Post-Quantum Cryptography for Financial Services and Payments Needs to Start Now
This IDC Perspective discusses the need for post-quantum cryptography for financial services and payments. Financial services institutions use both RSA-2048 and AES-256 encryption based on the strengths of each standard. RSA-2048 is more compute intensive so it is used more for small data transactions such as payments, message encryption, and digital signatures AES-256 on the other hand is not as compute or data intensive, making it better suited to areas like securing wireless networks, file encryption, and cloud storage. However, both encryption standards are threatened by the eventual advent of quantum computing, making financial services a potential target for bad actors in the future."Although commercial access to quantum machines capable of breaking these encryption standards is still 10 years or more away, there is a current threat called 'harvest now, decrypt later' (HNDL) where bad actors can access data and wait until the resources are available later to decrypt the data for the purposes of holding the institution at ransom for financial gain," says Jerry Silva, vice president, IDC Financial Insights. "The financial services industry holds a position of trust with both consumers and businesses worldwide, underpinning global economies. There is therefore an urgency to begin addressing the need for quantum-resilient encryption now."
Please Note: Extended description available upon request.
Executive Snapshot
Situation Overview
Encryption in Payments
Post-Quantum Encryption Standards
Where Is Financial Services on the Post-Quantum Encryption Journey?