[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Taler] A hybrid approach to allow Taler payments at an EMV payment
From: |
Jaap-Henk Hoepman |
Subject: |
Re: [Taler] A hybrid approach to allow Taler payments at an EMV payment terminal |
Date: |
Mon, 17 Jun 2024 17:23:18 +0200 |
User-agent: |
Mozilla Thunderbird |
Dear Christian,
Thanks for your quick and detailed feedback! I'll answer the point you
raise inline below.
On 17/06/2024 15:58, Christian Grothoff wrote:
Dear Jaap-Henk,
I think this is at least on paper a reasonable *technical* idea for
quick adoption. But, I fear there are some practical problems which you
are not articulating -- maybe because you have solutions I'm not aware
of -- but that need to be addressed:
0) Do modern smartphones give you access to the interface to
simulate/emulate EMV payment tokens? I think that's a technical killer
issue still on iOS.
On iOS this is indeed an issue. On Android it's not: it supports Host
Card Emulation (HCE), see:
https://developer.android.com/develop/connectivity/nfc/hce
Note that this only provides the technical interface. To actually make a
successful EMV payment you need to obtain a valid payment token (which
involves getting enrolled in a payment scheme, to get the necessary
cryptographic keys). In other words, to get this flying *in practice* a
financial service provider (like Revolut, or a bank) should be on board.
1) What are the fees that the card industry would charge you to create
such one-time EMV payment tokens? One key argument for merchants to
adopt GNU Taler is that it is cheaper. If the fees become higher
instead, that could be an issue. Now, in good news, the fees would only
be higher for merchants that accept Taler via 'legacy' mechanisms, so
maybe that's OK. I'd still like to know how insanely high the fees would
be, and if it would be possible to pass _all_ of them onto the merchant.
Because a customer probably won't put 10 EUR into their Taler wallet to
then buy an EMV token for 6 EUR to buy a coffee for 5 EUR with the
merchant still paying 50 cents in fees. So I would really like to
understand the economics of the approach. Do you have numbers?
No, I don't have numbers, unfortunately.
2) Legality might be another major issue, as allowing anonymous pre-paid
cards to be sold against (e)cash is already an issue, but banks
operating a GNU Taler exchange may have even bigger qualms allowing GNU
Taler to be used to purchase such pre-paid cards. At least on the
regulatory side, my understanding is that cash2ecash is much harder than
bank2ecash or card2ecash, as the potential for AML problems is basically
multiplied. So we *also* would need a legal assessment as to whether
offering such a service would be legal, both for the Taler provider and
the prepaid anonymous EMV seller.
This is certainly an issue, and should definitely by investigated in
more depth together with legal/financial folks, but some AML/KYC
concerns are already addressed:
- the wallet can only be loaded with Taler through an online bank
account (which already did all the KYC magic ;-)
- the bank can limit the amount of Taler that can be loaded into a
wallet per day/week/.., and the wallet can be programmed to enforce a
maximum balance, to address AML concerns.
So if all of these three concerns can be addressed, I think this would
be great as customers would obviously love to be able to pay with Taler
everywhere immediately --- and merchants could then gradually migrate to
reduce fees. Now, if (0) remains an issue for users in of the
Apple-Jails, that's a nuisance but not a killer IMO. Similarly, (1) can
be a problem, but not necessarily a killer. But (2) has to be soundly
addressed before we should look into technical implementations (for
which then https://nlnet.nl/taler/ would probably be good ;-)).
Happy hacking!
Christian
On 6/17/24 14:29, Jaap-Henk Hoepman via Taler wrote:
L.S.,
New payment schemes like Taler have to deal with the fact that payment
is a two-sided market: for merchants to accept a new form of payment
there must be enough customers that would like to pay with it, while
customers will only join a new payment scheme if enough merchants
accept it.
A year ago or so I thought about an hybrid approach that integrates a
privacy friendly payment scheme like Taler into the existing EMV based
card payment infrastructure, making the overall scheme privacy
friendly. This was triggered by recent proposals by the European
Central Bank for a digital euro, and the observation that (at least in
the Netherlands) more and more people use their NFC enabled smartphone
to pay in stores.
The core of the idea is to use a scheme like Taler to store anonymous
coins within a wallet on a smartphone, and to use these coins to buy a
one time EMV payment token at the time of purchase to pay in a shop
(or onlie). Details are here:
https://blog.xot.nl/2023/03/03/a-proposal-for-a-privacy-friendly-digital-euro-using-the-existing-payment-infrastructure/index.html
Because payments are handled using the already existing EMV based
payment infrastructure, the hybrid scheme is accepted by all merchants
that accept traditional card or smartphone base payments. This breaks
the vicious cycle described above, make the transition to a (Taler
based) privacy friendly payment scheme much smoother. Of course, as
more and more users migrate to the new payment scheme, at some point
merchants could be convinced to accept Taler directly (at a fraction
of the cost).
I'm sharing this here to see if there is interest within the Taler
community to furter explore opportunities in this direction.
Looking forward to any responses.
Best,
Jaap-Henk
--
Jaap-Henk Hoepman | I've got sunshine in my pockets
iHub | Brought it back to spray the day
Radboud University Nijmegen | Gry "Rocket"
(w) www.cs.ru.nl/~jhh | (w) www.ru.nl/ihub
(e) jhh@cs.ru.nl | (p) +31 6 20619554
PGP id: 895311AD | (m) @xot@someone.elses.computer
PGP fingerprint : BAB7 1CBA 261F A867 DF38 1F21 1863 2788 8953 11AD