Mastodawn

Finland, Denmark, Norway, Sweden, and Estonia are soon enabling offline debit card payments for at least seven days without network connectivity. The change covers payments for essential goods in physical trade, such as food, medicine, and fuel. Each country has made - or is in the process of making - the required changes to their related regulations to enable it.

The motivation for this change is to enable payments even in exceptional situations such as network disruptions due to sabotage or conflict. TL;DR: You can pay for essentials even if Russia cuts the cables.

Plans for this change were announced in May 2025: https://www.reuters.com/business/finance/nordics-estonia-plan-offline-card-payment-back-up-if-internet-cut-2025-05-07/

#resilience #preparedness #infrastructure #payments #banking

Harry Sintonen 15h ago

Denmark has implemented this change now: https://www.nationalbanken.dk/en/news-and-knowledge/publications-and-speeches/other-publications/2026/status-of-the-card-payment-contingency-measure-in-denmark

Sweden should be done with the implementation by 1 July 2026: https://www.riksbank.se/en-gb/payments--cash/payment-preparedness/offline-payments/

Status of the card payment contingency measure in Denmark

In the event of an outage in the card payment infrastructure, or if the internet is down, all adults in Denmark with a Danish-issued payment card from Dankort, Mastercard or Visa can now make offline payments in most nationwide supermarket chains for at least a week. This applies both to their physical payment cards and to card-based wallets on their mobile phones, such as Apple Pay and Google Pay. The same will be the case at 40 per cent of pharmacies in June, and the remaining pharmacies during the third quarter of 2026. This means that the Danish Payments Council will have achieved its objective of establishing a nationwide card payment contingency measure. The resilience of payments in Denmark is further supported by the fact that 80 per cent of Danes have at least one payment card that can be used offline in most stores not covered by the contingency measure.

Nationalbanken

@harrysintonen Sorry to ask before reading, but, are there links to the technical implementations in any of the articles?

If not, do you have any links?

If there are, I'd appreciate if you tell me (a "like" is enough). Sorry for the laziness 😶‍🌫️

@jandi @harrysintonen Reqlly interested in this too. Not even the tech of it—I don’t expect any surprises there—but rather the organizational decisions behind them all.

Harry Sintonen 14h ago

@jandi My understanding is that this is all based on the existing EMV technology and doesn't require new hardware. Basically it's just enabling existing features. Sorry, but I don't have technical specs for this.

@slotos
As for the regulation, each country has a slightly different process and bodies doing it. Usually it's the national central bank with some kind of payment council (that has participants from various stakeholders running the payment systems, for example https://www.nationalbanken.dk/en/what-we-do/safe-and-efficient-payments/the-danish-payments-council).

The Danish Payments Council

The Danish Payments Council brings together some of the most important players in the payments area in Denmark. They exchange knowledge and views on developments in retail payments in the Danish payment market. This promotes insight and transparency in the market, so citizens and companies can trust that payments are made quickly and safely. Danmarks Nationalbank chairs and provides secretariat services for the Danish Payments Council.

Nationalbanken

@harrysintonen @slotos Thank you. The nationalbanken.de is the link with more info IMO.

Interesting stuff, thank you for posting, and @skinnylatte for boosting.

Brie Mmm 15h ago

@harrysintonen Cash works offline without special preparations.

Harry Sintonen 14h ago

@brie Agreed, cash works, too. Nordics have been practically cashless for ages now, however, and while it is recommended to have reserves, many don't.

Alex@rtnVFRmedia Suffolk UK 14h ago

@harrysintonen @brie

even in UK banks had separate virtual private networks independent of the Internet operating over dedicated leased lines for many years.

the challenge is going to be more getting the data from the terminals in shops to the banks securely, especially if the LTE mobile network is disrupted in any way..

the tower fairy 14h ago

@harrysintonen why not cash?

Harry Sintonen 14h ago

@crystalmoon https://infosec.exchange/@harrysintonen/116397500903206960

Leif Samuelsson 14h ago

It will still be difficult to use payment systems from the US if they decide to put an embargo on us, like they threatened to do with Spain. We need EU based cards!

Harry Sintonen 14h ago

@leffe Agreed. Currently only 37% of payments use national systems (and it's unclear how much dependencies on US systems those might have). https://www.ecb.europa.eu/press/pr/date/2025/html/ecb.pr250228_1~7f0697af45.en.html

Most EU countries rely on international card schemes for card payments, ECB report shows

The European Central Bank (ECB) is the central bank of the European Union countries which have adopted the euro. Our main task is to maintain price stability in the euro area and so preserve the purchasing power of the single currency.

European Central Bank

Leif Samuelsson 14h ago

We have a national payment system in Sweden called Swish, but it requires the use of an operating system from Apple or Google, and it doesn't allow accessibility software to be present. So in either case, we are quite vulnerable.

#svpol #eupol #Swish #BankID #a11y

Kalle Kniivilä 14h ago

@leffe @harrysintonen Swish works fine on /e/OS. But it does require BankID. Which also works fine on /e/OS, at the moment at least.

Leif Samuelsson 14h ago

@kallekn @harrysintonen

Android apps that don't require logging in to Google for "security" reasons may soon be a thing of the past. I had /e/OS for a couple of years, but there were other necessary apps that wouldn't run, because they hadn't been installed by Google. It's a house of cards.

Kalle Kniivilä 14h ago

@leffe @harrysintonen That's what I am afraid of when it comes to BankID for example. If it stops working, /e/OS is toast.

Leif Samuelsson 14h ago

@kallekn @harrysintonen

Oh, and even #MicroG as an alternative to Play Services still depends on Google infrastructure.

Utarg of Utarg 🔬🇪🇺🇸🇪🇬🇧🇺🇦14h ago

@kallekn @leffe @harrysintonen I’ve just bought a SailfishOS phone and hope I can get BankID working on it, presumably by sideloading the Android version.

Kalle Kniivilä 14h ago

@toxy @leffe @harrysintonen Please do tell if that works.

Utarg of Utarg 🔬🇪🇺🇸🇪🇬🇧🇺🇦14h ago

@kallekn @leffe @harrysintonen Absolutely.

Leif Samuelsson 14h ago

@toxy @kallekn @harrysintonen

I had Sailfish too for a couple of years. Same problems.

Kalle Kniivilä 14h ago

@leffe @toxy @harrysintonen But did BankID work? What did not work?

Leif Samuelsson 13h ago

@kallekn @toxy @harrysintonen

Yes, but it was eight years ago. It doesn't have any advantage over other degoogled systems. We'll see what happens whey tighten things this autumn.

Kalle Kniivilä 13h ago

@leffe @toxy @harrysintonen The advantage would be that it is totally independent of Google... except it maybe isn't, when you need to use Android apps... which is most apps.

🤔

@leffe @harrysintonen I think you will find interesting this video:

https://youtu.be/rJq9QOo8Ak0

EU is preparing an alternative. Slowly, yeah, but they are on it.

Why Europe Is Creating an Alternative to Visa & Mastercard

YouTube

Leif Samuelsson 11h ago

@andrewblasco @harrysintonen

It says it's a digital payment system, so no guarantee (yet) that it will work without support fom Google, Apple and Microsoft.

@leffe @harrysintonen Yeah, but it's a step in the right direction.

I agree with you, we need full control of our systems, especially in critical areas like education, state administration and military.

And it's quite simple to achieve: Invest in existing Linux solutions (and create specific apps when needed) and a forked Android. France is leading in that area.

Leif Samuelsson 10h ago

@andrewblasco @harrysintonen

The video talks about replacing payment cards with (existing) apps for payments. That logic just doesn't hold, as long as the app market is constrained. Are French authorities going to support users with #mobilelinux?

@andrewblasco this mentions nothing about offline or how that would work. Are you sure it's the same system they're talking about?

@harrysintonen
It's high time they came up with the idea of abolishing cash.

@wariat That means the end of common access to state-issued money (m0). Not sure that’s a good thing, if not an outright monetary impossibility. https://www.harpercollins.com/products/cloudmoney-brett-scott @harrysintonen

Cloudmoney

@sef
In my opinion, it's a really bad idea, but no one ever asks me :D

@harrysintonen I am glad that when the world ends, i can still pay my bills.

Joonas Kuorilehto 9h ago

@catraxx @harrysintonen Except Finns don’t pay bills by debit card. We get a XML invoice to online bank that is auto-paid. 🤷‍♂️

EvoScale 12h ago

@harrysintonen What are the odds that 'internet' would morph into network of interconnected drone nets?

*not an endorsement of satellite networks ;-)

Osma A 🇫🇮🇺🇦12h ago

This paves the way for digital euro, but affects in-person payments only, and relinquishes the consumers' chargeback right because even when delayed, debit is still debit. With buyer behavior moving more and more online, and remote purchases without chargeback right moving all the transaction risk to the consumer, it's not all good.
https://www.ecb.europa.eu/euro/digital_euro/html/index.en.html
@harrysintonen

Digital euro

The European Central Bank (ECB) is the central bank of the European Union countries which have adopted the euro. Our main task is to maintain price stability in the euro area and so preserve the purchasing power of the single currency.

European Central Bank

Dr. Christopher Kunz 12h ago

@harrysintonen In addition to Russia cutting the cables, my concern is for VISA and other US credit card providers cutting service to specific, targeted individuals or even whole countries. We've already seen precedent for both.

Led By Gilded Fools 11h ago

@christopherkunz @harrysintonen This was my question also: Could having this have prevented that French Judge from having all bank access denied by the USA, or not?

Dr. Christopher Kunz 9h ago

@MHowell @harrysintonen I'm neither a lawyer nor a banking expert, but I don't think that the offline emergency payment option would have helped said judge. They were subject to US sanctions, so their credit cards were cancelled/invalidated, not temporarily blocked. The second part of the Reuters article - internationally federated payment processing that is independent of Mastercard, VISA and arbitrary political sanctions would really go a long way.

Harry Sintonen 11h ago

@christopherkunz A solution that mitigates this risk would be preferable, indeed. As reported in https://www.ecb.europa.eu/press/pr/date/2025/html/ecb.pr250228_1~7f0697af45.en.html in 2022 only 37% of payments used national systems. Even those likely have many dependencies to systems outside of EU.

Most EU countries rely on international card schemes for card payments, ECB report shows

The European Central Bank (ECB) is the central bank of the European Union countries which have adopted the euro. Our main task is to maintain price stability in the euro area and so preserve the purchasing power of the single currency.

European Central Bank

Kierkethumbs up convincingly 11h ago

@harrysintonen even when they do it :|

BrianKrebs 11h ago

@harrysintonen Seems like good for the consumer, but also good for fraudsters, no?

Harry Sintonen 11h ago

@briankrebs The fraud is limited by the fact that this system can only be exploited when the network connection is down. There also is limits for the amounts you can "credit", I believe, and the system is limited to cards issued in that particular country.

Yes, there is possibility for fraud, but these mitigating factors should limit it.

@harrysintonen
It works for debit cards? How?

The one reason that I have accepted having a debit card is the absolute guarantee that it cannot be used to spend money I don't have. Otherwise, that's a credit card, and I will not accept a credit card contract.

Without access to my bank, how does this guarantee work?

Harry Sintonen 11h ago

@leeloo See https://www.riksbank.se/en-gb/payments--cash/payment-preparedness/offline-payments/ for rough explanation.

Offline payments

The Riksbank and representatives from the payment market have reached an agreement to increase the possibility to make offline card payments for essential goods

@harrysintonen
Nothing about my question.

Harry Sintonen 10h ago

@leeloo If "spending money you don't have" is a concern there's a rather easy mitigation: pay with cash only when the network is down.

@harrysintonen
No, I expect my bank to uphold their end of the contract.

The modern way of customers having to jump through hoops because the people with too much money are above the law is not acceptable.

Leif Samuelsson 10h ago

@harrysintonen @[email protected]

Or pay with cash when you want #privacy.

Victor Westerhuis 11h ago

@leeloo Probably the same way ATMs (at least in Europe) have worked for years now. If the connection to your bank is down, you can still take out money at an ATM. When the connection is back up, the money is deducted, whether there is enough in your account or not. You pay no interest, the charge is dated to the correct day.

@viccie30
So a credit card and thus a contract violation.

@leeloo incidentally, that's not a guarantee at all in any debit card I have used. In Spain at least some debit cards let you spend up to a certain point in the red, and if you sanitize the debt in less than, I think, 24 hours, you aren't even charged interests for the negative balance.

So I'd guess it's probably something like that. You are able to pay offline, when the bank hears about the payment it gets deducted and if you overspent you pay **heavy** interests while your account is red.

@nirro
That is not a thing I have ever consented to, and allowing that would make my bank guilty of fraud.

Also, if it were the case, what would be the point of making me wait for the check whether there is money in my account before allowing me to fuel my car?

@leeloo well, in Europe some banks do it like that. It's clearly detailed on their terms and conditions as well so it is not fraud, it's the contract they offer.

I didn't get the second part of your message. What I said is in the event of a loss of connection payments default to being accepted so you... get your gasoline immediately regarless of your balance. Payments are processed later. I'd assume that if your bank THEN detects that you had a negative balance, it'd proceed to charge interest.

Viktoria D. Richards/Uddelhexe 11h ago

Humanity already enabled this with physical money.

I mean: good that working internet is not required for paying with cards, but not making paying with actual money nearly impossible ( which would technically in the worst case not even need electricity) would have prevented making this new step necassary in the first place.

Harry Sintonen 10h ago

@v_d_richards Fair point. Physical money has inherent costs though: minting the coins and printing the bills consumes limited natural resources. The coins and bill have a limited lifetime, too. Thus I think it was a good idea to move away from physical money.

Nordics have largely moved away from physical money. I still have a 50€ bill in a nook of my wallet for emergencies - I think it's nearly ten years old now.

Viktoria D. Richards/Uddelhexe 8h ago

Only paying digitally by lack of choice is dangerous in my opinion.

In times of crisis, cyber attack, war, natural desaster with potential black out of internet/ electricity, being as a society dependant on debit and Smartphones for transactions is an easy to attack single point of failure.

It also gives a government the potential complete control over people and is a tool for opression over citizens, when every payment is monitored.

Same goes for corporate tracking.

Harry Sintonen 7h ago

@v_d_richards Going full monoculture would be dangerous, indeed. However, there will always be cash around, but not as much in circulation as before.

As to government control over people or tracking/monitoring payments: I'd hate to live in a society where I'd have to worry about this in my threat model. Luckily this seems rather unlikely in the nordic countries at least.

Corporate tracking can be dealt with careful planning and setup. While I originally didn't do this to avoid tracking it sure is nice to self-host as much as possible: https://infosec.exchange/@harrysintonen/115916299816297773

Viktoria D. Richards/Uddelhexe 7h ago

I so much hope we will never find out how fascists will use everything to opress people.

I might be a bit pessimistic when i see how right wing parties all over Europe gain so much traction ( and in Germany of all places, where i live- which is so crazy) and how crazy dependant we are on the USA that are practically an oligarchy right now that can willy nilly deplatform european judges out of everyday life.

But you're right.
We can' t loose hope for better times.

Viktoria D. Richards/Uddelhexe 7h ago

I'd have problems visiting nordic countries.
For cyber security reasons i do not do online banking involving my smartphone and don't want wallets on my phone.

In disabled NFC on my cards since that is a gift to thieves of cards.
I heard that nordic countries partly only pay via nfc.

I am degooglng and without Apple/ Google no banking app works on a phone anyways.

Visiting a nordic country would force me to go against all my security actions.
I'd need a credit card + use nfc