In VarietyCash, the issuer functions as a mint. Coins are tokens authenticated under an issuer master key. The system is on-line, meaning the issuer maintains a coin database, and the merchant checks on-line with the issuer that a coin has not been previously spent. Since the system is on-line, the master key is present only at the issuer, so, unlike in Mondex, can be well protected.
Spent coins can be erased from the database, unlike some systems; if this were not possible scalability would be adversely impacted.
VarietyCash provides ``trust-based anonymity.'' At withdrawal time the issuer does note the association of user ID to coin serial numbers, but this user database is separate from the database recording the spent or unspent status of a coin which is looked up when a merchant wants to confirm that no double spending has occurred. The information can be co-related as necessary in case of law enforcement needs, but the issuer is expected to maintain user privacy except in such cases. While not anonymity at the level of digicash, this relies on no more trust than we put in our financial service providers today, and with a well-known, reputable service provider, is likely to be deemed adequate by most people for most things. Furthermore, users can use pseudonyms.
The system is robust, functional and flexible. The protocols for withdrawal and spending will provide atomicity. Coins can be purchased in any number or denomination, and paid for in a variety of ways. The system is account-less, so Regulation E is avoided, and the payment service provider does not have to issue statements to customers or incur other such overhead. The same coins can be used for network based payment transactions or put on stored-value cards in the Mondex style, and the coins are transferable between the two. Novel features include transferability of coins without any specific payment transaction, ie. ``making change''.
The main concern is cost arising from it being an on-line system. The issuer will have to invest some resources to be able to handle lots of transactions quickly. This, however, appears feasible for reasonable load. Our protocols minimize the overhead. Batching and aggregation can be used to reduce costs (e.g., [4]).
This design originated in response to a request of a certain large financial service corporation to seek a practical, viable e-money system. In discussions with them we found they were more ready to take on the cost of on-line verification than to incur the risks arising from anonymous cash, or to fall under Regulation E. From this it appears that there is a market for a system like VarietyCash.