Jerry Brito recently published a paper entitled “The Case for Electronic Cash.” He argues that peer-to-peer forms of payment like banknotes and cryptocurrency are essential to modern democracy. Centralized intermediaries like banks can be easily deputized by the state to monitor all transactions and exert social control. Because they bypass these intermediaries, says Brito, decentralized forms of payment like cash can help individuals achieve financial privacy and autonomy, two key ingredients for a healthy democratic society.
I think Brito has written a great paper. Do go read it. But let's not forget that centralized intermediaries do provide a narrow window for individuals who want financial privacy and autonomy: prepaid debit cards. Brito writes that cash and electronic cash should "not just be tolerated, but fostered and celebrated." But the already-small window provided by prepaid debit cards may get even narrower. It, too, deserves our attention.
Prepaid debit cards can be purchased at retailers all over North America with cash. When someone purchases a prepaid debit card, they are buying into a pool of funds held in an account at a bank. All other prepaid debit card holders are also members of this pool.
The card owner gets access to an open-loop payment network like American Express, Visa, or MasterCard. Purchases can be made at a brick-and-mortar retailer connected to any of these networks. To make online purchases, the card owner must visit the website of the card issuer and associate a postal code with his or her card. Whenever a purchase is made, the pool of funds held at the bank is debited and the account of the retailer is credited.
Prepaid debit cards first emerged in the 1990s as a way for banks to extend services to the unbanked. Their usage has since exploded, particularly in the U.S. To render them more accessible to the unbanked, who often lack the requisite documents, non-reloadable prepaid debit cards do not require identification. (Reloadable prepaid debit cards do; see below.) This means that non-reloadable prepaid debit cards are quasi-anonymous. Law-abiding citizens can thus use them as a tool to protect privacy. For instance, if someone is worried that a retailer might track a purchase and tie it to other information, say an email address, then a prepaid debit card can be used to limit the amount of information that is given up.
In his paper, Brito builds a case for permissionless payments, censorship resistance, and privacy. Applying for a regular bank account requires the permission of a bank. But this involves giving up plenty of vital information, much of it to be shared not only with the issuing bank but also law enforcement and other third parties like retailers. On top of this, banks and payments networks can censor users, either by refusing to grant accounts to certain types of people or by limiting their activities after they have joined.
Like cash, a prepaid debit card is permissionless. Since anyone can buy a card, consumers need not get the approval of a bank to join the payments system. And since non-reloadable prepaid debit cards do not require giving up personal data, neither the bank, government, nor retailers can glean as much user information from a prepaid debit card transaction as they can from a regular one.
Unfortunately, the anonymity provided by prepaid debit cards is popular with money launderers, and the cards have thus attracted the attention of the Financial Crimes Enforcement Network, the U.S. agency tasked with fighting money laundering. In 2011, FINCEN issued a set of rules pertaining to prepaid debit cards. It reasoned that under certain conditions, prepaid debit cards were functionally the same as bank accounts. Thus prepaid debit card providers must be treated as if they were bank account providers, with the same strict anti–money laundering regulations that pertain to bank accounts applying to prepaid debit cards. This obligates prepaid debit card providers to not only collect a card buyer's name, date of birth, address, and ID, but also to report any suspicious transactions to the Treasury Department.
However, low-risk prepaid access arrangements are exempt from FINCEN's regulations. To qualify for an exemption, prepaid cards must be non-reloadable, cannot allow for person-to-person payments or international transfers, and cannot exceed $1,000 in stored value.
FINCEN thus allows law-abiding citizens to enjoy a constricted amount of privacy protection via prepaid debit cards. In offline settings, cash is probably still the superior option. Prepaid debit cards can only be used to make small-value retail payments, not anonymous person-to-person payments. The privacy and autonomy they provide is geared toward consumers; merchants must still get the permission of banks and card networks to receive card payments. These intermediaries can simply ban merchants they deem too risky, like how Visa and MasterCard cut off WikiLeaks in 2011.
On the other hand, prepaid debit cards can be used online whereas cash cannot. An online purchase of physical goods requires an address, mitigating the usefulness of prepaid cards. The privacy protection offered by non-reloadable cards, like VPNs, may work best for purchases of non-physical goods and services.
There is probably an ideal balance to be struck between meeting people's legitimate needs for anonymity while also guarding against money laundering. Some sort of limit on the amount of funds held on a non-reloadable prepaid debit card is probably suitable. But, for privacy advocates, the small window already afforded by prepaid cards needs to be protected. Financial privacy and autonomy are important, as Brito has eloquently argued. But cash and cryptocurrencies are not the only means to those ends.