How might the development of quantum computing impact card data protection against card theft?

[Student]

The development of quantum computing represents a revolutionary step in information technology that could fundamentally change approaches to data protection, including preventing card fraud. For educational purposes, we will examine this topic in detail, breaking it down into key aspects: the fundamentals of quantum computing, its impact on cryptography, specific threats and opportunities for protecting card data, and current limitations and prospects.

1. Fundamentals of Quantum Computing and its Relation to Data Security​

Quantum computers utilize principles of quantum mechanics, such as superposition, entanglement, and interference, to perform calculations beyond the capabilities of classical computers. Unlike bits in classical systems (0 or 1), quantum computers operate with qubits, which can be in superposition (a combination of 0 and 1 simultaneously), allowing them to process massive amounts of data in parallel.

Key to data security is the ability of quantum computers to solve certain mathematical problems exponentially faster than classical systems. This directly impacts cryptography, which underpins the protection of card data.

2. Quantum computing threats to current security systems​

Most modern data security systems, including those used in banking transactions, rely on asymmetric cryptography such as RSA, Diffie-Hellman, and elliptic curve cryptography (ECC). These algorithms exploit the difficulty of two mathematical problems: factoring large numbers and calculating discrete logarithms. Quantum computers can undermine their security in the following ways:

• Shor's Algorithm: Developed by Peter Shor in 1994, this quantum algorithm can factor large numbers and solve the discrete logarithm problem with exponential speed. For example, RSA-2048, which is considered secure for classical computers (it takes billions of years to crack), can be cracked by a quantum computer with enough qubits in hours or even minutes.
  • Implications for card fraud: If attackers gain access to a quantum computer, they will be able to decrypt intercepted card data (e.g., numbers, CVV codes, PINs) encrypted using vulnerable algorithms. This will make man-in-the-middle attacks or hacking databases containing encrypted data much more effective.
• "Harvest Now, Decrypt Later" attack: Even if quantum computers aren't yet capable of breaking encryption, attackers can harvest encrypted data now (for example, by intercepting online shopping or banking system traffic) and decrypt it later when quantum technologies become more accessible. This poses a long-term threat to card data stored in databases.
• Infrastructure vulnerabilities: SSL/TLS protocols used to secure online transactions also rely on RSA and ECC. Their vulnerability to quantum attacks could allow carders to intercept data during transactions, even if they are protected by modern standards.

3. The potential of quantum technologies for protecting card data​

Quantum computing not only poses threats but also opens up new opportunities for improved security. Let's consider the key areas:

3.1 Quantum Key Distribution (QKD)​

• How it works: QKD, such as the BB84 protocol, uses the quantum properties of particles (photons) to securely transmit cryptographic keys. If an attacker attempts to intercept a key, the quantum nature of the system (e.g., the Heisenberg uncertainty principle) makes the tampering detectable, as measuring the quantum state changes it.
• Application in card security: QKD can be used to secure communication channels between the bank, payment system, and user. For example, the transmission of card data during an online payment over a QKD network will be protected from interception, making card fraud virtually impossible.
• Example: China has already deployed quantum communications networks (e.g., the Micius satellite and the Beijing-Shanghai terrestrial network) that demonstrate the capabilities of QKD. Financial institutions could adapt similar technologies to secure transactions.

3.2 Post-quantum cryptography​

• What is it: Post-quantum cryptography (PQC) is a class of cryptographic algorithms that are resistant to attacks by both classical and quantum computers. They are based on mathematical problems that quantum algorithms (such as Shor's or Grover's) cannot solve efficiently. Examples include:
  • Lattice-based cryptosystems such as the Kyber or Dilithium algorithms.
  • Code-based cryptography, such as McEliece.
  • Schemes based on hash functions or multivariate polynomials.
• Application: Payment systems such as Visa or Mastercard can implement PQC to protect card data. For example, replacing RSA with Kyber for transaction encryption will make them resistant to quantum attacks.
• Current progress: The US National Institute of Standards and Technology (NIST) has been holding a competition to standardize post-quantum algorithms since 2016. The first standards (such as CRYSTALS-Kyber) were selected in 2022, and by 2025, their implementation is being actively tested in the financial sector.

3.3. Quantum Tokens and Authentication​

• Quantum technologies can create unique transaction identifiers based on quantum states. Such tokens are impossible to counterfeit or replicate due to the uniqueness of their quantum properties.
• Application: Banks can use quantum tokens to confirm transactions, making it impossible to reuse stolen card data (one of the common carding methods).
• Example: Quantum authentication technologies are already being researched by startups such as ID Quantique, which is developing solutions for the financial sector.

3.4. Improving fraud detection​

• Quantum algorithms, such as Grover's algorithm, can speed up searches in large databases, which is useful for fraud detection systems. For example, real-time transaction analysis to identify suspicious patterns (anomalies) could become faster and more accurate.
• This will allow banks to more quickly identify cases of carding based on data theft or the use of compromised cards.

4. Current limitations of quantum technologies​

As of September 30, 2025, quantum computing is in its early stages of development and its impact on data protection is limited by the following factors:

• Insufficient quantum computing power: Breaking RSA-2048 requires a quantum computer with millions of stable qubits and a low error rate. Current quantum computers (such as the IBM Osprey with 433 qubits or Google's Sycamore) fall far short of this level. Such machines are not expected to appear until 2030–2035.
• High cost of QKD: Quantum key distribution requires specialized infrastructure (fiber optic lines or satellites), making it expensive for mass adoption in payment systems.
• Slow transition to PQC: Although post-quantum cryptography standards have already been developed, their implementation into banking systems takes time. This creates a "window of vulnerability" during which card data can be harvested for future attacks.
• Technology availability: Quantum computers are currently only available to large corporations and research centers. Fraudsters engaged in carding are unlikely to gain access to such resources in the coming years.

5. Impact on carding: scenarios and risks​

Carding is a form of fraud in which criminals use stolen card data for unauthorized transactions. Quantum computing could impact this process in the following ways:

• Increased attack efficiency:
  • If quantum computers become accessible to attackers, they will be able to:
    • Quickly decrypt stolen databases with card numbers.
    • Crack encryption keys used in online transactions.
    • Bypass authentication systems based on outdated algorithms.
  • This will make carding methods such as data interception, phishing, or exploitation of database vulnerabilities more destructive.
• Decrease in carding efficiency with the introduction of quantum technologies:
  • If banks and payment systems are the first to implement QKD and PQC, carding will become more difficult. For example:
    • QKD will ensure the protection of data transmission channels, preventing interception.
    • Post-quantum algorithms will render stolen encrypted data useless.
    • Quantum tokens will make it more difficult to reuse stolen data.
• Adoption asymmetry: In the next 5-10 years, quantum technologies will likely be available to large financial institutions rather than small carders. This creates a temporary advantage for banks if they adapt quickly.

6. Practical steps to protect card data​

To minimize the risks of carding in the era of quantum computing, financial institutions and users are advised to:

1. Transition to post-quantum algorithms:
   • Banks and payment systems should begin testing and implementing algorithms such as CRYSTALS-Kyber or Dilithium to encrypt card data and transactions.
   • Hybrid schemes (a combination of classical and post-quantum algorithms) may be a temporary solution to ensure compatibility.
2. Investing in quantum cryptography:
   • Implementation of QKD to protect critical communication channels (e.g. between a bank and a processing center).
   • Research on quantum tokens for transaction authentication.
3. Strengthening monitoring and analytics:
   • Using quantum algorithms to analyze transactions and detect fraud in real time.
   • Implementation of multi-factor authentication (MFA) that does not rely on vulnerable cryptosystems.
4. Education and training:
   • Financial institutions must train their professionals on new security standards related to quantum technologies.
   • Users should be informed about the need to update their software and use secure channels for transactions.
5. International cooperation:
   • Participation in global initiatives such as NIST standards or quantum security projects (e.g. EuroQCI in Europe) to unify approaches to data protection.

7. Prospects and timeframes​

• Short term (2025–2030):
  • Quantum computers do not yet pose a threat to current encryption systems because their power is limited.
  • The primary focus should be on preparing for the transition to post-quantum cryptography. For example, banks could launch pilot projects to implement PQC in their processing systems.
  • QKD can be used on a limited scale to protect particularly sensitive transactions.
• Medium term (2030–2035):
  • Quantum computers capable of breaking RSA and ECC are expected to emerge. This will require a complete transition to post-quantum algorithms.
  • QKD could become the standard for protecting critical infrastructure in the financial sector.
• Long-term perspective (2035+):
  • Quantum technologies will become part of everyday infrastructure. Carding based on data theft will become virtually impossible with the use of QKD and PQC.
  • However, new types of attacks using quantum technologies may emerge, which will require further research.

8. Conclusion​

The development of quantum computing creates both threats and opportunities for protecting card data from card fraud. In the short term, the main threat is the potential collection of data for future attacks, but current encryption systems remain secure. In the long term, winning the fight against card fraud will depend on the rapid adoption of post-quantum cryptography and quantum protocols like QKD. Financial institutions need to invest in research and infrastructure now to stay ahead of attackers. It's important for users to choose banks and payment systems that actively adapt to new technologies to minimize the risk of fraud.

If you have any additional questions or would like to delve deeper into a specific aspect (such as the technical details of QKD or examples of post-quantum algorithms), let us know!