So I expect every merchant is thinking, “Happy days!” another security upgrade to the POS. Mastercard’s lead is that it’s Enhanced Contactless (Ecos) specification will protect contactless data from quantum based hacks. Here are a few thoughts regarding that risk.
Quantum computing which is the technology that threatened existing encryption is likely 7 to 10 years away. Current implementations don’t have a sufficient number of qubits and the ones they do have are too unstable and expensive. In addition, there is no software language available to program a quantum computer today, so that needs to be developed also.
At the same time, there are Quantum resistant encryption technology available today from several firms. As with EMV and NFC, deployment of these new encryption techniques are likely to take many years, so it would be great if we could start now, but no one standard has been put forth by the payment networks so implementing something now will likely need to be replaced when the standard is announced.
Note that some current solutions, such as Bitcoin, can’t be upgraded because the old encryption technique is embedded in the immutable ledger. On the plus side that means that everyone that lost their private key to a fortune will be able to recover the key, but they better beat the hackers!
Also recognize that different attributes of quantum will also protect our data. Quantum makes communications impossible to hack without being instantly detected. China implemented this with a laser up to a satellite and back down to a base station – so it will be available before quantum computing.
Quantum Computing and other applications of Quantum Physics (like spooky action at a distance that enables communication faster than the speed of light) will impact a range of payments and data communications technologies broadly used today, but that’s also likely to be 10 years away:
“Credit card firm Mastercard has unveiled new quantum-resistant standards that are designed to enhance the security and privacy of contactless payments.
As a result of the move, Mastercard will become the first payments network to bring quantum-era security and privacy to contactless payments. The Enhanced Contactless (Ecos) specifications have been introduced following a surge in contactless payments over the past year, fuelled by the desire for more hygienic payment methods in-store as a result of the COVID-19 pandemic. Mastercard revealed that contactless penetration made up 41% of in-person purchase transactions globally in the third quarter of 2020, a year-on-year rise of 30%.
Ecos will enable the utilization of new quantum-resistant technology in order to deliver advances in algorithms and cryptography. Convenience will be maintained as contactless interactions will remain under half a second, and Mastercard said that, in time, any device can become a payment device without the need for a backup swipe or dip of a card.
The specifications also aim to enhance privacy by offering advanced protection when account information is shared between the card or digital wallet and checkout terminal.
The firm added that the Ecos specifications will enable merchants, financial institutions and customers to make such security transitions seamlessly over the coming years, with digital wallets, mobile payments, contactless cards and point-of-sale terminals continuing to work as they do today. This is because Ecos is implemented via a software upgrade without the need for new hardware of terminals.”
Overview by Tim Sloane, VP, Payments Innovation at Mercator Advisory Group