Quantum Computing: What It Means for Your PCI Compliance

Written By Mark Faithfull
Photo of a quantum computer

The idea of quantum computing might sound like science fiction—but it’s becoming science fact faster than most businesses realise. While we’re still years away from fully operational quantum computers, developments are accelerating—and they could have serious implications for the way we protect sensitive data.

At Cool Waters Cyber Security, we’ve been looking ahead to understand how this next-generation tech could affect compliance, especially for businesses working under PCI DSS requirements. Here's what you need to know.

⚛️ Quantum Computing Will Break Today’s Encryption

Most of today’s digital security relies on one big idea: encryption is safe because breaking it would take thousands of years using current computing power. But quantum computers will change the rules.
Algorithms like RSA and ECC—widely used in PCI environments—are particularly vulnerable to quantum attacks.

What used to be "secure" for decades could be cracked in hours.

🔐 What This Means for PCI DSS

PCI DSS requires strong cryptographic protection for cardholder data. While the current version doesn’t mandate "quantum-safe" encryption, that could change—fast. Organisations that handle payments or store cardholder data need to start thinking about:

  • What encryption is used where?

  • How long is that data retained?

  • Could that encrypted data be intercepted now and cracked later?

This is known as a "harvest now, decrypt later" threat—and it’s real.

🧭 What You Should Do Now

  1. Take inventory of cryptographic use
    Know where encryption is used in your environment—especially for data at rest and in transit.

  2. Avoid proprietary or outdated encryption
    Stick to well-established, standards-based algorithms and libraries.

  3. Watch for guidance updates
    Keep an eye on PCI DSS future revisions, NCSC advisories and NIST’s post-quantum cryptography programme.

  4. Start future-proofing
    Transitioning to quantum-resistant algorithms won’t happen overnight. It makes sense to plan ahead, especially if your business has long-term data retention needs.

Cover of business report

Download your free copy of the Quantum Crisis report

🛡️ How Cool Waters Can Help

Whether you're working toward PCI compliance or already certified, we can help you:

  • Assess cryptographic risk across your estate

  • Understand your exposure to quantum threats

  • Plan for a future-safe PCI strategy

  • Manage compliance as an ongoing service, not a one-off project

We're here to help you stay compliant today—and ready for what’s coming next.

🔗 Download our full report on quantum computing and PCI compliance here

Mark Faithfull
Next

Passkeys: A deep dive for IT Managers