the card number gets copied by a little pressing machine onto carbon paper or something like that, not just written down.
Being able to spend money you don't have is not a new thing, and poses no technical problems. American readers will know you can easily do that with a cheque. It's your responsibility not to do that, and that's one reason why the bank wants so much personal information to open an account, so they can send the police over to break your kneecaps.
In a grocery store line once, I remember a distraught customer whose card was declined due to insufficient funds. The store manager came over, yanked the ethernet cable from the payment terminal, and told the customer to try again. "Accepted with signature."
So it's not _just_ blind trust.
I think something similar to this https://en.wikipedia.org/wiki/Credit_card_imprinter
Considering that the card has memory on it, you can store there how much balance you have when you do an online payment. The bank can send back your available balance, so you cannot spend offline more than you have.
I can't think about anything simpler than this.
I remember writing an app in Java to read the balance on a card with my laptop which had a built-in smartcard reader, because I was too lazy to go to a station. Everyone in the classroom then promptly asked me to check their balance... and a few asked if I could top it up somehow.
The merchant was guaranteed payment. You, on the other hand, were indebted to the bank. The concept of a “credit limit” was the line over which the bank insisted you not step, lest you incur fees galore.
"Starbucks does not use two phase commit":
https://www.enterpriseintegrationpatterns.com/ramblings/18_s...
phone auth was added later for "online" auth, then machines that automated it
It's basic life goods and everything is still signed for, tracked and registered. Besides, banks love to collect interest.
They physically imprinted your card numbers on some special paper with a mechanical device. Wild.
And even paper based.
A "debit" card could have 1000 crypto wallets, each with $10 in them. If you want to pay $90, it forks over keys to 9 of the wallets, and they get drained by the merchant as soon as they have a connection.
Offline, without double spending risk? Absolutely not, or at least not without a lot of extra headaches.
For that, you'll need at least some trusted hardware (generally an antithesis to trustless crypto schemes) and/or a clever incentive system (e.g. with senders staking a multiple of their balance as collateral, and never being quite sure if receivers are really offline, or only pretending to be, ready to claim their stake once they get publicly verifiable proof of double spending).
If it became common I imagine it would stop being so quickly as fraud would rapidly catch up.
This worked nicely until the tensions in Europe lead to more cyberattacks rolling in and suddenly you have people not being able to buy food, medicine, and so forth. Not too long after, there was a government advisory urging people to keep some cash reserves in case a larger cyberattack happens, but cultural habits at large are hard to change. This is of course a coarse simplification of the context, but might help understand this incentive a bit better.
Are you sure this isn't impression you've gotten from isolated reactions involving a small number of individuals, perhaps just a single individual? I can't relate to the sentiment at all, having lived here for just over three decades and experiencing the popularity shift from cash to debit card. I can, in fact, not recall a single time ever that someone has divulged the opinion that they consider cash "dirty and criminal".
More than anything else the Swede's favor of debit card is the convenience. Second to that I would say is the security of not immediately losing funds if you misplace the card or it being stolen - it feels less risky carrying a debit card, in particular if you're the type who prefers having more than a few "tens" on you in case you'd need or want to buy something.
Tradespeople sometimes request cash payment or provide a good discount for cash payments (well above any fee they would be charged). I guess where you are no one considers this dubious (really???) but at least in discussions with family the feeling is that the request for cash only payment is dubious.
We also have a local retail establishment that is cash only. I think it's looked at dubiously.
I personally have experienced it. Someone wanted to split payment on something between cash and a check so they could report the value of the item was lower because it would save them taxes every year. Again, the use of cash was I think a bit dubious.
Note: Cash allows you to avoid all sorts of obligations (tax / family support / debt collection and garnishment etc etc), ineligiblity for banking (europe is pretty strict in some cases for example with folks with no legal status with banking) and is still used in things like the drug trade. Even if everyone around you considers large cash transactions reasonable that might be naivety or they may simply not have been exposed to larger cash transaction activity.
I do like and carry cash.
When I joined my gamedev studio I had colleagues asking me why I had cash, and many of them didn’t even recognise what it looked like (there was a switchover of the notes a year or two prior).
There was an insinuation that I would use it for drugs. So, I suspect that the parent is right here.
Swedish here. The impression is common. Sweden is a small country and has long had a fairly cohesive culture. The culture has decided that digital payments are the way. Deviation from the collective way is always suspect.
Depends. Very long time ago I was approached by a group of seemingly friendly people asking for direction, then I felt sharp object to my belly and they told me to walk slowly towards cash point. They said they'll stab me if I don't withdraw all money I can. So I did. When cards were not popular, I would have small amount of cash in the wallet and anything more substantial hidden in a sock or elsewhere. Thieves would take what would be comfortable for me to lose. I guess it can be the same with cards - have a card with small amount and actual card hidden, but it is not as easy to hide as cash. Then you have whole other kettle of fish - banking apps. There's been instances of people being forced to do transfer at knifepoint. For that reason I don't use any apps, apart from throwaway bank account - again with small balance just in case. Shame more banks are restricting web access, which I think is most secure.
Cash is simply not used anymore by normal people.
Electronic payment (including between friends) just works here. It is easier and faster to pay with mobilepay than to use cash.
It is interesting how the European cash culture is so very different between the countries. In Austria I struggled to find places that would take any kind of digital payments. Germany wasn't as bad, but was pretty bad. My experience is about 3 years old.
That said, nobody thinks of cash as dirty, just annoying. Also our payment system has always been able to work offline, because it started rolling out in the 80s.
Regarding places not accepting cash: NZ First (political party) is proposing to protect the right to use cash and make all businesses accept cash for up to $500 items.
> The Cash Transactions Protection Bill would mandate businesses in trade accept cash payment for goods valued up to $500.
source in swedish: https://www.aftonbladet.se/minekonomi/a/aPrJWL/hackergruppen...
And yes, we use cash so seldom that most people cannot from memory recall what the bills/coins look like!
It didn't help that the Riskbank replaced all bills and coins during a relatively short time period, and did it badly. People used up/deposited their old and didn't get new.
The new coins and bills have unnecessary denominations and bad design that made cash bothersome to use. They introduced an unnecessary 2 SEK coin, that is almost indistinguishable from the 1 SEK coin — especially if you are unused to them. They also introduced an unnecessary 200 SEK bill, that was just too big to be useful for small purchases. Several times I've seen people at ATMs withdrawing 100 SEK over and over again, just because they wanted the more useful 100 SEK bills.
Just to reiterate how ubiquitous Swish and BankID are here: 99.9% of Swedish residents age 18-67 have BankID (8.6M users), while Swish has 8.7M private users, and 93% of those users send or receive money via Swish at least once per month.
https://www.riksdagen.se/sv/dokument-och-lagar/dokument/sven...
Similar instant payment systems have really blossomed across the world, especially in recent years. One by one, countries are finally figuring out that there's no reason to rely on American brands for all of the payment processing.
Swish is the de facto standard for sending money between individuals [2], and that's what grandparents tend to use to send money to their grandchildren. It's fee-less (for person-to-person transfers use at least) and it connects your bank account with your phone number. So if anyone wants to send you money, they can just open Swish and enter your phone number (or scan a QR code) and send you some. You also have to sign the payment with the BankID app, which is the de facto standard for authentication [3].
And when I write de facto standard I really mean it. 99.9% of Swedish residents age 18-67 have BankID (8.6M users), while Swish has 8.7M private users (93% of which use Swish at least once per month).
[1] https://www.swedbank.se/privat/kort/bankkort/bankkort-master...
When counting money is just arithmetics and never cash, something is missing, and it's very clear in many young kids. Money is just points in a game, suddenly you're out, and then you can't get what you want anymore.
As a swede, your statement is outlandish and false.
We use cash all of the time.
I haven't used a banknote in more than 15 years. During this time I can't recall a single time I saw anyone using a banknote either.
Here in Malmö where I live, especially since COVID, you'll be searching more and more to find stores that take cash (besides supermarkets and kiosks and the like). I would say more than half of them don't accept cash any longer. Speaking of restaurants or pubs, my estimation would be that 2/3 have signs that say "no cash". Maybe more.
You can't do simple things as taking public transport if you want to pay by cash. You can't pay in the bus. You can't buy in the machine. It's all card or app only. You'll need to search around for an equivalent of a 7-11 kiosk to be able to buy a ticket using cash. Depending on where exactly you are when you need that, it may take as much walking than you wanted to save by taking public transport.
If you took a daily trip to the Danish side (Copenhagen) and need to come back home, I'm not even sure if it's possible to get back if you need to buy a ticket and only have cash on hand. Only Skånetrafiken sells that particular ticket and only via machines that don't take cash.
Handling cash became more expensive than taking card payments. It's also more complicated in terms of logistics and payments take longer. With this set of incentives, it's understandable why the shift happened.
Not saying I particularly like this development. Just reporting my anecdotal experience.
Someone selling a used bike, or other items of similar value, on second hand market and not accepting Swish would maybe not directly be considered criminal, but would for sure raise an extra eyebrow about the origins of the goods.
Otherwise correct, nobody would blink if you use cash for other daily purchases like ice cream or groceries, even if unusual.
Most of us don't use cash all the time unless you're a kid or >60. I can't even remember the last time I used cash.
https://www.riksbank.se/en-gb/payments--cash/payments-in-swe...
Is it because it's considered dirty and criminal, or is it because it's a pain in the ass to deal with, and most people have no reason to bother with regularly withdrawing it, and then carrying it around?
it's really visa lobbying to destroy the (somehow worse than visa) easy credit new players. they give credit like candy because being online and low value only it's easier to avoid (or swallow) fraud.
forcing their hand to accept offline sales mean they can't decide on the spot, and now those 5k credit lines which they only allow transactions for sub 100 purchases at a time will be wide open for offline fraud they can't detect, and which visa already know how to handle/sustain.
this will probably be lobbied elsewhere soon. i predict Netherlands is next.
These days, the needy on the streets accept our local app based payment system called Swish. Still not joking.
Sounds like GrapheneOS.
Credit cards were offline-only in the beginning. When have we lost this ability?
See https://www.google.com/search?num=10&sca_esv=5e043526353aa70...
Europe use of debit cards instead of credit cards is much higher than the US.
If you need credit, there are credit options with much lower rates than what credit cards offer.
And the reason credit card benefits suck is due to european interchange fee caps and regulation.
The mindset was one of ubiquitous Internet connectivity, which is cheaper than maintaining a complex stored-value or offline limit based solution.
Of course, this assumption does not include some externalities in case of large scale outages, maybe due to cyberattacks…
I guess this is similar: how do you make trustworthy decisions that seem to inherently depend on the network, in the absence of a network? Before the internet, we had phonebooks instead of DNS, and we had cash instead of cards. Did the phonebook have every number? No. Was every piece of cash not counterfeit? No. But it's "good enough". Portable reference sources and tokens. The references are issued periodically and the tokens have evidence of exhaustion, their decay over time. A dog-eared dollar with a bunch of phone numbers on it, half-torn ... the merchant doesn't have to accept it.
How do you do these things digitally? Periodic issue seems pretty straightforward ... if you have a network. Token issuance, similarly, needs at least occasional communication with other nodes in the network.
So there's a local dwell capability.
Is this part of the same reaction we saw with Denmark starting to have emergency stores within 50 km of every Dane? Is this motivated by a need to prepare for war?
In short, yes.
>The possibility to pay by card when the internet is not working – ‘so-called offline payments’ – is an area that ‘the Riksbank believes needs to be improved considerably, particularly in light of the geopolitical unease in the world,’ according to the announcement
https://www.riksbank.se/en-gb/press-and-published/notices-an...
It's a completely solved problem, but it's a more complex (and as such more expensive) solution than just assuming ubiquitous connectivity and a backend that never goes down, which is how we got to where we are.
> Is this motivated by a need to prepare for war?
Preparing for cyberattacks seems like a prudent move, no matter the adversaries' motivation. But yes, the context here is pretty obvious in Europe.
But how do they prevent people double spending the same amount? Say someone has 100$ and boards on a plane. During the trip, this person buys a bag of potato chips sold for 90$. At the same time, his bank account is automatically charged 90$ for a bill.
With credit cards, handling this case is baked into the system. As far as I am aware, direct debt has no equivalent.
Is this a typo where they meant to say “the offline function”?
If I’m reading this right, the goal is to allow food, fuel, and medicine purchases with card + PIN in offline mode.
Seems like a reasonable goal. I wonder what the technical details will look like. Will there be a periodically updated list of cancelled cards/accounts distributed to endpoints? Even a hashed list of all cards cancelled before their expiration date within a country is a reasonable amount of data for modern storage systems.
Or would they simply rely on the ability to track down account owners by their originally registered contact info in the event that someone gets an invalid transaction through during an offline period?
It’s already a thing, the EMVCo standard predates ubiquitous internet connectivity. Mass transit systems typically use it, airlines used to for in-flight purchases before the advent of reliable WiFi.
https://en.m.wikipedia.org/wiki/EMV#Offline_data_authenticat...
It is somewhat common to maintain a denylist of known fraudulent cards, but as you note the main mitigation is on the bank to track the card down. One of the key things you need to figure out with an offline payment system - and what I imagine is needed here - is a consensus on who has the liability for offline transactions and what the dollar limits are.
The UK already does this in some shops for low value items for NFC payments. You can tell the offline transactions because they immediately say 'approved' rather than taking a few seconds.
If it turns out the card approved something 'wrongly', for example because you had previously reported the card lost to the bank, then the bank refunds the transaction and claims the value back from the merchant. That's why many merchants have their terminals set to require online payments.
Offline transactions mostly died off when the limit in the UK for contactless was raised to £100. At £20/30 (the original limits) issuers/merchants risk accept some payments not being valid (and the total limit before you had to chip and pin was fairly low top).
And worth saying, the merchant has some control on the terminal but mostly the decision of offline/online is down to the issuer and configured on the card.
EMV (chip cards) can have a small amount of local smarts, so it is typical for example to insist on going online for a large transaction or if the card has performed too many offline transactions since last going online. The card maker decides these rules, so the bank gets to ensure the cards it issues to customers meet whatever requirements it has decided upon, balancing fraud risk against problems with loss of connectivity or services being down.
So I doubt they'd bother doing some sort of ad hoc revocation technique.
Transit cards have a pretty low charge limit compared to credit cards - Suica balance is limited to ¥20,000 for example (although for cards that are backed by a credit card, I think the limit is higher). And now that Japan has fully embraced credit card touch payments, FeliCa-based systems are losing market share to Visa, Mastercard, etc.
But it really shines for applications requiring speed (i.e. a turnstile in Tokyo station) or offline payments (a vending machine in a park somewhere).
I have a Suica thats integrated into a credit card, and it still has a ¥20,000 limit - the Suica balance is separate from the card balance, it just has a configurable auto top-up setting.
Interestingly, if I'm out of the Suica zone, sometimes auto top-up won't trigger. If I recall correctly this happened to me once in Fukuoka, presumably because there's some level of integration above just accepting payments that Hayakaken hasn't achieved. Never had a problem with Passmo interop though.
I've never heard of a suica with a higher limit, but it's possible they exist or that other compatible cards have higher limits.
[1] https://qa.smbc-card.com/mem/detail?site=4H4A00IO&category=1...
Topping up a Suica every now and then vs. having many international transactions might also work out better for some. My bank (ING) gives me those fees back so it makes no difference to me.
I wish other governments would take note as its a nice way to avoid the Visa/MC/Amex fees for at least some expenses.
Internally, the signature part isolated like a smart-card, "embedded signature" hardware as a measure against double (multiple) spending, and reasonable limits on offline transactions with both parties offline (e.g., €10k/month).
The "embedded signature" hardware part is a bit vague because technologically it's not clear how to do something like that in a "secure enough" way, but it's a necessary part and the limit somewhat lowers the risk.
For use: mounted as a smartwatch or a pendant with a retractable lanyard, like ski-pass holders.
It's why the letters are raised on the cards!
For no good reason, I keep a list of why I use checks (in the U.S.):
- Charitable donations because charities maximize every penny, and electronic contributions eat into that
- Paying the accountant - Good accountants make every penny count, and aren't interested in paying credit card overhead.
- Tipping the paperboy at Christmas
- Tipping the doorman at Christmas
- Business license renewal in certain cities
- IRS payments without a fee
- Gas bill. Gas company charges $5+ to pay by credit or debit card.
- Rent. Building charges $50+ to pay by debit card, $200+ to pay by credit card.
- Electric bill. Electric company charges $5+ to pay by credit or debit card.
- Passport renewal fee (Though I believe this is finally possible with a credit card, I haven't had the opportunity to see yet.)
- My company requires me to send it a check for the amount I receive from the government for jury duty.
- My company allows me to buy computers and other equipment it no longer needs. Checks only. (And an M2 MacBook Pro for $200 woot!)
- Fee to pay for a new car title. No credit cards accepted in my jurisdiction.
Edit: on second thought, that doesn't really make sense and would be a great way to defraud the network of a ton of guaranteed money
But there was always a risk of cheques being unsafe so that's why there is bank drafts. It seems that this is more similar to bank drafts than cheques.
If you really try to sum it up, I know I am going to do a grave misjustice but even a cash could be thought of a cheque from the govt. (well a cheque is meant to be unconditional but its based on the banking laws of a govt. and cash is a promissory note which is a promise made by the govt. so yeah....)
As another HN commenter pointed out here,this decision might be partially due to swedish culture of how they view cash which you can find here.
However, it requires that all the parties involved (issuer, acquirer, payment network, merchant) allow it, and there are certain limits. One of the linked documents[2] in the riksbank press release has more details about what they expect from these parties.
[1] https://squareup.com/help/us/en/article/7777-process-card-pa...
[2] https://www.riksbank.se/globalassets/media/nyheter--pressmed...
These "cascades of misfortune" I've run into happen largely because of how we've placed certain institutions at the center of our lives and our society, or perhaps more precisely because of the "convenient" solutions of theirs that we've all been coralled into adopting.
I'm thinking of social media networks, smartphone companies and their app stores, banks and their electronic payments, etc. Everyone's opted in, and we don't realise how much we've given up as a result, with all these "convenient" alternatives, now made mandatory to replace the old and inconvenient solution.
We don't realize, that is, until you're standing at the bank teller in a city away from home, passport in hand but otherwise robbed of phone and wallet, hoping to withdraw some cash to keep you alive while you sort this mess out - only to learn that the bank is no longer able to do that for you. You can't just get your own money. You could withdraw at the ATM, but with a card of course, and that for a fee with a pretty low upper limit. But banks don't serve that purpose anymore. They're now software institutions that we are forced to have a relationship with and operate through in order to make monetary transactions.
Suddenly society has shut down. You can't log into anything without your phone and 2FA, so you're stuck without access to your favorite online services until you get a new SIM card and a fresh device. But even then, there's no riding public transit, because you don't have access to the apps they all operate through. Not that you'd be able to pay in those apps anyway, after cancelling your payment cards. And besides, you don't have anywhere you'd like to go anyway, because, aside from having basically no money to spend on food or events, there's no way to learn what's happening in this city without access to Facebook and all the company pages and events published there.
I forget now all the myriad ways that life grinds to a halt, but I do vividly remember feeling like nothing was possible. And that only because I lost one or two things which should be entirely optional in life! You shouldn't be required as a human, nor even as a member of society, to have a Facebook account, or a smartphone, or even a bank account (that last one is perhaps my most extreme take, but I stand by it).
It won't. Look at China. Cash is impossible to use and crypto is banned.
No. No, it won't. Although labeling regular electronic payments as "cryptocurrency" might become more popular.
I understand that it's very normal to use a CC in Sweden (and many places), but it feels grim to me that the thought towards major telecommunications breakdown is, "oh no, how will we make sure that people can keep credit card companies and banks informed that they need food and medicine if the internet is down?" I feel like "reversion" to the solved problem of offline transactions - cash payments - would be a more reasonable default assumption, and in the case of catastrophic infrastructure breakdown, simple expropriation.
https://www.riksbank.se/sv/press-och-publicerat/nyheter-och-...
Sweden has also done multiple pilots of a digital currency pressed by the state. This might be an interesting alternative to not give up control of our currency and privacy to banks and cc companies. Also supposed to work offline. https://www.riksbank.se/globalassets/media/rapporter/e-krona...
The only place really to get cash in Sweden is at an ATM, of which there are very few these days - most have been removed in the past years, and some might be very far away due to the large distances in Sweden. It should also be assumed that in the event of a critical infrastructure breakdown, the ATMs would not work either.
Chipknip (a portmanteau of chip card and knip, Dutch for purse) was a stored-value payment card system used in the Netherlands. Based on the Belgian Proton system, it was started by Interpay on 26 October 1995, as a pilot project in the city of Arnhem and a year later rolled out countrywide. Chipknip was taken over by Currence due to a restructuring on 17 May 2005, who managed it with their licensees until its discontinuation on 1 January 2015. The Chipknip was primarily used for small retail transactions, as the card could contain a maximum value of 500 euros. The money needed to be transferred from a card holders main bank account using a loading station which were generally located next to ATMs.
> Mondex was a smart card electronic cash system, implemented as a stored-value card and owned by Mastercard.
> Mondex allowed users to use its electronic card as they would with cash, enabling peer-to-peer offline transfers between cards, which did not need any authorization, via Mondex ATMs, computer card readers, personal 'wallets' and specialized telephones. This offline nature of the system and other unique features made Mondex stand out from leading competitors at the time, such as Visa Cash, which was a closed system and was much closer in concept to a traditional payment cards' transactional operation.
Or is there some sort of technological breakthrough?
https://en.wikipedia.org/wiki/Online_authorisation
In many countries in Europe, offline authorisation is more common. Cards have had a chip as standard for over two decades in European countries, and a PIN is often used for cardholder verification.
Combined, these make the risks of accepting a transaction for a small amount of money offline very low.
The limit of what can be accepted offline is known as a "floor limit" in the UK.
[0] That also means that after changing PIN on bank site, you have to visit ATM, so new PIN is actually stored on card - but that it only required for that offline mode.
In the UK this has definitely worked in the past - I remember many years ago there being occasions when something was wrong with the network connection(?) at my local supermarket, but still being able to make a payment in offline mode. This works because the payment terminal authenticates the PIN directly with the chip on the card. They just can't check your balance is sufficient to pay for what you're purchasing.
TfL also accepts your contactless card in offline mode: their buses operate in tunnels and other areas with a poor mobile data signal, but cards are still accepted at all times.
Clearly the right thing for Sweden and others to do. Also worrying that even 3yrs into the Russian invasion, bordering countries are urgently increasing their preparedness for future conflicts.
Most people here pay by card and I would say the vast majority use debit cards. A lot of people don't even have credit cards, unlike the US.
I'm no expert so may be wrong about some of this, and maybe huge events like these have these systems in place due to the risk of having to shut down bars etc. Many events are completely cash less these days.
I suspect this could be implemented with just policy and config changes, with no need to reissue cards or deploy new readers.
[1]: https://en.wikipedia.org/wiki/Kaseya_VSA_ransomware_attack
The reality is that in most cases the convergence is so quick it looks like it's instantly gone, but it's not. For example, if the ATM is unable to get your current balance, it will still complete the transaction.
That's why your card has a daily limit -- that's basically the risk tolerance of the bank on how much they are willing to lose if the transactions don't get converge quickly enough.
I've seen people claim it's the worst thing to ever happen and that governments will lock money and things like that.
But personally, after looking at their objectives (offline cash-like payments for example, where only the sender and the recipient know about the transaction) I'm pretty happy about this coming out (even though it still seems early in development)
imo, the mandate creates an interesting technical constraint on any CBDC standard, where the offline mode limits the effectiveness of a "turn off" of someone's money, as there will always be some feature where they can use their money to buy food and fuel. For now I am interpreting this mandate as constructive to civil liberties.
They’ve also supported offline transactions that entire time. Indeed offline transactions was the norm for a long time because internet connections were expensive. So payment terminals did offline transactions, then literally phoned home at the end of the day to upload all of the day’s transactions.
The transactions themselves are just signed by the cards, and stored by the payment terminals. Interestingly using symmetric encryption, because asymmetric encryption was two expensive to put into debit/credit cards when the EMV spec was originally created.
Card transactions being online by default in the EU is pretty recent phenomenon that only really happens in the past 5-10 years, as internet connections and cheap mobile data plans have become ubiquitous.
I wonder if that hinders tax evasion at all since there's presumably a pretty reliable paper trail of cash transactions.
This cards are often given to underage (< 20 year) customers, to prevent them to overspend.
The bigger challenge is an offline terminal that can easy accumulate tenths of USD in case of a long outage. But then compared with cards the terminal may have better protection.
In part because cash is common in my part of Sweden, which is likely annoying to the bureaucrats and oligarchs. Cash is nice because a transaction does not involve a measure of creditworthiness while only leaving an indirect trail, and this 'offline' thingie they're going for probably does and besides keeping personal data available 'offline' for performing such stratifications of people it also (theoretically) allows for a phasing out of cash also in crisis and armed conflict.
although heavily misunderstood, this is built into cryptocurrencies since day 1 (many critics have long thought crypto requires power and internet access, many proponents also don't know otherwise)
with card networks learning from competition and functionally being public-only keys, this should be even simpler to implement
Checking the signature on some blob that says "this be money" is not enough.
See, in 2008 one of my projects had a client that had a lot of venues around continental US and Mexico and those venues were having sparse internet connection (think sky resort venue, remote and internet delivered by antennas that weather could affect it). Meaning when internet was not available any card transaction was a no go. This was a problem to be solved so my client asked if there is a way to make offline credit payments. So here is my implementation: -read credit card details and deliver the goods -> store card details in a local database, encrypted -> check online connectivity -> when internet was a go try to charge the card. If it was good then all was done, details were erased from local storage, everybody happy. If it failed then retry, 5 times per day, for 5 different days. After 25 tries, blacklist the credit card. Forward the information to legal department and mark that credit card as not acceptable from now on. So if you screwed the client with a bad credit card, you screw it only for 5 days maximum. And you also had a legal department on your ass. Meaning you got a fake card, good for you, keep it up cause now you are also on Secret Service radar (most people don't know but Secret Service, not FBI, gets involved in this). In the years I got involved in this project, 8 years, the number of times this was an issue raised to legal department was like under 5. So most folks actually pay and the few that got retried had probably a temporary problem with their funds and eventually they got it back on track. For those under 5 I think all of them eventually cut a deal with legal without raising the issue further up. Sorry guys, no juicy story involving Secret Service here.
Probably this worked because the goods were kinda under $50 as price. So maximum you'd screw the company I worked for like $500. And most likely this would not work with a big retailer like Amazon where you can purchase for thousand of $ in a single transaction. But it had the advantage that it worked with all credit cards, debit or otherwise, Visa/MasterCard or whatever. If I would be on the implementation side nowadays from the Sweden bank in this article, I would probably do it like somebody else already proposed here in comments. Get the card to also contain an electronic signature which means a lot more scrutiny to get it released, which means yeah!, your privacy is fucked to Alpha Centauri and back if you try anything shady.
