A BIS-led trial suggests post-quantum cryptography can be implemented in core payment infrastructure without breaking message integrity.
Payment systems are built to survive bank runs, cyber attacks and human error. They are not, historically, built to survive physics.
Yet that is the problem quantum computing poses; a world in which the mathematics behind today’s digital trust can be solved fast enough to make signatures forgeable and encrypted messages readable. In December, the Bank for International Settlements quietly tested what a response might look like inside the Eurosystem’s TARGET2 payments plumbing.
The results were reassuring, and unsettling, in equal measure.
Working with the Bank of Italy, Banque de France and Deutsche Bundesbank, alongside Swift and Nexi-Colt, the BIS Innovation Hub replaced traditional digital signatures with post-quantum alternatives for a subset of liquidity transfer messages.
On a functional level, the experiment succeeded. Messages signed with post-quantum cryptography were processed correctly. Invalid signatures were rejected. From a security standpoint, the system behaved exactly as a payment operator would hope. But in narrow terms, the question of whether post-quantum cryptography can work inside a core payment system was answered in the affirmative .
The more important question, however, is whether it can work at scale, at speed, and without destabilising the operational models that payments infrastructure depends on.
That is where the findings become more uncomfortable.
Ill-prepared architecture
One of the clearest outcomes of the trial was that post-quantum signature verification took meaningfully longer than traditional RSA-based verification. In a world where payment systems are engineered around throughput, latency and predictability, slower cryptography forces a reassessment of capacity planning, hardware investment and settlement windows .
This matters most for high-value payment systems, which sit at the centre of liquidity management. TARGET2 is not consumer-facing infrastructure; it is where central bank money moves between financial institutions. Any degradation in performance has knock-on effects for liquidity flows, collateral management and market confidence. In that context, post-quantum security is a balance-sheet issue.
The experiment also exposed how ill-prepared existing architectures are for hybrid cryptography. Regulators and standards bodies increasingly recommend hybrid approaches during the transition period, combining traditional and post-quantum algorithms to reduce risk.
Project Leap found that TARGET2’s existing design could not easily accommodate that model as supporting both schemes in parallel would require substantial redevelopment of verification software and message handling logic.
Until now, much of the policy discussion around quantum readiness assumed a gradual, layered migration. However, the BIS’ latest study showed that, at least for legacy payment systems, cryptographic agility was never a design priority; retrofitting it now will be costly, slow and highly dependent on vendor roadmaps.
Vendor dependency
What the BIS’ study made clear was igration to post-quantum cryptography cannot be driven by central banks alone, and it requires coordinated updates across network service providers, hardware security modules, messaging software and verification tools. Project Leap’s success relied on close collaboration with Swift and Nexi-Colt, under controlled conditions.
Scaling that cooperation across an entire payments ecosystem, with uneven incentives and budgets, will be a far harder task .
The challenge is compounded by the absence of a fixed deadline. Unlike regulatory change, quantum computing does not arrive on a known date. The report repeatedly highlights the risk of “harvest now, decrypt later” attacks, where encrypted financial data is collected today with the intention of decrypting it once quantum capabilities mature.
This is why payments infrastructure occupies a special place in the quantum debate. Large-value payment systems, card networks and cross-border messaging rails all rely on asymmetric cryptography for authentication and non-repudiation. If digital signatures can be forged, trust in payment instructions collapses.
On the road to further testing
In Europe, the expansion of cyber security obligations under NIS2 explicitly brings financial market infrastructures into scope, alongside expectations that member states will develop roadmaps for quantum-resistant security. At the same time, the EU’s Quantum Europe Strategy signals political backing and funding for long-term transition efforts.
The authors of Project Leap Phase 2’s report are explicit that further testing is required, particularly around performance, certificate management and hybrid models. Nevertheless they do note there is evidence that quantum migration is not a single upgrade, but a multi-year transformation programme.