At Nacha event Smarter Faster Payments 2025 in New Orleans, a weekend panel session explored how financial institutions must establish an internal risk committee that assesses and mitigates future quantum-related threats.
Editorial
This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.
John Buselli, offering manager – IBM security research, IBM, along with Namit Agrawal, partner and US leader, IBM payments centre, IBM Consulting, and John Brady, head of engineering and chief architect, BillGo, highlighted that current cryptographic tools, which take up to a million years to break, could be compromised by quantum computers in five to 10 years.
They emphasised the need for a roadmap to transition to quantum-resistant algorithms, starting with creating an inventory of critical assets and assessing vulnerabilities. Key algorithms like Shor’s and Grover’s were discussed for their potential to break encryption and accelerate fraud detection.
With the knowledge that cryptographic methods can be compromised, the financial services industry must also come to terms with the urgent need for quantum-safe cryptography, which involves developing algorithms that are resistant to quantum attacks. In order to keep the ACH network safe, cryptographic methods must be updated, and operational rules, strengthened.
Buselli mentioned that the onset of quantum threats will be “difficult to detect, purposeful, it won’t be dramatic but it will be concerning in that regard.” He went on to say that “all data that’s not quantum state today, if it were to be exfiltrated at some point in the future by a bad actor, they could unravel that data.”
He added: “This is a complex supply chain that has to be transformed. Everyone has a collective role in this together. That’s really where the safety is going to come from, and you’re only going to migrate as quickly as your least secure defence.” Quantum computers can break current encryption keys much faster than classical computers, so banks will need to revisit and rebuild payment systems to account for quantum computing threats.
Brady explored the various stages of payment processing, the vulnerabilities introduced by quantum computing, how digital identities can be hacked and synthetic identities can be introduced, leading to account takeovers and manipulation of payment transactions. Beyond payments origination, risks can also emerge in payment transmission, where systems can be intercepted and data manipulated. Further, within payments processing, clearing, and settlement, malicious users could change ledger values.
“In that sense, the integrity, the security and the risk of quantum that we are talking about today has to be understood by each and every individual in the value chain. […] Today, we do have quantum computers that are already at an experimental stage. They are able to generate various algorithms and capabilities.
“However, those quantum computers do not have, currently the compute or the error correction, or in this case, accuracy, in which they can break these algorithms. We are probably another five to 10 years away from quantum computers getting to a point where they could become powerful enough to break encryption keys.”