Skip to content
Tiatra, LLCTiatra, LLC
Tiatra, LLC
Information Technology Solutions for Washington, DC Government Agencies
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact
 
  • Home
  • About Us
  • Services
    • IT Engineering and Support
    • Software Development
    • Information Assurance and Testing
    • Project and Program Management
  • Clients & Partners
  • Careers
  • News
  • Contact

Mastercard preps for the post-quantum cybersecurity threat

The ecosystem of digital payments is a sitting duck.

The billions of transactions we conduct online today are protected by what are called public-key encryption technologies. But as quantum computers become more powerful, they will be able to break these cryptographic algorithms. Such a cryptographically relevant quantum computer (CRQC) could deliver a devastating impact to global cybersecurity protocols.

To prepare for this worst-case scenario, Mastercard launched its Quantum Security and Communications project, which earned the company a 2023 US CIO 100 Award for IT innovation and leadership.

“We’re working proactively to mitigate the future risks related to quantum computing that could impact the security of the billions of digital transactions we process globally,” says George Maddaloni, chief technology officer of operations at Mastercard, explaining the impetus for the project.

The post-quantum cybersecurity landscape

As it stands today, the online transactions that you and I conduct swear allegiance to public-key cryptography. In this technique, the person (or entity) sending the message secures (locks) it with a publicly available “key” and the entity at the receiving end decrypts it with a private key. The premise is that since only the receiver has the private key, the transaction is secure.

Secure private keys derive from mathematical algorithms — the Rivest-Shamir-Adleman (RSA) algorithm is a common one — that are impossible to reverse-engineer and hack. At least until a CQRC gets here and does so through sheer brute force of quantum computing.

Entities in the private and public sector are preparing by following one of two tracks: working on a whole new set of quantum-resistant algorithms on which to base the private keys (post-quantum cryptography, PQC) or using quantum physics to do the same (quantum key distribution, QKD). Mastercard’s project focuses on the latter method. Other enterprises in the financial sector are also exploring QKD.

On a parallel track, public institutions such as the National Institute of Standards and Commerce (NIST) are following the “harden-the algorithms” PQC approach. NIST has selected four quantum-resistant algorithms and is in the process of standardizing them. The final ones are expected to be available in the first half of 2024 and NIST has established a quantum-readiness roadmap for enterprises to follow.

The Mastercard project

Given that Mastercard has embraced the quantum key distribution method, its pilot project determined the architectural requirements and limitations of QKD and the operational readiness of the QKD systems.

Mastercard’s Maddaloni reports that the team tested the quantum key distribution solution over a dark fiber network. Toshiba and ID Quantique were used to produce the keys. Two networking vendors that Mastercard has worked with in the past were also brought in. Their input from an IP Ethernet networking perspective helped, Maddaloni says. The goal was to conduct an inventory of the types of networking capabilities within Mastercard’s network, which has thousands of endpoints connected with a few different telecommunications capabilities. “We wanted to look at whether the quantum key distribution capabilities work in that environment,” Maddaloni says.

“The availability of QKD-enabled services and equipment is very specialized and currently quite limited,” Maddaloni says. “Not many hardware vendors have features available that can integrate with the QKD systems.” Designing the test was also challenging. QKD requires individual photons to arrive at precise times, and quantum states used for encryption can be easily disturbed by external factors such as noise, temperature changes, and vibration, among other factors.

“The project was designed to meet these challenges and deliver provable results and validation of the technology potential,” Maddaloni adds. And it was successful.

The great migration

Questions of cybersecurity like the ones Mastercard is addressing are key because they address the very foundation of the system that financial institutions have built.

“Transaction security and the trust of our customers are the backbone of our business,” Maddaloni points out. “The impact of current PKI encryption methods being compromised could quite literally threaten our ability to operate securely,” he adds. “We believe being ready for a post-quantum landscape is part of our job and sends the right message to our partners, our customers, and our regulators.”

Jeff Miller, CIO and senior vice president of IT and Security at Quantinuum, a full-stack quantum services company, agrees that protecting data is vital because “it’s a conversation of trust with the consumer.” The process of being crypto-agile is realizing that bad actors get more creative in the ways that they break into environments. As a result, enterprises must continue to build an iterative process and develop protocols to address these vulnerabilities.

While financial companies such as Mastercard are gearing up using their own pilot projects, the industry standards committee X9 is also working on guidance for enterprises in the financial sector, points out Dr. Dustin Moody, a mathematician who leads the post-quantum cryptography project at the National Institute of Standards and Technology (NIST).

The road ahead is not easy, the experts admit. “The availability of quantum key distribution services and equipment is still very limited. Some of the hardware vendors we worked with have features that are just announced and very new in the market, and some haven’t even been generally made available,” Maddaloni points out. “I do think that the industry understands that financial services will need this capability in the future.”

Moody advises companies to hone their post-quantum readiness despite what might look like a daunting landscape. The first order of business? “You need to find all instances of public-key cryptography, which is tricky and it will take time to do that inventory,” Moody says. “It’s gonna be a complex migration that will take time,” he says, “so we encourage organizations to get ahead of it as soon as they can.”

Miller agrees. He likens the process to preparing for Y2K, when enterprises were worried about formatting and storage of information beyond the year 2000. The migration to post-quantum preparedness even has a similar catchy acronym: Y2Q. A key difference, Miller says, is that there was a fixed countdown clock to Y2K. The cryptographically relevant quantum computer is not here today but it could be five years from now. Or ten.

“Knowing that we don’t have a firm date for when our current encryption methodologies are no longer useful,” Miller says, “that’s what keeps me awake at night.”

CIO 100, Data and Information Security, Quantum Computing
Read More from This Article: Mastercard preps for the post-quantum cybersecurity threat
Source: News

Category: NewsSeptember 22, 2023
Tags: art

Post navigation

PreviousPrevious post:Rockwell Automation makes shift to ‘as-a-service’ modelNextNext post:Top 15 data management platforms available today

Related posts

SAS supercharges Viya platform with AI agents, copilots, and synthetic data tools
May 8, 2025
IBM aims to set industry standard for enterprise AI with ITBench SaaS launch
May 8, 2025
Consejos para abordar la deuda técnica
May 8, 2025
Training data: The key to successful AI models
May 8, 2025
Bankinter acelera la integración de la IA en sus operaciones
May 8, 2025
The gen AI at Siemens Mobility making IT more accessible
May 8, 2025
Recent Posts
  • SAS supercharges Viya platform with AI agents, copilots, and synthetic data tools
  • IBM aims to set industry standard for enterprise AI with ITBench SaaS launch
  • Consejos para abordar la deuda técnica
  • Training data: The key to successful AI models
  • Bankinter acelera la integración de la IA en sus operaciones
Recent Comments
    Archives
    • May 2025
    • April 2025
    • March 2025
    • February 2025
    • January 2025
    • December 2024
    • November 2024
    • October 2024
    • September 2024
    • August 2024
    • July 2024
    • June 2024
    • May 2024
    • April 2024
    • March 2024
    • February 2024
    • January 2024
    • December 2023
    • November 2023
    • October 2023
    • September 2023
    • August 2023
    • July 2023
    • June 2023
    • May 2023
    • April 2023
    • March 2023
    • February 2023
    • January 2023
    • December 2022
    • November 2022
    • October 2022
    • September 2022
    • August 2022
    • July 2022
    • June 2022
    • May 2022
    • April 2022
    • March 2022
    • February 2022
    • January 2022
    • December 2021
    • November 2021
    • October 2021
    • September 2021
    • August 2021
    • July 2021
    • June 2021
    • May 2021
    • April 2021
    • March 2021
    • February 2021
    • January 2021
    • December 2020
    • November 2020
    • October 2020
    • September 2020
    • August 2020
    • July 2020
    • June 2020
    • May 2020
    • April 2020
    • January 2020
    • December 2019
    • November 2019
    • October 2019
    • September 2019
    • August 2019
    • July 2019
    • June 2019
    • May 2019
    • April 2019
    • March 2019
    • February 2019
    • January 2019
    • December 2018
    • November 2018
    • October 2018
    • September 2018
    • August 2018
    • July 2018
    • June 2018
    • May 2018
    • April 2018
    • March 2018
    • February 2018
    • January 2018
    • December 2017
    • November 2017
    • October 2017
    • September 2017
    • August 2017
    • July 2017
    • June 2017
    • May 2017
    • April 2017
    • March 2017
    • February 2017
    • January 2017
    Categories
    • News
    Meta
    • Log in
    • Entries feed
    • Comments feed
    • WordPress.org
    Tiatra LLC.

    Tiatra, LLC, based in the Washington, DC metropolitan area, proudly serves federal government agencies, organizations that work with the government and other commercial businesses and organizations. Tiatra specializes in a broad range of information technology (IT) development and management services incorporating solid engineering, attention to client needs, and meeting or exceeding any security parameters required. Our small yet innovative company is structured with a full complement of the necessary technical experts, working with hands-on management, to provide a high level of service and competitive pricing for your systems and engineering requirements.

    Find us on:

    FacebookTwitterLinkedin

    Submitclear

    Tiatra, LLC
    Copyright 2016. All rights reserved.