EPAA calls for industry-wide preparation for quantum threats in new report

The Emerging Payments Association of Asia (EPAA) has released a report on how quantum computing will exacerbate the payments fraud landscape, and what financial institutions need to be doing to prepare before quantum slips into the mainstream.

Editorial

This content has been selected, created and edited by the Finextra editorial team based upon its relevance and interest to our community.

The report outlines how ‘bad actors’ have potentially been collecting encrypted data, such as credit and banking information, personal data, transaction logs, and more, and are awaiting the release of quantum technology to decrypt these files to access private records and funds. To prepare for this threat, the industry needs to be ready and aware of quantum technology.

Speaking with Finextra, Camilla Bullock, chief executive of EPAA emphasised the urgency of the quantum threat: “The work we need to do as an industry starts today, or it should have started one year ago, because when we come to that point when quantum is made available, it’s too late. We need to migrate the encryption today.”

Data encryption is used throughout digital wallets, open banking, and instant payment systems across Asia, but not all payments providers have put quantum resilience protocols into place.

Bullock outlined the complexity of the migration process: “The simplest of payments probably have twenty encryptions on it. The most complicated could have more than one hundred. What the organisations need to do today is see: where do I use encryption? Each encryption has a different number depending on when it was put in. So you have to find all those different encryptions. An easy way to say it is that you have to upgrade it to 2.0 that is quantum safe. So those algorithms are available — the algorithms that you need to migrate it to — but you need to ask where is the encryption sitting in my organisation?”

The report assessed the quantum readiness of nearly 200 industry participants in Australia, Hong Kong, Singapore, and Malaysia. Only 20% of these respondents stated they were “very familiar” with the quantum threat to current cryptography. The paper offers a step-by-step guide on how organisations should consider the quantum computing threat.