77 comments

[ 4.5 ms ] story [ 76.6 ms ] thread
> The online function shall apply to physical payment cards and accompanying PIN code when purchasing essential goods such as food, medicine and fuel.

Is this a typo where they meant to say “the offline function”?

If I’m reading this right, the goal is to allow food, fuel, and medicine purchases with card + PIN in offline mode.

Seems like a reasonable goal. I wonder what the technical details will look like. Will there be a periodically updated list of cancelled cards/accounts distributed to endpoints? Even a hashed list of all cards cancelled before their expiration date within a country is a reasonable amount of data for modern storage systems.

Or would they simply rely on the ability to track down account owners by their originally registered contact info in the event that someone gets an invalid transaction through during an offline period?

offline key signing and broadcasting later should be a simple thing

although heavily misunderstood, this is built into cryptocurrencies since day 1 (many critics have long thought crypto requires power and internet access, many proponents also don't know otherwise)

with card networks learning from competition and functionally being public-only keys, this should be even simpler to implement

Some context might be useful here. I spent some time living Sweden not too long ago and Swedes practically don't use cash. It's usually not said out loud, but cash is often considered to be dirty and criminal, to the point that most don't have any at all. Digital payments are very convenient and deeply integrated, so long as you have a local ID which allows you use the local payment system Swish etc.

This worked nicely until the tensions in Europe lead to more cyberattacks rolling in and suddenly you have people not being able to buy food, medicine, and so forth. Not too long after, there was a government advisory urging people to keep some cash reserves in case a larger cyberattack happens, but cultural habits at large are hard to change. This is of course a coarse simplification of the context, but might help understand this incentive a bit better.

It's true that cash is rarely used in Sweden but it's out of convenience not because it's "dirty and criminal".
It's funny. I live in rural USA and I overheard a girl say she wouldn't date a guy who uses a card as it wasn't very manly. He needs to use cash apparently. Where I live cards are seen as controlled by "them" and allow the government to spy on you and come after you for taxes.
To add some more context to your comment. One of the big attacks was in 2021 with the Kaseya ransomware attack that caused one of the larger grocers (coop) to essentially be unable to operate. Made national news as they had to give away product for free in some places.

source in swedish: https://www.aftonbladet.se/minekonomi/a/aPrJWL/hackergruppen...

And yes, we use cash so seldom that most people cannot from memory recall what the bills/coins look like!

It's funny how these attitudes vary across the EU. Here in Spain the government is trying to move everyone to digital payments so they can keep an eye on the flow of money, but normal folks are transacting as much as possible in cash to hide from the tax man...
> cash is often considered to be dirty and criminal

Sounds like GrapheneOS.

1yr timeline is ambitious if it means fully deployed.

Clearly the right thing for Sweden and others to do. Also worrying that even 3yrs into the Russian invasion, bordering countries are urgently increasing their preparedness for future conflicts.

It's a check, they have invented checks.
The idea of there being some "government approved" list of things people can buy with this is horrifying and exactly why cash should continue to exist.
I don't think it's going to be a list of things, but rather a list of vendor types (grocery stores, pharmacies, gas stations) that have to accept offline payments, and that banks must accept offline payments from. You can live without a new iPhone if the terminal is down, but you can't live without food.
It's not about paying by cash but paying by card offline. How is this going to be implemented I wonder.

On planes they often accept credit cards even when there's no internet. I assume this is a trust in-credit-based system because they don't accept debit cards, i.e. if you are worth being trusted with a card you can have your sandwich now and we will take care of the bank processing once we are on the ground. So maybe this will be like we trust you enough with basic goods that once we get a connection things will be sorted out situation?

My Garmin watch has Garmin Pay, which works even if I don't have my phone with me. I think I just presumed that there is a bank balance cached somewhere in the app so that an attempt to spend up to a hard limit or that amount will work.
I got my first Credit Card in 2000 (I think that was 2000 or may be 2001). Credit Card swiping devices were rare and many a store just use that Imprinter thingy, and I sign on the carbon papers. That was an offline process. This was in Bombay (INDIA).

I think something similar to this https://en.wikipedia.org/wiki/Credit_card_imprinter

It's a trust thing yes.

Essentially, you (the merchant) just write down their card number, and how much they paid you, and then later you send that list to your bank who sends it to the credit card network.

There is no big technical hurdle. There is a big social hurdle in convincing your bank and the network that you should be allowed to do this. Also the card number gets copied by a little pressing machine onto carbon paper or something like that, not just written down.

Being able to spend money you don't have is not a new thing, and poses no technical problems. American readers will know you can easily do that with a cheque. It's your responsibility not to do that, and that's one reason why the bank wants so much personal information to open an account, so they can send the police over to break your kneecaps.

on planes they link your purchase to your seat, so they have your ID info in case you’re not solvent
Often this is indeed trust-based, but the trust isn't due to you having a card issued by a trusted bank (most airlines accept debit cards too), but rather due to passengers being extremely visible and well-identified:

In-flight credit card fraud is an incredibly bad idea, given that most countries check your ID at least at some point during getting on the plane, and seats are usually assigned as well. (Doesn't mean that nobody tries, of course [1]).

Sometimes airlines also use ACARS (basically airline-specific telex over VHF, HF, or satellite) to send the card number to their backoffice for authorizations of large amounts, such as business class upgrades.

These days, of course, Internet connectivity is getting more common, and with that the problem will likely go away.

[1] https://www.sunderlandecho.com/news/pair-spared-jail-after-a...

(comment deleted)
Eh? I’ve always used a debit card with those without issue. Transaction usually posts the next day.
Credit card transactions were only done offline in the 80s. So it’s very doable.

They physically imprinted your card numbers on some special paper with a mechanical device. Wild.

I’m a millennial and even I remember when all card payments were offline.

I remember a bar I worked at had trouble because some customers had begun writing wrong signatures and the receipt had been rejected by the bank the following week.

This is funny to me, because I'm old enough to remember when card payments all used to be offline...

And even paper based.

> paying by card offline. How is this going to be implemented I wonder.

Paying offline used to be the norm for credit cards, from their introduction in the 1960s until some two decades ago.

Wikipedia: [...] until always-connected payment terminals became ubiquitous at the beginning of the 21st century, many merchants accepted all charges, especially those below a threshold value or from known and trusted customers, without verifying them by phone. Books with lists of stolen card numbers were distributed to merchants who were expected in any case to check cards against the list before accepting them, as well as verifying the signature on the charge slip against that on the card.

I would not assume the central bank of Sweden would mean credit cards only. Debit cards are extremely common for card payments.
Credit cards were originally an offline payment method. The merchant would create a receipt that included a contact paper imprint of the card (which is why the card has raised lettering) and would present it to the bank for reimbursement.
In Norway, the card terminals usually go into an "accept with signature" mode if they are temporarily offline. So they print a receipt that the customer has to sign. (This is for BankAxept debit cards, which are standard in Norway.)

In a grocery store line once, I remember a distraught customer whose card was declined due to insufficient funds. The store manager came over, yanked the ethernet cable from the payment terminal, and told the customer to try again. "Accepted with signature."

> It's not about paying by cash but paying by card offline. How is this going to be implemented I wonder.

Considering that the card has memory on it, you can store there how much balance you have when you do an online payment. The bank can send back your available balance, so you cannot spend offline more than you have.

I can't think about anything simpler than this.

Think about credit cards before online processing - the old paper machines that imprinted your card onto carbon paper.

The merchant was guaranteed payment. You, on the other hand, were indebted to the bank. The concept of a “credit limit” was the line over which the bank insisted you not step, lest you incur fees galore.

offline mode has been the limiting factor in almost all electronic payments. there was a convention where the single use keys became limited use keys so that cards could make offline payments in low amounts that could be reconciled later. it created a risk and a vulnerability to be managed, and there was at least one exploit against it if I remember correctly.

imo, the mandate creates an interesting technical constraint on any CBDC standard, where the offline mode limits the effectiveness of a "turn off" of someone's money, as there will always be some feature where they can use their money to buy food and fuel. For now I am interpreting this mandate as constructive to civil liberties.

This is how it used to be before, they would slide your card through that machine thingy, it would copy it's digits and they would process this sometime in the future.
Looks like summer 2026 is when the war will start
Personally, I dream of an open-hardware, FLOSS wallet, also usable on POS like a bank smart card, confirming crypto transactions like legacy/traditional ones on its own display.

Internally, the signature part isolated like a smart-card, "embedded signature" hardware as a measure against double (multiple) spending, and reasonable limits on offline transactions with both parties offline (e.g., €10k/month).

The "embedded signature" hardware part is a bit vague because technologically it's not clear how to do something like that in a "secure enough" way, but it's a necessary part and the limit somewhat lowers the risk.

For use: mounted as a smartwatch or a pendant with a retractable lanyard, like ski-pass holders.

Kind of concerning when you see governments hardening themselves to massive AI cyber attacks.
Extracting keys from a modern SIM card is very difficult. The cost is way above 10K USD. So a payment card in offline mode is absolutely possible as long as one limits the payments to few hundreds USD.

The bigger challenge is an offline terminal that can easy accumulate tenths of USD in case of a long outage. But then compared with cards the terminal may have better protection.

There's a term I saw all over someone's Google calendar schedule, pre-pandemic "DNS without asking". Now I realize it means "Do not schedule without asking" but my mind thought "Domain Name Service without asking" ... how in the hell would you do that?

I guess this is similar: how do you make trustworthy decisions that seem to inherently depend on the network, in the absence of a network? Before the internet, we had phonebooks instead of DNS, and we had cash instead of cards. Did the phonebook have every number? No. Was every piece of cash not counterfeit? No. But it's "good enough". Portable reference sources and tokens. The references are issued periodically and the tokens have evidence of exhaustion, their decay over time. A dog-eared dollar with a bunch of phone numbers on it, half-torn ... the merchant doesn't have to accept it.

How do you do these things digitally? Periodic issue seems pretty straightforward ... if you have a network. Token issuance, similarly, needs at least occasional communication with other nodes in the network.

So there's a local dwell capability.

Is this part of the same reaction we saw with Denmark starting to have emergency stores within 50 km of every Dane? Is this motivated by a need to prepare for war?

We know exactly how to do these things digitally. Many European countries have had stored-value payment schemes in the 90s. Japan still does today.

It's a completely solved problem, but it's a more complex (and as such more expensive) solution than just assuming ubiquitous connectivity and a backend that never goes down, which is how we got to where we are.

> Is this motivated by a need to prepare for war?

Preparing for cyberattacks seems like a prudent move, no matter the adversaries' motivation. But yes, the context here is pretty obvious in Europe.

Pedantically speaking, offline card payments are already possible _now_. E.g. see the Square documentation about that.[1]

However, it requires that all the parties involved (issuer, acquirer, payment network, merchant) allow it, and there are certain limits. One of the linked documents[2] in the riksbank press release has more details about what they expect from these parties.

[1] https://squareup.com/help/us/en/article/7777-process-card-pa...

[2] https://www.riksbank.se/globalassets/media/nyheter--pressmed...

Is this something they've been planning? Or is this a reaction to the saber rattling over in Russia?
Here in southern Europe on the other hand, cash is a crucial part of the tax evasion economy
This sounds worse than cash in almost every dimension.
Back in the day, we used these machines to take a paper imprint of the card. You would get a copy and give it to the bank. There was a phone number you could ring to check if the card was valid. I never phoned the number.

https://en.wikipedia.org/wiki/Credit_card_imprinter

Similarly in the UK we had the concept of a 'cheque guarantee card'. Present your Barclays plastic card along with a paper cheque up to some value (£50 rings a bell; I was too young, it was my mam doing the transacting) and that cheque is guaranteed by the bank.

https://en.wikipedia.org/wiki/Cheque_guarantee_card

This was before my time, but older folks have told me that in the early days of credit cards here in Australia (70s and 80s), for larger purchases at department stores (which were virtually the only merchants who accepted credit cards back then), it was common for the checkout person to phone your bank to get authorisation for the transaction, before you could walk out the door with the merchandise.
I'm not sure what they have in mind for supporting offline payments, but I think that Japan's FeliCa-based [1] electronic money systems (Suica, iD, etc) are pretty impressive. They are most typically used to pay for transportation, but also widely accepted at stores, vending machines, etc. Balances are stored on the card, and it's very fast to use and seems secure for the most part. Recently it's also available on any smartphone or smartwatch with NFC. Japan was pretty slow to adopt touch payment for credit cards, so for a while it was my favorite form of payment.

Transit cards have a pretty low charge limit compared to credit cards - Suica balance is limited to ¥20,000 for example (although for cards that are backed by a credit card, I think the limit is higher). And now that Japan has fully embraced credit card touch payments, FeliCa-based systems are losing market share to Visa, Mastercard, etc.

But it really shines for applications requiring speed (i.e. a turnstile in Tokyo station) or offline payments (a vending machine in a park somewhere).

[1] https://en.wikipedia.org/wiki/FeliCa

Tourist in Japan here. Suica is great. I prefer it over my Visa tap 'n pay just for speed. It's instant vs. a few seconds which isn't much, but it's nice.

Topping up a Suica every now and then vs. having many international transactions might also work out better for some. My bank (ING) gives me those fees back so it makes no difference to me.

This reminds me of Mondex:

> Mondex was a smart card electronic cash system, implemented as a stored-value card and owned by Mastercard.

> Mondex allowed users to use its electronic card as they would with cash, enabling peer-to-peer offline transfers between cards, which did not need any authorization, via Mondex ATMs, computer card readers, personal 'wallets' and specialized telephones. This offline nature of the system and other unique features made Mondex stand out from leading competitors at the time, such as Visa Cash, which was a closed system and was much closer in concept to a traditional payment cards' transactional operation.

https://en.wikipedia.org/wiki/Mondex

I guess if you have a card with no credit limit then this is possible but other than that how can you guarantee the funds, or credit, is there?
Would be interesting how they work technically. The linked pdf mentions an EMV chip, which I assume is some sort of TEE. Other than creating recipient-specific one-time vouchers online, I can't think of a way to do offline payments without a TEE.
A lot of people don't realize that our entire financial system is eventually consistent. They think that when they go to an ATM and withdraw money, it's instantly gone from their account.

The reality is that in most cases the convergence is so quick it looks like it's instantly gone, but it's not. For example, if the ATM is unable to get your current balance, it will still complete the transaction.

That's why your card has a daily limit -- that's basically the risk tolerance of the bank on how much they are willing to lose if the transactions don't get converge quickly enough.