Blog

Post-Quantum Cryptography | Sorting Facts from Fiction

Quantum computers use quantum mechanics to solve complex problems, posing a potential risk to current public-key cryptosystems. Researchers are developing post-quantum cryptography (PQC) to counter this risk. For the ATM and banking industries, understanding PQC is crucial to maintaining security in an evolving tech landscape.

Photo: Trusted Security Solutions, Inc.

November 14, 2024

According to NIST, quantum computers are “machines that exploit quantum mechanical phenomena to solve mathematical problems” that are difficult or impossible for conventional computers. On a large scale, post-quantum computers can threaten many of our current public-key cryptosystems. In response to this potential threat, researchers worldwide are developing post-quantum cryptography (PQC), a new class of cryptographic algorithms designed to resist quantum attacks. This is especially crucial for the ATM and banking industries. Understanding the facts and potential impact of PQC is critical to staying ahead in a rapidly evolving technological landscape for these industries.

The Quantum Threat: Fact or Fiction?

Fact: Quantum computers could compromise the encryption systems used in ATMs and financial networks.

Quantum computers have the potential to break widely used cryptographic algorithms such as RSA and ECC (Elliptic Curve Cryptography), which underpin much of today’s data security infrastructure, including that used in ATM and financial transaction systems. These algorithms rely on the difficulty of factoring large numbers, a challenge that quantum computers could solve exponentially faster than conventional computers. The potential for system breaches highlights the importance of starting early to safeguard sensitive customer data, financial records and PIN encryption devices. By taking steps today, you can better prepare for and stay ahead of future technological advancements.

Fiction: Quantum computers are an immediate threat to financial data security.

While the risk is accurate, the timeline is still on our side. Quantum computers, though advancing rapidly, have yet to break current cryptographic standards. However, the financial industry cannot afford to wait. Transitioning to post-quantum cryptographic systems will take time—time that should be spent now on preparation and planning to ensure that ATMs, transaction systems, and other critical financial infrastructures remain secure when quantum threats become viable.

Post-Quantum Cryptography: Emerging Standards for Finance

Fact: The financial industry must stay ahead by adopting post-quantum encryption standards.

The National Institute of Standards and Technology (NIST) has already taken significant steps by releasing the first three finalized post-quantum encryption standards in August 2024. These standards have been selected through a rigorous process, ensuring they are robust enough to resist quantum attacks while being practical for implementation in the financial industry. For tech employees, understanding these standards and beginning to integrate them into existing systems is crucial to maintaining the integrity of financial data and transactions in the post-quantum era.

Fiction: Post-quantum cryptography is a one-size-fits-all solution for financial systems.

The reality is more nuanced. While the new standards represent a critical advancement, different financial applications, from ATM networks to online banking systems, may require tailored cryptographic approaches. Transitioning to PQC will be a complex process that involves re-evaluating and updating existing security protocols, testing new systems, and ensuring compatibility across various platforms. This will require a coordinated effort across the industry to implement effectively and ensure no vulnerabilities are overlooked.

Preparing Financial Systems for the Post-Quantum Era

Fact: The financial industry must start preparing now for quantum-resilient security.

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has highlighted the importance of quantum readiness, advising organizations to start inventorying their cryptographic systems and assessing vulnerabilities. For the financial industry, this means evaluating the security of everything from ATMs to transaction processing systems, developing a roadmap for PQC adoption, and ensuring that all aspects of data security—from PIN encryption to customer data protection—are quantum-proof. Early preparation is critical to avoiding disruptions and maintaining trust in the financial system.

Fiction: Quantum readiness is only relevant for large financial institutions.

While large banks and financial institutions may be at the forefront of this transition, quantum computing will impact the entire financial ecosystem, including smaller institutions and ATM operators. Regardless of size, every entity in the financial chain must take proactive steps to secure its systems. Failure to do so could result in vulnerabilities that could be exploited, leading to data breaches, economic loss, and erosion of customer trust.

What’s Next in PQC?

Post-quantum cryptography is not just a future concern; it’s a pressing issue that the financial industry must address today. By understanding the facts, tech employees in the ATM and financial sectors can take charge of securing the digital infrastructure against quantum threats. Whether you’re working on ATM systems, transaction networks, or financial databases, staying informed and proactive is critical to safeguarding the future of financial data security.

Included In This Story

---

Trusted Security Solutions - A98

Expertise You Can Bank On

Trusted Security's A98 System provides a compliant and efficient solution for establishing unique initial keys in each ATM. A98 uses remote key loading when possible and alternatively uses its patented Comvelope© solution to automate key loading of legacy ATMs.

Request Info

Learn More