Quantum Key Distribution in Banking – New Security Standard or Niche Solution?
Quantum Key Distribution (QKD) secures key exchange through physics rather than mathematical assumptions. The article breaks down how the BSI, EU pilot projects, and banks like Erste Group and HSBC currently assess the technology.
- Encrypting Sensitive Financial Data with Quantum Technology – How It Works
- Between potential and open challenges
- Dependence on existing Security Architectures
- Costly Hardware
- Limited Range
- Lack of Standards
- Availability of the method during attacks
- Commercial use of QKD in pilot projects
- An Appeal to Banks
Included in this collection:
Open collection
E-Invoice 2026+: A requirement for businesses – a strategic opportunity for banks and payment service providers

SEK, DKK, NOK: How ISO 20022 connects Nordic payments to your ERP

The Digital Euro versus Consumer Payments – an unnecessary controversy

Beyond Borders – Corporate Survey Results Unpacked

Instant Payments Regulation: Implementing Reporting Requirements Efficiently – Excel Upload or an Integrated Reporting Solution?

Another step toward implementation: The ECB’s digital euro pilot program launches

FiDA and Open Finance: When data becomes a competitive advantage

DTAZV will be phased out in November 2026 – here's what Corporates and SAP Customers need to prepare for now

The digital euro in everyday payments
Encrypting sensitive financial data with Quantum Technology – How it works
Whenever sensitive data, such as data in payment transactions, must be protected against access by third parties, reliable cryptographic methods are required. In practice, so-called symmetric methods such as AES (Advanced Encryption Standard) are often used for this purpose. With an appropriately chosen key length, these are also considered secure against attacks using quantum computers.
The term “symmetric” indicates that the sender and receiver—commonly referred to in cryptography as Alice and Bob—use the same key both to encrypt and decrypt messages. However, for a secure communication channel, the key, often referred to as a session key, must first be generated and distributed between both parties.
Until now, so-called asymmetric methods have been used for secure key distribution. The term “asymmetric” indicates that different keys are used to encrypt and decrypt messages. The security of asymmetric cryptographic schemes has relied on the assumption that certain mathematical problems are computationally infeasible to solve within a realistic time frame. A conventional computer would require billions of years to solve these problems. Technically mature quantum computers, however, would provide computational power to solve these problems far more efficiently, within hours or days. If an attacker intercepted the session key during distribution, they could decrypt it in a very short time using a quantum computer.
This gives rise to various threat scenarios, such as the passive interception of sensitive payment messages, for example in the context of economic or industrial espionage, the subsequent decryption of archived communication data (“harvest now, decrypt later”), or more active attacks such as the creation of seemingly authentic, correctly signed payment orders through the compromise of cryptographic keys.
To address this security gap, special cryptographic algorithms have been developed that are intended to secure the distribution of the session key against attacks by quantum computers. Such quantum-safe algorithms, referred to as post-quantum cryptography (PQC), can be executed on conventional computers and integrated into existing security architectures.
As the recently on banking.vision published article “The Year of Quantum Computing: 2026 – Opportunities, Risks and the Path to Quantum Security” illustrates, alongside the technical development of these algorithms, the formulation of concrete recommendations for action and regulatory frameworks for migration to PQC is increasingly coming into focus.
In addition to the use of PQC algorithms, there is a highly innovative second option for distributing keys securely: quantum key distribution (QKD). The so-called BB84 protocol, named after Charles Bennett and Gilles Brassard, who developed the protocol in 1984, describes the procedure*. Alice first generates a random bit with a value of either 0 or 1. She encodes this bit into the quantum state of a light particle, known as a photon, and sends it to Bob via a quantum channel, such as a fiber-optic cable. The specific type of encoding is referred to as the basis. Alice has no influence over the choice of basis; it is selected at random. Bob then measures the received photons and has two options. Either he uses the same basis that Alice used for her encoding, or he uses a different one. The basis Bob chooses for measuring the photon is also selected at random. Via a separate communication channel, Alice and Bob compare which basis they used. If both used the same basis, the corresponding bit is added to the key; otherwise, it is discarded. In this way, a secret key is gradually created on both sides. Because the combination of bits is determined by randomness, it is impossible for third parties to guess or calculate the key.
The particular security advantage of QKD lies in the fact that an attacker would have to measure the photons transmitted over the quantum channel to obtain information about the key. According to the laws of quantum physics, however, a measurement process changes the quantum states of the photons. This intervention can be detected by Alice and Bob, allowing a compromised key exchange to be identified immediately and discarded. While the security promises of classical** cryptography are based on the assumption that certain mathematical problems cannot be solved efficiently in practice, the security of QKD protocols is rooted in physical laws. These cannot be circumvented even if an attacker had unlimited computing power.
* The BB84 protocol is the most common QKD protocol. In addition, several other protocols have been developed that use quantum mechanical principles to distribute cryptographic keys, such as the Ekert protocol, named by Artur Ekert.
** The term “classical” is used here and throughout this document to refer to all methods and technologies that are not based on quantum technology.
Between potential and open challenges
What guarantees an absolute level of security in theory is currently still very complex to implement in practice. According to an assessment by Germany’s Federal Office for Information Security (BSI), QKD is not yet a fully mature technology. Among other aspects, the BSI emphasizes the following points1:
Dependence on existing Security Architectures
In the ideal case, a key generated by QKD is used as a so-called one-time pad that is exactly as long as the message itself. Each bit of the message is then transformed into a new bit by applying a logical operation with the corresponding bit of the key. If the key is used only once, no patterns, redundancies, or statistical anomalies can be derived from the ciphertext. This makes it impossible for attackers to extract information about the key used from the ciphertext. In this combination, QKD would show its full potential: neither the key exchange nor the encrypted message would be vulnerable to attack.
In practice, however, the bandwidth of today’s QKD systems is usually not sufficient for this. They are therefore mainly suitable for distributing shorter symmetric keys, which are then used, for example, for methods such as AES. Although AES is assumed to remain secure against attacks by quantum computers if the key length is adjusted accordingly, it is still a method whose security is based on assumptions. It therefore does not provide absolute protection against an attacker with unlimited computational power. As a result, today’s QKD systems are only as secure as the existing security architectures into which they are embedded, and not entirely independent of them.
There is also an additional dependence on classical cryptography. In addition to the quantum channel, Alice and Bob require a classical communication channel through which they compare which basis they used; this could, for example, be an internet connection. The crucial point is that no information about the key itself is exchanged via this channel. To obtain such information, an attacker would have to disturb the quantum channel, which would in turn be detected and lead to the key being discarded. Nevertheless, to close all security gaps, the classical communication channel must be protected against manipulation attempts. Both sides must therefore authenticate themselves, for example through digital signatures based on quantum-safe methods. Digital signatures are a common authentication method, used today, for example, when transmitting payment orders to banks via EBICS. QKD therefore protects the key exchange over the quantum channel but does not make classical security mechanisms entirely obsolete.
Costly Hardware
QKD requires specialized and still expensive hardware. This includes single-photon sources, detectors, and suitable fiber-optic connections. The reliable generation of individual photons is particularly demanding. If several photons carrying identical information are accidentally emitted, this can create a security vulnerability: an attacker could intercept and analyze one of these photons without disrupting the actual exchange, thereby obtaining information about the key.
Limited Range
Range is also currently limited. Because quantum information is sensitive to disturbances, it is increasingly lost over longer distances or reaches the recipient only with errors. Commercial QKD systems are therefore currently mainly suitable for distances of around 100 kilometers. Key exchange via a satellite network could offer a solution, but this is still the subject of ongoing fundamental research.
Lack of Standards
Standardization processes are immensely important in cryptography. On the one hand, they create interoperability, which forms the basis of today’s security architectures. For example, banks are able to exchange encrypted payment messages with one another because there is consensus on certain cryptographic methods. Moreover, the standardization process helps analyze and uncover vulnerabilities, thereby strengthening trust in the method. Such processes, as carried out by NIST (National Institute of Standards and Technology) in the selection of PQC algorithms, have not yet been developed for QKD. In addition to standardized QKD protocols, the correct implementation of the protocol on the corresponding hardware is also required. Recognized evaluation criteria and methods are needed to ensure this, but these are currently not yet mature.
Availability of the method during attacks
As discussed above, the key is immediately discarded as soon as errors caused by an attack are detected. Even if an attacker cannot read the key itself, they could disrupt the transmission and thereby prevent the key from being exchanged.
Commercial use of QKD in pilot projects
Despite the substantial work still required to establish QKD as a mature technology, there are already exciting pilot projects around the world using QKD in practice.
For example, Erste Group in Vienna, which is part of the Austrian Sparkassenfinanzgruppe, has integrated a QKD solution into its critical IT infrastructure as part of a pilot project. The project was developed in collaboration with the technology company Zerothird and the telecommunications provider A1. In the future, Erste Group plans to connect the financial centers of Vienna and Frankfurt using QKD.2
Another notable example is the “Quantum Secure Metro Network” (QSMN), a joint project by Toshiba and BT Group that connects several locations in London using QKD to secure data transmitted via fiber-optic cables. HSBC Bank joined this project as the first bank in order to protect sensitive information, including financial transactions, through QKD. The pilot project currently secures communication between HSBC’s global headquarters and a data center 62 kilometers away using BT’s infrastructure, Toshiba’s quantum technology, and AWS Edge Compute Services.3
Outside the banking sector, QKD was used for the first time in a pilot project to securely transmit a television signal between the Austrian Parliament and the ORF studios. Since it is becoming increasingly difficult to distinguish original recordings from AI-generated content, the aim is to position Parliament as a “reliable source of information.”4
To further advance the development of this innovative technology, the EU launched the EuroQCI initiative. The initiative is progressing rapidly: 26 Member States are currently building national quantum communication networks intended for secure quantum key distribution. Pilot projects include the secure transmission of medical data between hospitals, encrypted communication between government institutions, and QKD connections for critical infrastructures such as power grid control centers.5
An Appeal to Banks
Between 2020 and 2025, the EU invested more than EUR 11 billion in quantum technologies, thereby accelerating not only the expansion of QKD but also the development of quantum computers. With rapid global progress in quantum computing, the prospect of market-ready quantum computers capable of breaking current asymmetric cryptographic standards is becoming more tangible with each passing year. Banks that want to keep their data protected in the future must therefore start thinking about quantum-safe cryptography now, because the migration to quantum-safe security architectures takes time. Whether QKD will establish itself as a fixed component of modern security standards in the future or prove suitable only for dedicated use cases with particularly high security requirements, such as critical IT infrastructure or interbank payment transactions, remains to be seen. For banks, however, the initial focus should be on migration to PQC.
Address Quantum Security strategically
Would you like to prepare your organization for the migration to post-quantum cryptography? We support banks and financial service providers in analyzing their existing cryptography, developing a PQC migration strategy, and gradually implementing quantum-safe security architectures. Please feel free to contact us if you are planning the next steps toward post-quantum cryptography.
Quellen
-
1. Bundesamt für Sicherheit in der Informationstechnik (BSI), 2024/01/26., Position Paper on Quantum Key Distribution
-
2. IT-Finanzmagazin, Erste Group pilotiert Quantenverschlüsselung in der Banking-Infrastruktur, 24.02.2026
-
3. Mastercard R&D Whitepaper, 2025/10/17, Migration to post-quantum cryptography
-
4. OTS, 2026/05/04, Meilenstein für Medien und Politik in Österreich: Erster Broadcast quantenkryptografisch abgesichert
-
5. European Commission, 2025/07/02, Quantum Europe Strategy: Quantum Europe in a Changing World




