Quantum computers are threatening the encryption backbone of global finance – and the attack has already begun. ‘Harvest now, decrypt later’ is not a theory; it’s happening now. Banks must act.
It sounds like science fiction – but it is hard reality: quantum computers, once considered futuristic laboratory experiments, could in the foreseeable future crack the encryption standards underpinning all digital financial communication. What still seems like a distant risk to many banks is, in the eyes of experts, already an acute problem. And the clock is ticking.
The End of Classical Cryptography
Algorithms such as RSA, Elliptic Curve Cryptography (ECC), and Diffie-Hellman currently protect transactions, payment systems, trading platforms, and internal communication channels at financial institutions worldwide. Trusted for decades, their mathematical foundations are nevertheless vulnerable to quantum computers. Shor’s algorithm – a quantum computing procedure – is capable of breaking these encryptions in a fraction of the time required by classical computers.
For banks, the implications are stark: financial data, authentication processes, and digital signatures could suddenly be exposed. What is considered secure today may be readable tomorrow like an open book.
“Harvest Now, Decrypt Later” – The Invisible Threat
Even before powerful quantum computers become commercially available, attackers have already begun collecting sensitive encrypted data packages. The strategy is called “harvest now, decrypt later”: data is intercepted and stored today in anticipation of decrypting it later using quantum computing capacity. For financial institutions, this is a deeply alarming prospect, since the most vulnerable assets – transaction data, customer records, internal trading strategies, and risk models – must remain confidential for many years to come.
„Those who do not begin analyzing and modernizing their cryptographic infrastructure today will face enormous time pressure tomorrow – or possibly even worse consequences.”
– Harald A. Summa, Chairman, Diplomatic Council Quantum Leap (DCQL)
The Backbone of Finance: Data Links Between Data Centers
Security experts are focusing particularly on communication pathways between data centers and bank headquarters. These data links form the nervous system of the global financial system: they carry vast volumes of payment data daily, control liquidity flows, and enable real-time trading. A successful attack on these connections could fundamentally undermine confidence in the financial system – with potentially devastating consequences for entire economies.
Florian Fröwis, Director of Quantum Security at Diplomatic Council Quantum Leap, issues a stark warning: the migration to quantum-secure encryption is a multi-year transformation process. Contrary to what many traditional infrastructure vendors suggest, retrofitting conventional network and communication components to be quantum-safe will be both complex and expensive.
Fröwis advocates for architectures that decouple cryptographic change from communications infrastructure, creating what is known as crypto-agility: the ability of an IT system to swap cryptographic methods flexibly and without deep-seated interventions. This flexibility will be critical during the transition to post-quantum cryptography, as standards and algorithms continue to evolve in the years ahead.
A Structural Problem: Cryptography Was Never a Board-Level Topic
In projects across the financial sector, Fröwis consistently encounters the same organizational hurdle. Cryptography was historically a property of purchased products, he explains. Financial institutions long relied on IT vendors to guarantee the security of their products. With new regulatory requirements and the approaching quantum shift, that changes fundamentally: banks are now, for the first time, responsible for understanding, documenting, and actively shaping their own cryptographic architecture.
Alongside algorithmic measures, the physical security of data transmission is also gaining importance. Technologies such as Quantum Key Distribution (QKD) enable cryptographic keys to be secured at the physical layer, with any tampering attempts detected in real time. Early pilot projects – including those at JP Morgan Chase and HSBC – demonstrate that such approaches are already deployable today for critical links between data centers.
Internet, AI, Quantum Computing: The Third Technology Wave
Harald A. Summa – who played a pivotal role in creating the digital economic ecosystem through the founding of eco, the Association of the Internet Industry, now the largest internet industry association in Europe – sees quantum technology as the third fundamental disruption for the financial sector. The internet created fintech firms that challenge traditional banking. Artificial intelligence brought robo-advisory services and new attack vectors such as AI-driven fraud. Quantum technology now threatens to tear apart the security architecture of the entire system.
Regulators and supervisory authorities around the world are beginning to incorporate this issue into their requirements. International standardization bodies, including NIST in the United States, have already approved initial post-quantum-secure algorithms. For banks, the window for voluntary pioneer initiatives is narrowing – binding requirements will follow.
Whoever treats the quantum transition as a mere IT project underestimates its strategic importance. What is at stake is the integrity of global payment systems, customer trust, and ultimately the stability of the financial system itself. The question is not whether quantum computers will eventually defeat today’s security standards, but when – and whether banks will be ready by then. The Diplomatic Council Quantum Leap (DCQL) supports financial institutions on this journey. The quantum clock is ticking. And it will not wait.
Dr. Jakob Jung is Editor-in-Chief of Security Storage and Channel Germany. He has been working in IT journalism for more than 20 years. His career includes Computer Reseller News, Heise Resale, Informationweek, Techtarget (storage and data center) and ChannelBiz. He also freelances for numerous IT publications, including Computerwoche, Channelpartner, IT-Business, Storage-Insider and ZDnet. His main topics are channel, storage, security, data center, ERP and CRM.
Contact via Mail: jakob.jung@security-storage-und-channel-germany.de