With work on quantum computing gaining momentum, the Financial Services Information Sharing and Analysis Center (FS-ISAC) has issued guidance to help the payment card industry mitigate risks posed by the technology.
When quantum computers become widely available, the technology will enable much faster and more complex payment card industry business processes. But, warns the not-for-profit FS-ISAC, it will also break many types of data encryption that the industry relies on to secure customer payments.
The centre's cryptography working group has published papers outlining the challenges and threats posed by quantum computing for the payment card industry, and frameworks for quantum-resilient transformation.
Among the papers is one discussing critical steps for implementing quantum-resilient cryptography and maintaining cyber hygiene. It advises strong access controls to restrict access to cardholder data, encryption of sensitive data during storage and transmission, regular system updates and patches, secure coding practices, robust monitoring and auditing, and comprehensive risk assessments to identify vulnerabilities.
It also stresses the importance of mitigation strategies to reduce quantum-related threats and enhance detection and response capabilities to effectively address adversarial attacks, ensuring the ongoing security of the post-quantum PCI ecosystem.
Mike Silverman, FS-ISAC chief strategy and innovation officer, says: “The guidance in this paper is the product of coordinated efforts by experts in the payment card industry to replace outdated encryption methods with quantum-resistant standards.”