Europes central bankers are warning that a gradual phase-out of cash in many countries poses a serious threat to the financial system, as relying too heavily on digital payment systems exposes them to catastrophic failures in the event of cyberattacks.
Regulators are also weighing in to say that IT failures, systemic hacking risks — and the fact that more vulnerable members of society would be alienated in a cashless world — all argue in favor of keeping a robust system in place — ie., cash.
A November study by the European Central Bank showed that while almost 80 percent of all payments are still done in cash in the eurozone, countries like Estonia, the Netherlands and Finland already use electronic payments for about half of all transactions. Cash payments in Sweden now only account for about 13 percent of payments in stores, according to a study by Swedish central bank Riksbank. More than half of all bank branches no longer handle cash, according to a report from the Swedish Retail and Wholesale Council.
“The digitalized system, it is easy for someone in Russia, China, whatever to just shut it off,” Björn Eriksson, the head of a pro-cash lobby group Cash Uprising and former head of crime-fighting agency Interpol. “[Cash] you can hide in your car, or your stove, or whatever.”
He added: “I can see a growing concern in my country about what is going to happen when someone decides to switch them off. What are the activities you can do to keep society moving?”
The European Central Bank found that while most eurozone payments are done in cash, many countries use of cashless transactions is increasing | Daniel Roland/AFP via Getty Images
Central bankers are watching — and getting anxious.
“Increasingly, central banks insist that cash will also play a role. We do not foresee a totally cashless society,” said Ewald Nowotny, governor of the Austrian National Bank, at a recent conference in Brussels. “If there is for instance an energy blackout, cash is the only surviving way of payment.”
A senior official at the Dutch central bank echoed the sentiment.
“Were under attack every day. If you dont have your shields up, you notice activity straight away,” said Petra Hielkema, director of payments at the Dutch Central Bank, who watches over cybersecurity policy.
The U.K. Treasury said they still want to “explore how to ensure cash remains accessible and secure for those who need to use it.”
Small cybersecurity crises have nudged central bankers to work on backup systems and roll out cyber stress tests. Cash looms large in most contingency plans.
“Cash provides trust,” said Hielkema. Beyond cybersecurity concerns, critics of the cashless society have pointed out that vulnerable groups such as elderly and disabled people rely on cash more than others. “We see a lot of people who really need it,” she said.
An outage of visa services in June— caused by a system failure — gave a small taste of the risk, said Kevin Curran, a professor of cybersecurity at Ulster University in Londonderry, Northern Ireland. Customers across the EU were left unable to pay for goods and services, and the situation revealed “there really is no backup,” Curran said.
“When the trolley came around on the train and the card payment wasnt working, the only people who could eat were those with cash,” he said.
Race to digital
The move away from cash is driven partly by commercial interests, as businesses go card-only for efficiency and in response to consumer demands. Commercial banks are also shutting down branches in favor of digital services.
Some governments encourage a shift toward digital services because they see it as a way to address money-laundering and tax evasion, and also to boost competition in financial services. Others argue that digital payments protect consumers from being robbed or losing money, as well as sparing them the hassle of constantly carrying a wallet.
In a report published in March, the U.K. Treasury considered how the government could further support digital payments. Already, new regulations bar charges for using cards or digital payment while allowing fintech firms to provide instant payment services to customers without a bank intermediary. A drive to tackle crime has also led the European Central Bank to discontinue production and issuance of €500 bank notes in 2016 — despite a heavy reliance on cash in Germany, where cash accounts for more than half of transactions in stores and debit cards take up another 25.5 percent. Mobile payments dont even make up to 1 percent.
But officials say some cash in the economy must be preserved. The U.K. Treasury said they still want to “explore how to ensure cash remains accessible and secure for those who need to use it.” In Sweden, a court ruling insisted public entities must continue to accept cash, though earlier this year, the Swedish government shot down a plea from the central bank to require banks to handle cash.
Until the mid-2000s the Swedish central bank recorded a rising nominal value of cash in circulation, but that dropped to under 60 billion Swedish crowns from close to 100 billion crowns between 2006 and 2016.
The decline in cash payments has raised the alarm for the Riksbank. Governor Stefan Ingves warned in June about the dangers of rushing into a cashless society, arguing it is moving too fast and may lead to a payment market “dominated by private players with no public alternative.”
New industries such as the financial technology sector are pushing banks to become even more aware of cybersecurity.
“The days that we were able to manage our entire capital with only a 4-digit password, those days have passed” — Tim Hermans, director of Belgiums central bank
To secure the worldwide banking system, authorities watch over a series of players, said Hielkema, at the Dutch central bank. “Beyond the normal banks, there are the institutions who facilitate payments, there are institutions in between consumers and banks, and in between banks themselves,” she said. Add to that the numerous applications and startups working with banks to provide new services like person-to-person payments.
All of this means “the attack surface is getting bigger and bigger,” said Hielkema.
In the U.K., the Bank of England announced in June it would conduct stress tests to evaluate regulated firms cyber resilience. “A severe operational incident, such as an IT failure or a cyber incident, can impair processes and data supporting these services, and therefore put financial stability at risk,” the bank said in its financial stability report.
Just last May, European banks agreed on a framework to test institutions resilience to cyberattacks. The test is designed to imagine a cybersecurity firms ability to infiltrate a network of a bank, payment company, stock exchange and others, and remain hidden, testing the institutions defenses.
In Belgium, the central bank brought in hacking consultants and is in conversations with intelligence services, hoping to launch initial tests in the first half of next year, its director, Tim Hermans, said.
“The added value will be that youll have sector-specific evaluations. We will really work on an analysis of the threats to the sector and create a scenario based on that to test the strongest and weakest links,” he said.
As threats evolve, so will security practices, said Hermans: “The days that we were able to manage our entire capital with only a 4-digit password, those days have passed.”