Quantum Computing Risks to Cryptographic Security of Payments

Banking, Insurance and Financial Services November 30, 2025
Enquire About This Course

Introduction

The rapid progression of **Quantum Computing** poses an existential threat to the cryptographic security underpinning all modern financial transactions, including those settled through RTGS, SWIFT, and digital currencies. Shor's Algorithm, specifically, threatens to break the public-key cryptography (e.g., RSA, ECC) essential for digital signatures, authentication, and secure communication. This highly specialized course provides a critical assessment of the quantum risk landscape, focusing on its implications for the long-term integrity of payment finality and confidential data. Participants will learn to evaluate the necessary transition to **Post-Quantum Cryptography (PQC)**, understand the standardization efforts by bodies like NIST, and develop a strategic, multi-year migration plan to ensure the future resilience of critical financial market infrastructures (FMIs) before a "quantum event" materializes.

Objectives

Upon completion of this course, participants will be able to:

  • Explain the basic principles of **Quantum Computing** and how algorithms like Shor's pose a risk to current public-key cryptography.
  • Identify all critical points of **cryptographic exposure** within the organization's payment systems (RTGS, SWIFT, interbank communication).
  • Analyze the candidates for **Post-Quantum Cryptography (PQC)** (e.g., Lattice-based, Code-based) and their security/performance trade-offs.
  • Develop a comprehensive **Quantum Risk Assessment** and a strategic roadmap for the PQC migration ("crypto-agility").
  • Understand the role and status of international PQC standardization efforts (e.g., NIST competition).
  • Evaluate the operational and infrastructure challenges of implementing a PQC solution across large, complex systems.
  • Assess the specific quantum risks to central bank digital currencies (CBDCs) and digital signatures.
  • Formulate a robust **crypto-resilience governance** framework to manage the quantum transition.

Target Audience

  • Chief Information Security Officers (CISOs) and Heads of IT Security.
  • Payment Systems Architects and Core Banking Infrastructure Managers.
  • Heads of Risk Management and Technology Risk.
  • Policy Makers and Strategists for Financial Market Infrastructure (FMI) Resilience.
  • Internal Auditors focused on Cyber and Technology Risk.
  • Compliance Officers dealing with Data Confidentiality and Integrity.

Methodology

  • Quantum Risk Assessment Workshop and Threat Scenario Simulation
  • Group Activities on Designing a PQC Migration Roadmap for an RTGS System
  • Case Studies on Global PQC Standardization and Early Adopter Challenges
  • Expert Lectures on PQC Algorithm Families and Performance Benchmarks
  • Discussions on Interbank Coordination and Vendor Management for PQC
  • Individual Assignments on Inventorying and Prioritizing Cryptographic Assets for Migration

Personal Impact

  • Acquisition of highly specialized, cutting-edge knowledge in quantum computing and cryptography.
  • Enhanced ability to formulate and execute a strategic, multi-year PQC migration plan.
  • Improved capacity to assess and mitigate the highest-impact, long-term cyber risk.
  • Increased professional credibility as a thought leader in technology risk and future-proofing.
  • Better decision-making on critical IT investments and vendor selection.
  • Development of skills to integrate cyber resilience across complex FMI architecture.

Organizational Impact

  • Ensuring the **long-term cryptographic security and integrity** of all critical financial data and payment systems.
  • Establishment of a proactive, coordinated national **Post-Quantum Cryptography (PQC) Migration Strategy**.
  • Mitigation of the existential threat posed by a future Cryptographically Relevant Quantum Computer (CRQC).
  • Strengthening of the organization's overall cyber resilience and FMI security posture.
  • Improved collaboration and standardization with the national financial sector on security protocols.
  • Preservation of the public's trust in the security of financial transactions and central bank data.

Course Outline

Unit 1: The Quantum Threat Landscape

The Fundamental Risk:
  • Introduction to Quantum Computing principles and its computational power.
  • Shor's Algorithm and its potential to break RSA and ECC public-key cryptography.
  • Grover's Algorithm and its impact on symmetric-key cryptography (e.g., AES).
  • The "harvest now, decrypt later" threat model and its urgency.
  • Understanding the concept of **"Cryptographically Relevant Quantum Computer" (CRQC)** timeline.

Unit 2: Identifying Cryptographic Exposure in FMIs

Risk Mapping:
  • Mapping all points of cryptographic use in payment systems: digital signatures, TLS/SSL, VPNs, and hardware security modules (HSMs).
  • Assessing the risk to long-term data confidentiality and payment finality integrity.
  • Specific analysis of quantum risk to **CBDCs** and DLT-based payment systems.
  • Inventorying all cryptographic assets, keys, and algorithms in use.
  • Estimating the potential "lifespan" of confidential data that requires quantum protection.

Unit 3: Post-Quantum Cryptography (PQC) Solutions

The Future of Security:
  • Overview of the main PQC families: Lattice-based, Code-based, Hash-based, and Multivariate.
  • Analysis of the NIST PQC standardization process and selected winners (e.g., Kyber, Dilithium).
  • Trade-offs: key size, performance overhead, and security guarantees of PQC algorithms.
  • The concept of **hybrid cryptography** for a transitional migration phase.
  • Developing internal testing and validation protocols for PQC algorithms.

Unit 4: The Strategic PQC Migration Roadmap

The Crypto-Agility Transition:
  • Developing a multi-year, phased **PQC Migration Roadmap** (discovery, prioritization, remediation, monitoring).
  • The importance of **crypto-agility**—the ability to rapidly switch algorithms.
  • Operational challenges: key management, certificate revocation, and hardware upgrades (HSMs).
  • Cost-benefit analysis of PQC migration strategies.
  • Coordinating PQC transition with external vendors, partners, and international payment networks (e.g., SWIFT).

Unit 5: Governance and Resilience Framework

Oversight and Policy:
  • Establishing a formal **Quantum Resilience Governance Committee** and its mandate.
  • Integrating quantum risk into the existing Cyber Risk and Business Continuity Planning.
  • Regulatory expectations and the role of the central bank in guiding the national financial sector PQC transition.
  • Staff training, skill development, and external expert collaboration on quantum security.
  • Ongoing monitoring of quantum technology progress and the threat timeline.

Ready to Learn More?

Have questions about this course? Get in touch with our training consultants.

Submit Your Enquiry