Felix Stalder:Electronic Money: Preparing the Stage

Electronic Money: Preparing the Stage

Felix Stalder, PhD Student,
Faculty of Information Studies, University of Toronto
felix@openflows.org

supervised by Andrew Clement,
Faculty of Information Studies, University of Toronto

June, 1997

Note:
This text is fairly long, some 17,000 words. It is written in a way that each section can be read by itself and you are encouraged to read anly the parts that are of particular interest to you.

For a broad overview of the some of the most important e-cash proposals read best section 3 [Electronic Money: The Basics] and section 4 [Electronic Money: The Proposals].

Those with particular interest in Mondex best read the parts of section 4 [Mondex], section 5 [Mondex in Context], and parts the concusion [Towards Private Currencies].

Some broader social concepts can you find in the section 2 [Processes of Commodification] and the conlusion [Money and Networks].

This text has exploratory character. Non-commercial use is encouraged. Commercial use only with my written consent. I appreciate feedback. F.S.

There is also a page containing links to other resources on the Net.

Table of Contents

1. Introduction

2. Processes of Commodification

3. Electronic Money: The Basics
3.1. General Characteristics
3.2. The Actors

4. Electronic Money: The Proposals
4.1. First Virtual
4.2. DigiCash
4.3. Millicent
4.4. Mondex
4.5. Summary Table

5. Mondex in Context
5.1. Access
5.2. Privacy
5.4. Who gets what?

6. Money and Networks
6.1. Convergence of Money and Information
6.2. Towards Private Currencies

7. Bibliography

1. Introduction
It is safe to say that electronic money will define an important pattern in the structure of the on-line world. Moreover, with the seamless integration of information technology into countless aspects of daily life the distinction between on-line and off-line--between the electronic and the physical space--is about to blur and electronic money will be one of the decisive elements in the current reshaping of social relations at large.

However, we are not there yet. The Internet's current paradoxical state is very pointedly exemplified in Ray Hammond's book Digital Business (996). Hailing the networks as the new paradigm of business, it commands an extensive presence on the Internet where it can be accessed in three main ways:

First, one can search the online catalogue of the local library and if it is available go there and pick it up. This is the mode of using the Internet to gather information about the physical world that remains principally unchanged: the medium as information resource.

Second, one can order the book online book online for £17.99 and have the book shipped to one's own address. This is the mode of using the Internet to direct action within the physical world: the medium as communication channel. This will impact greatly on commerce patterns, e.g. the distribution of books. The book itself, however, is not immediately affected whether it is ordered through the Internet or bought in a traditional bookstore.

The third way in which Ray Hammond's book can be accessed is through its on-line version which contains the full content of the print version plus a number of hyperlinks that connect the book with its topic, different forms of digital business. This is the mode of using the Internet to access the information directly, without any need to have the information packaged in a physical state: the medium as the arena of action.

A commercial book that describes the rise of the networks as a site for conducting business is available within the same networks free of charge. This is exemplary of the transitory phase in which the networks are in today. Dispite of being hailed as the new paradigm, the Internet is clearly not a site of economic maturity as long as a commercially oriented publisher gives away his product for free.

There are many reasons why the Internet has not yet reached status of viable economic relevance as a medium to consuct sales transactions: The lack of access for the majority of people, even within North America, and the traditionally non-commercial culture of the online world are two of the key factors in this regard. The third component is the missing medium to conduct business not only through but within the Internet. The current payment mechanisms(cash, checks, credit or debit cards(are somewhat inappropriate in the network context: cash and checks for the obvious reason being physical, credit and debit card having been developed for closed, high-security networks and too risky to employ in an open network.

However, the Internet is changing. The accessibility of the Internet is growing rapidly. According to a recent survey, 23% of people over the age of 16 in the US and Canada have Net access and have used the Net during the last month, compared with 10% a year earlier. But not only the pure number of users but also the Internet's culture(what the medium us being used for( is also changing, commercial patterns are being developed and adopted but at a much slower rate (Fry, 1997).

While the direction of development(integrating all aspects of the Internet into the market place(seems to be evident, it is at this point open as to how this is going to happen. Of prime importance will be the medium of the market: money. What forms of money will be established will greatly shape and be shaped by the further evolution of the Internet and its overall social consquences.

This paper examines the current state of electronic money, its development and application. In the first section I place the current trends towards electronic money in its larger context of market expansion, employing the concept of increased commodification. The second section will sketch the basics of electronic money: its general characteristics--what is needed for something to qualiity as electrononic money--and the principle actors involved--who is doing what. The third section will examine four proposals for electronic money, and the fourth will examine in more detail the implications of one of those proposals, Mondex. The final part of the paper will probe aspects of the broader potential arising from the joining of money and networks for the public at large.

[Back to Table of Contents]

2. Processes of Commodification
Despite the fierce debate over the character of the current cultural transformations, little doubt exists that they occur under the expansive paradigm of the market economy. Traditionally, the market appears as a giant collection of commodities and the supporting processes of production, distribution and consumption. Different schools of thought have identified different mechanisms of how this collection came about and what its ordering mechanism is; whether (neo-)liberal 'invisible hand', social institutions, or social relations, as expressed in the (neo-)Marxist class or feminist gender focus. The process of commodification has been analyzed as one of the crucial ways by which the market expands and gains an ever growing importance. Vincent Mosco defines commodification as "the process of transforming use values into exchange values." (Mosco, 1996 p.141) In other words, the market expands by integrating social activities that have been organized previously according to a different logic. Mosco (1996) notes that in addition to the market principle there are two differently structured principles of social interaction: the private life (at home, among friends) and the public life (mainly organized in public institutions, or the public space in general1). The private life can be equated with what J¸rgen Habermas calls the 'life world' (Lebenswelt), a place where social interaction is a means to its own ends whereas in what he calls 'systems world' (Systemwelt) interaction has strategic purposes, e.g., economic prosperity or political influence. Commodiification is usually thought of as expanding the latter at the cost of the former.

Traditionally, the process of commodification centred on creating new commodities that could fit into the existing exchange cycle. This meant carving discrete units out of a continuous reality that can be packaged and sold. An intimate conversation, for instance, turned into the 45 minutes of a therapeutic session.

Underlying commodification are processes of determining what the commodity is, preferably in precise quantitative form, and when it has been exchanged, and how to measure the transactions. In the process of commodification, information has always had a peculiar position. Its ephemeral nature leads to measuring less the information itself than the medium as the commodity. This is done primarily in two ways. One is to package the information (content) in quantities that make them marketable, shaped by the medium in which they reside. An entertainment movie for cinemas, for example, has to have the length of approximately 90 minutes (longer movies are the exception and short films are not distributed through the mainstream channels). A newspaper needs to have a certain number of articles in order to be printed on paper and sold to the public. The second way is to measure the access to the medium. The telephone, for instance, divides a continuous (long-distance) conversation into discrete units of medium usage that are measured and charged for.

Electronic media, especially commercial television developed, on the level of their commodification, a separation between the medium and the content. For the distribution channels, e.g. cable or state television in Europe, a flat-rate subscription model has been established, while the content was free of charge. However, the content is also part of a larger, commodity-based economy, only that the Television programming is not the commodity of Television but a means of creating its 'real' commodity which it can be sold in the market place: the audience. In this perspective, the content is just a 'free lunch' (Smythe, 1980) that attracts the audience which is then is sold to advertisers (Jhally, 1987 pp.64-71).

On the Internet, however, things have so far developed differently. Grown out of an environment that was not shaped directly by exchange value-based market mechanisms but by the universities and research institutions in North America and Europe, a different form of exchange culture had been established. The Internet has been, and in many aspects still is, a "gift-economy"2 where the worth of a piece of information (and to a lesser extent a service) is determined by its use value and by the status this gives to the information provider. One of the early slogans of the Internet: "Information wants to be free!" reflects this attitude. As long as the Internet was government subsidised and only accessible to a fairly small group of like-minded scientists such a model of a use value-oriented exchange worked very well and it might be one of the reasons why the Internet developed into directions nobody ever planned. However, with the integration of ever larger parts of the public and commercial enterprised into the networks they started to gain relevance for different, market oriented interests. Meanwhile, the Internet's slogans changed (to e.g. "Cyberspace is where your money is") and the process of integrating the new space of the Internet3 into the market economy is ocurring extremely rapidly.

Many of the newly attracted actors, for example the traditional newspapers, moved into the Internet before really knowing exactly how to commercially use but they have been attracted by the promises and status it offered. The result is the current paradoxical situation that information which has an exchange value in the physical world, for example Ray Hammond's book, has only a use value on the Internet where it can be accessed free of charge. However, this is clearly a transitory phase in the integration of the Internet into the society at large, turning its content into commodities or developing the audience as commodity.

While the trend of commodification is evident, there are fundamental problems yet to be solved. The most obvious is that the trading objects on a computer network are flows of information and not physical goods. Network-based communication, as a two-way relationship among actors, is something quite distinct from the distribution of goods or mass media, even though the content, in the case of a newspaper for instance, might be the same.

Since the trend of integrating the Internet into the society at large is dominated by the logic of the market place, one might easily agree with the notion that the current transformations are nothing but an intensification of the basic principles of capitalism that are more than two hundred years old. In this reading, information technologies "deepened and extended the logic of the market place, and with it, the process of making all social life, including such basic components as time, space, and information, into marketable commodities" (Mosco, 1989 p.20). This could result in, as Robins and Webster (1988 p. 69) have argued, a replacement of the political public sphere by a depoliticized consumer culture that erases the difference between social interaction and the commodity circulation. The pay-per e-mail mode on CompuServe might serve as an example in this regard. The proliferation of such models, pay-per-view TV and others, inspired the formulation of the concept of a "pay-per society" (Mosco, 1989).

Webster himself argued a couple of years later (1995 p.97-99) that this perspective might be overly radical, because it has an "all or nothing view towards information". A more nuanced view of how change occurs within that multi-leveled process of market economy seems necessary. What differentiates the market integration of the Internet from other waves of commodification? What new forms do basic market principles take on when they are transferred into a new medium?

These processes of shaping the two media are evidently "mutually constitutive" in the sense that electronic money will be adapted to the network environment which will be shaped by the forms of payment that are eventually adopted. The question is how do two media, the Internet and money, reshape each other and what are the consequences of this?

This paper, evidently, can not answer all the questions raised above; it aims simply at sorting the stage which this co-evolution of money and networks prepares.

[Back to Table of Contents]

3. Electronic Money: The Basics
The term 'money' is used in this paper loosely, following a notion of John Kenneth Galbraith, who stated that "money is nothing more or less than what he or she always thought it was - what is commonly offered or received for the purchase or sale of goods, services or other things." (Galbraith,1995 p.3) The term 'electronic money' is used to encompass both chip-based stored-value cards and net-based payment mechanisms that store and convey value in and of themselves rather than merely representing value residing elsewhere, such as a deposit account.

Electronic money is currently a very nascent setting4, neither its technical, legal, economic nor cultural components are fully formulated. Consequently, a great number of competing proposals are in different stages of development and testing. This section aims to outline the general characteristics that inform all proposals and to provide a brief overview of the different groups that are actively shaping the current development.

3.1. General Characteristics
Despite the somewhat confusing diversity of proposals that seem to offer quite different solutions, all electronic money schemes share a common basis of issues that they somehow have to address. Based on Lynch; Lundquist (1996), Matonis (1995) and Okamoto; Ohta (1991) six (structural) problem areas can be defined that have to be addressed by any system:

Independence: Is the electronic money independent of any physical condition? It has to be transferable though open networks and storable on different devices and in different locations inside and outside these networks. Cash, evidently, is dependent on its physical condition in so far as it equates the unit-value of money with the storage medium (paper, coins) in which it resides. It can not be transferred onto any other medium without ceasing to be cash. On the other hand, the cash economy is a truly open network which all forms of physical money can enter and exit quite freely. Even though the limits of the acceptance of specific cash clearly define different segments within the network , e.g.CDN$ are accepted inside Canada only, changing from one segment into the other is not only unproblematic but an essential, institutionalized feature of the network itself (currency exchange).

Security: Can it be copied (reused) and forged? This, obviously, must be prevented. Not only must the electronic money software be secure but also all the communication between the partners of a transaction must not be interceptible. Cash solves this problem based on its physical properties. A bill can be in only one place at any given time, therefore the question whether is has been duplicated can be decided locally, based on the thing. The transfer of cash is done normally in the presence of both parties and therefore unproblematic.

Privacy5: What kinds of transactional information are generated and who has access to them? All levels of privacy are technically possible. Privacy is related to the encryption technology used in the security features of the system, however, there is no correlation between the two. Anonymous transactions are not per se more or less secure than fully traceable ones. Cash is fully anonymous while a credit card has limited anonymity6, because all usage information is gathered in the central database of the processing institution such as VISA or MasterCard as well as in the database of the bank that holds the account to which a credit card must be tied. These databases are private properties and their use is subject to changing corporate policies. All electronic money systems have to define a range of privacy between the two poles: total anonymity and full auditability.

Transferability: Who can pay and who can receive money? The cash must be transferable between users in all forms of "peer-to-peer payment". With cash this is no problem while with traditional credit cards this is impossible unless the payee has the privileged merchant status that is not intended to be available for everyone.

Divisibility: What are the payment units? The size of the units and the number of different units has to be defined. In contrast to cash, where the physical properties limit not only the size but also the number of units due to reasons of practicality, these constraints do not apply to electronic money. All sizes of units are, technically speaking, equal. The limits arise due to specific design properties.

Ease of use: What hardware, software and expertise is required? Electronic money has to be easy to use since the systems aim, at least theoretically, at the totality of the population addressing all kinds of individual expertise.

There are two different types of approaches to electronic money: on-line and off-line electronic money.

On-line means there is a need to interact with a bank or another "trusted third party" (via modem or network) to conduct a transaction. On-line systems prevent fraud by requiring merchants to contact the bank's computer with every sale. The bank's computer maintains a database that can indicate to the merchant if a given piece of electronic money is still valid. This is similar to the way merchants currently verify credit cards at the point of sale.

Off-line means that a transaction can be conducted without having to involve a bank directly. Off-line electronic money systems prevent fraud in basically two different ways. There is a hardware and a software approach. The hardware approach relies on some kind of a tamper-proof chip in a smart card that keeps a mini database. The software approach is to structure the electronic money and cryptographic protocols to reveal the identity of the double spender by the time the piece of e-money makes it back to the bank. If users of the off-line electronic money know they will get caught, the incidence of double spending will be minimized, at least in the theory.

On-line or off-line, those six characteristics( independence, security, privacy, transferability, divisibility, and ease of use(define the problem space that each electronic money system promoter attempts to solve for one goal: public acceptance wide enough to make the system profitable for those who run it.

3.2. The Actors
Three different groups can be identified that ultimately influence which system(s) will be accepted. One is the industry, comprising two subgroups: the one that processes the financial information (large multi-national banking corporations and the major credit card firms), and the one that develops the hard- and software (ranging from encryption specialists to manufacturers of chips and readers for smart cards). These two subgroups are highly interlinked7 in complex structures of competing alliances.

The second important group are the governments defining the legal framework in which the electronic money systems will have to operate. The global nature of the network environment puts certain limits on the reach of individual governments and their power to regulate. For example, David Chaum, the founder of DigiCash (see section below), moved the headquarters of his company to the Netherlands in order not to be subject to US export restrictions on cryptographic software. As with all problems related to transactions over global networks, the governments have to operate in the dichotomy of international standardization of legal systems and national implementation of these standards.

While a national government in such an environment is no longer completely autonomous in setting the legal framework, it remains the only actor that can ultimately enforce any kind of international legal system. Of specific concerns from the governmental point of view are two related problems: tax evasion and money laundering. On all levels of national and international governmental organizations proposals on how to regulate electronic commerce and money are currently being worked on. The single most important institution for regulating electronic money may be the OECD. Although the Paris-based group has no power to impose laws, it is considered the primary forum for cooperation. In the words of Ira Magaziner, senior White House policy adviser to President Clinton, "the OECD is a good forum with lots of expertise in this area to work on the mechanisms that will be most appropriate." (Schenker, 1997) An OECD study on the subject of how to regulate electronic commerce/money is currently being conducted and is expected to be published in the first half of 1998. However, there are no clear rules or guidelines in place at the moment and it is largely unclear how the existing laws should to be applied (Froomkin, 1996).

The third group are the users, both the customers and the merchants. However, their role is different. While the first two groups have the ability to influence the definition of the system itself, the users have mainly the possibility of choice only from among potions presented by others to them. They can favour one system over the other or not accept any of them. However, it is difficult to assess how extensively this will influence the specifics of any given system and how much these specifics influence the customer decision once the industry's standards are defined. Very influential in terms of user acceptance will also be the conditions under which the industry's favoured system(s) will be offered8.

The three groups--industry, government, and users--are highly interrelated and their decisions are influenced not only by their own preferences but also by their assessment of the preferences of the other two groups. The industry has to develop a system that is not only optimal to them, but also conform with existing laws and not likely to be outlawed in the future. Furthermore it has to assess what might be accepted by the users and how to influence the acceptance of their competing solutions. The governments while consolidating its own (tax)base have to relate their decisions on the industry's development and balance it with their own responsibility to the public good. The users are likely to base their decisions on the anticipated future of the industry. Once a standard seems to be defined it is likely that acceptance will concentrate there, not because it is necessarily the "best" but because it seems to be the standard. The economist W. Brian Arthur calls this phenomenon of self-perpetuating dynamics the "law of increasing returns and path dependence" which are "mechanisms of positive feedback that operate--within markets, businesses and industries--to reinforce that which gains success or aggravate that which suffers loss." This is, according to Arthur, a typical phenomenon in the high-tech industry (Arthur 1994, 1996). However, the single most influential group is clearly the industry, not only because the nature of the technological development (high pace, capital intensity, complexity, and global scope) structurally favours the industry over the slower national governments and the generally uninformed public, but also because the US administration, as the single most important government, shows great reluctance in seeking an active role for the government. The US Treasury Secretary, Robert Rubin defines the role of the government as seeking a partnership with the industry in finding "an intensely practical approach ... so that we can minimize impediments to growth and at the same time meet [consumer protection and law enforcement] needs." Subsequently, the current (December 1996) government proposal called "A Framework for Global Electronic Commerce" is based on four principles:

1.The private sector should lead.
2.Governments should avoid undue restrictions on electronic commerce.
3.Where governmental involvement is needed, its aim should be to support and enforce a predictable, minimalist, consistent and simple legal environment for commerce.
4.Governments should recognize the unique qualities of the Internet. 9

Alan Greenspan, the current Chairman of the Federal Reserve Board, opposes even this modest role for the government. During the first Treasury Department conference on the topic10 he advocated the classic neo-liberal position:
"I am especially concerned that we not attempt to impede unduly our newest innovation, electronic money, or more generally our increasingly broad electronic payments systems. ... Customers and merchants, not governments, will ultimately determine what new products are successful in the marketplace." (Clark, 1996c)

Given the power relation between the three groups it is unlikely that the users, the consumers and merchants, will indeed have the most important influence on the development of electronic money. It is therefore more reasonable to concentrate further inquiry on the activities of the industry, examining four of the their most advanced proposals in some detail.

[Back to Table of Contents]

4. Electronic Money: The Proposals
In this section I will examine four different systems of electronic money. I do not imply that any of these are likely to emerge as the new standard, however, they represent four approaches that are representative of the breadth of solutions relating the seven characteristics defined in the section above.

4.1. First Virtual
First Virtual, a San Diego-based company, was founded in fall 1994 to develop and market a system that should be "simple and safe to use, available to everyone on the Internet." (/company/profile.html)11 And indeed safety and simplicity are the overriding concerns that inform the design of the system.

4.1.1. The Communication Structure
The First Virtual system propagates using existing credit cards on the Internet by eliminating the security risks inherent in transaction through the Internet. The two risks addressed are:

Communication over an open network can technically be intercepted at a multitude of points.

It is very difficult to asses the reliability of information presented on the Internet. Based on a webpage alone, for instance, it is almost impossible to verify the content and whether the merchants will actually deliver the goods or services advertised.

Before any transaction through the FV system can be conducted, both sides, the merchant and the customer, have to register with FV. The customer fills out an application indicating his interest in participating in the system and calls FV over the phone and registers his existing credit card. Then he will receive by e-mail the FV personal identification number (pin). This pin will function as a substitute for his credit card number and only FV can connect the pin with the owner's actual credit card. The merchant, basically, has to do the same.

To use the system over the Internet the customer sends the purchase request along with his pin to the registered merchant. The merchant, then, sends the purchase description and $ amount, her pin and the customer's pin to FV. FV send an e-mail to the customer asking for a confirmation of the request. If the purchase is confirmed FV sends the information over the traditional closed financial networks to conduct the financial part of the transaction. The money is transferred from the customer to FV that will later transfer it to the merchant's account. After successfully completing this procedure FV sends the confirmation to the merchants, who can now deliver the goods.

Figure 1: Using the First Virtual system

1. The customer sends purchase request and his pin number.
2. The merchants sends the information to FV.
3. FV asks the customer for confirmation.
4. The customer confirms (or rejects).
5. FV sends the information through a gateway to the closed financial network for processing.
6. The merchants receives the result whether the credit card had been charged or not.

Steps 1-4 and 6 are conducted through standard non-encrypted e-mail step 5 is executed through a highly secured private network.

4.1.2. Discussion
In principle, FV provides the function of a credit card reader in a physical shop. It guarantees to the customer that the merchant (or anyone else) doesn't know the sensitive information and to the merchant the validity of the credit card. It furthermore guarantees to the customer that the merchant actually exists since she has to be registered with FV and is therefore identifiable. The system is very low-tech, relying completely on existing technology(on the public side on standard e-mail and on the financial transaction side on closed networks. This, however, slows down the system enormously since there is no reliable way to speed up the e-mail communication between the three parties. This can easily introduce delays of several hours depending on the speed in which the e-mail is delivered. As an effect, the customer has to check his e-mail on a regular basis waiting for the FV's mail asking for his confirmation. This seems to be very user unfriendly.

The system offers little more than the application of the traditional payment mechanism in a new environment12. In order to achieve security and relative ease-of-use there is less privacy than in a traditional credit card scheme since not only the credit card company but also FV maintains a database with all the purchasing information. In essence (if the system would be fully adopted), FV doubles the credit card company's database. This is called in the corporate euphemism "strong pseudonymity". For the protection of his privacy the user has to rely on the company's policy that states: "FV's policy is to strongly protect all ... sensitive information, but of course we do look at it when we investigate allegations of fraud that we receive, and would also have to reveal it to government authorities under court order." (/help/answers/anonymity.html) Furthermore, FV keeps statistics of refused payments that is, for instance, if someone downloads a piece of information he doesn't want to pay for, regardless of the reason. As a result, "FV will suspend the VirtualPIN of any customer who appears to be taking advantage of our merchants or our system." (/Faq/faq-buying.html). In effect this means FV needs to monitor its users to maintain the payment morale with the system.

The problematic privacy aspects, however, have not impeded the development of FV in these early stages. It claims to have registered, as of September 30, 1996, more than 2,650 merchants and 180,000 customers in 166 countries (/company/profile.html).

FV can be considered as a first generation solution: easy to implement but not very inovative and far-reaching. It can not be considered as electronic money system in the sense of the criteria developed above. Nevertheless, it could play an important role in the development of electronic money because it has the advantage of not having to begin from scratch but to extend existing practices onto the Internet.

4.2. DigiCash
13 DigiCash, founded 1990, is the company of David Chaum, a internationally acknowledged expert in the field of cryptography who has worked on related projects for more than a decade. The main concern of his Ecash is "unconditional untraceability" of all financial transactions. To achieve this, the system relies extensively on cryptographic public-key solutions developed by Chaum (Chaum 1985, 1992, 1996).

4.2.1. The Communication Structure
The customer and the merchant need a bank account with a bank issuing Ecash as well as they need to register with DigiCash to obtain a special software, the "cyberwallet". This software allows to generate randomly 100 digit numbers. These numbers represents the "raw material" of a coin. The numbers are blinded (multiplied with a factor only known to the sender) and sent to the bank. They become "real" coins when they are digitally validated by the issuing bank. The bank validates the coins by adding a string of numbers to them. The new sequence of numbers (consisting of the blinded number of the customer and the validation string of the bank) now represents a coin, a fixed amount of money, hence the slogan of DigiCash: "Numbers that are money" (/home.html)14. Before sending it back to the customer the bank subtracts the amount from his account. Since the coins are blinded the bank does not know which coins it has validated, it only knows the amount validated and the recipient of the Ecash. This is similar to cash and enough to do information all accounting but not enough to connect a specific coin to the customer. The customer receives the validated coins and unblinds them.

To make a purchase, the customer contacts the merchant and the two cyberwallets connect to prepare the transfer of the appropriate amount of coins. The transfer is conducted after the customer has confirmed it. The customer can specify certain transfers (for instance, to a specific address and up to a certain amount) to be conducted automatically in the background without requiring an extra confirmation (publish/ecash_intro/ecash_intro.html).

The merchant sends the coins to the bank that has originally validated those coins. The bank proves whether the coins have been spent already by checking the number which it had added to the blinded coins against database of spent coins. If the coins are valid, then the bank transfers the money to the merchant's account: in effect, the coins have to be (de)centrally cleared.

All communication in the DigiCash system is digitally signed15 and encrypted, based on a public-key structure. For instance, the merchant encrypts the received coins with her private key (signature) and additionally with the bank's public key (communication security). This guarantees that only the bank can decrypt the message (and use the coins). The merchant has therefore the certainty that only the bank can get her coins and the bank knows the authenticated sender of the coins.

The whole communication process can be conducted in a couple of seconds (Hallam-Baker, 1995).

Figure 2. Using the DigiCash Payment Scheme

Part I Making Money
1. The customer's cyberwallet software generates random serial numbers for the Ecash coins. The serial numbers are then blinded. The blinded coins are sent to the bank.
2. The bank checks the signature and debits the signature owner's account.
3. The bank validates the coins and returns them to the customer.
4. The customer unblinds the coins.

Part II Spending Money
5. The customer sends a buying request to the merchant.
6. The merchant send a request back to the cyberwallet software to send the money.
7. The customer confirms the transaction, the software transfers the exact number of coins.

Part III Redeeming Money
8. The merchant has to check the validity of the coins. She sends them to the bank that issued the coins.
9. The banks checks the serial number for double spending. If the coins are valid, the bank destroys the coins, adds the number to the database of spent coins and transfers the amount to the merchant's account.
Part IV Finishing the Transaction
10. After the coins have been validated, the merchants sends a receipt to the customer and the financial transaction is finished.

4.2.2. Discussion
DigiCash is a full-fledged electronic money system. It's most unique feature is the user's anonymity intended by Chaum to "return control of personal information to the individual" (Chaum, 1992 p.96). This means the customer and the merchant do not have to know each other (except for delivering purposes) and the bank can not connect the coins to a customer. The merchant only knows that the coins are valid and the bank only knows it issued the coins (and they haven't been spent yet) but does not know to whom. The user's control is strong because the anonymity features of the system are built into the client software (blinding the coins before sending them to the bank for validation) and are independent of the intentions or the policies of any company involved in the transaction process: the untraceability of the user is indeed unconditional, unless the user tries to spend it twice, which guarantees the security of the system (ibid.).

The system is primarily oriented towards PCs that are connected to a network. On the PC the special software must be installed and the network connection must not be interrupted during the transaction process since the merchant verifies the validity online before sending the requested product or service.

The system, however, is very flexible and can also be used offline for peer-to-peer payment. The coin, if duplicated, reveals the sender's identity and DigiCash claims that its Ecash is less likely to be forged than any traditional paper-based cash.

Furthermore, the DigiCash software does not necessarily need to reside on a PC it can also be applied for smart cards or other electronic devices. In this sense is independent of any specific physical device.

Technically, the main problem with Ecash may be the size of the database of spent coins. If a large number of people start using the system, the size of this database will become very large and unmanageable. Keeping a database of the serial number of every coin ever spent in the system is not a scaleable solution. DigiCash plans to use multiple banks each minting and managing their own currency with interbank clearing to handle the problems of scaleability. But even so the task of maintaining and querying a database of spent coins is probably beyond today's state-of-the-art database systems (Pierce, Mahony, 1995).

Another problem could be the coin-based structure of Ecash. The system has no change-return capability. As consequence, the customer must always provide the exact number of coins required for the purchase. The number of coins must be determined when the customer requests the money from the issuing bank. The low costs of transaction, supposedly less than US$ 0.01, allow to use Ecash for very small payments. However, this means that the user needs a considerable amount of coins. This inflexibility combined with the use of strong cryptography makes the system not very easy to use for multi-purpose situations like general spending over the Internet.

Paired with the reluctance of the financial industry and the government agencies against the unconditional untraceability this led to the situation that DigiCash despite of being one of the best known and most advanced projects in the field of electronic money has still not been able to build major industry alliances with banks that would actually issue Ecash16.

Ecash might find more acceptance in situations where anonymity is less contested and the value of each transfer more standardized, for example in systems to collect tolls for highways for which it has been tested extensively.

However, DigiCash is potentially a very powerful and versatile system. The transaction costs of possibly less than a tenth of a cent that could allow purchases of as little a one cent worth (Steinert-Threlkeld, 1996)17. From the user's point of view the unconditional anonymity might be very welcome, especially if the payment mechanism is so fine-grained that it is able to measure user behaviour down to very small units, in this case cent by cent.

4.3. Millicent
Millicent18 is the payment scheme developed at DIGITAL's Systems Research Center in Palo Alto, CA by Mark Manasse and Steve Glassman. It aims specifically at providing a system to buy and sell content in very small amounts over the Internet, supporting transactions as small as 1/10th of a cent up to $5.00 in size. The system is currently in a pilot phase and the first public test is announced to begin in summer 1997 (/html/trial-announce.html)19.

4.3.1. The Communication Structure
The system is based on the idea of scrips. A scrip is like cash, in that it has some intrinsic value, but different in that it has that value only when spent with a specific merchant. Like electronic cash, a scrip consists of a signed message attesting that a particular serial number holds a particular value. The scrips are issued and collected by the merchant who can generate them according to local criteria simplifying the authentication and verification process. A typical method for generation is to use a secret key (at least) to encrypt a serial number that is referenced to the value of the scrip. When the scrip is returned to the merchant, she can decrypt it to verify that it encodes a valid, previously unspent serial number. Since it is the same merchant that encrypts and decrypts the scrip relatively light encryption can be used, speeding up the process and reducing transaction costs.

In order to avoid the problem of the merchant's data-base growing infinitely storing all the numbers of all the scrips ever spent, the Millicent scrip has an expiration date before which it has to be spent or exchanged against a new scrip. The life-time of a scrip can be designed by the merchant according to local criteria; it can range from a few hours to many years, depending on the character of the transaction.

Systems similar to such scrips are already widely used, for example, in transit-system fare cards, pre-paid phone cards, or manufacturer coupons. A piece of scrip represents pre-paid value, whose authenticity is of interest only to the merchant, as long as the customer is confident that it came from a trustworthy source. The merchant can employ whatever technology she thinks is appropriate to ensure authenticity and non-duplication.

In order to facilitate the transactions, the systems requires so-called brokers mediating between merchants and customers. The broker serves for the customer as intermediary to all merchants and for the merchant as intermediary to all customers. The customer buys for real money scrip from his broker, say, 50 scrip for 10 cents each. The broker buys from the merchant the right to sell merchant-specific scrip. If the customer wants to buy a content from the merchant for, say, 2 cents, then he sends his ten-cent-broker-scrip to the broker, who exchanges it against a ten-cent-scrip of the specific merchant the customer intends to buy from. This merchant scrip is sent to the merchant who validates it and sends back to the customer a new merchant scrip worth 8 cents as change. The customer can now either keep the scrip for further purchases at this specific merchant's site or redeem it for a broker scrip that can be substituted in future for any merchant scrip necessary.

This function of a broker is structurally necessary for two reasons:

to provide sufficient amortization opportunity for the scrip. Since the system is designed to allow for very small payments, the customers may take months or years to spend enough at a single merchant to cover the cost of a standard financial transaction. However, all transactions aggregated may amount enough to be processed traditionally.

to make the system user-friendly. For real financial transactions the customer has only to deal with one broker who manages a large amount of merchant scrip. The merchant has only to deal with one broker who buys the merchant's scrip in bulk and organizes the retail selling to customers.

Technically speaking, the system consists of three pieces of software. The client for the customer, and a server for the broker and one for the merchant. The customer's client is some form of wallet that is used to buy broker scrip, to pay for content, and accepting the "change" that might come back from a merchant. The wallet can be used for additional purposes such as accepting merchant scrip that might be given to the customer by an advertising site or storing free merchant scrip that might be given to the customer. The customer can configure the wallet to perform these functions in the background or to ask for confirmation for every or certain transactions.

The merchant software enables to create, distribute, accept and validate her own scrip while the broker server does basically the same and additionally exchanges its own scrip against a merchant scrip.

Figure 3.1. Building Up Relationships in the Millicent System

1. The customer request a broker script.
2. The broker sells the script to the customer.
3. The broker request a script from a merchant.
4. The merchant sells the script to the broker.

Figure 3.2. Using the Millicent System

1. The customer sends a request for a specific merchant script to the broker along with the broker script he bought previously.
2. The broker sends the merchant script back along with the change in form of a new broker script.
3. The customer sends the script to the merchant.
4. The merchant accepts the script, delivers the service and sends back the change in form of a new merchant script.
5. The customer sends the merchant script to the broker.
6. The broker changes it back to a broker script.

4.3.2. Discussion
The system is designed for one purpose: to enable micro-payment over the Internet or other computer networks. In order to make micro-payments viable the system relies on the properties that inform its overall design: low payments and decentrality. For a system to be secure the costs of breaking the system must be higher than the possible gain from such an attempt. Since the Millicent system only transfers very small amounts of money in every transaction the security functions of the system can be very light and still be effective, in principle, single-key encryption can be used since same merchant issues and receives the scrip. This allows the system to run on low memory or to process a large number of transactions at one time, the transaction rates are supposed to be in the multiple hundreds per second (Manasse, 1996).

The decentrality of the system guarantees the reasonably high degrees of anonymity in the transactions. The system does not require the identity of the customer to be known to the merchant. The merchant's only concern is with double-spending, tampering, theft and adequacy of payment. The integrity of the system is maintained by shared secrets between the broker and the merchant and the fact that the customer always pays in merchant-specific scrip. The Millicent system uses the same identity scheme commonly used on the Web today. It does not further hide or reveal information about the customer (/html/faq-w.html). The merchant basically knows the customer's IP number (from the server log) but she is not more or less able to connect the IP number to any specific individual; and this is already in standard data transactions (viewing a website).

The broker, on the other side, knows what scrip the customer uses, but not in detail to what end. For example, the broker knows that a specific customer reads the New York Times; but he doesn't know which articles the customer reads. This is only known to the New York Times that don't know who is actually using the IP number with which it communicates the scrips back and forth20.

Furthermore, since the payments are very small the system does not require receipts for documenting every transaction. This strengthens the anonymity and speed of the systems but makes it impossible retract any transaction. All Millicent payments are final.

A scrip is a unit of fixed value, however, it is not defined what value it is. This lies decentrally in the authority of the merchant. It can be small amounts of money to pay for a piece of information or for metering the use of a service, such as software application, or guaranteed bandwidth for an Internet phone call. But, it can be anything else too; it can be a bonus or rebate for regular users, a system similar to frequent flier miles; it can be access rights and can be advertising. The value of the scrip is defined by the merchant who is the only agency who has to accept that value.

The most central aspect in the system is the broker. Theoretically, anyone could serve as a broker. However, it seems reasonable to expect that only large organizations will be able to function as one. This for two reasons: first, the broker is the central element of trust and stability. He connects the merchant to the customer who do not know each other. From the customer and the merchant's point of view, the only one they do directly business with is the broker with whom they have to enter a 'long-term relationship' while the relation between the customer and the merchant is created instantaneously. The broker sells broker scrip to the customer and who buys merchant scrip from the merchant. The customer must trust the broker that he doesn't go bankrupt or run off with the money. On the other side, the broker must be sure that the merchant doesn't go bankrupt or run off before he exchanged all her scrips against his outstanding broker scrips. From the customer's point of view, a large organization is less likely to suddenly disappear than a small one and from the broker's point of view the chances that the merchant tries to cheat is smaller if the broker represents a large organization since he has more resources to prosecute the merchant.

Second, and more important, the broker's business is a business of scale. Only a large number of customer in a highly automated process make the brokerage business economically sensible. Once the system is up and running, the main task for the broker is to bill a large number of customer. It is therefore likely that businesses that already work with a large client base serve as brokers. Millicent assumes that mainly telephone companies, ISPs, or banks will become brokers, since they could add the Millicent bills as just an other items to their existing bills and therefor reduce the overhead costs (html/papers/millicent-w3c4/millicent.html).

Still be to determined is how exactly the role of the broker will develop. Millicent assumes that multiple brokers will be connected through some form of decentralized data-base (similar to the domain name servers) or exchange agency (similar to a clearinghouse) that allows them to provide their customers with merchant scrip they don't have themselves.

The system is very well adapted to the network environment for several reasons. First of all, it is very flexible and decentral, avoiding any kind of bottle-neck. If the numbers of users, customers and merchants, grows beyond the capacity of the brokers then simply more brokers can be added. The creation and verification of scrips is done decentrally and within the responsibility of the merchant who can upgrade her capacity according to the demand. Additionally, the merchant can introduce all kinds of value units, money, bonuses or rebates, whatever makes sense for her.

Second, the system allows to value exchange between merchants and customers who had no previous connection to each other, who do not have to identify each other and who do not have to establish a trusted relationship. Millicent allows on the fly, instantaneous one-time relations to, say, a specialist who provides information the customer needs only once and now, as well as continuos relations to, for example, a favourite newspaper. The system is very adequate to the situation on the Internet where valuable information or services can be found in a large number of places that one didn't know previously they even exist without generating much transactional information or slowing down the flow of information.

The precise adaptation to the network environment might turn out to be not only the strongest advantage but, at the same time, the strongest disadvantage since it can only be used within that environment. In this sense the electronic money or the scrips are not really independent from their physical location and can not be used in any other context than micro-payment which only makes sense in networks. This could lead to a deadly slow rate of acceptance since other forms of electronic money might become introduced at the same time within and outside the Internet and becoming accepted much faster because of their multi-functionality, a feature that is lacking in the Millicent scheme. Or it might restrict its application to a specific limited range, for example, to metering of software use of network computers (NCs) that rely on a central server.

4.4. Mondex
Multifunctionality is one of the most exceptional features of Mondex21, a system that intends become "an electronic equivalent of cash"22. It is based on a smart card that can hold money and transfer it in both ways. The Mondex card is a debit card in the sense that is can only be used to spend as long as it holds previously loaded money. The Mondex technology, in development since 1990, is exclusively owned by Mondex International, a London-based firm in which MasterCard holds 51% of the shares since the end of 1996.

4.4.1. The Communication Structure
At the core of the Mondex system is a smart card that is able to accept, store and distribute money. Moreover, the card does not only store the current total amount of money, it is also stores its recent payment history. At the moment, there are two different types of cards, the consumer card that stores the last 10 transactions and the merchant card that stores the last 300 transactions. This number of transactions stored is limited by the present state of suitable micro-chips, however, Mondex announces in the FAQ section of their webpage that "with more powerful chips this trail capacity is likely to increase".

The Mondex card issued by banks and connected to a bank account. Each card has an unique 16 digit number that identifies the person to whom the card is issued. This number is transferred with every transaction from one Mondex chip to another and displayed in the payment trail.

The transfer money both Mondex cards (the sending and the receiving one) have to be inserted in some kind of reader where the start to communicate to authenticate each other. Mondex is a closed system in the sense that cash can only be transferred from one Mondex card to another. Based on non-disclosed identifying features the cards establish a secure communication using digital signatures for transaction and receipt.

Encryption plays a central role in the Mondex scheme. It has to guarantee that only authenticated, untampered Mondex cards are used in the system and that the communication between the two cards can not be intercepted. Therefore the receipt that ends each transaction is crucial to proof the uninterrupted transfers of the cash.

As a stored value card with strong encryption Mondex does not need a central clearing institution as, for example, the DigiCash system. The transfer is direct between the two sides. However, this increases the security risks substantially. If a card could be forged and new money inserted into the system it would be impossible to differentiate forged from legitimate money. Therefore the constant update and the secrecy of the details of the communication protocol is an essential feature of the Mondex system.

Since all communication between the readers is encrypted Mondex can use open communication networks such as the telephone system or the Internet. Card readers can be attached to computers or phones--similar to the existing phone card readers--they can also be used, for example, in stores, buses or parking meters.

Figure 4: The Mondex Structure

Mondex allows uncleared, reciprocal transfers between all groups within the system. Between the bank and the customer, among customers (peer-to-peer) and between the merchants and the customers.

4.4.2. Discussion
Mondex is the most advanced of the four electronic money systems reviewed in this paper. Mondex has, at this point, an extensive industry support. Besides the majority holder MasterCard, the shareholders of Mondex International Limited include NatWest Bank, Midland Bank, Royal Bank of Canada, Canadian Imperial Bank of Commerce, Hongkong Shanghai Banking Corporation, Wells Fargo, AT&T, Chase Manhattan, First Chicago NBD and 10 major banks in Australia (Business Wire, 24.2.1997). Most recently (21.5.1997) the Bank of Montreal, Canada Trust and Toronto Dominion Bank have signed up with Mondex which is now being backed by more 90% of all deposit-taking financial insitutions in Canada. With such a support Mondex has resources to pursue its implementation that are by far greater than any other electronic money systems currently under development.

However, what differentiates Mondex is not only that is one of the industry's most favourite solutions, but also that is, once the hardware is in place, fairly easy to use in quite conventional ways, superficially mimicking the conventional ideas about cash being money that resides in the user's wallet until it is taken out or additional money is deposited.

What might be the single most important feature is its multi-functionality: it can be used in a number of different situations, such as traditional, physical payment situations, in store or peer-to-peer, but also as a means of electronic payment over all kinds of networks and it can be used for large payments and also for micropayment23. A card can store several hundred $ while the lowest threshold for Mondex is somewhere around a few cents. At the current stage is optimized to be used for medium sized payments. Functions as the storing capability of the last 300 (or 10) transactions make no sense if the payment size is very small. However, Mondex is adaptable in this regard.

Mondex has been developed primarily for the direct substitution of traditional cash in physical situations, therefore the first large public test sites have been localities: the two mid-sized towns Swindon UK and Guelph, Ont.. However, Mondex is developing applications and partnerships to use its smart cards also over the Internet in partnership with AT&T, HP and Open Market Inc. The first test of Internet use of Mondex is scheduled for summer 1997.

Since Mondex tests for the public at large have already begun in two sites it offers a unique opportunity to take a closer look at the problems involved in an implementation.

4.5. Summary Table

E-cash System/ Characteristic	First Virtual	DigiCash	Millicent	Mondex
Independence	No, PC only solution	Yes, mainly PC based, but also applicable for other storage devices	No, PC only solution	No, based on proprietary smart card technology
Security	High, based on substituting sensitive credit card # with Pins for the public network and processing sensitive over closed networks	High, based on strong public key encryption and third party validation	Medium, based on light encryption issuer specification. Small values make it light encryption secure enough to prevent infringement.	High, based on unrevealed encryption technology.
Privacy	Low, keeps records of all transactions, screens the users	Very high, guarantees unconditional untraceability of the user	Medium, the broker knows who and where, but not what. The vendors knows what but not who.	Contested, most likely medium. The issuer controls the flows into and out of the circulation but not within.
Transferability	Low	High, user to user payment possible	Medium, scrip can be transferred freely but only used at specific sites.	High, user to user payment possible
Divisibility	Low, high transaction costs, from 10$ upwards	Medium, coin based from one cent upwards, low transaction costs	High, micropayment from a fraction of a cent to 5 $, very low transaction costs	High, from one cent to several hundred $, low transaction costs
Ease of use	Medium, complicated set-up procedure, delay within the transaction but builds on existing technology	Medium, complicated to set-up and understand but easy to use	Medium, complicated to set up, easy to use	High, easy to set up, easy to use, but needs hardware
On-line/ off-line	needs live on-line clearing	Needs clearing, can be used off-line	On-line only	Can be used off-line

[Back to Table of Contents]