Financial institutions that aren\u2019t \u201cquantum safe\u201d may find their payments systems pilfered by digital fraudsters in the next decade, according to some professionals monitoring the evolution of computer technology.<\/p>\n
Quantum computing is an ultra high-speed form of technology that already exists and has been advancing in recent years, though it\u2019s still not widely available, partly because it operates only at costly frigid temperatures just above zero Kelvin, or -460 Fahrenheit.\u00a0<\/p>\n
Educational institutions, such as Rice University<\/a>, and companies, like IBM, as well as cities, such as Chicago<\/a>, are racing to be out in front in developing the powerful new breed of computing. They\u2019re all seeking to harness the quantum firepower for solving more complex problems.<\/p>\n The expectation is that crooks are also angling to tap quantum computing, to break through cyber protections that governments, banks and other organizations have in place to protect almost everything that\u2019s in digital form.\u00a0<\/p>\n As a result, those entities are increasingly becoming aware of the threat, and the preparations needed to be quantum safe in the next few years.<\/p>\n \u201cLike a new light switch, quantum computing will require upgrades to hardware and software. Full implementation could take years,\u201d Nanci McKenzie, a payments risk specialist at the Atlanta Federal Reserve, said in a February post on the bank\u2019s blog<\/a>. \u201cBuilding a strategy to implement quantum computing within your information security program needs to be on your \u2018to do\u2019 list today.\u201d<\/p>\n How the quantum threat could unfold is complicated.\u00a0<\/p>\n In simple terms, current cyber defenses for payments systems rely on asymmetric key encryption, also known as public-key cryptography, which uses two unique keys, one held by a sender and the other by a recipient, to encrypt and decrypt data used in transaction messages.<\/p>\n For instance, the Federal Reserve instant payments system FedNow requires messages to be signed using asymmetric key encryption. Digital currencies also depend on the same encryption process.<\/p>\n The financial service community generally depends on two algorithmic formulas to generate the \u201ckeys.\u201d Those algos are known as RSA, or Rivest\u2013Shamir\u2013Adleman, which refers to the three computer scientists who developed it, and ECC, which stands for Elliptic Curve Cryptography. While it\u2019s nearly impossible today for a computer to guess the long prime numbers that the algos generate, quantum computing could make it infinitely easier.\u00a0<\/p>\n \u201cWe consider [RSA and ECC] state of the art in financial services,\u201d payments industry consultant Peter Tapling said at an industry forum discussion in Chicago last month. \u201cWhat happens if quantum computing can take elliptic key cryptography, or RSA asymmetric key cryptography, and from one key, guess the other key in minutes. Yikes, that becomes a problem.\u201d<\/p>\n Whether financial institutions are \u201cquantum safe\u201d to thwart those threats is becoming an important question, Tapling said at the recent Chicago Payments Forum<\/a> event.<\/p>\n He explained how the American mathematician Peter Shor has created an algorithm that shows that one day quantum computing will be able to essentially break through the asymmetric key encryption on which financial systems hinge their security.<\/p>\n \u201cShor’s algorithm has proven that you can indeed put all asymmetric key cryptography at risk once we reach this efficient frontier\u201d for quantum computing, Tapling told bankers, lawyers and professionals in payments at the July 23 forum held at the offices of the law firm Kelley Drye & Warren.<\/p>\n Asked after the forum how many U.S. banks and other financial institutions are quantum safe, Tapling estimated that none are. There are many that are aware of the issue, or are trying to become quantum safe, but that requires that they know their partners on the other side of the key exchange are quantum safe too, he explained.<\/p>\n To change that situation and adapt financial institutions to the quantum era, the U.S. Commerce Department\u2019s National Institute of Standards and Technology, the Federal Reserve and organizations like the U.S. Payments Forum<\/a> and Nacha\u2019s Payments Innovation Alliance<\/a> are studying the issue, producing reports and generally sounding the alarm.\u00a0<\/p>\n NIST has been working on the quantum quandary for eight years and has developed three algorithmic standards designed to make systems quantum safe, as it finalizes a fourth, the federal agency said in a March press release<\/a>. Some organizations have begun integrating the algos to \u201cfuture-proof\u201d their computer systems, the agency said.\u00a0<\/p>\n Last year, NIST outlined the threat in an August press release <\/a>announcing the first three standards, saying quantum crooks \u201ccould break the current encryption that provides security and privacy for just about everything we do online.\u201d\u00a0<\/p>\n Michele Mosca, a mathematician and computer scientist<\/a> at the University of Waterloo\u2019s Institute for Quantum Computing, has produced research<\/a> on the quantum risk. He estimates there is a one in three chance the quantum computing threat materializes by 2035, he told Wired magazine in a March interview<\/a>. Everything from emails to police reports to bitcoin wallets could be compromised, the article said.<\/p>\n \u201cMy guess is in financial services, in payment-service providing, in all of the infrastructure that we do to support payments, if you are not able to tick that box to say \u2018we’re quantum safe\u2019 by say, 2032, you\u2019re going to be in really big trouble,\u201d Tapling said.<\/p>\n","protected":false},"excerpt":{"rendered":"Financial institutions that aren\u2019t \u201cquantum safe\u201d may find their payments systems pilfered by digital fraudsters in the next…\n","protected":false},"author":2,"featured_media":89523,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[21],"tags":[49,48,285,61],"class_list":{"0":"post-89522","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-computing","8":"tag-ca","9":"tag-canada","10":"tag-computing","11":"tag-technology"},"_links":{"self":[{"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/posts\/89522","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/comments?post=89522"}],"version-history":[{"count":0,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/posts\/89522\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/media\/89523"}],"wp:attachment":[{"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/media?parent=89522"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/categories?post=89522"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.newsbeep.com\/ca\/wp-json\/wp\/v2\/tags?post=89522"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}