Insider Brief
- FS-ISAC released guidance to help the payment card industry transition to quantum-resilient cryptography to address vulnerabilities posed by quantum computing.
- The guidance includes a business-focused paper and three technical use cases covering card provisioning, transaction routing, and ATM/POS systems to assist practitioners with migration strategies.
- The initiative highlights the need for quantum migration strategies to prevent disruptions, with industry experts emphasizing the importance of early adoption of quantum-resistant standards.
PRESS RELEASE — When quantum computers become widely available, the technology will enable much faster and more complex payment card industry (PCI) business processes — but it will also break many types of data encryption that the industry relies on to secure customer payments. To prevent that, the payment card industry must begin the difficult but crucial task of migrating to quantum-resilient cryptography. FS-ISAC, the member-driven, not-for-profit organization that advances cybersecurity and resilience in the global financial system, and its Post Quantum Cryptography Working Group have published a series of papers outlining the challenges and threats posed by quantum computing for the payment card industry, and frameworks for quantum-resilient transformation.
“Quantum computing will assist firms in solving problems that are too complex and time-consuming for today’s computers, yet it could threaten existing cryptographic security, such as that of the card transaction ecosystem,” said Mike Silverman, FS-ISAC’s Chief Strategy & Innovation Officer. “The guidance in this paper is the product of coordinated efforts by experts in the payment card industry to replace outdated encryption methods with quantum-resistant standards.”
The series includes one paper designed for business leaders, The Impact of Quantum Computing on the Payment Card Industry, which discusses critical steps for implementing quantum-resilient cryptography and maintaining cyber hygiene. It advises strong access controls to restrict access to cardholder data, encryption of sensitive data during storage and transmission, regular system updates and patches, secure coding practices, robust monitoring and auditing, and comprehensive risk assessments to identify vulnerabilities. Additionally, it emphasizes the importance of mitigation strategies to reduce quantum-related threats and enhance detection and response capabilities to effectively address adversarial attacks, ensuring the ongoing security of the post-quantum PCI ecosystem.
To further assist PCI practitioners and technologists in migrating to quantum-resilient cryptography, FS-ISAC developed three detailed use cases that offer insights into cryptographic assumptions, quantum’s impact, mitigation techniques, and the current industry status of key PCI elements. These papers are:
· Card Provisioning Setup and Cardholder Data Provisioning
· Card-Present Transaction Routing and Authorization and Card-Not-Present Transaction Detail and Routing
· ATM and POS Card Capture and ATM and POS Setup with Backend Acquiring Systems
“By developing a quantum migration strategy early, firms can save a lot of money and create a safety net that minimizes the risk of disruptions,” said Oscar Covers, Policy Advisor Cyber Security of the Dutch Banking Association. “The FS-ISAC Post Quantum Cryptography Working Group’s proactive approach provides key guidelines that will help build a robust framework. With it, the industry can reduce the potential of disruption across the global financial network.”
