taler
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Taler] A hybrid approach to allow Taler payments at an EMV payment


From: Jaap-Henk Hoepman
Subject: Re: [Taler] A hybrid approach to allow Taler payments at an EMV payment terminal
Date: Mon, 17 Jun 2024 17:23:18 +0200
User-agent: Mozilla Thunderbird

Dear Christian,

Thanks for your quick and detailed feedback! I'll answer the point you raise inline below.

On 17/06/2024 15:58, Christian Grothoff wrote:
Dear Jaap-Henk,

I think this is at least on paper a reasonable *technical* idea for quick adoption. But, I fear there are some practical problems which you are not articulating -- maybe because you have solutions I'm not aware of -- but that need to be addressed:

0) Do modern smartphones give you access to the interface to simulate/emulate EMV payment tokens? I think that's a technical killer issue still on iOS.

On iOS this is indeed an issue. On Android it's not: it supports Host Card Emulation (HCE), see:
https://developer.android.com/develop/connectivity/nfc/hce

Note that this only provides the technical interface. To actually make a successful EMV payment you need to obtain a valid payment token (which involves getting enrolled in a payment scheme, to get the necessary cryptographic keys). In other words, to get this flying *in practice* a financial service provider (like Revolut, or a bank) should be on board.

1) What are the fees that the card industry would charge you to create such one-time EMV payment tokens? One key argument for merchants to adopt GNU Taler is that it is cheaper. If the fees become higher instead, that could be an issue. Now, in good news, the fees would only be higher for merchants that accept Taler via 'legacy' mechanisms, so maybe that's OK. I'd still like to know how insanely high the fees would be, and if it would be possible to pass _all_ of them onto the merchant. Because a customer probably won't put 10 EUR into their Taler wallet to then buy an EMV token for 6 EUR to buy a coffee for 5 EUR with the merchant still paying 50 cents in fees.  So I would really like to understand the economics of the approach. Do you have numbers?

No, I don't have numbers, unfortunately.

2) Legality might be another major issue, as allowing anonymous pre-paid cards to be sold against (e)cash is already an issue, but banks operating a GNU Taler exchange may have even bigger qualms allowing GNU Taler to be used to purchase such pre-paid cards. At least on the regulatory side, my understanding is that cash2ecash is much harder than bank2ecash or card2ecash, as the potential for AML problems is basically multiplied. So we *also* would need a legal assessment as to whether offering such a service would be legal, both for the Taler provider and the prepaid anonymous EMV seller.

This is certainly an issue, and should definitely by investigated in more depth together with legal/financial folks, but some AML/KYC concerns are already addressed: - the wallet can only be loaded with Taler through an online bank account (which already did all the KYC magic ;-) - the bank can limit the amount of Taler that can be loaded into a wallet per day/week/.., and the wallet can be programmed to enforce a maximum balance, to address AML concerns.


So if all of these three concerns can be addressed, I think this would be great as customers would obviously love to be able to pay with Taler everywhere immediately --- and merchants could then gradually migrate to reduce fees. Now, if (0) remains an issue for users in of the Apple-Jails, that's a nuisance but not a killer IMO. Similarly, (1) can be a problem, but not necessarily a killer. But (2) has to be soundly addressed before we should look into technical implementations (for which then https://nlnet.nl/taler/ would probably be good ;-)).


Happy hacking!

Christian



On 6/17/24 14:29, Jaap-Henk Hoepman via Taler wrote:
L.S.,

New payment schemes like Taler have to deal with the fact that payment is a two-sided market: for merchants to accept a new form of payment there must be enough customers that would like to pay with it, while customers will only join a new payment scheme if enough merchants accept it.

A year ago or so I thought about an hybrid approach that integrates a privacy friendly payment scheme like Taler into the existing EMV based card payment infrastructure, making the overall scheme privacy friendly. This was triggered by recent proposals by the European Central Bank for a digital euro, and the observation that (at least in the Netherlands) more and more people use their NFC enabled smartphone to pay in stores.

The core of the idea is to use a scheme like Taler to store anonymous coins within a wallet on a smartphone, and to use these coins to buy a one time EMV payment token at the time of purchase to pay in a shop (or onlie). Details are here:

https://blog.xot.nl/2023/03/03/a-proposal-for-a-privacy-friendly-digital-euro-using-the-existing-payment-infrastructure/index.html

Because payments are handled using the already existing EMV based payment infrastructure, the hybrid scheme is accepted by all merchants that accept traditional card or smartphone base payments. This breaks the vicious cycle described above, make the transition to a (Taler based) privacy friendly payment scheme much smoother. Of course, as more   and more users migrate to the new payment scheme, at some point merchants could be convinced to accept Taler directly (at a fraction of the cost).

I'm sharing this here to see if there is interest within the Taler community to furter explore opportunities in this direction.

Looking forward to any responses.

Best,
Jaap-Henk


--
Jaap-Henk Hoepman            |  I've got sunshine in my pockets
iHub                         |  Brought it back to spray the day
Radboud University Nijmegen  |      Gry "Rocket"

(w) www.cs.ru.nl/~jhh        | (w) www.ru.nl/ihub

(e) jhh@cs.ru.nl             | (p) +31 6 20619554
    PGP id: 895311AD         | (m) @xot@someone.elses.computer
    PGP fingerprint : BAB7 1CBA 261F A867 DF38 1F21 1863 2788 8953 11AD



reply via email to

[Prev in Thread] Current Thread [Next in Thread]