Digital security does not arise with digital currencies. It is already a topic in any market segment that has some presence in the digital field.
Speaking of the financial market, this is a constant concern and reason for significant investments by banks, brokers, regulators, and Central Banks. I do not believe there is any banking institution today where this topic is not on the agenda.
It is a concern, and everyone has it resolved. Although there have been data leaks of customers, which is very serious, I am not aware of cases where a major banking institution has been hacked resulting in the total loss of funds for all its clients. This contrasts with what has already happened with some cryptocurrency exchanges, with MtGox in Japan being one of the most notorious examples.
This beginning is important because, being a problem that financial institutions already deal with today, we not only have technology but also know-how on how to minimize or eventually eliminate this risk.
At this point, a discussion arises about a system with centralized control or not. We are migrating to models of Central Bank Digital Currencies (CBDCs) that will be closed, where they will have total control over movements, potentially able to cancel or eliminate any transactions they wish. In this architecture, there must be a significant concern about the security of the system and data.
In a distributed system, without a central authority, much of the concern for security shifts to the user rather than the issuer of the digital currency. Bitcoin is a good example of this. Bitcoins are in the account (public key) and can only be moved by whoever has the password (private key). If this private key is lost or stolen, that’s it. You will never have access to the account again.
I always like to draw a parallel with the 'physical' world. Today, if you lose the paper money in your pocket, that's it. There’s no one to complain to or how to recover it unless you find it yourself. In the case of cryptocurrencies, in the digital realm, it is quite similar.
In a recent text I read from the World Economic Forum, there is a good discussion about the implementation architecture of the CBDC, and it cites two main forms: account-based payment/currency systems and token-based systems.
The account system is what we know today, where each user has their account and transfers are made between accounts. In the case of implementing the CBDC, these accounts would all be connected to a platform controlled by the Central Bank.
In a token system, the operation is closer to physical money today, where the Central Bank would issue the token (Real-Digital, for example) and we could transact it through our digital wallets, whether identified or not. There is mention of a hybrid system of these two, but I will stick to just the two.
In the case of the account-based CBDC, this will require participants to open identified accounts to access this platform. These accounts could be at banks, as we have today, or directly at the Central Bank. In this sense, the concern for digital security would lie with the banks and Central Banks, which would be the controlling and operating entities of this platform.
When discussing a token-based CBDC, the concern about account openings becomes irrelevant. However, if this CBDC functions as a digital version of cash (being anonymous and transferable directly from person to person), the responsibility for digital security largely falls on the user. One of the Central Bank's tasks would be to ensure the authenticity of the tokens transacted, just as it combats the counterfeiting of physical bills. Issues related to transactions and balances would then be the user's responsibility.
In both cases, an initial discussion should be about what the risks are from the perspective of data security that we should consider, and then who will bear that risk.
It is also important to know how far the Central Bank should ensure the digital security of the people using its CBDC. In the case of Bitcoin, which serves as the basis for many of these discussions, this responsibility fell entirely on the user. As I said, I do not believe we will move to this scenario, but at the same time, it seems obvious that users will increasingly need to better understand these risks.
That said, with the implementation of a Central Bank Digital Currency (CBDC), I see no reason for excessive fear regarding data security. Of course, we should have a well-thought-out and tested implementation before it scales up, but numerous examples from the Brazilian traditional financial market lead me to believe that we can control digital money movements with the necessary security.