How private are "private" electronic payment systems?

I did a bit of net.research in 1996 to play the "Cash" claim on the Information Futures market at <URL:http://if.arc.ab.ca/~jamesm/IF/> (which was replaced soon thereafter by Foresight Exchange at <URL:http://www.ideosphere.com>. This claim has to do with the degree of success of an anonymous payment system on the Internet by the end of 1996 (the claim closed in 1997 with a value of $0.00--i.e. the claim was not satisfied). Information Futures is a game (using play money) modeled after the commodity futures markets, but trading on ideas instead of pork bellies and soy beans.

I discovered many more e-money schemes than I thought there would be, but *all* of them failed the specific tests of the claim, namely that both purchaser and seller need to be anonymous. All methods I've come across allow the identity of at least one of the parties to at least theoretically be determined, including both Mondex and Digicash, which I previously thought viable (DigiCash allows a seller to be identified by collusion between a buyer and the bank).

Many of the schemes I came across bill themselves as providing "privacy", yet keep logs of purchasers and the vendors they frequent. Several methods, however, (such as NetCash(SM)) provide practical anonymity in which the identities of parties cannot be determined without collusion with a central "bank" or clearinghouse of some sort. If this "bank" has a policy of not logging certain transactions which could be used to track identities, the result is effective anonymity. DigiCash is the only method I could find that can be shown mathematically to allow a buyer to be perfectly anonymous. (Subsequently, the developer of Brand's Cash contacted me to confirm that it, too, ensures the buyer's anonymity).

Following is a summary of all the digital payment methods I've come across. The information on anonymity and implementation status is MY OWN OPINION based on information I read (actually, skimmed, in most cases) on the Web, much of which left out important details. One or more of the methods at the end of the list (which I did not verify) may have qualified for the claim as well. Please correct me if I'm wrong. I'll keep an HTML version of this page up at <URL:https://telarity.com/~dan/emoney-anon.html>.

UPDATE 2021: This list predates the invention of cryptocurrencies in 2008, which have fundamentally changed the discussion of anonymity in payment systems.


DigiCash <http://www.digicash.com>
- purchaser is anonymous, seller's identity can be found by collusion with bank
- implementation: in full operation since late 1995

CAFE <http://www.digicash.com>
- purchaser is anonymous (unless he double spends), seller is not
- implementation: unknown

Brand's Cash <http://ganges.cs.tcd.ie/mepeirce/Project/Mlists/brands.html>
- purchaser is anonymous unless he double spends
- implementation: unknown

NetBank/NetCash <http://www.netbank.com> (not to be confused with the NetCheque/NetCash(SM) system below)
- anonymity: transactions between purchaser and seller can be linked in most cases
- implementation: in full operation

CyberCash <http://www.cybercash.com>
<http://ganges.cs.tcd.ie/mepeirce/Project/Press/cybernote.html>
- anonymity: CyberCash server can and must link transactions between purchaser and seller (via credit card)
- implementation: in full operation

First Virtual <http://www.fv.com>
http://www.c2.org/nofv/
- transactions between purchaser and seller are linked by central server
- implementation: in full operation

Credit card number via http + SSL (e.g. Netscape)
- neither purchaser nor seller is anonymous
- implementation: in full operation

NetCheque(SM) & NetCash(SM) <http://www.isi.edu/gost/info/NetCheque/>
<http://ganges.cs.tcd.ie/mepeirce/Project/Press/nc.html>
<http://ganges.cs.tcd.ie/mepeirce/Project/Press/net2a4.ps>
- anonymity: NetCash(SM) identity of purchaser can be determined by collusion among all parties (may be extended to provide perfect anonymity to purchaser); NetCheque(SM) is not anonymous
- implementation: NetCheque in test phase; NetCash not yet implemented

Mondex <http://www.mondex.com>
- neither purchaser nor seller is anonymous
(see <http://ganges.cs.tcd.ie/mepeirce/Project/Press/monpriv.html>)
- implementation: smart card trial in progress in UK; Internet status unknown

NetBill <http://www.ini.cmu.edu/netbill/>
<http://www.netbill.com">
- anonymity: "Protects the privacy of the transaction"; appears that in actuality, central NetBill server can and must link purchaser and seller in a transaction
- implementation: trial should be running around this time

Millicent <http://www.millicent.com>
- neither purchaser nor seller is anonymous
- implementation: tests were planned for the end of 1995

First Bank of Internet (FBOI)
<http://ganges.cs.tcd.ie/mepeirce/Project/Press/fboi.html>
- transactions between purchaser and seller are linked by central server
- implementation: in full operation

NetChex <http://www.netchex.com>
<http://ganges.cs.tcd.ie/mepeirce/Project/Press/netchex.html>
- neither purchaser nor seller is anonymous
- implementation: unknown

CyberCard <http://netmarket.com/nm/pages/cuc/sid=LMAmZEJeI7>
- anonymity: unknown
- implementation: unknown

iKP (IBM)
<http://www.zurich.ibm.com/csc/infosec/past-projects/ecommerce/iKP.html>
- anonymity: transactions linked between purchaser and seller via credit card in standard implementation
- implementation: unknown

Micropayments (Hewlett Packard)
<http://www.hpl.hp.co.uk/projects/vishnu/main.html>
- neither purchaser nor seller is anonymous
- implementation: unknown

Anonymous Credit Cards (AT&T)
<ftp://research.att.com/dist/anoncc/anoncc.ps.Z>
- anonymity: transactions can be linked between purchaser and seller by collusion; anonymous debit card may be anonymous for purchaser (though purchases can be linked), but not seller
- implementation: unknown

PayMe (based on NetCash) <http://www.w3.org/pub/Conferences/WWW4/Papers/228/>
- anonymity: transactions between purchaser and seller can be linked if currency servers log all transactions
- implementation: unknown

The following proposals I haven't evaluated:

SNPP (MIT) <http://ganges.cs.tcd.ie/mepeirce/Project/Oninternet/snpp-paper.ps.Z>
- "does not provide anonymity" -- Low & Maxemchuk
- implementation: unknown

MarketNet (BankNet)

NetPay (Boston Automation) <http://www.bosauto.com/netpay/>

STT (Visa & Microsoft) <http://www.microsoft.com/intdev/inttech/wire15dx.htm>

SVC (VISA)

Web Payment System (Open Market)

Merita Solo Payment system

Anonymous Internet Mercantile Protocol

CARI (Collect All Relevant Information)

Checkfree

Clickshare

Commercenet

Downtown Anywhere

FSTC Electronic Check Project

Globe ID

LETSystems

Magic Money

Micro Payment Transfer Protocol (MPTP)

Online Check Systems

PayWord and MicroMint

Secure Electronic Payment Protocol (SEPP) (Mastercard)

Ziplock

Lists of digital cash resources:

<http://ntrg.cs.tcd.ie/mepeirce/Project/oninternet.html>
<http://ganges.cs.tcd.ie/mepeirce/Project/oninternet.html>
<http://ganges.cs.tcd.ie/mepeirce/Project/press.html>
<http://dir.yahoo.com/Business_and_Economy/Electronic_Commerce/Digital_Money/>
<http://www.ini.cmu.edu/NETBILL/commerce.html>
<http://www.w3.org/pub/WWW/Payments/>
<http://www.w3.org/pub/WWW/Payments/Talks/w3c_security_10-jul-95/talk.html>

back to Dan's personal home page

Daniel Fandrich dan@coneharvesters.com
Created 1996-04-19
Links last updated 2002-07-10