March 2026 – ECPC Position Paper on Crypto-Agility Strategies

Currently, cryptography faces the challenge of the potential development of quantum computers which could break today’s asymmetric cryptographic schemes. This development potentially affects the card payment landscape. While online transactions based on AES are by the current state of knowledge not vulnerable to the quantum threat, for offline transactions and other use cases action is required.

The ECPC Security Working Group has developed a position paper on cryptographic agility strategies for card and mobile payments. The position paper facilitates a common understanding of the challenges ahead and the path forward to prepare card payments for the quantum threat. Even more broadly, it takes a look at possibilities to achieve crypto agility in the decentralized card payment eco system by analysing use cases, technical challenges and risks.

A roadmap is recommended, which should include a prompt migration of online authorisation and PIN cryptography to AES, followed by enhancement of terminal and backend systems for full crypto agility and hybrid post-quantum support. The future direction and viability of offline authentication must be developed in close cooperation with all stakeholders. These proactive steps can prepare card payment ecosystems to remain resilient in the face of accelerating cryptographic change.