although heavily misunderstood, this is built into cryptocurrencies since day 1 (many critics have long thought crypto requires power and internet access, many proponents also don't know otherwise)
with card networks learning from competition and functionally being public-only keys, this should be even simpler to implement
Checking the signature on some blob that says "this be money" is not enough.
For example, when each transaction is done, both parties might keep a cryptographic proof which they are required to submit once they are online again.
Failing to submit could result in a small fine (to encourage submission) and double spending which can then be detected could result in a large fine (or even a prison sentence), for example.
There is, perhaps, a privacy issue, just like with blockchain. But it's not more of an issue than online transactions.
This worked nicely until the tensions in Europe lead to more cyberattacks rolling in and suddenly you have people not being able to buy food, medicine, and so forth. Not too long after, there was a government advisory urging people to keep some cash reserves in case a larger cyberattack happens, but cultural habits at large are hard to change. This is of course a coarse simplification of the context, but might help understand this incentive a bit better.
Clearly the right thing for Sweden and others to do. Also worrying that even 3yrs into the Russian invasion, bordering countries are urgently increasing their preparedness for future conflicts.
On planes they often accept credit cards even when there's no internet. I assume this is a trust in-credit-based system because they don't accept debit cards, i.e. if you are worth being trusted with a card you can have your sandwich now and we will take care of the bank processing once we are on the ground. So maybe this will be like we trust you enough with basic goods that once we get a connection things will be sorted out situation?
Here,
Aurornis•14m ago
Is this a typo where they meant to say “the offline function”?
If I’m reading this right, the goal is to allow food, fuel, and medicine purchases with card + PIN in offline mode.
Seems like a reasonable goal. I wonder what the technical details will look like. Will there be a periodically updated list of cancelled cards/accounts distributed to endpoints? Even a hashed list of all cards cancelled before their expiration date within a country is a reasonable amount of data for modern storage systems.
Or would they simply rely on the ability to track down account owners by their originally registered contact info in the event that someone gets an invalid transaction through during an offline period?
objclxt•6m ago
It’s already a thing, the EMVCo standard predates ubiquitous internet connectivity. Mass transit systems typically use it, airlines used to for in-flight purchases before the advent of reliable WiFi.
https://en.m.wikipedia.org/wiki/EMV#Offline_data_authenticat...
It is somewhat common to maintain a denylist of known fraudulent cards, but as you note the main mitigation is on the bank to track the card down. One of the key things you need to figure out with an offline payment system - and what I imagine is needed here - is a consensus on who has the liability for offline transactions and what the dollar limits are.
tialaramex•4m ago
EMV (chip cards) can have a small amount of local smarts, so it is typical for example to insist on going online for a large transaction or if the card has performed too many offline transactions since last going online. The card maker decides these rules, so the bank gets to ensure the cards it issues to customers meet whatever requirements it has decided upon, balancing fraud risk against problems with loss of connectivity or services being down.
So I doubt they'd bother doing some sort of ad hoc revocation technique.
londons_explore•1m ago