Quantum computing and the threat to card payment cryptography

Cryptography has always been a fundamental aspect of card payment to ensure customer protection and prevent fraud. Cryptography relies on complex mathematical algorithms to encrypt information and convert it from a readable state to unintelligible nonsense. Breaking those algorithms is theoretically possible but that would require an extremely long time using the most powerful computers currently available.

The development of quantum computers, which is expected to produce the first results in less than a decade, could pose a significant threat to card payment cryptography. That is because quantum computing is not about increasing the power of traditional computers, but can be seen as a paradigm shift of computing technology. It has been proven that quantum computing – when it becomes practically available – will be able to break most of the current cryptographic algorithms used in card payments.

This threat is well recognised at the international standardisation level and work is under way. The ECSG are contributing to this work by undertaking their own review and understand the implications for payments in Europe. This work includes identifying any actions the ECSG could undertake to minimise the potential impact to the industry.

You can check this useful document on the ECSG’s website to find out more details on the ECSG analysis.

The migration effort to support new cryptographic algorithms on the payments infrastructure is major, and so the ECSG, with EMVCo's collaboration, took on the task to look into potential migration strategies. As a result of this investigation, the ECSG produced in H1 2020 an initial evaluation of the available strategies that is published here.