And an increasing number of firms are investing in quantum computing, reports
But the same raw computing power can be turned against the security used in contactless payments, if banks and card networks aren't prepared.
"If quantum computing delivers on its promise, it would render obsolete many of today’s popular cryptographic algorithms, which rely on being very difficult to solve with computing power available today," said Zil Bareisis, head of Celent's retail banking practice. "Many cryptographers are designing new algorithms to prepare for a time when quantum computing becomes a threat."
Contactless payments are already much better protected than the magstripe cards the U.S. has relied on until recent years. Like EMV-chip cards or mobile wallets, contactless cards encrypt data to protect it against skimming and other means of theft. But encryption only works if it's stronger than the computers used to crack it.
Fime, a Paris-based firm that tests bank and payment technology, is now vetting checkout technology against contactless specifications that
"Contactless is the key to a frictionless checkout journey … and it's important that the users trust the contactless technology," said Reza Rahmani Fard, head of product management for Fime, which will determine functional compliance with Ecos via testing.
Ecos builds on other Mastercard efforts to standardize digital payments security, such as universal "buy button" supported by Visa and other card brands.
In an
Quantum computing isn't purely a threat. It could also aid banking activities such as investment decisions.
As quantum computing expands and becomes more ubiquitous, users outside of mainstream financial services could turn it against the encryption used to protect contactless and mobile payments.
"Current encryption technology is safe since it would take years with current computing technology to successfully decrypt the payment credentials in a contactless payment," said David Mattei, a senior analyst at Aite Group. But with recent advancements in quantum computing and its realization on the horizon, current encryption technology can be easily decrypted by a quantum computer in seconds or minutes, Mattei said.
"The payments industry is grappling with coming up with new encryption technology that a quantum computer cannot decrypt," he said.
One heightened security threat could be "man in the middle" attacks, where a third party intrudes on a digital communication to steal data, Fard said. The specifications and tests are designed to gauge payment systems' ability to interrupt outsiders who are trying to pull off such an attack.
"These [Ecos] specifications bring in a layer of protection that wasn't there before," said Fard. While quantum computing may not become mainstream technology in the next two years, the payments industry is working toward new encryption methods, a process that may also take years given the global need, according to Mattei.
"Just think about the number of point-of-sale terminals in the world, into the millions, all of those stores, processors, card brands, banks and credit unions," Mattei said.
Terminal builders, ATM firms and others will need to update anad test to ensure the quantum-protected encryption works. "Look at how long it took the U.S. to deploy EMV," Mattei said. "It will take at least that long for the world to implement a new encryption technology."
The interest in quantum computing comes as contactless payments quickly become mainstream. In the year following the pandemic's onset in March 2020,
The growth was accompanied by raising contactless
Payment companies have responded to that growth with a variety of security measures, such as deploying
Writing for
Testing and standardizing new point- of-sale technology can help manage that balance, Fard argues. "The objective of any cryptographic solution is to protect the 'ID' of the transaction, but also make sure the processing time remains low," he said.
