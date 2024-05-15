Consult Hyperionfootnote [2] developed this PoC to help us test digital pound payment initiation using existing POS hardware. We (the Bank and Consult Hyperion) used the following components to simulate in-store digital pound payments:

POS devices, namely traditional POS terminals, mobile POS terminals, and a software POS application on an Android mobile phone;

EMV-compliant contactless kernels; footnote [3]

Smart cards footnote [4] with EMV applications footnote [5] and different verification methods, namely Consumer Device Cardholder Verification Method (CDCVM) footnote [6] and Online PIN;

A proxy server developed by Consult Hyperion, referred to as the BoE API; and

A web application dashboard showing balances, transactions and error logs.

In addition to the components listed above, we developed an application that could enable offline payments on the POS devices.

Implementation

Payment flows

This PoC explored three different payment flows:

PASSTHRU – where a request for payment is sent to the BoE API via the merchant’s Payment Interface Provider (PIP);

DIRECT – where a request for payment is sent directly to the BoE API, bypassing the merchant’s PIP; and

PEER – where a payment is made between two devices without network connection, supporting offline payments.

For each payment flow, we considered sale and refund transactions, and transaction queries.

PASSTHRU

This flow assumes that balance is stored remotely on the core ledger provided by the Bank.

The merchant’s POS device requests payment.

The payer taps their device on the merchant’s POS device.

The payer either authenticates to their device using CDCVM or enters their PIN on the merchant’s POS device.

A request for payment with payer authentication data is sent from the merchant’s POS to the merchant’s PIP.

The merchant’s PIP sends this request (authentication data is encrypted) to the BoE API, which routes it to the payer’s PIP.

The payer’s PIP authenticates the payer using the authentication data in the request.

Upon successful authentication, the payer’s PIP sends the payment instruction to the core ledger to transfer digital pounds from the payer to the merchant.

Digital pounds are transferred from the payer’s wallet to the merchant’s wallet and the transaction data is viewable on the web application. footnote [7]

DIRECT

This flow assumes that balance is stored remotely on the core ledger provided by the Bank.

The merchant’s POS device requests payment.

The payer taps their device on the merchant’s POS device.

The payer either authenticates to their device using CDCVM or enters their PIN on the merchant’s POS device.

An encrypted request for payment, along with payer authentication data, is sent from the merchant’s POS directly to the BoE API.

The BoE API routes this request to the payer’s PIP.

The payer’s PIP authenticates the payer using the authentication data in the request.

Upon successful authentication, the payer’s PIP sends the payment instruction to the core ledger to transfer digital pounds from the payer to the merchant.

Digital pounds are transferred from the payer’s wallet to the merchant’s wallet and the transaction data is viewable on the web application. footnote [8]

PEER

This flow assumes that balance is stored on the user’s device. Therefore, payments can be made offline, with immediate confirmation and settlement.

This flow also introduces the concept of a ‘controller’ and a ‘server’ of the transaction. The controller is the application that initiates the transfer. It can be in a merchant POS device or a consumer’s device. The server is the application that receives the transfer request.footnote [9] The controller or server can be either the payer or the payee.

The controller initiates the transaction.

The server device is tapped onto the controller device.

Upon the controller’s request, each device verifies that the other is valid to conduct a transaction and the payer carries out authentication using CDCVM.

If authentication is successful, a payment request is sent from the controller to the server.

If this payment request is accepted, digital pounds are transferred directly from the payer’s device to the payee’s device, with the payer’s balance debited before the payee’s balance is credited.

If the devices were online, the transfer details would immediately be notified to the core ledger and made viewable on the web application.

If the devices were offline, the transaction details would be stored on the devices until they reconnect to the network.

The EMV applications on the smart cards were not appropriate for storing offline balances, as they were primarily designed as risk management counters.footnote [10] Therefore, we developed a new application that could store offline balances on the smart cards. This new application was not based on EMV standards so we also needed to deploy a new kernel to the terminals that could interact with it.

Authentication

We enabled two verification mechanisms for user authentication, CDCVM and Online PIN. CDCVM was enabled via a fingerprint sensor on the smart cards.footnote [11] Although not widely adopted, fingerprint-enabled smart cards have been around for many years and are available today for POS payments.

To set up the card, the payer enrolled their fingerprint to the card. When used for authentication, the fingerprint on the sensor was checked against the enrolled fingerprint. The fingerprint data was stored on the user’s card and was never transferred to the Bank or the user’s PIP.

Online PIN verification was implemented through the exchange of cryptographic keys between the merchant’s POS terminal, the payer’s PIP, the merchant’s PIP, and the BoE API. This process ensured that, similar to card payments and automated teller machine (ATM) transactions in the UK, the user’s PIN was transferred securely. The BoE API held a shared key with the merchant’s PIP (merchant PIP working key) and with the payer’s PIP (payer PIP working key). No personal data was transferred to the Bank. Where Online PIN verification was selected: