Quantum Computing Encryption: Are Businesses Safe Against More Advanced Technological Threats?
This article has been published in collaboration with our good friends over at Basis Theory, a provider focused on helping merchants with PCI compliance and creating more flexibility in their payment workflows.
Quantum computing may sound like something out of a science fiction movie, but it’s rapidly becoming one of the most significant threats to payment security. The power of quantum computing could exploit the same algorithms that have protected credit card numbers, tokens, and transaction data for decades.
It’s true that large-scale quantum computing is not commercially viable yet. But, adversaries are already prepared with “harvest now, decrypt later” strategies to collect encrypted data that can be decrypted when quantum capabilities have progressed.
Merchants, processors, and security vendors would be wise to act proactively and prepare their payment infrastructure for a post-quantum future, and evaluate their quantum computing encryption risk.
Recommended reading
- Credit Card Imprinters: Time to Update Your Point-of-Sale?
- What is EMV Bypass Cloning? Are Chip Cards Still Secure?
- Terminal ID Number (TID): What is it? What Does it Do?
- What is a Debit Network? How Does it Help You Get Paid?
- How Transaction Settlement Works: Guide to Manage Cash Flow
- ISO Country Codes: How They Work, Formats, Uses & More
What is Quantum Computing?
Let’s start by clarifying what we’re talking about here.
Classical computers are based on using bits, which can hold a value of 0 or 1. In contrast, quantum computers use qubits, a quantum superposition of the states 0 and 1, and whose value can be either 0 or 1. You won’t know until the value is measured.
The advantage of quantum computing has to do with quantum algorithms that can exploit superposition, entanglement, and interference. This lets the computer find solutions more efficiently for certain problems when compared to classic processing. Nothing in classical computing is cycling through all possible values that can be represented as 0 or 1.
This technology is impressive. But, it becomes a problem when we look to encryption.
Why Quantum Computing Threatens Payment Encryption
Complex encryption keys are not immune to being broken by classical computers, but the time necessary to do so renders the risk relatively low. However, the rapid analysis capabilities of quantum computing could make it possible to hack encryption keys more quickly than they can be updated.
Encryption methods like RSA and ECC have kept cardholder data safe for decades. However, quantum computing introduces a new variable for information security teams to consider: being able to exploit those widely-used encryption standards. Quantum computers, using algorithms like Shor’s, could solve the mathematical problems that have kept these standards secure in a very short period of time.
Shor’s algorithm is a quantum computing method that can quickly find the prime factors of large numbers; a task that's extremely slow for traditional computers. It works by using quantum mechanics to find patterns in numbers that classical methods can’t easily detect. This is important because many encryption systems rely on the difficulty of factoring large numbers. If powerful quantum computers become practical, Shor's algorithm could break these encryption methods, changing the way we secure digital information.
In short, the encryption used to protect credit cards, tokens, and PII could become obsolete in the face of quantum computing encryption cracking. This would put billions of transactions at risk.
Tokenization: Critical (But Not Complete) Defense
Aside from post-quantum cryptography, merchants should turn to tokenization with an independent payment vault.
Tokenization replaces sensitive payment data (like a PAN) with a non-sensitive token with no relationship to the original value. As a result, even if an adversary intercepts a token, there’s nothing to decrypt. Tokens become meaningless without access to the vault that it came from, making it significantly harder for even quantum computers to decrypt or recover the original information.
That said, most tokenization systems still rely on encryption to Secure the original sensitive data, and to encrypt the communication between systems (during a retrieval or detokenization.)
In other words, if quantum computers can break the encryption that secures the vault, the encryption keys used to detokenize, or the network layer protecting the data in transit, then the security of the entire tokenization system could be compromised.
Tokenization can help merchants reduce the risk of quantum computers breaking payment encryption, but it’s not a silver bullet against these threats. This is why a programmable payments vault like Basis Theory’s employs many other security systems to prevent access even to the encrypted data.
How Vault Providers Help Protect Payment Data
Token vaults still use encryption to secure the original data, both in transit and at rest, as required by PCI-DSS standards.
For customer data encrypted in transit, connections to all APIs and endpoints are made using TLS 1.3 or greater. When customer data is encrypted at rest, all token data is encrypted using a hierarchical key model rooted in a hardware security module.
It could also be argued that encryption at rest may use the same vulnerable algorithms. A big benefit of using a vault is having the ability to re-encrypt using stronger algorithms once weaknesses are identified and a plan is in place to guard against those.
Basis Theory can re-encrypt customer data at rest through a process completely transparent to the merchant. The token will not change, but the encryption grows stronger over time as the vault — in this scenario Basis Theory — would choose to evolve and re-encrypt.
This makes an independent vault not just a storage solution, but a resilience layer for any future payments stack.
Where the Industry Stands on Quantum-Safe Infrastructure
Encryption and tokenization should be viewed as complementary tools in defending against quantum-powered attacks. Together, they form the foundation of a quantum-resistant payment architecture.
No major global acquirer or card network has broadly shared any quantum-safe endpoints. However, several pilot programs suggest progress toward quantum computing encryption is underway. The Banco Sabadell, Accenture, and QuSecure partnership, for example, indicates that productization is closer to reality. This pilot is a benchmark for financial institutions to demonstrate how quantum-safe technologies can be implemented in complex environments.
According to the news release cited above, one of the project’s main innovations was the deployment of network-layer encryption. This enables organizations to implement quantum-safe standards without overhauling existing infrastructure.
FS-ISAC released more guidance in February 2025 to help the payment card industry mitigate the risks of quantum computing. The series advises strong access controls to restrict access to cardholder data, encryption of sensitive data, and mitigation strategies to reduce quantum-related threats in a post-quantum PCI ecosystem.
The timeline for quantum disruption isn’t decades long. Quantum computing encryption risk could come any time, and start to emerge at an accelerating rate. While current encryption protocols may hold for now, the data being stored today is becoming a liability for tomorrow. Adversaries are already harvesting data who are betting on quantum computing encryption cracking breakthroughs.
So, what should businesses do to adapt to this new reality? One can start by:
If quantum computing hasn’t been raised during any quarterly or yearly planning conversations, use this blog as the catalyst for change. Providers like Basis Theory can help merchants reduce their data risk and prepare for a future that is out of a science fiction movie. This isn’t just a security concern, it’s a strategic decision.
FAQs
What is encryption in quantum computing?
In the context of quantum computing, encryption refers to how data is protected against quantum-enabled attacks. It also includes the development of post-quantum cryptography, or new encryption methods designed to withstand the capabilities of quantum computers.
Can quantum computers break any encryption?
Quantum computers have the potential to break certain types of encryption, especially those based on factoring (like RSA) or discrete logarithms (like ECC), using algorithms such as Shor’s. However, not all encryption methods are vulnerable; some remain secure even against quantum attacks.
Can AES-256 be cracked by quantum computers?
AES-256 is considered relatively resistant to quantum attacks due to its symmetric key structure. While Grover’s algorithm could theoretically reduce its security from 256-bit to 128-bit, that still provides strong protection and makes it impractical to break with foreseeable quantum hardware.
Which encryption is safe from quantum computing?
Symmetric encryption schemes like AES (with longer keys) and hash-based algorithms are generally more resistant to quantum threats. Additionally, researchers are developing and standardizing post-quantum cryptography, or encryption algorithms specifically designed to be secure even against large-scale quantum computers.
