Isara's Scott Totzke answers top five questions on quantum-safe security in financial transactions

Isara’s Scott Totzke answers top five questions on quantum-safe security in financial transactions

A wide range of technology-driven sectors will be affected by the advent of universal quantum computing many experts say will happen by 2026, but the financial industry has particular reason to be concerned.

The security standards behind secure email and internet connections are ubiquitous throughout fintech, protecting financial collateral as well as the most sensitive personal identity data in financial transactions.

In fact, the fundamental activities that the financial industry relies on to function today can be stopped in their tracks whenever quantum computers capable of breaking the cryptography they use become commercially available, including:

  • web connectivity to financial sites;
  • authentication for credit card transactions;
  • back-end financial transactions (such as Swift) and stock trading;
  • integrity of title transfers.

These are all integral to how commerce functions in the 21st century, and to how consumers connect with their finances. Financial institutions and fintech developers will have to update all of the systems using the affected cryptography, whether they’re built in-house, outsourced to partners, or provided by OEM partners. Try identifying parties required to coordinate upgrades to quantum-safe security and the scope becomes very wide for any one of the above activities.

These are the top five questions for fintech decision makers to consider:

  1. Am I really at risk?

Yes. If you store customer data, protect corporate information, or secure employee data, you are at risk.

  1. How do I start getting ready for a transition to quantum-safe security?

The first stage is understanding what systems and information you have at risk. Quantum readiness assessments help you identify your organisation’s quantum risks, develop an upgrade path, and deliver a plan to move forward.

New technology decisions must consider long-term privacy and security capabilities. You need to begin by identifying privacy and secrecy obligations that extend beyond the time when quantum computers might become a real threat, evaluating solutions and planning your migration to quantum resistant infrastructure, and ensuring your security vendors have quantum resistant solutions on their roadmaps.

  1. When do I need to complete the transition?

The roll-out of a complete transition to quantum safe security should be complete before quantum computers capable of breaking your cryptography become commercially available. However, for some parts of your security systems, cryptographic agility – to select classical and quantum resistant algorithms – may remove any risk.

  1. How do I know I can trust the quantum safe solutions that are available now?

Look for solutions being considered for standardisation, and prioritise a cost-effective solution that provides the type of crypto agility you need to deploy quantum resistant algorithms that will protect your systems from quantum attacks.

Like today’s encryption technology, the leading candidates for standardisation already benefit from years of academic scrutiny and review of their security properties.

  1. How do quantum-safe solutions affect the emerging financial technology I’m already transitioning to (or considering)?

Any technology that relies on public key cryptography, including emerging tech like blockchain, has built its security guarantee on that cryptography being unbreakable. If that cryptography is vulnerable to attack, then all the promise of the technology is lost, and the time and effort spent integrating that technology into your business offering is wasted.

When quantum computers arrive, IT departments should already have migrated those solutions to quantum-safe encryption, a process that could take up to ten years in some cases.

The key to adopting new technologies is to build quantum-safe solutions into them from the start, making a hybrid transition process possible wherever you can.

By Scott Totzke, CEO of Isara

@banking
techno