The views expressed in this article are solely those of the author and should not be attributed to the European Payments Council.

The Smart Payment Association (SPA) is the trade body of the cards and mobile payments industry and addresses the challenges of a fast-evolving payment ecosystem, promoting innovation, security and interoperability of payment instruments. In October 2022, the SPA published the position paper Security of card payment systems in a post-quantum world. We found out more about it by interviewing Lorenzo Gaston, Technical Director of the SPA.

Could you tell us why you produced this position paper?

SPA is the association of secure technology for IT components used by the payments industry, and the development of cryptographic devices is the core business of SPA members. As IT security experts we believe that there are many misconceptions regarding the real level of risk for card payment systems arising from potential hackers using quantum computers.

Could you share the key takeaways from the position paper?

Considering the current lack of maturity of the National Institute of Standards and Technology (NIST) post-quantum algorithms, hybrid solutions will probably facilitate a future progressive transition to post-quantum cryptography (cryptography resistant to attacks using quantum computers) for controlling security risks.

The SPA currently strongly recommends a migration to elliptic curve cryptography (ECC) for payment cards and terminals according to EMVCo Specifications as the best way to improve the security of card payment systems. ECC enables more robust cards and terminals that preserve the speed of the transactions – a fundamental business requirement for the end-users, consumers and merchants.

At the same time, the SPA takes very seriously the threat represented by future commercial quantum computers in the hands of attackers. We’re investigating new ways to implement post-quantum cryptography in payment cards utilising more advanced microchips and dedicated crypto-processors.

Because of the long migration times in the card payments industry – in particular, for payment terminals – the SPA believes it is time to start discussions between stakeholders to figure out how a future migration to post-quantum payment devices could be coordinated.

Could you tell us more about the specific risks quantum computing poses for card payment systems, and, in general, for electronic payments?

Quantum computers will be able – in theory – to break the classical asymmetric cryptography used in card payment systems today (RSA or ECC), because they can execute Shor’s algorithm very fast.

Although quantum computers are not yet available, hackers may already be collecting highly confidential encrypted information and waiting until a quantum computer is able to decrypt this data. That’s certainly a threat for long-term secret data (military information, for instance). But in card payment transactions, data is encrypted only for very limited time (at most, hours) and then the transaction data become useless for fraudsters. So it does not make sense to collect card payment cryptograms now and wait to break them in the future.

However, we can envision that card or bank certificates will be compromised by quantum computers and used to produce fake payment cards.

When do you expect quantum technology to represent an effective threat to cards and electronic payments security?

The SPA does not have a crystal ball but we closely follow, evaluate and report regularly – for instance, to the EPSG – on the progress of quantum computer prototypes. Our overall impression is that this progress is slow and far below the expectancies created by quantum computer hype. It is one thing if a giant of the IT industry one day develops a quantum computer prototype capable of breaking RSA after a multi-billion-euro, multi-year investment, but a very different one if commercial quantum computers that efficiently implement the algorithms to break classical cryptography are freely available. As for the prototype, there’s a consensus in the IT security industry that at least one decade will be required to develop a reliable quantum computer.

Again, this is not a reason not to start thinking of future migrations to post-quantum cards and terminals right now. We must be ready.

Could you share some predictions about card payment systems in a post-quantum world?

Payment cards implementing standard post-quantum cryptography will be the new normal. New, more powerful crypto-processors will execute transaction protocols in speeds comparable to the current transactions made using classical cryptographic primitives.

As usual in the card payments industry, different migration paths will be followed in different regions, depending on the risk assessment of the local financial industry.