Steve Flinter: Why quantum security in finance is a matter for the present, not the future
Listening back to the recording, I think the problem is how quickly I say ‘yes’. There is just no gap: no need to ‘centre myself’ or tap into a past experience or whatever else we were taught to do in GCSE drama class. With a snap of my fingers that is dangerously close to literal I become a different person. Probably Frank Abagnale, as played by Leonardo DiCaprio in Catch Me If You Can.
“Imagine,” says Mastercard’s Steve Flinter, whose role at the global technology company is to explore emerging technologies like AI, machine learning and quantum, “that you are a fraudster.”
Snap. I am in. I have accents. My facial hair feels glued on. Just for a second, I am Rich the eponymous fraudster on a call with Steve Flinter and two Mastercard chaperones, presumably pulling the job of the century.
“Yes,” I say.
“One of the advantages you have in, let's say, the UK banking system,” he continues, “is there are tens of millions of bank accounts [operating] on a daily basis. There are hundreds of millions - or even billions - of individual transactions between all of those accounts. So you can, to a certain extent, conduct your business safe in the knowledge that there's so much other financial activity going around you that your individual transaction won't stand out among the noise.”
“I’m hiding in plain sight,” I say, bafflingly, on a call surely being recorded at both ends.
“To a certain extent, exactly,” says Flinter, after a pause that is simultaneously short and so long it’s still happening to me.
“So part of what these technologies are trying to do, whether they’re classical or quantum, is to identify patterns of interest that an auditor or risk specialist in a bank may want to pay particular attention to. And where we see quantum coming into this is… essentially [in finding] those patterns more easily and [processing] the data more quickly - in giving us some sort of real world advantage that can help the people who are trying to manage the fraud on the banking side to identify where these patterns of interest are; finding that one in a million transaction that is indicative that you're doing something that you shouldn't do versus everybody else who's carrying on their normal day to day business.”
Flinter’s team isn’t solely security-focused, but it’s where our conversation naturally leads when he describes part of his job as “de-risking” the introduction or evolution of new technologies. Quantum, as he tells it, wasn’t initially even part of the job description - it folded in naturally as the team kept flagging potential problems of the future. Flinter only describes himself as being “very active” in quantum “in the last couple of years.”
“When [Mastercard] started to look at quantum, I guess my team became the natural place for that to go,” he says. But Flinter isn’t a physicist - he is a computer scientist by training and his team works on projects as diverse as 5G and AI. Even the Metaverse gets a look in - though, as with much of Flinter’s work, the limits of time and things ‘not being about quantum’ mean I can’t ask how.
“About as far down the stack as we’re interested in going is trying to understand numbers of qubits, noise on devices - that kind of stuff,” he says. “Stuff that’s going to have a direct impact on getting a solution,” Flinter says to a question of how much knowledge he has absorbed over the past two years. “Beyond that, in terms of the fabrication of silicon and all of that kind of stuff that makes all the magic work underneath is certainly beyond [me]... [But] definitely we're interested in the current state of the art in terms of what technology can do for us, and a big part of my job is trying to kind of bridge the gap between those two areas.”
Fintech is often offered as an example of where quantum advantage will have the first noticeable impacts. Flinter’s angle is novel in that his focus in our talk is on protecting customers using cards for everyday purchases (and not just in making the bits of the company that make money go faster).
“The low-hanging fruit for a lot of companies, I suspect, is going to be in optimization problems,” he explains. “So we're looking at where those problems exist. If you look at financial services more broadly, the ones that you always hear about are things like options pricing, derivatives, pricing, risk, portfolio management, these kinds of things, and these may be relevant in the securities side of financial services, but much less so in the retail and payment side… a huge part of our business around developing and delivering services to our customers to help them secure transactions, and then ultimately this goes down to giving our customers, our cardholders and our consumers kind of peace of mind that when they transact on technology or networks that we own, that their money and their transactions will be secure.”
The notion of security in a quantum world is maybe the most hotly disputed (and easily the most headline-grabbing) topic when it comes to quantum predictions. Headlines (though getting better) in more lay press prophesied the end of encryption by no later than the end of this week. The consensus is now that this is unlikely. But by dint of his job, Flinter has to take these threats more seriously - not least because ruling out whatever the evil version of a Eureka moment is hubristic when you work for one of the world’s biggest financial institutions. “Just in terms of… ‘what is the threat to cryptography?’ I still think we're of the view that we are 10 plus years away from having quantum devices that are really going to pose a threat - and that is presuming there is no radical breakthrough,” he says. “And in this area that could happen. Somebody could come out of left field and produce a device that's a hundred times a thousand times a million times more capable than something somebody else had done. We may not necessarily see a gradual increase.”
A bigger challenge is that, even if threats to cryptography are decades away, that in itself poses problems. Namely, how do you begin to build in security measures now without knowing the exact nature of the threat years down the line? Especially when, as we’ve seen elsewhere, humans are not good at planning for future disasters. As the pandemic has shown: things that happen ‘over there’ very much do now affect things ‘over here’. Security standards in finance have to be - at least approaching - uniform everywhere or trade becomes impossible. How do you convince institutions the world over to focus on threats when even their most junior staffer might have retired by the time they materialise?
Flinter uses Covid and climate disaster as contrasting examples.
“If you take coronavirus as an [example of] a critical threat: governments around the world reacted very quickly,” he says, diplomatically. “We all changed our behaviour, [and so on]. There was an immediate response to an immediate problem.
“Global warming is [different]. The real crises will come in 10 or 20 or 30 years time if we don't do something about it now. But it's very difficult to motivate people to change behaviours now for some effect that they're going to have in 20 or 30 years time… Some people are certainly thinking [seriously] about it now, in the way that [some] people are thinking about climate change now. Definitely the conversations are starting and we're getting more and more people aware of it… but I don't think it's necessarily universal across the industry.”
Join Mastercard's panel looking at: The Quantum Advantage - Taking a Quantum Leap into the Future of Financial Services
Quantum computing – the ability to solve complex problems exponentially faster than today’s supercomputers can – is quickly becoming a priority for digital business transformation. The evolving field has the potential to allow us to tap into levels of computational power that can only be dreamt about at present.
Join the Mastercard Foundry Live event and hear from leading industry experts as we separate hype from reality and decipher how quantum computing is pushing the boundaries of what’s possible in financial services. Click here to register.