Payments industry faces urgent call to address quantum threats

The payments industry is being urged to act decisively on the looming risks posed by quantum computing, following the release of a landmark report from the Emerging Payments Association Asia (EPAA).

Urgent call to address quantum threats

The study, Quantum Safe Payments: Why the Payments Industry Must Act Now, warns that current cryptographic protections underpinning digital wallets, Open Banking platforms and real-time payment systems could be rendered obsolete by advances in quantum technology.

Harvest-Now, Decrypt-Later

For decades, the security of payments has rested on encryption standards that ensure data confidentiality, identity verification and the integrity of transactions.

But quantum computing, while offering breakthroughs in areas such as medical research and climate modelling, is also expected to crack these protections.

Regulators now see “harvest-now, decrypt-later” tactics — where encrypted data is stolen today and unlocked once quantum capabilities mature — as a credible and near-term risk.

The EPAA report underscores that awareness remains dangerously low.

Across a series of regional workshops in Sydney, Hong Kong, Singapore and Malaysia, only one in five participants said their senior stakeholders were “very familiar” with the quantum threat, while nearly half admitted to little or no understanding.

Given that this sample comprised professionals already engaged in the issue, wider industry preparedness is likely to be even weaker.

Delay No Longer An Option

According to EPAA chief executive Camilla Bullock, delay is no longer an option.

“Quantum computing has the potential to deliver extraordinary breakthroughs in healthcare, climate modelling and scientific research, but in the wrong hands it poses serious risks.

We know scammers are already collecting encrypted data, waiting for quantum computers to break it. The time for banks and payments providers to act is now,” she said.

The report recommends practical steps such as building an inventory of cryptographic assets, transitioning to post-quantum algorithms already standardised by the US National Institute of Standards and Technology, and embedding “crypto-agility” so new protections can be rapidly adopted as threats evolve.

Payment providers are also advised to review vendor contracts to ensure suppliers can meet quantum-safe standards and to begin decommissioning unnecessary stored data that could otherwise be exposed.

Governments in Singapore, Australia, China and Japan are already investing heavily in post-quantum infrastructure, while regulators are signalling that compliance requirements are imminent.

EPAA argues that APAC’s payments ecosystem has a chance to lead globally if it embraces quantum-safe strategies early.

The conclusion is stark: trust underpins every transaction, and quantum risk threatens to undermine that trust at its core.

For the region’s payments providers, the challenge is not a future technical upgrade but an immediate strategic imperative. Quantum-safe systems will not only protect economies but also define competitive advantage in the next era of digital finance.