At the Nacha event Smarter Faster Payments 2025 in New Orleans, a panel session focused on the necessity for financial institutions to create internal risk committees aimed at evaluating and mitigating potential quantum-related threats.
John Buselli, offering manager at IBM Security Research, alongside Namit Agrawal, partner and US leader at IBM Payments Centre, and John Brady, head of engineering and chief architect at BillGo, underscored that current cryptographic tools, which can take up to a million years to break, might be vulnerable to quantum computers within five to ten years.
They stressed the importance of developing a roadmap for transitioning to quantum-resistant algorithms, beginning with an inventory of critical assets and an assessment of vulnerabilities. Shor’s and Grover’s algorithms were highlighted for their capacity to undermine encryption and enhance fraud detection.
With the understanding that cryptographic methods could be compromised, the financial services industry must urgently adopt quantum-safe cryptography. This involves creating algorithms that resist quantum attacks to maintain the safety of the ACH network, necessitating updates to cryptographic methods and the strengthening of operational rules.
Buselli noted that the emergence of quantum threats will be “difficult to detect, purposeful,” and while not dramatic, it will be a significant concern. He stated that “all data that’s not quantum state today, if exfiltrated in the future by malicious actors, could be unraveled.”
He elaborated on the complexity of the supply chain that must undergo transformation, emphasizing a collective responsibility for safety. “You’re only going to migrate as quickly as your least secure defense,” he added. Quantum computers can breach current encryption keys much faster than classical computers, prompting banks to reassess and rebuild payment systems to address these threats.
Brady examined the different stages of payment processing, pointing out the vulnerabilities introduced by quantum computing. He discussed how digital identities could be hacked and synthetic identities created, resulting in account takeovers and manipulation of transactions. Risks are not limited to payment origination; they can arise during payment transmission and processing as well, where systems can be intercepted, and data altered.
“It’s crucial that everyone in the value chain understands the integrity and risks associated with quantum computing. While experimental quantum computers exist today that can generate various algorithms, they currently lack the computational power or error correction capabilities needed to break encryption algorithms. We are likely five to ten years away from quantum computers being powerful enough to disrupt encryption keys,” he concluded.