We are all witnessing the AI revolution in real-time as new technology surpasses what we thought possible. Technology is rapidly changing and having an immediate impact on businesses and society. One area of concern with technological advancements is payment security.
Cloud Computing
Part of what is fueling this AI revolution is the distribution of cloud computing power. As cloud computing harnessed the power of millions of processors in enormous data centers, new technology that seemed out of reach was suddenly possible. However, cloud computing is simpler than quantum computing.
The Threat of Quantum Computing
The power of quantum computing processing will increase in magnitude by numbers that most people can’t fully comprehend. As a result, cybersecurity, specifically payment security, becomes an area of concern.
With quantum computing power, current security schemes will no longer be effective. If quantum computing evolves as fast as AI is currently, that could mean a severe disruption in security and payments around the world.
To help you understand how quantum computing works and its impact on payment security, we’ll dive into this rapidly evolving technology to see how soon we can expect these changes. We’ll also touch on solutions that experts are contemplating today to deal with the quantum threats of tomorrow.
What Is Quantum Computing?
A quantum computer is actually quite similar to the traditional computer you use every day. In a conventional computer, the foundation of data and the computer is a “bit.” A bit is essentially a binary digit that can either be on or off. In a computer, this on or off state is represented by a “0” or a “1”.
Bits are encoded by physical devices within the computer, such as the processor, storage device, and algorithms that execute sequential instructions. A quantum computer works similarly, but instead of using bits, a quantum computer uses qubits as the foundation of its computations.
Qubits or quantum bits take advantage of strange properties in quantum mechanics. Quantum mechanics is the study of nature at a very small scale, smaller than an atom. In this small quantum world, strange properties emerge that we never witness at the macro scale.
For example, qubits can exist in both a 0 and 1 state simultaneously, a phenomenon known as superposition. In fact, a qubit can exist in every possible state at once.
This sounds a little strange, but it gets even crazier. Because of this superposition, a group of qubits can create multidimensional computational spaces. In basic terms, this means that relatively simple quantum computing can perform the functions of an entire cloud computing network such as Microsoft Azure or Amazon Web Services.
However, today, only very rudimentary quantum computers exist. One limiting factor is the size. Although quantum computers are still based on silicon wafer chips, they require extreme cooling systems.
Quantum Computing Application Function
For a quantum computing application to function, the internal structures need to be kept about one-hundredth of a degree above absolute zero. Even a minor fluctuation above this temperature causes “decoherence” when the qubits lose their quantum states. This is one of the significant quantum computing challenges.
To put this challenge into perspective, a typical quantum chip is about the same size as your current desktop CPU. However, the cooling system needed to maintain a quantum state for that single chip is about the size of a car.
Currently, this makes scaling the technology a real challenge. However, as with most technical challenges, they are eventually solved, and when that happens, advances move exponentially.
Currently, most quantum experts believe that within a decade, quantum computers will be compact and powerful enough to threaten current security systems and protocols around the world.
Why Quantum Computing Is Such A Security Threat
Today, security protocols and methods in industries such as digital payments rely on complex computational formulas to encrypt data. This type of cryptography is designed so that even a powerful computer would need hundreds and sometimes thousands of years to solve the cryptography or “break the code.”
This is why most hacking or cybersecurity incidents do not result from codebreaking, as is often depicted in Hollywood movies. Instead, most hacking and system breaches are accomplished through security holes, digital backdoors, or simply tricking an employee into revealing sensitive password information.
Breaking passwords or cryptography algorithms is simply too difficult using current computing power. However, quantum computing will change all that. With the jump in computing power that quantum computers offer, cryptography that could take hundreds of years to break could be broken in days or even just hours.
When this happens, it will essentially render all current security cryptography methods obsolete. For example, most blockchain security, like those used for Bitcoin, are based on complex mathematics that resist brute force attacks. But quantum computers can render those protections useless.
One specific danger is that most quantum computers are being developed in relative secrecy. This isn’t necessarily for nefarious reasons. It’s common in industrial research for some secrecy to protect investments and other resources.
This means that quantum computers capable of breaking current cryptography will likely be discovered in secret. When the breakthrough occurs, the majority of the world’s security experts will not be aware of it.
How Soon Could Quantum Computing Be A Payment Threat?
Global payments can range from small purchases to massive transfers between corporations and governments. Payments are happening every moment and are required to maintain the economy and global relationships.
Obviously, security is paramount for payments to continue. Disrupting these payments could create turmoil in markets and even geopolitical instability. While this is a scary notion, most quantum experts believe the threat of quantum computers to payment security is approximately a decade away.
In some ways, that is sufficient time to begin working on alternative security measures. However, as with most technology, advancement often reaches a tipping point where things accelerate faster than scientists predicted.
Due to the complexity of quantum computing, breakthroughs will mostly happen at the nation-state or university level. So, this does provide something of a buffer since hackers or criminals won’t have access to the technology, at least at first.
What Makes Payment Security Vulnerable to Quantum Computing?
The financial industry, including digital payments, uses various forms of encryption for security. Credit card networks use encryption for data storage and transmitting sensitive financial information between merchants and other parts of the payment system.
Advanced Encryption Standard
A common encryption method is known as Advanced Encryption Standard or AES-256. This protocol was established by the National Institute of Standards and Technology (NIST) in the United States.
The numeric value of AES-256 represents the key length in bits. In this case, it’s 256, which is the largest and most difficult to break. AES is also available with 128- and 192-bit length keys.
Government agencies and the private sector use AES-256 to protect computer systems, mobile devices, data, and supply chains. It’s an open standard, so various entities can use and implement it.
The AES 256-bit key encrypts data. Since AES is symmetric encryption, the same key that encrypts data also decrypts it. However, the encryption is not completed in a single pass. Instead, it undergoes 14 rounds of various encryption methods.
This is a simplified explanation of the entire AES-256 data security standard. But, the goal is to illustrate that several rounds of encryption are needed to prevent decryption without the proper key.
Decryption Would Take Too Much Time Without The Key
Even if one doesn’t have the key, decrypting the data is theoretically possible. However, the time it would take is beyond anything a hacker or cybercriminal could perform. To give you an idea, access to even the most advanced computing power today would still require millions of years to decrypt AES-256 without having the proper key.
While that may seem comforting, it actually points to a shortcoming in payment security and quantum computing. Most encryption methods, like AES-256, rely on the fact that computers would need too much time to crack them.
The actual math and complexity involved are not all that sophisticated. The real strength of these methods is the computing power necessary to crack them. That’s where quantum computing presents a problem. With the enormous leap in computing power offered by quantum computing technology, the primary defensive strategy used by algorithms like AES-256 suddenly becomes useless.
What About EMV Chips In Credit Cards?
EMV chips are now mandatory for payment processing and have helped to provide financial industry security in the payments sector. EMV chips also use a type of encryption that creates a one-time token each time the credit card is used. This is the same type of tokenization also used for digital wallet safety.
This token is a mathematical representation of the actual card number and account information. This tokenization process has become common in security due to its safety and overall resistance to hacking.
The financial institutions store the keys needed to decrypt these tokens in critical vaults. These key vaults are highly secure data centers containing all keys related to EMV chips. So, while EMV chips are safe, the key vaults offer a high-value target for a quantum computer.
Algorithms like AES-256 or other similar methods protect the key vaults themselves. As we mentioned, quantum computers could possibly break that encryption in hours.
Overall, the current digital payment system is highly secure and uses some of the most advanced encryption and tokenization technologies available. However, it is only safe against brute-force attacks from today’s computer technology. Against quantum computing technology, it is obsolete.
Potential Security Solutions Against Quantum Computing
The threat posed by quantum computing led to the creation of a new field of study called post-quantum cryptography. As the name suggests, this next-generation encryption looks to deal with the effects of quantum computing and devise new algorithms to protect data.
Most of the work in this field revolves around creating hybrid algorithms that use traditional and newer quantum methods. Fighting quantum computing threats will require quantum computers. You can think of these cybersecurity innovations as fighting fire with fire but in a digital universe.
Below, we’ll discuss some technology risk management strategies currently under development to protect against quantum attacks.
Quantum Random Number Generators (QRNG)
QRNG technology is already in use today to protect personal data. Samsung has incorporated QRNG into its high-end smartphones to offer more advanced encryption around payments and data protection, such as with their Samsung Pay digital wallet technology.
This technology resists traditional brute force attacks that try to gain access by guessing passwords. It also can create digital signatures that are more secure and harder to decrypt.
Samsung’s QRNG chip is not a quantum computer but uses the natural variances of quantum principles to assist in its random number generation.
Random number generators are crucial in cryptography. Technology such as tokenization or AES-256 requires random generation to create secure keys and tokens.
Quantum Key Distribution
We’ve touched on how keys work in current encryption. Currently, there are symmetric keys and asymmetric keys. With symmetric keys, the same key is used to encode the data and then decrypt. It requires both the sender and the receiver to securely transmit the key. Anyone who obtains the key can decode the files being sent.
Asymmetric keys require two different keys for encryption and decryption: a public and a private one. The public key encrypts data, and anyone can access it. However, the private key is needed to decrypt the data, and only one party has the private key.
With both systems, if someone obtains the private keys, they can eavesdrop on communications without being detected. This is where quantum key distribution (QKD) can help.
QKD Technology and Quantum Mechanics
In quantum mechanics, there is a property by which any measurement or observation of a system changes the system that is observed. For example, shining one photon of light to study the location of a subatomic particle moves the particle ever so slightly. It’s impossible to observe a system without altering it in some minuscule way, at least according to quantum mechanics.
QKD technology exploits this law of quantum dynamics and can detect if anyone is listening in secure communications. This unique property is the basis for quantum encryption. QKD also works by using another feature of quantum mechanics known as entanglement.
Quantum Entanglement
With quantum entanglement, two particles remain connected even if separated by huge distances. A change to one particle is immediately reflected in the other entangled particle. Scientists and researchers do not fully understand why this entanglement occurs. Theoretically, one can use entanglement to securely send symmetric keys.
It’s also possible to have dynamic keys that change using quantum entanglement, and no direct means of communication between the two parties is necessary. QKD is still mostly a theoretical technology, although several startups and universities are working on prototype systems and devices for QKD for secure banking and other applications.
Opponents of QKD claim the technology could easily be overwhelmed, such as with traditional DDoS attacks. A system protected by QKD could simply be overwhelmed with eavesdropping attempts, rendering it mostly useless and unable to confirm secure communications. However, researchers can likely solve these problems as we have done with traditional systems that suffer from brute-force-style attacks.
Offline Storage
This is probably the most straightforward solution. Securing data offline with an air gap between the internet can provide substantial protection against even the most sophisticated cyberattacks. Today’s distributed environment expects data to be available anywhere and at any time, making offline storage difficult.
However, as threats change, payment companies may have to consider storing critical data offline to provide the most security possible for financial transactions.
Quantum Cryptography and Post-Quantum Hybrid Solutions
Many security experts believe the most attainable solution to the impact of quantum technology is a hybrid approach that uses both quantum cryptography and post-quantum cryptography methods.
While quantum cryptography relies solely on quantum principles, post-quantum cryptography uses more traditional cryptography methods but uses new mathematical techniques to create quantum-resistant algorithms.
These new mathematical techniques for financial data encryption are more resistant to brute force attacks and can protect specific data and threat scenarios.
Post-quantum cryptography will likely also be considerably less expensive than quantum cryptography, which requires expensive hardware and infrastructure to operate.
However, highly sensitive and high-traffic applications will still utilize quantum cryptography. For example, the data pipelines between financial institutions handling payment data will require quantum secure transaction protocols to encode data as it moves back and forth.
Payment companies must carefully balance costs with security concerns as new security threats from quantum computing emerge. This is why most experts believe hybrid approaches are the most commercially viable: They mitigate risks while maintaining cost-effectiveness.
Preparing For A Quantum Future In The Payment Industry
As a merchant or service provider, it may seem like quantum computing cyber threats are something out of science fiction. However, within 10-15 years, these cybersecurity threats will likely appear in the commercial and government sectors.
But there are things you can do now to prepare. Most are simple and will provide immediate benefits for your data security and overall operations. Security best practices are now a top concern for any business dealing with sensitive data.
Below, we’ll cover the top security best practices for preventing payment system vulnerabilities and providing secure payment gateways.
Enable The Latest Encryption On All Devices
It’s not unusual for merchants to use outdated encryption algorithms in their networks. Wireless networks, particularly those used for processing data, pose a significant problem. Older routers and network hubs can have outdated algorithms that are no longer supported or PCI compliant.
If you’re using older routers, check the encryption methods they use. If they are using older WPA or TPIK protection, you need to upgrade immediately. You want a minimum of WPA3 with AES. Make sure your equipment has these advanced security measures enabled, or if they’re not available, upgrade your equipment to a newer version.
Use An Outside Cybersecurity Service
As cybersecurity becomes more important, many businesses find it necessary to outsource this technology area to managed service providers (MSPs). Hiring dedicated team members with the proper skill set is difficult and costly for many businesses. Outsourcing often costs less money and provides superior protection.
Use Endpoint security
Today’s distributed work environment has many benefits for workers and businesses. However, it also increases security risks. Personal devices used to access business network resources are vulnerable to hacking attempts. A robust endpoint security strategy helps automatically lock down these devices and manage their access and security.
More Tools For Online Payment Security
At ECS Payments, we specialize in secure payment solutions for businesses around the world. Whether you need help with online fraud prevention or strategies to reduce processing costs, ECS Payments offers the solutions your business needs to respond to evolving threats and marketplace changes.
Contact ECS Payments today to learn more about our innovative merchant payment solutions.
Frequently Asked Questions About Quantum Computing And Payment Security
Quantum computing is a new advanced computing technology that uses quantum bits (qubits) to perform calculations much faster than classical computers.
Quantum computers could break the encryption currently used to protect payment data, allowing attackers to steal sensitive data such as bank account and credit card details.
Though quantum computers are still in the early stages of development, some experts believe they could threaten payment security within the next decade.
There are several strategies that can be done to protect payment security from quantum computing, including:
•Developing new encryption algorithms resistant to quantum attacks
•Using quantum computers to enhance security measures
•Implementing more robust security measures, like two-factor authentication