Faculty of law blogs / UNIVERSITY OF OXFORD

Central Bank Digital Currency and Payment Data


Luciano Somoza
PhD Candidate in Financial Economics at the Swiss Finance Institute, University of Lausanne
Tammaro Terracciano
PhD Candidate in Finance at the Swiss Finance Institute, University of Geneva


Time to read

3 Minutes

Over 70% of the 63 central banks surveyed by the BIS are researching Central Bank Digital Currency (CBDC), and few of them have projects in advanced stages. They mostly focus on the impact on monetary policy and financial stability, with little to no attention to the data aspects of CBDCs. Payment data has great political implications, especially when the government is not a (fully) democratic one. The creation of a central retail payments database might be appealing for governments as they would gain unprecedented visibility over people’s habits. The political power of payment data is well understood by the Chinese government, who partnered with Alibaba’s credit agency in creating its social credit scoring system. Paytm, a popular Indian payment platform, was hit by a political scandal. An undercover investigator recorded the vice-president saying that the company shared its data with the Indian government, which allegedly used it in the repression of Kashmir riots. Later, Paytm denied having shared any data. In the light of these events, it is clear that the political and social consequences of CBDCs should be addressed more thoroughly. 

So, what are the data implications of CBDCs?

Today’s payments data flow is quite obscure and varies sharply among legislations. For instance, the Federal Reserve does not have a formal centralized database of retail payment transactions. Anecdotal evidence suggests that often central bankers do not have a clear picture of payment data. Generally speaking, inter-bank settlements and high-value large transactions data is fully gathered, while this not necessarily the case for retail payments. A prime example is provided by a British Payment System report showing the dataflow of a simplified card payment:

The data is visible to the merchant (ie seller), the acquirer (ie seller’s bank), the card system (eg Visa or Mastercard) and the card issuer (ie card holder’s bank). The Bank of England only receives data on aggregate settlements once per day. Therefore, there is no complete payments database with all retail transactions and user identifiers. Commercial banks have granular data on their customers, but they do not share it with the Bank of England, at least not systematically. If one also considers cash payments, it is safe to say that the Bank of England has limited visibility over retail payments.

If CBDC were widely adopted, the central bank (and thus the government) could create a massive database of retail transactions. This highly depends on whether the CBDC is account- or token-based and on its governance structure.

Account-based money, like bank deposits, needs the verification of the account holder’s identity when exchanged. Conversely, token-based money, such as cash or Bitcoins, needs the verification of the token’s authenticity. Put differently, if I pay my coffee with a credit card, the system verifies my account, my funds and my identity. Whereas, if I pay with cash, the vendor only verifies that the banknote is authentic and not counterfeited. This difference might seem trivial but is crucial when it comes to digital money.

An account-based CBDC, where users have an account on the central bank’s balance sheet, does not allow for anonymity. The central bank offering the deposits would have full visibility on every and each transaction and on the identity of the account holders. On the other hand, a token based CBDC might not be as transparent. Even if the identity of the buyer is verified every time she purchases tokens using a bank deposit, nothing would prevent these tokens from being exchanged offline for goods or cash, allowing for anonymous transactions and holdings, similarly to physical cash. Technical solutions might be implemented to prevent anti-money laundering, such as mandatory identification for accessing digital wallets. Nevertheless, a blind spot can hardly be prevented as the central bank would only keep a register of the tokens issued and not of identities of the account holders.

The creation of a centralized payments database can also be prevented by putting in place governance solutions to keep the data fragmented. To this end, the Uruguayan e-peso, which was tested for six months in 2018, presents interesting features. The central bank signed e-peso tokens, which could be stored only in an official system of digital vaults. Users were able to link their e-peso accounts to their smartphones and top-up their wallets using deposits or physical cash, similarly to M-pesa. The digital vaults and the payment system were managed by two different companies while IBM provided technical support and customer care services. Hence, the central bank was able to see e-pesos transactions but had no access to users’ identity, which was trusted to the telecom company.

In conclusion, data implications of CBDCs are not trivial and should receive more attention in the public debate. The creation of a centralized database with payment data and user identifications should be prevented as amassing such knowledge in the hands of anyone would be alarming. We should be aware that an ill-designed CBDC may lead to undesirable outcomes on people’s life.


Luciano Somoza is a PhD Candidate in Financial Economics at the Swiss Finance Institute, University of Lausanne.

Tammaro Terracciano is a PhD Candidate in Finance at the Swiss Finance Institute, University of Geneva.


With the support of