FEDS Notes
August 16, 2024
Offline Payments: Implications for Reliability and Resiliency in Digital Payment Systems
Laila Aboulaiz, Bunmi Akintade, Hamzah Daud, Monique Lansey, Megan Rodden, Lucas Sawyer, and Matthew Yip1
Introduction
With the proliferation of digital payments, internet-based technology has been integral in supporting the delivery of these transactions. Traditional digital payments, such as those made with credit cards, debit cards, and mobile wallets, often require an internet connection to settle transactions. Processors must communicate between banks to carry out a payment, relying on internet connectivity to do so. Yet internet access is highly uneven globally. The International Telecommunication Union (ITU) estimates that two-thirds of individuals in the world's least developed countries and about 2.6 billion people globally are still fully offline (ITU, 2023a, 2023b). Even in the United States, there are considerable disparities in internet access based on geography, income, and race or ethnicity (Goldberg, 2022; Pew 2021).
Beyond access issues, several recent high-profile outages have highlighted the need for building more reliability and resiliency in digital payment systems. For example, outages at Square in September 2023 and at Fiserv in February 2021, two of the biggest payment processors in the U.S., left a wide range of merchants unable to accept electronic payments (Square, 2023b; Dailey and Taylor, 2021). Meanwhile, in Europe, a 2018 Visa outage resulted in 5 million failed transactions during a 10-hour outage (Hogg, 2018, p. 4).
In recent years, payment service providers have launched a variety of "offline" digital payment services. This note presents a landscape assessment of several offline digital payment use cases globally and analyzes the potential for these services to mitigate internet outage risks and bolster digital payment resilience. We do not find evidence of fully offline digital payment systems in production today. Many services branded as offline payment solutions are more accurately classified as hybrid solutions because they ultimately require internet access for clearing and settlement. These services can play a role in mitigating risks associated with temporary internet outages. Truly offline digital payment systems are in early development stages. More mature implementations of offline systems could both augment payment system resilience and improve access to digital payment services, where lack of internet connectivity is a barrier to uptake. This note also lays out a variety of risks associated with offline payment models, including risks related to double spending, security, user privacy, and merchant liability. Overall, certain offline payment models are promising, but more research and wider uptake is needed for the technology to drive incremental gains in payment system resilience and reliability.
Typology of Digital Payments
To understand offline digital payments, it can be helpful to examine a traditional online digital payment. For example, when a consumer makes a credit card payment at a merchant, the financial institutions of the consumer and the merchant use internet connectivity to communicate and carry out the payment. It can take mere seconds for the consumer's unique card information to be transmitted to the card processor, its validity verified, requisite funds availability confirmed, and the approval or declination transmitted back to the point-of-sale (POS) terminal (Figure 1). The internet connectivity in this process also enables financial institutions, processors, and customers to transmit information about fraud and money laundering red flags, which helps protect payment systems from malicious actors.
In contrast, offline digital payments do not use an internet connection during the payment transaction process. As discussed below, this note categorizes offline digital payments as hybrid or offline, depending on their ultimate reliance on internet connectivity. Importantly, we focus primarily on retail payments made at the point-of-sale.2
Hybrid Offline Digital Payments
A hybrid offline digital payment service offers incremental offline capabilities relative to the baseline payment system. Most often, these hybrid services enable merchants to continue accepting digital payments while they are temporarily offline. Typically, it is the POS system that can be temporarily offline, meaning that it does not have access or connection to the internet, at the time of payment. We also reviewed hybrid cases that enable payers to make offline payments in systems that typically require them to be online. The status quo services in these systems are often smart phone app- or mobile wallet-based.
Hybrid payment services are commonly referred to as offline options in the payments ecosystem, but this characterization is misleading because the systems still require post-sale or periodic internet connectivity to authorize and settle transactions. In the typical hybrid offline digital payment service, a payer (the person making payment) uses a payment method (for example, a credit card, QR code, or digital wallet) at a POS terminal disconnected from the internet, but the transaction authorization is sought later by the payee (the person or merchant receiving payment) when internet connectivity is restored.
In a hybrid payment card system, for example, when the payer's card credentials are provided, the offline POS terminal locally verifies the card's authenticity (Toast, 2023). The terminal then stores the transaction data (card details, amount, timestamp, and so on) on the device (Ayden, 2023). At this point, the payee can render the goods or services to the payer. However, because the terminal does not have an internet connection, it cannot communicate with the card processor to verify that the payer has sufficient funds to cover the payment obligation (NTC Texas, 2021) (Figure 2). Some terminals have a time limit on how long they locally store transactions (commonly 24 to 72 hours) and will delete pending transactions if internet connectivity is not restored within that period (Square, 2023b; Sorenson, 2023). In instances where the payer has insufficient funds or of prolonged internet inaccessibility, the payee assumes the loss (Stripe, 2023a). While the payer perceives the transaction to process as quickly as in an online payment system, the payee has a slow processing timeline dependent on when internet connectivity is re-established and carries significant risk of loss to fraud or transaction deletion.
Offline Digital Payments
In an offline digital payment system, two parties use payment devices to transact instantaneously without the payer or payee needing an internet connection at any step in the process. The payer and payee each have a physical device that locally stores funds, or a record of funds, and do not interact with an internet-connected intermediary in the transaction process (Figure 3). Funds are stored digitally on a payment device such as a mobile phone, are typically encrypted, and are transferred from the payer to payee using secure protocols when in physical proximity to each other's devices (Brodsky, Dubey, and Lucas, 2023a). Offline payment systems can be characterized as an exchange of digital bearer instruments for instant, in-person settlement.
Hybrid and Offline Digital Payments Case Studies
Hybrid Offline Digital Payments
Stripe
Stripe, a payments platform, offers an offline payment feature via a private beta program through the Stripe Terminal, which accepts offline payments using major credit cards (Stripe, 2023b). The offline functionality allows the Stripe Terminal to accept a payment during periods of limited or no internet connectivity. After the merchant requests access to the Stripe offline mode feature in private beta, the merchant must connect to a Stripe reader while it is offline. The merchant's payment application must be connected to a Stripe reader prior to being offline and connect to the reader while online at least every 60 days to receive required security updates. Before collecting offline payments, the merchant's client-side application needs to be updated to handle offline-related events by implementing the Offline Delegate protocol (Stripe, 2023a).
From the end user's perspective, the Stripe Offline Payment collection process is like an online payment experience. In the event of a temporary outage, the Stripe Terminal securely and temporarily stores the payment information in the terminal (Figure 4). Once an internet connection is restored, the Stripe Terminal automatically forwards the stored payments to Stripe's backend infrastructure. Payment information is collected offline at the time of sale, but authorization is processed after the terminal internet connectivity is restored and the payment is forwarded to Stripe's backend (Stripe, 2023b).
Stripe readers that support offline payments are only available in the United States (Stripe, 2023). When collecting payments, Stripe puts in place additional controls specific to offline payments to prevent fraudulent transactions. For example, swiping and tapping cards is not permitted in markets that enforce Strong Customer Authentication (SCA) (Stripe, 2023c).3 When processing the payment, Stripe enforces an offline maximum of $10,000 or the equivalent in the local operating currency (Stripe, 2023a). The merchant bears the risk of transaction declines associated with the offline payment. To reduce transaction declines, a merchant can do three things: 1) limit the duration of unprocessed and finalized offline transactions by restoring the internet connectivity as quickly as possible, 2) deny transactions surpassing a predetermined amount, and 3) decline all offline payments if the sum of the transactions posted to Stripe Terminal exceeds a specified threshold (Stripe 2023a).
Reserve Bank of India's UPI Lite
To simplify the process of transferring money for India's population and encourage usage of digital payments systems, the Reserve Bank of India (RBI) created the Unified Payments Infrastructure (UPI) (Mistry, 2023). Under the supervision of the RBI, the National Payments Corporation of India (NPCI) developed the UPI on top of India's existing digital payments infrastructure, the Immediate Payment Service (IMPS). The UPI was launched in April 2016, offering an interface across banks and payment service providers. UPI users can make instant funds transfers between bank accounts with their smartphones, offering a simplified digital transaction experience (NPCI, 2023c). UPI has been widely adopted, counting hundreds of millions of daily transactions. The platform recorded its highest-ever number of transactions in June 2023 at more than 9.3 billion peer-to-peer (P2P) and consumer-to-merchant transactions (NPCI, 2023b). One key goal of the UPI system was to incorporate low-value transactions into India's digital payments ecosystem – it is estimated that 60 percent of transactions are under INR 200 (approximately US $2.44) – without overwhelming India's real-time banking system (NPCI, 2023e).
In January 2023, a new UPI service, called UPI Lite, which included an offline feature, was introduced to address these small-value transactions (RBI, 2022). UPI Lite was designed to be simpler than UPI, and it has contributed to UPI's growth and popularity. UPI Lite's offline payment process allows users to transact without an internet connection. It was designed to be simple and useful for small value payments. To use the service, users must have the UPI-enabled app that is linked to their bank account. When they are connected to the internet, users establish and fund an escrow-like account on their mobile phone (NPCI, 2023d). After this stored value account is established, the offline feature can be used to make payments. Payment initiation does not depend on banking infrastructure. Rather, it relies on the mobile app software and the stored value being tracked by the software (NPCI, 2023d). Payers initiate a transaction by scanning a merchant's quick response (QR) code and entering the amount to be paid to the merchant. A Pay Now button is displayed and will complete the transaction (NPCI, 2023d).
Settlement takes place once the user's mobile phone is connected to the internet. The UPI-enabled app retrieves the stored transaction data and processes the payment. The settlement process utilizes India's IMPS. IMPS facilitates these instant fund transfers between the payee's and payer's participating banks by leveraging messaging protocols and existing banking infrastructure (NPCI, 2023a). UPI Lite uses NPCI's Common Library software to keep track of the user's balance.
Matera
Matera is a Brazilian software company that provides instant payments and QR code technology to financial institutions. It has been used by the Central Bank of Brazil's instant payment platform Pix, which was implemented in 2020. Pix, which is offered through apps and digital wallet services from banks, has been used by over 110 million Brazilians and has seen network throughput of around USD 89 billion as of 2021 (Capurro and Sims, 2021).
Matera was granted a mobile offline payment patent in October 2022, which, if implemented, will allow a customer to initiate an offline digital payment via their phone without an active data or internet connection. The patent invention claims to support an offline payment authorization via a mobile device with "irreversibility... or non-refusal assurance," which authenticates "payment transactions generation from mobile devices such as smartphones, tablets or other devices with sufficient processing capacity to execute encryption algorithms" (Letto and Guimaraes, 2022). This means that a payer with no internet connectivity, Bluetooth, or Near Field Communication (NFC) capability can generate a bar code, speaker for sound output, or any other "physical means to send a small amount of data to the sales equipment of the payee" via a mobile device. However, a payer must set up the offline capability while online.
The payee is responsible for capturing the payer's payment credentials and processing it via their POS terminal, similar to what is currently done with credit card payments. The payee must have an online device (Letto and Guimaraes, 2022), such as a POS terminal or a cash register. The merchant online capability allows for the payment to be fully processed, despite the payer being fully offline. The merchant POS terminal must be able to connect via application programming interface to the merchant's financial institution, which then allows communication with the payer's financial institution to authorize the transaction. The customers must connect with the login credentials of a financial account that will verify that mobile device as an authorized payer. The patent states that payment can be sent with a bank, payment institution, credit company or similar (Letto and Guimaraes, 2022). A private and public key via a PIN is used as the authorized payer verification.
Crunchfish's Digital Cash
Crunchfish is a Swedish company that specializes in touchless gesture recognition technology. V-Key is a Singapore-based company focusing on mobile security solutions. Together, these two companies have created a software-focused offline payment solution. To make payments systems more resilient, Crunchfish developed a payment app called Digital Cash, which incorporates touchless gesture technology. This gesture technology allows users to make payments with finger movements and hand gestures without having to touch a payment terminal (Crunchfish, 2023). The user experience for Digital Cash is typical of a payment mobile app, like Zelle or CashApp: set up and register (users link their bank accounts to the app), initiate the payment via a touchless gesture, authorize and confirm the payment (with a PIN or biometric to secure the transaction), and finally process and complete (settle) the payment.
Digital Cash supports an offline mode that uses V-Key's Virtual Operating System Virtual Secure Element (V-OS VSE) technology. This VSE is designed to provide a secure environment and method for making offline payments on a user's mobile phone. Within the software, there are features and functions that are not conventional. First, V-OS uses a virtual machine to secure the payment transaction.4 Second, the cryptographic keys used during the transaction are stored in the V-OS VSE, out of reach from the environment of the mobile operating system.5 When a user initiates an offline payment using Digital Cash, V-OS creates a container, called the VSE, to store any sensitive transaction data, such as cryptographic keys or payment credentials. The VSE processes the payment information within this secure environment, using the stored payment credentials. The mobile device, which is not connected to the internet, then communicates with the merchant's payment terminal via a technology like Bluetooth or near-field communication (NFC); the payment details are shared between the mobile device and the merchant's payment terminal. The merchant validates and stores the payment details within their payment terminal, allowing for later processing and settlement. Once the merchant's terminal regains an internet connection, the software on the terminal then synchronizes the stored offline transactions with the payment gateway and the payment is settled (V-Key, 2022).6
Offline Digital Payments
As stated in the introduction, we do not find evidence of fully offline digital payment systems in production today. It is very difficult to design and implement a payment system without an online connection to a financial institution because such connections help to ensure self-verifiability and user authentication, prevent unauthorized payments, and support interoperability (Park and Baek, 2017, 2348-2349). However, below we discuss one offline payment framework, OPERA, that has been tested under laboratory conditions and proposes a hardware-based solution to address several key impediments to fully offline digital payments.
OPERA
The fully offline framework is proposed in the paper "OPERA: A Complete Offline and Anonymous Digital Transaction System with a One-Time Readable Memory," published in 2017 by Ki-Woong Park and Sung Hoon Baek. The authors state that conventional offline digital payments are not fully offline because they require periodic or post-transaction check-in to perform validation of the payment. The OPERA authors identify three key impediments to creating a fully offline digital payment (Park and Baek, 2017, 2349):
- (1) Self-verifiability: A token must be validated without the need of online help from a financial authority.
- (2) User anonymity: To be synonymous with cash, user privacy is required.
- (3) Atomic transfer: The exchange of assets between two parties must be carried out instantaneously in a single transaction, typically without intermediaries.
Taking these challenges into consideration, the authors propose OPERA, a fully offline approach that is P2P and anonymous, implementing a one-time readable memory (ORM) into mobile devices or digital wallets using hardware. The ORM is a computer memory that allows for data to be stored and can only be accessed to read. Tokens are stored in the ORM within an Opera-Digital Wallet (ODW), which uses a transaction and power control unit (TPCU) to ensure the authentication and control of the user's token (Figure 5). Tokens, backed by fiat currency from a financial authority with the power to issue banknotes, are signed with a secure cryptographic key and can only be encrypted by the private key of the financial authority. A data bus, the system within the device that transports data bi-directionally, allows for secure communication with other ODWs. To make a payment, a payer and a payee will connect their ODW via a plug. The amount of money to be transferred will be inputted by the payee and transmitted via tokens. The number of transferred tokens will depend on the amount of the payment, so that the least number of tokens is used. For example, if a payer pays 20 USD to a payee, two tokens will be transmitted.
To carry out a payment, the OPERA system deploys a "three-stage digital cash exchange protocol." Stage 1 is the secure mounting of the ODWs and anonymous authentication, which uses an anonymous attestation scheme. The mounting is the physical connection between two devices. Messaging that happens between the payer and payee is hidden on on-chip, protecting against malicious attacks or physical breakage. Stage 2 is when the token is transacted from payer to payee. The payer will generate an encrypted payment request message of the number of digital tokens that needs to be transmitted. The payee, upon receiving this message, will transmit an acknowledgement, and confirm the number of tokens to be transmitted. Via two messaging stages, the payer and payee confirm the amount of money to be transmitted. Finally, the verification and unmount occurs during Stage 3 (Park and Baek, 2017, 2352). The scheme uses a key to encrypt the tokens sent from the payer to the payee, allowing the payee to decrypt the tokens and store them as a token queue. If the verification is done correctly, the two incremental counters (which store the number of times a token transmission has occurred) should be identical for the payer and the payee. Once the payment transaction is finalized, the ODWs can be disconnected (Park and Baek, 2017, 2353).
OPERA is unique in that various operational efficiency and resiliency tests were conducted, testing the safety against potential attacks such as copied token attacks, falsified ODW and replay attacks. It is one of the few solutions that has fully offline capabilities, ensuring that neither the payer nor the payee require internet connection throughout the payment process. However, broad adoption of OPERA would be challenging given that it requires a specific memory type and a complex token security infrastructure. Mobile phones typically do not support the memory technology required. Unless adoption of a new payment method is mandated, it needs to operate within the constraints of already deployed infrastructure and technology.
Risks Associated with Hybrid and Fully Offline Payment Systems
Double Spending
One of the biggest risks of offline digital payments is double spending, where the same money is spent more than once. Double spending is a risk for all digital payment types, but to the extent that there is a processing delay in an offline digital payment transaction, the risk of double-spending and unauthorized transactions increases (Brodsky, Dubey and Lucas, 2023b, 6). Types of attacks that could lead to double spending include man in the middle attacks (an unauthorized transmission between a user and website) (PCMag, 2023a), transaction replay (information is stored without authorization and then re-transmitted into an unauthorized operation to trick the receiver, such as false identification) (PCMag, 2023b), or jailbreaking (exploiting a flaw in an electronic device to install software to gain access to the operating system) (Mastercard, 2016).
Double spending is one of the biggest risks for merchants who typically bear the loss. This is a key barrier to widespread implementation and adoption of offline digital payment methods. Atomic digital transfer is a potential double spending mitigant. As introduced within the context of Opera, atomic transfer occurs when two parties instantaneously exchange assets in a single transaction without intermediaries (Kapron, 2022). The instantaneous nature of atomic transfer ensures that an amount of money is only spent once, and ledgers on both the payer and payee ends are appropriately updated. However, atomic transfer is challenging to implement in an offline digital payment setting. Currently, a more practical double-spending mitigant for offline payment models involves setting offline payment thresholds at an acceptable level based on a merchant's risk appetite.
Security
Hybrid offline systems are still subject to the same security requirements as those applicable to online transactions, where relevant, such as the standards reflected in the Payment Card Industry Data Security Standards and the NACHA Operation Guidelines. However, payments accepted via hybrid services may be delayed or may face additional difficulties adhering to security standards. For example, online digital payment systems help to mitigate security risks with real-time connection to a trusted financial institution. For a hybrid system, connection to these institutions is limited or held off to a later time, impacting the real-time oversight of security standards. In contrast, a fully offline approach will have no online connection, necessitating other methods of security—for example, through hardware-based approaches.
In a fully offline digital payment system, digital money must be authenticated by the payee's device during the transaction, and opportunities for retrospective investigations are limited. Vulnerability in the software or hardware of an offline payment device could allow criminals to digitally counterfeit funds. Developing secure software and hardware for offline payment devices is a basic requirement before these systems are deployed. A diversity of security designs for offline payment security has been proposed, including proprietary encryption, device fingerprinting, interoperable Public Key Infrastructure (PKI) protocols, purpose-built hardware, and more (Brodsky, Dubey, and Lucas, 2023b).7 Experimentation with security measures is usually an extensive process before deployment and requires ongoing engagement.
User Privacy
Similar to online digital payments, offline payments can pose risks to user privacy and require proactive steps by users, developers, and regulators to ensure responsible handling of personal and financial data. Payment data stored offline can be compromised. In scenarios where a user's payment-enabled device is lost, stolen, or accessed by unauthorized individuals, the stored data, including transaction histories and sensitive card details, may be exposed. This exposure compromises user privacy and raises concerns about the potential misuse of the compromised information. Additionally, risk inherent in offline digital payments pertains to the interception of transactional data during the transmission process. Adversaries with the technical skills and resources can exploit vulnerabilities in the communication channel or the user's device to eavesdrop on or tamper with payment data. This interception may lead to unauthorized access to sensitive financial details and personal information, posing a considerable threat to user privacy.
To address the privacy concerns in offline digital payments, anonymous authentication methods can be employed to protect the information exchanged between the payer and payee. Anonymous authentication protocols work to ensure that the identities of the parties involved in the transaction remain undisclosed, reducing the risk of personal information exposure. By using cryptographic techniques and temporary identifiers, anonymous authentication could allow users to maintain privacy while engaging in digital transactions.
Loss of Funds
Offline digital payments systems locally store account balances and transaction histories on the user's device. If the device is lost, stolen, or fails, the user has limited recourse. In cases of loss or theft, a bank cannot reload a new device with the lost device's balance because—by the system's very nature—the bank cannot access the offline funds stored on the device. Therefore, the bank cannot verify the amount of money on the device when it was lost or stolen. Losing offline digital funds is like losing physical cash. The loss, theft, or destruction of physical cash is a final event—the bank from which the cash was withdrawn cannot reliably compensate customers in such events without exposing itself to fraudulent claims.
There are some limited options to mitigate loss risk in hybrid offline payment systems. If a phone holding digital cash is lost or stolen, there can be an option for the user to remotely turn on Wi-Fi and LTE search. If the phone finds a connection, it will lock the funds and move them to the user's online balance. Similarly, if a user reports a stolen phone or payment card with offline funds, the payment processor can recover the funds if the phone or card is used at a POS terminal that has internet connectivity. When a stolen offline device transacts with an online terminal, the terminal would cross-reference a blacklist, decline the transaction, and transfer the offline funds to the true owner's online account. However, these options do not cover all cases. In instances where an offline phone never finds an internet connection or a stolen payment card does not transact with an online terminal, the user's funds would be lost.
Reputational Risks
Reputational risk is the potential harm or damage to the image, credibility, and trustworthiness of individuals, businesses, or payment service providers resulting from negative incidents or perceptions related to payment transactions. These risks can arise from security breaches, data leaks, fraudulent activities, poor customer experience, or ineffective dispute resolution mechanisms. Ensuring a seamless and positive customer experience is vital for mitigating reputational risks. Clear and transparent communication about security measures, privacy policies, and dispute resolution procedures fosters customer trust. There are risks inherent to any payment method, but for a new capability to be implemented and adopted, like offline digital payments, firms and financial institutions will need to ensure product reliability and mitigate reputational risks.
Conclusion
The most viable offline digital payment use cases currently in production are best characterized as hybrid, rather than fully, offline payments. These hybrid systems leverage both offline and online capabilities. Early research demonstrates that fully offline digital payment systems may be possible in the future, but more applied research is needed in this area.
Offline payments, whether hybrid or fully offline, can bolster resiliency and reliability in digital payment ecosystems. Hybrid systems can help mitigate the impact of temporary internet outages, which could be important for enabling transactions in diverse contexts, such as remote areas, crowded events, or regions with unreliable internet connectivity. More mature fully offline digital payment schemes could have more extensive benefits for digitally excluded population segments. However, offline payments also pose risks. Companies and financial institutions that are seeking to adopt offline models will need to identify and control risks related to double spending, security, user privacy, and potential loss of funds.
References
Ayden (2023). "Offline Payments." Ayden Docs. accessed July 26, 2023, https://docs.adyen.com/point-of-sale/offline-payment/.
Brodsky, Bonni, Anurag Dubey, and David T. Lucas (2023a). "Enabling Offline Payments in an Online World: A Practical Guide to Offline Payment Design." Crunchfish and Lipis Advisors. https://www.crunchfish.com/wp-content/uploads/2023/01/Lipisadvisors_WP1_offlinepayments.pdf.
Brodsky, Bonni, Anurag Dubey, and David T. Lucas (2023b). "Enabling Offline Payments in an Online World: A Practical Guide to Offline Payment Security." Crunchfish and Lipis Advisors. https://www.crunchfish.com/wp-content/uploads/2023/05/Lipis_WP2_Crunchfish_Enabling-offline-payments_v5.pdf.
Capurro, Maria Eloisa and Shannon Sims (2021). "Pix Mobile Payment: How Brazil's Central Bank Launched Platform." Bloomberg.com, October 6, www.bloomberg.com/news/articles/2021-10-06/pix-mobile-payment-how-brazil-s-central-bank-launched-platform.
Committee on Payment and Market Infrastructures (CPMI) and World Bank Group (WBG) (2016). "Payment aspects of financial inclusion (PDF)." Basel: Bank for International Settlements.
Crunchfish (2023), "Digital Cash," accessed July 28, https://www.crunchfish.com/digital-cash/.
Dailey, Natasha and Kate Taylor (2021), "Customers are reporting credit-card payment crashes at restaurants and stores across the US, including Chick-fil-A and Ikea," Business Insider, February 26, https://www.businessinsider.com/credit-card-payments-system-outage-stores-restaurants-chick-fil-a-2021-2.
Demirguc-Kunt, Asli, Leora Klapper, Dorothe Singer, and Saniya Ansar (2018). The Global Findex Database 2017: Measuring financial inclusion and the fintech revolution (PDF). World Bank Publications.
European Central Bank (ECB) (2021), "ECB publishes an independent review of TARGET incidents in 2020," press release, July 28.
Goldberg, Rafi (2022), "New NTIA Data Show Enduring Barriers to Closing the Digital Divide, Achieving Digital Equity," United States Department of Commerce: National Telecommunications and Information Administration.
Hogg, Charlotte (2018), "Letter from Visa regarding service disruption to the UK Parliament (PDF)," Visa Europe.
International Telecommunication Union (ITU) (2023a). "Population of global offline continues steady decline to 2.6 billion people in 2023," press release, International Telecommunication Union.
International Telecommunication Union (ITU) (2023b). "World's least developed countries threatened by deepening digital divide," press release, International Telecommunication Union.
Jack, William, and Tavneet Suri (2011). "Mobile money: The economics of M-PESA." National Bureau of Economic Research, Working Paper No. 16721.
Kapron, Zennon (2022). "The Future of Cross-Border Payments in Asia Is Atomic." Forbes, December 21, https://www.forbes.com/sites/zennonkapron/2022/12/21/the-future-of-cross-border-payments-in-asia-is-atomic/?sh=482ed15613a7.
Letto, Carlos Augusto Leite and Carlos Andre Branco Guimaraes (2022). "Method for Payment Authorization on Offline Mobile Devices with Irreversibility Assurance," United States Patent, https://patentimages.storage.googleapis.com/3d/fa/a4/a5043f2dba33d3/US11481766.pdf.
Mastercard (2016). "Contactless Toolkit for Merchants (PDF),".
Mistry, Mehul (2023), "The Rise of UPI: Transforming the way Indians transact," Times of India Blogs, July 25, https://timesofindia.indiatimes.com/blogs/voices/the-rise-of-upi-transforming-the-way-indians-transact/.
National Payments Corporation of India (NPCI) (2023a), "IMPS (Immediate Payment Service) Product Overview," accessed July 28.
National Payments Corporation of India (NPCI) (2023b), "UPI Ecosystem Statistics," accessed July 28.
National Payments Corporation of India (NPCI) (2023c), "UPI Product Overview," accessed July 28.
National Payments Corporation of India (NPCI) (2023d), "UPI Lite Product Overview," accessed July 28.
National Payments Corporation of India (NPCI) (2023e), "UPI Lite: Make instant small value payments at lightning speed (PDF)," accessed July 28.
NTC Texas (2021). "Everything You Need to Know about Offline Credit Card Processing." March 10. Accessed July 26, 2023, https://ntctexas.com/everything-you-need-to-know-about-offline-credit-card-processing.
Park, Ki-Woong and Sung Hoon Baek (2017). "Opera: A Complete Offline and Anonymous Digital Cash Transaction System with a One-Time Readable Memory." IEICE Transactions on Information and Systems E100.D, no. 10 (2017): 2348–56.
PCMag (2023a), "PCMag Encyclopedia: man-in-the-middle-attack," accessed July 18, 2023, https://www.pcmag.com/encyclopedia/term/man-in-the-middle-attack.
PCMag (2023b), "PCMag Encyclopedia: replay attack," accessed July 18, 2023, https://www.pcmag.com/encyclopedia/term/replay-attack.
Pew Research Center (2021), "Internet/Broadband Fact Sheet,".
Reserve Bank of India (2022), "Framework for Facilitating Small Value Digital Payments in Offline Mode," Notifications, January 2.
Sorensen, Emily (2023). "How Can You Accept Cards When There's No 3G or Internet?" Mobile Transaction. March 17 accessed July 26, 2023.
Square (2023a), "An update on last week's outage," press release, https://squareup.com/us/en/press/an-update-on-last-weeks-outage.
Square (2023b), "Process Card Payments with Offline Mode," accessed July 28, https://squareup.com/help/us/en/article/7777-process-card-payments-with-offline-mode.
Stripe (2023a), "Collect payments while offline," Stripe Docs, accessed July 28, https://stripe.com/docs/terminal/features/operate-offline/collect-payments.
Stripe (2023b), "Operate Offline," Stripe Docs, accessed July 28, https://stripe.com/docs/terminal/features/operate-offline/overview.
Stripe (2023c), "Strong customer authentication readiness" Stripe docs, accessed July 28, https://stripe.com/docs/strong-customer-authentication).
Toast (2023). "Offline Card Payments." Toasttab, accessed July 26, 2023. https://doc.toasttab.com/doc/platformguide/adminOfflineCCPayments.html.
V-Key (2022), "V-OS Virtual Secure Element," https://www.v-key.com/wp-content/uploads/2019/07/V-OS-Virtual-Secure-Element-2022-3.pdf.
1. The views expressed in this paper are solely those of the authors and should not be interpreted as reflecting the views of the Board of Governors or of the Federal Reserve System. The authors would like to thank David Mills, Sonja Danburg, Jillian Mascelli, Jeff Allen, Kathy Wilson, and Sarah Wright of the Federal Reserve Board for their feedback. Return to text
2. We exclude e-commerce payments because e-commerce requires internet access. E-commerce transactions are generally settled online, though cash-on-delivery is a is a popular method of settling e-commerce purchases in many parts of the world. Additionally, our research scope does not include prepaid, SMS-based electronic money payments made over mobile networks, such as M-Pesa (CPMI and WBG, 2016). These mobile money payment models, which have revolutionized payment systems in some developing economies, have already been the subject of considerable research (Jack and Suri, 2011; Demirguc-Kunt and others, 2018). Return to text
3. Strong Customer Authentication (SCA), a rule in effect as of September 14, 2019, as part of PSD2 regulation in Europe, requires changes to how European customers authenticate online payments. Card payments require a different user experience, namely 3D Secure, to meet SCA requirements. Transactions that don't follow the new authentication guidelines may be declined by your customers' banks. https://stripe.com/docs/strong-customer-authentication Return to text
4. In this case, a virtual machine is a trusted execution environment where cryptographic keys are stored on a mobile phone but away from the unsecure area of the mobile phone. Return to text
5. A cryptographic key is a string of characters used for altering data within an encryption algorithm. This key is required for both encrypting and decrypting data. Return to text
6. A payment gateway is the transaction processing technology that captures, stores, and transmits payment information from the customer to the merchant. Return to text
7. Proprietary encryption would limit interoperability. Device fingerprinting ties the offline trust application to the device on which it is running to mitigate cloning. Purpose-built hardware includes OPERA's one-time-readable memory (ORM) that only allows data to be read once, which mitigates replay attacks where a malicious party resends a transaction multiple times. Return to text
Aboulaiz, Laila, Bunmi Akintade, Hamzah Daud, Monique Lansey, Megan Rodden, Lucas Sawyer, and Matthew Yip (2024). "Offline Payments: Implications for Reliability and Resiliency in Digital Payment Systems," FEDS Notes. Washington: Board of Governors of the Federal Reserve System, August 16, 2024, https://doi.org/10.17016/2380-7172.3456.
Disclaimer: FEDS Notes are articles in which Board staff offer their own views and present analysis on a range of topics in economics and finance. These articles are shorter and less technically oriented than FEDS Working Papers and IFDP papers.