Financial institutions are no strangers to evolving risk. From sophisticated ATM malware to coordinated cyberattacks, the threat landscape continues to accelerate in both speed and complexity. But while many risks demand immediate attention, others are quietly building in the background—poised to reshape the security landscape over the next decade.
In a recent webinar, we asked attendees to identify their greatest security concerns. Unsurprisingly, responses centered on persistent and well-known threats such as jackpotting and skimming. (If you’d like to learn more about jackpotting,
watch the webinar replay).
Notably absent from the poll results were emerging risks driven by new technologies. While criminals continue to refine existing methods, they also plan years in advance—investing in capabilities that can unlock future opportunities for exploitation. Quantum computing is one of them.
Quantum computers have the potential to significantly reshape the self-service landscape. While they have the potential to strengthen cybersecurity in some areas, they also create challenges to traditional asymmetric encryption methods. The latter will require a shift to post-quantum encryption methods.
What does quantum computing mean for the ATM channel?
As ATMs continue to evolve into fully connected endpoints within a broader digital banking ecosystem, their reliance on secure communication, device authentication, and software integrity becomes increasingly critical. This connectivity expands both opportunity and exposure—making the ATM channel directly relevant in the transition to post-quantum security.
As quantum computing is a newer technology, I get asked a lot about how it will impact ATM security in the future. So, let’s explore how this new technology will likely fit into the threat landscape:
Physical attacks
Physical attack methods such as forced entry or cash trapping are not directly impacted by quantum computing, as they do not rely on cryptography. These threats will continue to require robust physical and environmental controls.
Data attacks
Quantum computing introduces heightened risks to data protection. Here, the concept of “Harvest now – decrypt later” is a primary concern, where encrypted data is collected today with the intention of decrypting it later once quantum capabilities mature.
In today’s ATM environment, PCI and EMV standards ensure protection: PINs are not stored or transmitted in a reversible way, session data is short-lived and cards are also regularly replaced. As a result, there is very little meaningful data that could be decrypted later. Nevertheless, financial institutions must remain vigilant in evaluating where sensitive data may persist and how it is protected over time.
Cyber attacks
The more significant long-term impact of quantum computing will likely be on cyberattack surfaces, particularly those related to trust and authentication. If current public key cryptography is weakened, then attackers may more easily bypass authentication and software controls. But cash-out attacks like jackpotting will still require physical access to the ATM, and attackers must defeat existing security controls at the time of the attack. Strong, layered security controls will remain essential. Secure hardware-based trust anchors, regular software and firmware updates, and continuous system patching will continue to play a critical role in preventing unauthorized access.
What can you do to become post-quantum ready?
Although quantum computing is not yet an immediate operational threat, achieving post-quantum readiness will require a multi-year, strategic effort. Institutions that begin planning now will be significantly better positioned to adapt without disruption. Here are the 5 most important steps to take now.
- Create an inventory of your encryption usage by mapping where and how encryption is used across the ATM ecosystem, prioritizing areas with the highest risk and longest data lifecycles.
- Adopt crypto agile ATM platforms by deploying hardware and software capable of supporting multiple cryptographic algorithms, enabling a controlled and seamless transition to post-quantum standards.
- Align with emerging standards by incorporating industry guidance and standards, such as those being developed by NIST, into long-term security roadmaps to ensure interoperability and compliance.
- Strengthen protection today by implementing controls such as end-to-end cash authentication, as the secure host environment provides a safety net to post-quantum computing.
- Ensure your ATMs can evolve their security without requiring large-scale hardware replacements or even the entire fleet.
Leverage compliance as a catalyst
Fleet modernization often requires a business case. With several upcoming compliance mandates, financial institutions have an opportunity to take a more strategic approach, leveraging these requirements to fund broader security and fleet enhancements. By bundling these upgrades, organizations can achieve economies of scale while minimizing operational disruption and downtime.
Rather than treating each mandate independently, financial institutions can take a more integrated approach- combining compliance upgrades like Windows 11, PCI 6, and PCI SSF with investments in advanced capabilities like AI and machine learning and post-quantum readiness. By doing so you can seamlessly adapt to changing security demands and regulations, extending your ATMs operational lifespan and the value of your ATM fleet.
If you’d like to learn more about how you can protect your ATMs today and tomorrow, consider watching the
replay of our webinar. Or for a more personalized approach, engage with our security experts for a
security assessment that evaluates how well your fleet is protected today and its readiness for future threats.