In this blog, we explain how banks and financial institutions could leverage the opportunities of quantum computing and prepare their IT security infrastructure for a post quantum world.
Quantum computers are able to solve certain types of problems much faster and are efficient for specific tasks where the traditional computing paradigm followed by current computers reaches its limit. The question of whether a quantum computer can perform calculations beyond the reach of even the most powerful conventional supercomputer is becoming increasingly pertinent as quantum computers become larger and more dependable. This capacity, named "quantum advantage" or "quantum supremacy," signifies the transition of quantum computers from academic curiosity to functional devices. Therefore, this leads to if, or when quantum computing will reach maturity and then be accessible to not only businesses, but to cybercriminals.
Opportunities Quantum Computing Provides for Banks and Financial Institutions
Banks and financial institutions have been receptive to the benefits that quantum computing can bring. They have already long relied on algorithms and complex probability calculations for various activities, ranging from pricing securities to portfolio optimization. These calculations must be accurate and rely strongly on the integrity of the data used. However, due to their complexity, such activities can be extremely time consuming.
Quantum computers rely on the quantum mechanical principles superposition and quantum entanglement. Unlike traditional computers that use classical binary bit technology (1 on, 0 off), quantum technology uses qubits that allow them to assume both the on-off states and interact and influence each other regardless of medium or distance between them. Along with the other properties offered by quantum technologies, these machines are more efficient when calculating more complex operations.
There are three areas where quantum computing will bring significant improvements and opportunities for banks and financial industries: targeting and prediction, trading optimization and risk profiling.
1. Targeting and Prediction Modeling
Financial institutions often struggle with the inability to rapidly create analytical models, which can hinder their ability to target what products their customers need in almost real-time. Another issue with current customer targeting and prediction modeling is the inaccurate fraud detection systems that often provide false positives, thus delaying the onboarding of new customers.
Quantum computing can be a game changer for target and prediction modeling. The capabilities of these machines can better meet the challenges of complex data structures and make predictions that are simply not possible with today’s computers.
2. Trading Optimization
Trading activity in financial markets is becoming increasingly complex, compounded by regulatory requirements, such as great transparency and stricter validation processes. Today, investment managers must struggle with incorporating real-life constraints into portfolio optimization, like customer life-event changes and market volatility. With current technology, rebalancing portfolios and simulating numerous scenarios and investment options to keep up with fast-changing market movements are subject to transaction costs and computational limitations.
Quantum computing can assist investment managers in improving portfolio diversification. It can also rebalance portfolio investment to better react to rapidly changing market conditions and meeting investor goals with more cost-effective and streamlined processes for trading settlement.
3. Risk Profiling
Banks and financial institutions are often overly risk averse because they are under increased pressure to not only comply with regulatory requirements, but they also need to:
- Balance risk
- Effectively hedge positions
- Conduct stress tests
It is difficult to correctly manage the risk costs on trades because risk management, derivatives pricing and liquidity management are complex and difficult calculations to perform. It is expected going forward that amendments to (and perhaps new) regulations, directives and standards will continue to add to compliance costs. The good news is that quantum computers will have faster data-processing capabilities that will speed up risk scenario simulations that are more precise when testing potential outcomes.
Threats that Banks and Financial Institutions Face from Quantum Computing
Banks and financial institutions have been prime targets for cyber-attacks for a long time, especially as the popularity of digital banking continues to grow. A majority of the applications running on the Internet today are protected by public key cryptography that is a set of protocols such as RSA, ECC or DSA.
These classic protocols have been reliable in protecting data because it is assumed that it would take the most powerful traditional computers hundreds of years to crack them. However, they may not be strong enough to stand up to a future quantum computer: it is expected that quantum computers could easily break most of these encryption protocols and leave data unprotected.
There is much focus on what future threats CRQC (Cryptographically Relevant Quantum Computers) are aimed directly at financial services organizations. However, instead of waiting for quantum computing to arrive, hackers are already actively harvesting encrypted data. Why? Because once quantum computers are publicly available arrives, they intend to decrypt the data using a process called “steal now decrypt later” (SNDL).
This is of a particular concern to the Banking and Financials sector as well as other highly regulated organizations. In order to protect the valuable financial data they acquire and maintain, these organizations must prove to regulators that their systems meet the highest requirements of security, trustworthiness, reliability, and interoperability.
Every financial institution currently using public key encryption algorithms (cryptography) faces the threat of having all of their customer data, secure websites and customer-interaction software, as well as the hardware used to authenticate, encrypt, and decrypt payments, compromised by a single powerful quantum computer.
A SNDL attack might be set up today by collecting and storing encrypted data for eventual decoding when quantum computers are developed. And this is why it is critical for banks and financial institutions to commence with a transition phase sooner rather than later.
Preparation is Key to Protecting Your Critical Data
Quantum computing is not a myth. While it is anticipated that it is still a few years off, the time to prepare for it is now, especially if you are a bank or financial institution. These organizations are expected to be or may even be currently targeted by cybercriminals. Therefore, it is vital that they take steps now to protect themselves against future cyberattacks.
Utimaco follows the developments in the field of PQC and has long invested in quantum-safe solutions. We offer post quantum solutions for various disciplines, including Hardware Security Modules, Public Key Infrastructure and Consulting Services.
For an easy introduction into the world of quantum computing and post quantum cryptography, download our whitepaper: Quantum Computing: The World Beyond Ones and Zeros - A threat to Classical Cryptography?
Are you already familiar with Post Quantum Cryptography and looking for guidance on how to tackle this project for your organization? In our webinar, “Post Quantum Cryptography Fact Check - What you really need to know” we dispel myths and rumors and give concrete recommendations for action to prepare for the post-quantum age.