Evaluating Privacy Technologies in Digital Payments: A Balanced Framework

Abstract

Privacy enhancement technologies are significant in the development of digital payment systems. At present, multiple innovative digital payment solutions have been introduced and may be implemented globally soon. As cyber threats continue to increase in complexity, security is a crucial factor to consider before adopting any technology. In addition to prioritizing security in the development of digital payment systems, it is essential to address user privacy concerns. Modern digital payment solutions offer numerous advantages over traditional systems; however, they also introduce new considerations that must be accounted for during implementation. These considerations go beyond legislative requirements and encompass new payment methods, including transactions made through mobile devices regardless of internet connectivity. A range of regulations and guidelines exist to ensure user privacy in financial transactions, with the General Data Protection Regulation (GDPR) being particularly notable, while technical reports have thoroughly examined the differences between various privacy-enhancing technologies. Additionally, it is important to note that all legal payment systems are required to maintain information for audit purposes. This paper introduces a comprehensive framework that integrates all critical considerations for selecting appropriate privacy enhancement technologies within digital payment systems, while it utilizes a detailed scoring system designed for convenience and adaptability, allowing it to be employed for purposes such as auditing. Thus, the proposed scoring framework integrates security, GDPR compliance, audit, privacy-preserving technical measures, and operational constraints to assess privacy technologies for digital payments.

1. Introduction

In previous decades, cash was the predominant means of conducting financial transactions. Currently, 75% of adults globally utilize some form of digital payment, reflecting notable expansion—especially within developing economies. In developed nations, the rate is even higher, with adoption reaching 96% among adults in OECD member countries. The emergence of new and evolving payment methods has introduced numerous uncertainties, particularly regarding user privacy. Each payment system features unique characteristics, whether related to the security mechanisms incorporated into transaction processing or the extent of privacy protection offered to users. Privacy, within the context of different payment systems, is subject to varied interpretations. Economic literature indicates that the value of money can be closely linked to the level of privacy it ensures [1,2]. This is reflected in the fact that the accessibility of transaction data varies among payment mechanisms, with certain data being visible to multiple entities while others remain protected through mechanisms such as cryptography. Since digital transactions involve sensitive personal and financial details, how well a payment system protects this data is crucial for its reputation. Trust acts as a crucial link between users’ sense of privacy and their readiness to use a payment platform. If privacy safeguards are weak, people may consider the system unsafe, which can lead to fewer users adopting it.

When designing digital payment systems, several key parameters require consideration, including user privacy, transaction integrity and security, monitoring mechanisms for illegal activities, and the system’s resilience during high transaction volumes. The development of technologies such as artificial intelligence (AI) and quantum computing has introduced significant changes. For instance, many financial institutions are updating their information security infrastructures, particularly encryption algorithms, to implement “Quantum-Resistant Algorithms” [3], which aim to withstand cyberattacks from both classical and quantum computing systems [4,5]. Additionally, financial transaction data has commercial value and is important for maintaining user privacy.

Currently, there are multiple digital payment options available to users. Individuals choose different methods based on their specific requirements. Examples include bank cards, digital wallets, FinTech applications, e-banking services, cryptocurrencies (which have limited acceptance), and the planned introduction of a Central Bank Digital Currency (CBDC) in the European Union [6,7,8]. When privacy protection is the main selection criterion for digital payment methods, making a decision can be challenging. Understanding how transactions work and evaluating methods for safeguarding personal data requires knowledge in cryptography and computer science. Cash transactions typically provide the highest level of anonymity and are often used as a benchmark for privacy.

Privacy-related technologies are typically classified into two principal categories. The first type includes records that use controlled access, allowing the data holder to view information without needing extra permission. For instance, electronic health record systems commonly use role-based access control (RBAC), so authorized medical staff can directly access patient data based on their specific roles. However, this method is not suitable for digital payment systems. The second dimension involves data protection mechanisms inherently based on cryptographic methods, ensuring that the protected information remains inaccessible to the data holder. Presently, only the latter method is utilized for safeguarding user data. Law enforcement and governmental agencies have advocated for a third framework: by default, it would employ strong cryptographic protections, but permit decryption of financial data under specific circumstances to assist investigations into potential fraud. To date, this model has yet to be realized in practice. Additionally, the effective assessment of encryption technologies for digital payments must consider not only privacy concerns but also the security of financial data and audit capabilities. Considerations related to the stability and regulation of the financial system are likewise essential.

The main objective of this work is to establish a comprehensive framework that consolidates all critical components of digital payment systems, ensuring that privacy considerations are addressed alongside other essential requirements. Furthermore, we introduce a unified scoring framework for assessing privacy technologies, which incorporates carefully selected technical indicators not explicitly covered by the GDPR. This framework generates quantifiable results that support objective comparisons between various privacy technologies and serve as a reliable basis for auditing and evaluation. The research hypothesis made is that a quantifiable, multi-criteria scoring model will enhance the evaluation and selection of PETs in digital payment systems, improving privacy, auditability, and regulation compliance.

2. Methodology

To select suitable privacy enhancement technologies for digital payment systems that align with privacy and regulatory requirements, it is necessary to first determine the types of data produced during financial transactions. Every electronic payment transaction generates varying amounts of data associated with the parties involved [9]. The specific data requirements are influenced by factors such as transaction size and whether the transaction takes place within a single financial institution or across multiple institutions. Our primary contribution is the development of a framework for assessing encryption technologies in digital systems with respect to privacy. Different types of data may not be generated by all digital payment systems; in some cases, this is determined by how the payment system is implemented.

The Table 1 presents five primary categories of data produced during financial activities.

Table 1. Categories of data during financial transactions.

Payer/Payee identity	Official documents or digital records that are verifiable and linked to a counterparty, often required by regulations, such as name, address, digital ID
Payer/Payee Pseudonyms	Information that allows the counterparty to participate in a transaction without being verified, such as phone numbers or token addresses, such as account number, phone number, or alias.
Transaction data	The essential information necessary to complete a transaction typically includes the transaction amount and date.
Additional Data from the Payer	Data generated for payer notification that exceeds the requirements of the transaction, such as free text, payment reference, invoice number, and payment purpose.
Additional Data from the Payee	Supplementary information that is not essential for the transaction may include details such as location, merchant name, or other data intended to facilitate easier access.

Digital payment platforms encounter cyber threats comparable to those faced by other information systems. Ensuring robust security measures during the design phase of digital payment systems is of paramount importance. Security measures not only serve to maintain confidentiality, integrity, and authentication but also play a crucial role in fraud detection and compliance with regulatory standards [10]. Currently, the field of security is closely integrated with advancements in artificial intelligence to effectively prevent and promptly detect potential attacks and malicious activities. Studies [11,12] have identified the main privacy risks. The Table 2 lists types of information that can be exposed in cases where digital payment systems are under specific attacks.

Table 2. Cyber threats.

Types of Cyber Threats	Information at Risk
Data Leakage	The primary consequences of data leakage include: Identity theft Financial fraud Public trust
Misuse of Information	If data are used without the owner’s consent, or if the owner is not properly informed about its intended scope, issues may arise (primarily for advertising purposes).
Information System Breach	A cyberattack resulting in an information breach within a digital system can have severe consequences not only for the specific affected system but also for the broader economy. It is essential that every digital payment platform be capable of detecting and responding effectively to all forms of cyber threats, including hacking and malware.
Data Protection in Cross-Border Transactions	International transactions are required to comply with all applicable regulations. In situations where regulatory standards differ between countries, a higher standard of control should be applied to ensure data protection.

2.1. Designing the Evaluation Framework

For creating a framework to evaluate privacy protection in digital payment systems, it is important to first specify the main dimensions of assessment criteria. To this end, we have identified five dimensions with the corresponding metrics for each one.

The first three dimensions that we adopted are security, privacy-preserving technical measures, and auditability. It is rather evident that the requirements stemming from these three dimensions can be contradicting and thus very difficult to satisfy concurrently [13,14]. For instance, data protection necessitates robust encryption mechanisms, while effective auditing relies on the ability to identify parties involved in transactions. Consequently, as the strength of encryption algorithms and privacy protection measures increases, it becomes more complex to monitor transactions in instances of unlawful activity [15]. At this stage, our work has focused on establishing and validating the initial structure of the framework, and thus, the evaluation has been based on equal-weighted dimensions. Our future plans include the definition and testing of different weights for each dimension, which can vary depending on the digital payment system’s characteristics. The outcomes of this scoring system facilitate the management of competing objectives, such as balancing privacy with audit requirements. Although conditional data decryption has been investigated in research, no practical or standardized method has yet been defined. The fourth dimension of the assessment criteria is GDPR compliance, and the fifth is operational constraints. Further details for each dimension of the framework are provided next.

2.2. Security

Security plays an important role in the deployment of digital payment systems. Its primary function is to protect transactions from being altered. Additionally, the selected security technology should be designed to resist both current and potential cyberattacks and to preserve data integrity and confidentiality. Furthermore, it is essential for regulators and auditors to identify transactions that are fraudulent or have been falsified. Achieving an optimal balance among security, auditing, and privacy presents significant challenges when determining the most appropriate security strategy for digital payments [16]. Furthermore, we have established a scoring system to assess the security level of the digital payment system under evaluation.

2.3. Privacy-Preserving Technical Measures—Privacy Enhancement Technologies (PETs)

Without robust data protection measures, users may lack confidence in financial institutions regarding the protection of their privacy. Even though GDPR provides a robust basis for data protection, mainly in terms of legal and organizational requirements, it does not explicitly address specific privacy-preserving technical measures (with the exception of pseudonymization) that are essential in digital payment systems, like unlinkability [17,18], metadata protection [19], and resilience against quantum threats. As numerous organizations and governments have already expressed their intention to expand the use of digital payment systems, it is essential for such privacy-preserving technical measures to be incorporated into the proposed framework. Thus, the proposed framework includes criteria for evaluating the performance of advanced privacy-enhancing technologies (PETs) in digital payment solutions [20,21,22], complementing the GDPR requirements that are examined in the framework’s fourth dimension of criteria. Depending on the privacy protection level that financial institutions decide to achieve, they need to consider the following options:

• Anonymity: This criterion evaluates the extent to which the proposed PETs allow users to provide proof of authorization without revealing their identities.
• Unlinkability: A significant volume of metadata—including traffic analysis, timestamps, device information, and location data—may be generated during financial transactions. The primary objective of this criterion is to prevent the correlation of multiple payments to a single user, thereby safeguarding users from behavioral profiling [17,23].
• Forward and Backward Privacy: This criterion assesses two distinct options: forward privacy [24], which safeguards past transactions if present data are compromised, and backward privacy, which secures future transactions if current information is breached.
• Future Readiness: This criterion primarily addresses resistance to emerging threats such as quantum and artificial intelligence attacks. Privacy enhancement technologies in digital payment systems must proactively incorporate safeguards to mitigate future cybercrime risks.

2.4. Auditability

When developing digital payment systems, procedures should be established to ensure compliance with Anti-Money Laundering (AML) and Countering the Financing of Terrorism (CFT) regulations [21] during all financial transactions. All payment systems should be capable of supplying information to authorities while also maintaining user privacy. Achieving an effective balance between privacy and auditability presents a significant challenge, particularly in discussions regarding future implementations such as central bank digital currencies (CBDCs) [25]. Our research makes a substantial contribution by analyzing the intersection of privacy and auditing, identifying areas where their effective implementation can occur simultaneously. To evaluate the auditability of digital payment systems, an auditability metric is defined in relation to regulatory audits and forensic traceability [26]. This criterion is used to determine whether audit controls can be implemented effectively while maintaining user privacy.

2.5. GDPR Compliance

The General Data Protection Regulation (GDPR) [15] sets the minimum requirements for personal data processing within the European Union, thereby elevating privacy protection by placing particular emphasis on transparency, informed user consent, and accountability in data processing activities. The proposed framework assumes that the processing performed by the digital payment system under evaluation is lawful, and evaluates its GDPR compliance through the following four criteria:

• Purpose Limitation—Article 5(1)(b) of the GDPR: This criterion stipulates that personal data must be collected for specified, explicit, and legitimate purposes, and must not be further processed in ways that are incompatible with those purposes.
• Data Minimization—Article 5(1)(c) of the GDPR: This criterion pertains to data minimization, which is a fundamental principle for personal data processing. The main objective of the article is to ensure that only the data strictly necessary to achieve the intended purpose is collected and processed.
• Storage Limitation—Article 5(1)(e) of the GDPR: This criterion addresses the storage limitation principle. In accordance with this article, data must not be retained indefinitely. Justification for retention should be based on the specific processing purpose, and data should be securely erased once it is no longer required.
• Cross-Border Data Transfers—Art. 45 GDPR: This criterion pertains to the cross-border data transfers provision. The primary focus of this article is to delineate the conditions under which personal data may be transferred to countries outside the European Union.

2.6. Operational Constraints

For digital payment systems, beyond the parameters discussed earlier, it is crucial to account for operational constraints that may substantially affect system scalability and efficiency. In our proposed framework, we have incorporated this dimension with specific criteria to ensure proper implementation. Specifically, the criteria included in this dimension are as follows:

• Interoperability: Interoperability within digital payment systems, in relation to privacy-enhancing technologies (PETs), denotes the capacity for various implementations to operate together across diverse platforms, organizations, and jurisdictions while maintaining privacy standards.
• Scalability: This metric allows our framework to assess the capacity for processing a high volume of transactions per second. By implementing PETs, financial systems can optimize throughput while maintaining robust privacy standards.
• Resource efficiency: Resource efficiency in digital payments involves achieving an optimal balance between robust privacy and security measures and minimizing computational, communication, and energy expenditures. It is essential to evaluate privacy-enhancing technologies (PETs) based on both their effectiveness in safeguarding privacy and their practical operational efficiency.
• Offline payment: Offline central bank digital currency (CBDC) [27], along with other digital payment systems, represents a form of digital currency that facilitates transactions without requiring a network connection. This approach functions similarly to cash, enabling exchanges to occur without third-party intervention. Settlement is finalized when the device subsequently reconnects to the network. The proposed introduction of CBDC from the European Central Bank (digital euro) may make such transactions possible in practice [6]. Offline payments can be implemented using near field communication (NFC), allowing queued transactions to be processed once an internet connection is available.

Table 3 presents a weighted scoring system that incorporates all relevant metrics for each dimension, along with a sub-scoring table that details the evaluation process for each parameter. Our model treats the five main dimensions as equally important, but weights can be assigned and may vary depending on the payment system and evaluation methods. For example, regulations can impose specific constraints, such as requiring real-time transaction verification, thus excluding offline transactions. Additionally, some commercial apps interacting with banks may only need users’ phone numbers for small payments, bypassing digital IDs. Transactions within the same financial institution often differ significantly in terms of regulations and constraints. Therefore, we can adjust the weights for each dimension as needed in each case.

Table 3. Dimensions—scoring range.

Dimensions	Maximum Score	Scoring Range	Sub-Scoring
Security (P1)	20	5–20	5 points: Provides basic protection, but is susceptible to recognized vulnerabilities, linkage attacks, or demonstrates limited cryptographic robustness. 10 points: Provides protection against commonly encountered attacks; however, it may be susceptible to more sophisticated adversaries or issues related to scalability. 15 points: Demonstrates robust resistance against most recognized threats; however, security may rely on trusted configurations or hardware-based assumptions. 20 points: This approach is cryptographically robust, demonstrates resistance to contemporary attacks, and ensures both confidentiality and integrity.
GDPR Compliance (P2)	20	0–20	Purpose limitation (0–5 points) Data minimization (0–5 points) Storage limitation (0–5 points) Cross-border data transfers (0–5 points) Allocate points to each criterion as outlined below. ➢ 0 points: No evidence of compliance. ➢ 1 point: Implementation is inconsistent ➢ 2 points: Minimal safeguards in place/insufficient. ➢ 3 points: Principle is applied; exceptions remain. ➢ 4 points: Strong alignment with GDPR, with only minor issues. ➢ 5 points: Full Compliance with GDPR, verifiable compliance.
Auditability (P3)	20	0–20	0 points: No auditability. 5 points: Although possible, an audit is usually impractical except in specific situations. 10 points: Some elements remain unseen, but partial verification is possible. 15 points: Provides audit trails, but oversight is limited. 20 points: Authorized auditors can quickly and accurately verify transactions while protecting user privacy.
Privacy-Preserving Technical Measures (P4)	20	0–20	Allocate five points for each criterion that is fulfilled (see Table 4). Anonymity (0–5 points) Unlikability (0–5 points) Forward and backward privacy (0–5 points) Future readiness (0–5 points)
Operational Constraints (P5)	20	0–20	Allocate five points for each criterion that is fulfilled (see Table 4). Interoperability (0–5 points) Scalability (0–5 points) Resource efficiency (0–5 points) Offline payment (0–5 points)

For each criterion related to the privacy-preserving technical measures and operational constraints dimensions, the score is assigned according to the guidelines provided by Table 4.

Table 4. Scoring explanation.

Criterion	0 Points	1–2 Points	3 Points	4 Points	5 Points
Interoperability	Closed system; no compatibility	Limited interoperability, requires adapters	Supports standards but with restrictions	Broad interoperability across platforms	Fully interoperable, seamless integration
Scalability	The architecture supports only a fixed or very small number of users/transactions.	The system is effective for small-scale operations; however, as it scales, it experiences considerable latency and communication bottlenecks.	System can handle moderate transaction volumes or limited concurrent users.	Designed to deliver reliable performance even during periods of heavy transaction volume.	Supports millions of users and transactions in real time with low latency, demonstrating proven scalability.
Resources Efficiency	Extremely resource	High demand	Moderate efficiency, acceptable	Balanced performance and sustainability	Highly efficient, lightweight, eco-friendly
Offline Payment	No offline support	Offline in very constrained cases	Partial offline, needs resync	Robust offline for most scenarios	Fully functional offline, secure reconciliation
Anonymity	All transactions are fully identifiable.	Basic pseudonymization or identifier masking is used, but transactions remain easily linkable to a specific user through metadata	Some privacy protections are in place, but the system remains vulnerable to linkage attacks	Identities and transaction metadata are well protected through advanced cryptographic or network-level techniques	Transaction architecture ensures that no personally identifiable information (PII) is collected, processed, or inferable—untraceable transactions
Unlikability	Transactions easily linkable	Partial unlikability, metadata leaks	Moderate unlikability	Strong unlikability, resists profiling	Complete unlikability, uncorrelatable transactions
Forward & Backward Privacy	Compromise exposes all past/future data	Limited protection, large exposure	Reasonable secrecy, some leaks	Strong, minimal exposure upon compromise	Robust, no past/future compromise possible
Future Readiness	Outdated, non-adaptable	Limited adaptability, risks obsolescence	Some forward-looking but needs upgrades	Flexible, aligns with emerging standards	Fully future-proof, modular, post-quantum, adaptable

The overall privacy evaluation score for the digital payment system under review is given by the sum of the scores of each dimension, as shown in the following formula:

$$\mathrm{P}\mathrm{r}\mathrm{i}\mathrm{v}\mathrm{a}\mathrm{c}\mathrm{y} \mathrm{E}\mathrm{v}\mathrm{a}\mathrm{l}\mathrm{u}\mathrm{a}\mathrm{t}\mathrm{i}\mathrm{o}\mathrm{n} \mathrm{S}\mathrm{c}\mathrm{o}\mathrm{r}\mathrm{e}=\mathrm{P}1+\mathrm{P}2+\mathrm{P}3+\mathrm{P}4+\mathrm{P}5 (\mathrm{S}\mathrm{c}\mathrm{o}\mathrm{r}\mathrm{i}\mathrm{n}\mathrm{g} \mathrm{r}\mathrm{a}\mathrm{n}\mathrm{g}\mathrm{e} \mathrm{f}\mathrm{r}\mathrm{o}\mathrm{m} 0 \mathrm{t}\mathrm{o} 100)$$

The proposed evaluation framework was designed to adapt to specific case requirements. It is possible to assign different weights to the score of each dimension based on specific criteria. For instance, in the case of a dedicated system involving limited financial resources, prioritizing security may prove to be more beneficial than conducting an audit. For large amounts of money, auditability for cross-border transfers is required and cannot be excluded. The application of different weights to certain dimensions may prove to be highly effective in establishing a framework that accurately reflects real-world circumstances.

2.7. Demonstrating the Evaluation Framework

To demonstrate the results of the proposed framework, we selected three privacy enhancement technologies that are widely recognized as effective solutions for digital payment systems. These technologies are as follows [28]:

• Zero-Knowledge Proofs (ZKPs): This represents sophisticated privacy-enhancing technologies that facilitate information verification without revealing the underlying data. Mechanisms utilizing ZKPs are designed to protect both integrity and confidentiality, adhering to the principle of data minimization. Confidentiality is maintained so that, even if the network is breached, the core information stays protected. Moreover, proofs are verifiable, supporting transparency while auditing. However, the computational complexity associated with their implementation poses significant challenges for integration into large-scale, real-time payment and financial systems. Additionally, we should note that despite the high score for privacy, specific implementation limitations, such as latency or processing requirements, might affect real-world adoption.
• Anonymity-enhanced signatures: This technology delivers robust privacy and security by concealing the identity of the signer. These signatures safeguard confidentiality and data integrity and are designed for seamless interoperability. Nonetheless, they demand higher computational resources, and in specific circumstances, the signer’s identity may still be determined.
• Secret Sharing/Secure Multi-Party Computation (SMPC): This measure offers robust security and privacy by distributing data among participants, ensuring that disclosure occurs only through collaborative effort. Moreover, most SMPC protocols require multiple synchronous rounds of communication to ensure correctness and prevent leakage. However, this approach is constrained by efficiency challenges and demands higher computational resources.

In this study, we assume the existence of three distinct digital payment systems, each employing one of the previously outlined privacy-enhancing technologies. For each evaluation criterion, scores must be systematically assigned based on the inherent characteristics and performance attributes of the respective systems. The subsequent table (Table 5) provides a comparative analysis of the three principal privacy-enhancing technologies, evaluated in accordance with the predefined assessment criteria and the unified scoring framework. Given that the specific technical characteristics and security measures of each system must be examined individually—and may obviously differ significantly from one system to another—we consider that this aspect falls outside the scope of the present comparative analysis. Therefore, the security dimension is not rated. The same applies to the GDPR compliance dimension, since the level of compliance of each system must be assessed separately. For all subsequent results, it should be noted that we assume the use of standard equipment without hardware acceleration.

Table 5. Compare PETs.

		Privacy Enhancement Technology
Criteria		ZKPs	Anonymity-Enhanced Signatures	Secret Sharing/Secure Multi-Party Computation (SMPC)
Security		System-specific assessment is required
GDPR Compliance	Purpose Limitation	System-specific assessment is required
	Data Minimization
	Storage Limitation
	Cross-Border Transfers
Auditability		15 Provides strong auditability through verifiable proofs that confirm correctness without revealing the underlying process	10 Provides authenticity and non-repudiation, but anonymity restricts later verification and accountability	10 Allows correctness checks in distributed environments, but auditing remains difficult because the data are fragmented
Privacy Preserving Technical Measures	Anonymity	4 Enables anonymous validation without revealing identity	3 Small groups may still pose some linkability risk	3 Protects data content but not user identity, anonymity is secondary
	Unlinkability	4 Proper implementation prevents multiple proofs from being linked to a single user	5 Demonstrates a high degree of unlinkability, individual signatures cannot be correlated with any specific signer	3 if an individual participates multiple times, their activity could potentially be linked through correlation attacks
	Forward/Backward Privacy	3 While not guaranteed by every protocol, evolving proofs or temporary keys can make this possible	4 Frequently ensures key evolution and protects interactions before and after	3 Session-based protection lacks inherent forward and backward secrecy
	Future Readiness	5 Highly adaptable, with active integration in blockchain and post-quantum systems	3 Mature but less flexible for evolving technological frameworks	4 Useful for distributed models, though scalability and communication remain challenges
Operational Constraints	Interoperability	4 Demonstrates effective integration with various infrastructures, including digital identification	3 Primarily operates within particular systems that rely on signatures	3 Needs tailored coordination methods and parties working in sync
	Scalability	3 Emerging technologies are progressing, yet they continue to demand substantial computing power	4 Scales efficiently for large user sets with minimal performance overhead	2 Limited scalability due to heavy communication and computation demands
	Resource Efficiency	3 Moderately demanding; proof generation and verification remain costly	4 Lightweight and computationally efficient	2 Resource-intensive due to multi-round encrypted computation requirements
	Offline Payment	4 Supports offline validation (e.g., in privacy-preserving digital cash) via pre-generated proofs	4 Suitable for offline transactions through pre-computed signatures	2 Requires active participation, hindering offline use
Final Score		45	40	32

It follows, therefore, that the use of ZKPs is superior to other solutions, as it achieves the optimal combined satisfaction of privacy protection and auditability requirements, while not imposing significant operational constraints.

2.8. Comparative Analysis of the Proposed Framework

Although extensive research exists regarding privacy in digital payment systems and associated privacy-enhancing technologies, a comprehensive approach that addresses all aspects of digital payments in relation to these technologies remains lacking. In our study, we review prior work on privacy in payment systems to accurately identify the essential dimensions for developing a holistic, privacy-aware evaluation framework. As noted by Emanuele Borgonovo et al. [15], the degree of financial privacy provided by each medium of exchange largely depends on the transaction processing methods implemented. Thus, the privacy protection offered is determined by the specific implementation of each payment method. Ryan Lavin et al. [28] compare three major privacy enhancement technologies—zero-knowledge proofs, fully homomorphic encryption, and secure multiparty computation—examining their respective advantages and disadvantages related to privacy and security, although they do not address other critical criteria relevant to digital payments.

Comprehensive analyses of privacy evaluation in digital payments are detailed in reports published by international financial institutions such as the International Monetary Fund (IMF) and the Bank for International Settlements [29]. Comparable studies, including research from the Federal Reserve Bank of Cleveland Working Paper Series [30] and other organizations, largely concentrate on security and privacy concerns but do not investigate the specific parameters of digital payment systems in depth. This research aims to bridge the gap between privacy and security by systematically addressing all relevant factors necessary for the effective implementation of a digital payment system.

Table 6 presents a comparison of the proposed framework with two other established frameworks related to privacy awareness in digital payments. The first framework is provided by the BIS, while the second has been established by the IMF.

Table 6. Comparative analysis of the proposed framework.

	Evaluation Criteria	BIS: Enhancing Technologies for Digital Payments: Mapping the Landscape	IMF Privacy Technologies & The Digital Economy	Proposed Framework
Security	Security
GDPR Compliance	Purpose Limitation
	Data Minimization
	Storage Limitation
	Cross-Border Transfers
AUDIT	Auditability
Technical metrics of Privacy	Anonymity
	Unlinkability
	Forward/Backward Privacy
	Future Readiness
Operational Constraints	Interoperability
	Scalability
	Resource Efficiency
	Offline Payment
Scoring System

Certain criteria, such as offline payment capabilities, are either not fully addressed or are only partially covered. Additionally, areas including forward/backward privacy and the scoring system are omitted by both BIS and IMF. The integration of forward and backward privacy features, along with the implementation of a scoring system for visualization, would offer substantial benefits for comparative analysis and auditing purposes.

3. Conclusions

The contribution of our research extends beyond privacy criteria addressed in the GDPR. Our proposal presents a comprehensive methodology that integrates legal compliance, technical privacy metrics, operational considerations, and audit functions into a unified scoring framework. Unlike previous assessments, which are not specifically designed for digital payment systems, this framework is tailored to their unique requirements, incorporating factors such as offline usability, regulatory audit obligations, forward/backward privacy, privacy technical metrics, operational constraints, and transaction throughput. Furthermore, a comprehensive scoring framework has been established, which can be tailored to suit the requirements of the system being assessed. The proposed methodology is designed to support the evaluation of privacy technologies for emerging solutions, including quantum-resilient systems and AI-driven financial infrastructures. The result is an innovative evaluation model that enables system designers to identify optimal privacy-enhancing technology combinations for digital currencies that balance privacy preservation with auditability.