Technology financial institutions (FIs) need to make quantum leap from ’70s-era data security
(Pyments.com) Jack Hidary, CEO of Sandbox AQ, recently spoke with PYMNTS’ Karen Webster, and discussed the financial institutions (FIs) and all manner of firms that are still reliant on RSA, a public-key cryptosystem that is the cornerstone of secure data exchange and underpins the transmission of everything from payments to healthcare information. IQT-News summarizes their discussion; the full text and interview are online and recommended.
The algorithm that banks rely on today stretches back to the late 1970s, and it represents a key vector of vulnerability that can ultimately be defeated by hackers. That’s especially true if those hackers are armed with turbocharged quantum computing power — and backed by nation-states that have unlimited resources at the ready.
As to the grand strategy, Hidary said, “They grab the data, they exfiltrate it, they store it, and then they read it when they have more and better computing capabilities.”
Banks are vulnerable, Hidary told Webster, because the “secret ways” in which they have set up payment infrastructure — the internal checks and controls, the risk management and proprietary trading models — are all valuable. There have been any number of existential threats at banks and at payment firms over the years, and now the threats are increasingly digital, especially as touch points proliferate. “These threats all come from misjudging risk,” he said.
The advantage of these quantum computers and the power they wield is not just that they can be leveraged by the bad guys — the good guys can harness all that power, too. They can also band together to protect data, and financial security, in a standards-based approach that foster quantum-resistant cryptography.
Hidary noted that through the past few years, a broad range of countries throughout North America and Europe (tied, in turn, to the National Institutes of Standards and Technology) have worked together to bring new protocols into the field.
But the fraudsters, he said, are watching — and they’ve got a short window of time, which means they may amp up their attacks. To speed up the defenses, White House National Security Memorandums have instructed the National Security Agency to help chief information officers (CIOs) with efforts to develop quantum resistant protocols.
Sandbox and the Quantum Alliance Initiative, a consortium of companies and universities, are working with regulatory agencies to help address the vulnerabilities of today’s situation and chart a roadmap to better protection.
At a high level, as payments become more distributed — and as all devices connect to the internet and can conceivably be able to transact (and apps mushroom) — the cloud can help improve those lines of defense. As Hidary said, transitions via the cloud need no hardware in place, and thus only upgrades would be necessary.
For the banks and payments forms, harnessing quantum computing power, even if it’s a ways off, can generate myriad benefits.
Sandra K. Helsel, Ph.D. has been researching and reporting on frontier technologies since 1990. She has her Ph.D. from the University of Arizona.