Bank for International Settlements maps privacy-enhancing technologies for digital payments and flags scalability constraints

The Bank for International Settlements published a working paper that surveys how privacy-enhancing technologies (PETs) could be used in digital payment systems and frames the core trade-offs between user privacy, commercial use of payments data and law-enforcement access. It proposes a taxonomy that distinguishes privacy versus auditability and soft institution-based versus hard technology-based approaches, arguing that sophisticated cryptographic techniques can, in principle, deliver hard privacy alongside limited transparency through hard-coded access rules, but that current solutions remain constrained by security and computational capacity. The paper analyses the interests of three stakeholder groups (privacy-conscious users, law enforcement and data holders such as banks, merchants and payment processors) and evaluates design approaches ranging from soft-privacy regimes with discretionary, court-authorised access to models that combine hard privacy with machine-decidable audit rules. It reviews key PET classes including zero-knowledge proofs, homomorphic encryption, secret sharing and multi-party computation, anonymity-enhanced signatures, tamper-resistant hardware, trusted computing and privacy metrics, highlighting practical limitations such as computational overhead, setup and key-management challenges, interoperability and reliance on trusted manufacturing and supply chains. It also discusses conditional privacy and auditability rule-sets (eg payer or payee privacy, privacy thresholds and budgets, aggregate disclosure and “alibi” mechanisms), noting risks such as rule evasion through transaction splitting, and suggests that jurisdictions concerned about current limitations of privacy-preserving digital payments could consider policies supporting the continued acceptability of physical cash.