Digital Transactions Authoritative, insightful and timely information for payments professionals
In somewhat simple terms, quantum computing uses quantum mechanics – an area of physics that examines the behavior of particles at a microscopic level – to solve complex problems more rapidly than on conventional computers. It includes elements of physics, computer science, and mathematics.
For the purpose of this article, how quantum computing works is not really that important. However, the implications of computing speed for IT security are very relevant—and staggering. Ultimately, quantum computing’s extremely fast computational abilities will power the ability to crack secure encryption.
Why is this significant? This will impact all business models involved in the communication of sensitive data via the Internet: trade, industry, and services, including e-commerce and, specifically, payment security.
How can businesses best prepare? What’s needed is crypto-agility, and that means looking at quantum-resistant methods. The National Institute of Standards and Technology (NIST) first requested back in 2016 that cryptographers look into the development of quantum-resistant encryption methods. It has now chosen four algorithms, with more to come. We need to aim toward developments in technology that allow security keys and encryption to be changed quickly, using software that can re-encrypt communications and databases if algorithms are cracked.
This is not easy. The plethora of data that is now held in databases can make processes cumbersome, and decryption on a large scale could be problematic. Reprogramming software for a crypto-agile future will be time-consuming and could take years to complete. That’s why we need to start now. In the payment industry, we use hardware security modules, which calculate quickly and support many algorithms. So we can expect to see partnerships forming that allow these changes to be speeded up.
In the meantime, here are steps that the payments industry is currently undertaking that will enable it to forge a leadership role in supporting stringent security protocols as quantum computing advances:
Tokenization. With tokenization, security-relevant data like a customer’s card number is replaced by non-critical data that is unusable by thieves, making it hard to breach or replicate. The substitute values for the sensitive card data can be stored by merchants so that the card is immediately available as a means of payment when the customer logs in to his or her account online—without having to re-enter the card number and even with the original image of the physical card for better recognition. In addition to the visible elements, a transaction-specific cryptogram and strong encryption functionality contribute significantly to security.
POS P2PE. Terminals at the point of sale that support the P2PE security standard of Visa and Mastercard ensure that the payment data is strongly encrypted, with a unique key for each payment. Since real data is neither displayed nor stored, it cannot be stolen.
Wallets and 2-factor authentication. Smart-phone wallets exchange tokens, meaning that credit card data need no longer be entered. Customers are additionally protected by two-factor authentication, which controls who triggers the transaction.
Applications for quantum computing could take some time. However, if they begin to be commercialized by 2030, that only leaves a small window to create the necessary defenses for conducting transactions in a post-quantum world. If we wish to protect our personal data, the payment industry should leverage its strengths in security and begin preparing now for the changes ahead.
—Ralf Gladis is chief executive of Computop.
