Asia-Pacific payments sector urged to act on quantum threats now

The Emerging Payments Association of Asia has published a report highlighting the urgency for the payments industry in the Asia-Pacific to address quantum computing threats.

Quantum threats

The report, titled Quantum safe payments: Why the payments industry must act now, outlines practical steps for banks and payments providers across Asia-Pacific to strengthen their defences against the potential risks posed by quantum computing. It aims to support the region’s strategy in preparing for the evolving technological landscape.

Digital wallets, open banking, and real-time payment systems enjoy widespread adoption across the region, but the report notes that quantum-resistant security measures are yet to be integrated into these platforms. Concerns remain about the vulnerability of legacy cryptography and the complexities involved in migrating to more secure standards.

The report raises the issue of coordinated industry strategies, pointing to challenges in implementing quantum-resistant cryptography at scale. The need for collaboration and planning across technical, regulatory, operational, reputational, and compliance dimensions is underlined as essential for protecting the payments sector.

Industry response

“Quantum computing has the potential to deliver extraordinary breakthroughs in healthcare, climate modelling and scientific research, but in the wrong hands it poses serious risks. We know scammers are already collecting encrypted data, waiting for quantum computers to break it,” said Camilla Bullock, Chief Executive of the Emerging Payments Association of Asia.

Bullock stressed the importance of starting preparations immediately. She continued, “Responding to quantum threats is complex and requires coordinated industry-wide action to manage technical, regulatory, operational, reputational and compliance risks. The time for banks and payments providers to act is now.”

The association convened workshops in Sydney, Hong Kong, Singapore, Malaysia, and online, gathering around 200 participants from various payments industry segments. The workshops found varied levels of preparedness, with many companies in the early stages of understanding quantum-related risks.

Surveys conducted during these sessions highlighted a significant knowledge gap: when asked about familiarity with quantum threats to encryption, only 20% of participants indicated their senior leaders were “very familiar” and actively monitoring developments and risks. Meanwhile, 44% described their stakeholders as “not very familiar” or “not familiar at all” with the threat to current cryptography.

Opportunities and next steps

“Acting on quantum risks now opens the door for innovation, positioning Asia Pacific to lead in shaping secure, future-ready payment systems. A coordinated industry response will foster resilience, protect digitally dependent economies, ensure regulatory compliance and help our payments leaders maintain competitive advantage,” Bullock said.

The report clarifies that quantum-safe cryptography encompasses a set of tools and techniques to defend against quantum computing threats, rather than a single solution. Transitioning to these measures requires detailed knowledge of system dependencies across payment processes.

Organisations are encouraged to take several steps, including mapping current encryption use, creating a cryptographic inventory to identify vulnerable assets, and adopting quantum-safe algorithms such as those standardised by the US National Institute of Standards and Technology. Ensuring systems possess cryptographic agility, so that new algorithms can be integrated swiftly if current protections are compromised, is also recommended.

Reviewing supplier contracts to include quantum-safe stipulations like a Cryptographic Bill of Materials, updating data retention and deletion policies, and forming cross-functional teams to manage compliance and operations are other key steps identified in the report.

Government and industry collaboration

Across the region, several governments have launched initiatives to address quantum risks in the payments sector. The Monetary Authority of Singapore has released guidance on quantum-safe readiness, while Australia’s cyber security agencies have set a migration roadmap for 2030. India and ASEAN nations are rolling out quantum-safe networks, and both China and Japan are investing substantially in quantum programmes. Through Project Nexus, central banks in Malaysia, Thailand, the Philippines, India, and Singapore are working to upgrade cross-border payment infrastructure with future security in mind.

The association’s Quantum Safe Cryptography Working Group brings together banks, fintech companies, network operators, infrastructure providers, clients, and regulators to promote knowledge sharing and collective action throughout the payments ecosystem.