Financial services giant Mastercard has developed a new type of contactless card that incorporates quantum cryptography, designed to protect against hacks from current classical computers and future quantum computers.
The enhanced contactless card uses standards recently revealed by finance industry technical body EMVCo known as “the EMV Contactless Kernel Specifications” that work with all existing payment terminals while also providing higher levels of security that are also “future proof”.
When quantum computing technology reaches a point known as quantum supremacy, where the machines can perform near errorless calculations impossible with classical computers, it will also render current cryptography solutions simple to crack, meaning specific quantum security will be required. Experts expect this point to be reached by 2025-2027.
Mastercard says its new card is a “significant milestone that brings quantum-era security and privacy protection to contactless payments”. It will come with next-generation algorithms and cryptographic keys that have been designed to be fast, ensuring a contactless payment happens in under half a second, according to payment vendor, along with enhanced privacy protections to reduce the amount of account information shared between the consumer device and merchant terminal.
There are predicted to be more than 12.5 billion contactless payment devices in active use by 2027 and transactions made using these devices will top $10trn globally.
“Technology has the potential to open new opportunities for both consumers and fraudsters,” said Ajay Bhalla, president for cyber and intelligence at Mastercard. “That’s why future-proofing security is critical.”
Wider roll-out of quantum Mastercards in 2023
Mastercard says it expects to begin the transition to these new cards at pace in 2023, providing the specifications for various card manufacturers. The goal, says Bhalla is to ensure “a seamless transition from today’s contactless experience” as quantum computers take hold.
Key features of the new specifications include a secure channel for privacy, eavesdropping prevention and protection of sensitive data from man-in-the-middle and relay attacks. It also includes elliptic curve cryptography for authentication and support for biometric and mobile verification methods.
Mastercard says it has also developed the specifications in partnership with EMVCo to ensure they are optimised for cloud operations and potential on-card data storage so that privacy and integrity protection can be on the cloud and not remote.
Earlier this year the US government issued a requirement for government departments to begin adopting quantum-resistant cryptography and NIST, the Department of Commerce’s National Institute of Standards and Technology has selected four quantum cryptography algorithms that will form part of a new set of cryptography standards.
These new global cryptography standards are likely to be used by companies and governments as they begin to plan their transition to quantum readiness.
“We knew quantum computers could break public key cryptography since 1995,” said Dr Ali El Kaafarani, PQShield founder and CEO told Tech Monitor earlier this year. “The NSA and governments didn’t take action until 2015 because that is when the technology advanced enough to start to need to find alternatives to RSA. This was the start of the standardisation project.”
He added: “We don’t know when we are going to have a quantum computer. People say 10-15 years but nobody can give you proof it won’t come earlier. Also, will someone actually tell you if they build it earlier? Especially if they have malicious intent?”
The other issue, Dr El Kaafarani said, is that it will likely take a long time to gradually switch to quantum cryptography. “This makes it an urgent matter you need to start now,” he said.