Alert Banner Text Goes Here Alert Banner Text Goes Here Alert Banner Text Goes Here Alert Banner Text Goes Here
What We Do
Since 1989, Bottomline has been modernizing global business payments with connected solutions for more than 800,000 financial institutions and businesses in 92 countries.
AP Automation AP Automation For Real Estate Payments Hub
Payouts Automation Payments Processing Receivables Automation Payments Hub
Paymode Pay Vendors Receive Payments Partner With Us
Connectivity Services Message Transformation & Enrichment Message Vault Risk Solutions
Connectivity Services Message Transformation & Enrichment Message Vault Payments Verification Payments Verification for Businesses
Global Cash Management Hub Digital Banking
Global Cash Management Hub
Who We Serve
Our Company
By Owen McDonald, Editor, Bottomline
What will organized cybercrime do with incredibly powerful quantum computers coupled with Gen-AI? We’re going to find out sooner than people think, and it’s straight up scary.
The big tipoff came quite recently, in a half-overlooked August memo from The National Institute of Standards and Technology (NIST), part of the US Department of Commerce.
It said that US Commerce Secretary Gina Raimondo has officially “…approved three Federal Information Processing Standards (FIPS) for post-quantum cryptography.”
Great. What’s post-quantum cryptography? PQC is the creation of new mathematical standards, plus “key establishment and digital signature schemes that are designed to resist future attacks by quantum computers,” NIST said. Amazing. But why now?
Well, the US government is clearly anxious about “attacks by quantum computers.”
As one of America’s oldest and most trusted national laboratories, NIST is telling banks and corporations now that quantum computing is coming to a fraudster near you before long. It threatens “the security of current standards,” per the announcement.
In other words, no one is safe when (not if) quantum computers initiate fraud attacks. These machines are thousands of times faster than today’s best supercomputers.
We know that Amazon Bracket, Google Quantum AI, IBM Quantum Experience Platform, and Microsoft Azure Quantum, to name a few, are operational to varying degrees. Many market watchers expect commercial quantum computing to just suddenly arrive, much like Gen-AI.
To prepare for that day, the three new algorithms chosen “are each derived from different submissions to the NIST Post-Quantum Cryptography Standardization Project,” they said.
“It's not science fiction,” says Chirag Patel, recently named Chief Information Security Officer (CISO) at Bottomline.
“It's basically the next cutting-edge technology that uses quantum mechanics to solve very complex problems. These computers have the ability to solve extremely complex problems that today's supercomputers either can't solve or would take decades to solve.”
The challenge is that this highly innovative technology can also be used to do harm by malicious actors. More about this in a minute.
Patel brings his extensive cyber experience to Bottomline at a transformative time.
While he’s got more than just thoughts on threats like quantum fraud, that threat is not yet mainstream. Like others, he’s busy with endless B2B fraud attempts using today’s technology.
A true member of the digerati like all other CIOs and CISOs, Patel nevertheless understands that “going digital significantly expands your attack surface from a threat perspective,” he said.
A key area of interest among CISOs right now and into 2025 is ensuring the accuracy, security and availability of the services from both internal and external threats.
The stunning part of this all isn’t that cybercrooks steal. It’s more about how many banks and corporations, in full knowledge of the threat, leave digital doors and windows open.
According to the PwC 2025 Global Digital Trust Insights report, “Despite heightened concerns about cyber risk, only 2% of executives say their company has implemented cyber resilience actions across their organization in all areas surveyed.”
Per PwC, the current heightened risk cyber landscape looks like this:
Estimated cost of the average data breach (US$3.3M)
Cloud-related threats (42%)
Hack-and-leak operations (38%)
Third-party data breaches (35%)
Patel added that insider threats are up from both malicious and non-intentional sources, as is phishing and business email compromise, among vectors seeing more activity now.
The steady (if slow) digitization of business payments and, increasingly, the move to highly secure closed-loop B2B payment networks, offer the strongest cybersecurity available. It is essentially bank-grade technology combined with careful vetting, and it gets results.
In the looming shadow of quantum computing fraud, new tools and tactics are being distributed by NIST and other entities. Whatever the threat, payments must become an impenetrable target – or at least so tough that fraudsters may move on to easier pickings.
“Our overall goal is making sure that we're providing end-to-end security of our payment ecosystem,” Patel says. “That's a strong collaboration between ourselves, our clients, the Swift network, the ACH network, and others.”
Patel is now pursuing key objectives including resiliency for products and services, maintaining customer confidence via performance, minimizing fraud, and complying with regulations. “We must meet some very stringent security guidelines consistently to be able to move money in these financial ecosystems,” he said.
While quantum computing is not yet mainstream, organizations should absolutely start planning for this change now. Some key things organizations can start doing now include:
People and Technology: Assess your current cryptography program across skills, capacity and technology. Do you have what it will take? Consider finding the right strategic partner. Look for a partner to help build an overall plan that includes both process and technology.
Understand your inventory: Most organizations do not have a catalog of where all these algorithms exist within their networks, systems, and applications. Assess your current inventory for completeness. Most organizations will find that additional work is needed.
Build a risk-based plan: Assess your critical assets, data, and attack surface to establish a risk-based approach to prioritizing the execution of post-quantum cryptography.
NIST news link: Post-Quantum Cryptography FIPS Approved | CSRC (nist.gov)