How post-quantum cryptography could reshape instant payment security

European payment providers are in a race against time to prepare for the imminent arrival of quantum technology. The National Institute of Standards and Technology (NIST) has published post-quantum cryptography standards, and the EU is targeting a migration to quantum-resistant encryption by 2030 at the latest. But transitioning cryptographic infrastructure could take 10 to 20 years, so it’s crucial that payment providers begin their preparations now.

It’s not known exactly when quantum computers will break RSA-2048 encryption. But experts warn that criminals are already stealing encrypted data today to decrypt later when quantum technology is available. In this article, we will examine how early preparation can help your company stay ahead of emerging quantum risks and upcoming regulatory requirements.

The Global Risk Institute’s Quantum Threat Timeline Report 2024 estimates there’s a 17% to 34% chance quantum computers will break RSA-2048 encryption by 2034 - the highest estimate in six years of expert surveys.

What makes this particularly concerning is that criminals aren’t waiting for quantum computers to arrive. They’re already collecting encrypted payment data in ‘steal now, crack later’ attacks, planning to break it once quantum technology becomes available.

The economic impact could be huge. Security experts estimate that one successful quantum attack could cost between €730 billion and €1.95 trillion, potentially triggering major economic disruption. Other worrying knock-on effects include the gradual erosion of consumer trust, disruption to business operations, and ripple effects across interconnected payment networks.

Fortunately, regulators are taking this seriously. Eighteen EU countries have signed a joint warning about quantum threats, including Germany’s Federal Office for Information Security (BSI), which says critical systems should switch to quantum-safe encryption by 2030.

Currently, payment security relies heavily on RSA (a type of asymmetric encryption) and elliptic curve cryptography (ECC). But both will be vulnerable once practical quantum computers are available.

The EU’s Commission Recommendation 2024/1101 encourages all systems handling sensitive data to switch to post-quantum cryptography by 2030. And the Digital Operational Resilience Act (DORA), which started in January 2025, already requires quantum-safe data protection as part of operational resilience frameworks.

Here’s how the recommended timeline is structured:

• Complete cryptographic inventory by 2025: Identify and document all cryptographic assets, protocols, and systems currently in use, especially those protecting sensitive information.
• Begin testing hybrid approaches by 2026: Start testing and piloting hybrid cryptographic solutions (which combine classical and post-quantum algorithms) to ensure compatibility and security during the transition period.
• Complete full migration by 2030: Achieve a full migration to post-quantum cryptography, particularly for critical infrastructure and public sector systems.

The Network and Information Systems Cooperation Group (NIS) is expected to publish the final Europe-wide roadmap for the migration to post-quantum cryptography by April 2026. This will provide clearer technical requirements and guidance for public administrations and critical infrastructure operators like payment networks. The timelines are designed to ensure a smooth transition and compliance, similar to how PSD2 compliance became standard practice across the financial sector.

Fortunately, many institutions aren’t waiting for that regulatory pressure to begin. Santander chairs Europol’s Quantum Safe Financial Forum (QSFF), bringing together over 35 institutions, including Barclays, BNP Paribas, and Mastercard, to coordinate the transition.

In June 2023, the Bank for International Settlements’ (BIS) Project Leap successfully tested quantum-safe communication channels between Banque de France and Deutsche Bundesbank by transmitting simulated payment messages over a quantum-resistant network. Although actual financial data wasn’t used in the tests, BIS was able to demonstrate the feasibility of protecting financial messaging against future quantum threats. 

And Worldline (the only payment company participating in NIST’s post-quantum cryptography standardisation process), is demonstrating that digital banking innovation accelerates when regulatory and competitive pressures align.

SEPA Instant Credit Transfer (SCT Inst) payments face a unique set of challenges when migrating to quantum-safe cryptography that don’t affect traditional batch processing systems. New NIST algorithms like ML-KEM are up to 10 times slower than current RSA encryption and use much larger data packets - for example, a traditional RSA key might be 256 bytes but ML-KEM keys range from about 800 to 1,568 bytes depending on the security level. This increased size and processing demand can impact the speed and efficiency needed for real-time instant payments, making migration more complex than for batch-based systems.

SCT Inst systems also run 24/7, leaving little downtime to implement updates. So, while traditional banking systems can be updated overnight during maintenance windows, instant payment infrastructure needs migrations to be seamless so as not to cause interruption. This creates coordination challenges across the entire payment chain.

Leading cybersecurity authorities, including ANSSI (France’s national cybersecurity agency), recommend using hybrid implementations during the transition to post-quantum cryptography - for example, running classical RSA or ECC encryption together with post-quantum algorithms. This will ensure backward compatibility, although it will also increase the complexity of payment systems. But applying quantum-safe encryption selectively, based on transaction risk, could help manage performance and operational challenges more efficiently.

It’s important to start planning your transition to quantum-safe cryptography now rather than waiting for regulatory deadlines. And while it may seem like a daunting task, the process shouldn’t be overwhelming if you break it down into manageable steps:

1. Identify all vulnerable systems: Review every place your payment systems use RSA, ECC or other quantum-vulnerable encryption - including website connections, card authentication, firmware, hardware security modules and legacy applications.
2. Talk with technology suppliers: Ask your vendors about their quantum-safe roadmap, including specific timelines and NIST-compliant algorithms, so you can align your migration plans.
3. Plan your approach based on your role: Card issuers should coordinate closely with payment networks like Visa and Mastercard on the timing of migration. Payment service providers should build flexible systems that can switch between old and new encryption methods. And merchants should ensure their providers have quantum-safe plans and communicate upcoming changes to customers.
4. Start testing early: Pilot hybrid approaches (running old and new encryption side-by-side) to understand the impact on performance and resolve any issues before the migration becomes mandatory. Consider participating in industry groups like Europol’s Quantum Safe Financial Forum to help share costs and best practices.

The quantum threat to European payments is real and approaching faster than many expect. With NIST standards now published and EU regulations requiring quantum-safe transitions by 2030, the window for preparation is narrowing.
Implementation will be a global collaborative effort, and organisations need to start planning now so that they can manage this transition smoothly and even gain a competitive advantage over those that don’t. European payment companies have the opportunity to lead the global shift to quantum-safe payments; the question is, how soon can they act?

Want to learn about G+D Netcetera’s experience in security and trust? Get in touch with our experts.