Quantum ready

Fraud examiners working in financial services are familiar with cutting-edge innovations to fight fraud. But quantum computing may be a game changer. Here we explore how this groundbreaking technology could help CFEs and some of the dangers it might entail.

In 2020, a Spanish quantum technology startup, Multiverse Computing, tested its quantum algorithm’s ability to detect fraud on a set of actual credit-card payments from across the European Union. The algorithm, operating on an IBM quantum computer, sifted through nearly 300,000 payments, and identified 200 fraudulent transactions. In an interview with Fraud Magazine, Multiverse’s co-founder and Chief Security Officer Román Orús, Ph.D., said his company’s quantum algorithm is 2% more accurate in scoping out fraud than the artificial intelligence software (AI) many financial institutions currently use. Two percent might not seem significant, but those few extra percentage points could help a large bank save millions of dollars from being lost to fraud, Orús adds.

Computers using quantum technology — technology using the physics of subatomic particles — can instantly solve computational problems an ordinary PC might take decades to solve. Physicists and other experts have studied its application for many of the dilemmas of modern life, from fighting climate change to decreasing traffic jams and developing long-lasting batteries. (See “Are You Ready for the Quantum Computing Revolution?” by Shohini Ghose, Harvard Business Review, Sept. 17, 2020, and “10 Quantum Computing Applications and Examples,” by Stephen Gossett, BuiltIn, June 8, 2022.)

Quantum technology’s ability to quickly crunch gargantuan-sized datasets and recognize patterns now holds much promise for fraud detection, especially in the banking industry where large sums of money and millions of transactions take place every day.

“Quantum computing could be a game changer for fraud detection and prevention,” says Walt Manning, CFE, CEO of the Techno-Crime Institute. “We are already using artificial intelligence for cybersecurity and fraud detection, and that will become even more essential in the future.”

Indeed, corporations, banks and governments across the globe are waking up to the importance and dangers of quantum computing. Not only is the technology expected to help bolster profits, but it’s likely to pose security threats to organizations that fail to keep pace with bad actors seeking to use these innovations to their benefit. (See “Companies cannot afford to be left behind in the quantum revolution,” by Karina Robinson, the Financial Times, July 12, 2022, and “How can you prepare now for the quantum computing future?” EY Quantum Readiness Survey 2022, UKRI, June 2022.)

Financial-sector giants such as J.P.Morgan Chase and Goldman Sachs have already gotten into the act, with in-house research teams exploring ways that quantum technology could enhance their services and accelerate day-to-day operations. (See “Quantum Commercialized: Financial Services Likely First Industry to Take Advantage,” by John Prisco, Forbes, Innovation, Feb. 19, 2021; “Future Lab for Applied Research and Engineering,” J.P.Morgan; and “Investing at Quantum Speed,” Goldman Sachs.) And the U.S. Department of Commerce’s National Institute of Standards and Technology (NIST) has anticipated the possibility of bad actors deploying the technology with a project calling on cryptographers to devise encryption methods that can fend off attacks by quantum computers. (See “NIST reveals 4 quantum-resistant encryption algorithms to prevent future attacks,” by Security Staff, Security, July 11, 2022.)

Yet while quantum technology may hold promise for fighting fraud, there are also questions about the feasibility of the technology for widespread use. Not only are the costs of implementing the new technology still prohibitive, but ethical considerations come into play when using it to predict fraud. But first here is a quick primer on how quantum computing works and why it’s different.

Quantum technology 101

Quantum computing is based on quantum mechanics — the study of the physical properties of atomic and subatomic particles (i.e., photons, electrons, etc.). What makes a quantum computer different from a classical computer is its bits, the basic unit of information that computers operate on. The everyday business or home computer works on bits of 1 and 0, also known as the dual processing system. Everything from emails to audiobooks to the PC used to compose this very article is made up of information comprising only 1s and 0s.

If you think about the cybersecurity protection on your devices and networks similar to how locks and intrusion alarms work in the physical world, quantum computing will be the equivalent of a master key.

But quantum computers rely on quantum bits, or qubits, which work with 1, 0, or a combination of both in a phenomenon known as superposition. Superposition allows objects to simultaneously exist in more than one place. This allows quantum computers to calculate a multitude of equations or possibilities concurrently — a task that regular computers would have to do step by step. Qubits can be engineered as photons, electrons or atomic nuclei, and a quantum system running on 300 qubits can display more states than there are atoms in the universe. (See “How quantum computing could change financial services,” McKinsey & Company, Dec. 18, 2020, and “Intro to quantum computing: Qubits, superposition, & more,” by Erin Schaffer, educative, Aug. 19, 2021.)

Another piece to understanding quantum computing is quantum entanglement. Qubits, like most subatomic particles, can become connected, or entangled, meaning that the action on one qubit can influence another. So, if two qubits are entangled in the same quantum state, changing the state of one qubit will automatically switch the state of the other one. State switching can happen even if qubits are separated by enormous distances. The phenomenon allows for the creation of a chain of interconnected qubits, which speed up quantum computers tenfold. Indeed, the speed at which quantum computers can perform calculations is astonishing. In 2019, for instance, Google’s 54-qubit quantum processer, Sycamore, performed a calculation in 200 seconds that would have taken 10,000 years, even on a state-of-the art classic supercomputer, according to an article in the journal Nature. (See “Explainer: what is a quantum computer?” by Martin Giles, MIT Technology Review, Jan. 29, 2019; “ The Future of Fintech – Applied Quantum Optimization In Payment Fraud Detection,” by Manmeet Singh, Mani Singh and Colin Stolpa, FIS, March 2021; and “Quantum supremacy using a programmable superconducting processor,” Nature, published Oct. 23, 2019.)

Disrupting false positives

Aside from the mind-boggling speed of these computers, their accuracy will also be an important factor in fraud detection and prevention.

Most financial institutions today employ state-of-the-art fraud detection systems that use advanced algorithms, but those systems can still produce a high number of false positives when flagging suspicious activity. “Fraud detection systems remain highly inaccurate, returning 80% false positives and causing financial institutions to be overly risk averse,” Stefan Woerner, Ph.D., manager of quantum applications research and software at IBM Quantum, tells Fraud Magazine.

Sorting through bogus alerts is a time-consuming task, and fraud analysts often block legitimate transactions, eliciting frustration and distrust from banking customers. Indeed, Kount, a digital fraud prevention company, estimated that false positives cost U.S. e-commerce merchants roughly $2 billion in net revenue losses in 2018 alone. That same year, Forbes cited a 451 Research study that showed one in three U.S. shoppers would be unlikely to return to merchants that erroneously declined their credit cards. (See “The Silent Sales Killer: False Positives,” Kount, and “Three Digital Commerce Growth Opportunities,” by Jordan McKee, Forbes, Nov. 19, 2018.)

Quantum machine-learning techniques, specifically those from quantum support-vector machines, show promise in combating false positives, says Esperanza Cuenca Gómez, head of strategy and outreach at Multiverse Computing and head of change management at the Quantum Strategy Institute. (Support-vector machines comprise a set of supervised learning models that are used for outlier detection and for the classification and regression of data. See “1.4. Support Vector Machines,” by Scikit Learn.)

“Quantum support-vector machines seem to be well suited for fraud detection,” Cuenca Gómez says. “What these machines do is classify data into two categories, and once the machines are trained, they are able to determine into which category new data falls.”

These machine-learning algorithms combined with quantum computers could comb through large datasets with incredible speed, which could free fraud examiners from time-consuming analyses and vastly improve the return of false positives.

Predicting fraud

Prediction might also be one of the more promising uses of quantum computing. The technology’s quantum entanglement and superposition abilities could predict multiple scenarios in a fraction of the time it takes for a regular PC to do so. It could also yield more accurate results.

“The data-modeling capabilities of quantum computers are expected to prove superior in finding patterns, performing classifications and making predictions that are not possible today because of the challenges of complex data structures,” says Woerner.

“Such quantum machine-learning models may help to improve the performance of classifiers and help to better detect fraud.”

By combining quantum computing with so-called kernel algorithms — used in support-vector machines for pattern analysis — fraud fighters might well be able to make very accurate predictions and prevent fraud in the process. A quantum computer, for example, could precisely predict — with unparalleled speed — whether a bank customer might commit fraud. At least that’s the theory. [See “Kernel Functions,” by Tejumade Afonja, Towards Data Science, Jan. 2, 2017, and “Major Kernel Functions in Support Vector Machine (SVM),” GeeksforGeeks, February 7, 2022.]

But not everyone is convinced. Cuenca Gómez, for one, is circumspect about the quantum computer’s fraud prediction powers and cautions about the ethical quandaries that could arise.

“Abstracting ourselves for a moment from the technology we use, whether it is quantum, classical or another one that has not been invented yet, some key questions are: What are we allowed to do with the prediction? Can someone be denied something based solely on a prediction? How can we ensure that the decisions we make are just and unbiased?”

Discussions on the ethics of quantum technology are underway across industries, not just concerning prediction but also data protection and other cybersecurity risks. And Cuenca Gómez urges financial institutions to be prepared now to address the ethics of using quantum prediction for fraud analysis. (See “Quantum computing may create ethical risks for businesses. It’s time to prepare,” by Scott Buchholz and Beena Ammanath, Deloitte Insights, May 12, 2022, and “Why innovation leaders must consider quantum ethics,” by Mira Pijselman, EY.)

Could quantum technology eradicate financial fraud?

Quantum computing is still in its infancy, and its promise of speed, accuracy and prediction could make it an asset in the fight against financial and other types of fraud. But it remains to be seen whether forthcoming generations of the technology can put fraudsters out of business.

“The problem of financial fraud goes beyond technological and mathematical considerations,” Cuenca Gómez says.

“There is an important variable that we might not be considering here, and this variable is human ingenuity. And it is extremely difficult to say from this side of the event horizon whether a computer, quantum, or another kind  [of technology] not even invented yet, can totally outsmart human ingenuity, therefore totally eradicating financial fraud in the future.”

Woerner expresses a similar sentiment. “Detecting fraud along with other malicious activities is always going to be a race, and whoever has the best tools at their disposal will have the edge until the incumbent catches up and takes over.”

Quantum technologies are more of a marathon than a sprint. We are talking about a long-term game here, which is a common characteristic of technological development.

Indeed, the stakes are high. If scammers should get their hands on a quantum computer or any powerful quantum device capable of breaking the encryption used to secure banking transactions, the dynamics of fraud prevention could change dramatically. Just think of the ingenuity fraudsters employed by utilizing bots and the darknet to game government unemployment insurance systems and pilfer billions of dollars’ worth of aid during the COVID-19 pandemic. (See “How Unemployment Insurance Fraud Exploded During the Pandemic,” by Cezary Podkul, ProPublica, July 26, 2021.)

For now, the average fraudster probably lacks the means to acquire this technology. It’s not only costly, but only a select few would truly understand quantum computing. But the spectre of international cyber cartels and techno-criminals with large revenues from ransomware who could obtain quantum computers in the future is a very real possibility.

“With quantum computing, our current encryption will become obsolete faster than you can imagine; as soon as fraudsters can use quantum technology, almost all data secured by existing encryption will be exposed,” Manning says.

“If you think about the cybersecurity protection on your devices and networks similar to how locks and intrusion alarms work in the physical world, quantum computing will be the equivalent of a master key.”

The encryptions that classical computers currently use rely on a set of mathematical equations and algorithms that a quantum computer could crack in seconds. Such quantum devices aren’t yet available, but the idea of such devices has spurred a race to create quantum-safe cryptography.

In 2016, NIST launched a competition calling on academics and industry cryptographers to design an algorithm that could resist decryption from a quantum computer. In July, NIST narrowed down its finalists to four encryption algorithms to become part of its post-quantum cryptographic standard to protect information exchanged across public networks and digital signatures for identity protection. (See “Secret Service accelerates crackdown on Covid-19 scams,” by Sean Lyngaas, CNN, updated Dec. 21, 2021; “The race is on for quantum-safe cryptography,” by Sophia Chen, The Verge, June 11, 2021; and “Third PQC Standardization Conference,” NIST, June 14, 2021.)

But when it comes to beating fraudsters, Woerner believes that a mix of technologies is the winning formula. “If I were to place a bet, the winner of this race will have AI and quantum, combined with classic computers on their side,” he says.

Indeed, in April IBM unveiled the z16 computer that uses a mix of state-of-the-art AI and quantum cryptography to identify potential fraud in high volumes of transactions. It’s the first computer to use a quantum-safe system built to protect data from possible future threats stemming from quantum technology. (See “IBM z16 tackles financial fraud and quantum hacks,” by Cliff Saran, Computer Weekly, April 5, 2022.)

The future is almost here

According to Deloitte Insights, International Data Group forecasts that 25% of Fortune 500 companies will be using quantum computers in the next three years. (See “Quantum computing may create ethical risks for businesses. It’s time to prepare.”) Banks such as J.P.Morgan Chase, Wells Fargo, Goldman Sachs, Mizuho and MUFG are already using cloud services to access quantum technology owned by large tech companies. (See “Financial markets could be using quantum computing within five years,” by Dashveenjit Kaur, T_HQ, May 4, 2021.) In October 2020, online payment giant PayPal partnered with IBM to explore whether quantum computers could be beneficial for security, credit risk operations and fraud detection. PayPal currently uses a machine-learning algorithm to detect fraudulent activity, but early experiments with IBM have shown that quantum technology can greatly reduce time and costs compared to mundane PCs. (See “Inside PayPal’s partnership with IBM to use quantum computing to improve how it detects fraud and underwrites,” by Bianca Chan, Business Insider, Jan. 7, 2022.)

The quantum-computing field has also received funding from governments across the globe. In October 2018, the EU launched the Quantum Technologies Flagship with an expected budget of 1 billion euros. (See “Quantum Technologies Flagship,” European Commission, Sept. 27, 2021.)

In March 2021, the U.S. Department of Energy announced that it would invest $30 million into its Quantum Information Science project originally launched in 2018. (See “DOE Announces $30 Million for Quantum Information Science to Tackle Emerging 21st Century Challenges,” U.S. Department of Energy, Energy.gov, March 9, 2021.)

Market research firm MarketsandMarkets estimates that the quantum-computing sector, valued at $472 million in 2021, could grow to $1.76 billion by 2026; however, as of publication, these figures were dwarfed by the current AI sector, which is expected to grow to $309.6 billion by 2026. [See, “Quantum Computing Market with COVID-19 impact by Offering (Systems and Services), Deployment (On Premises and Cloud Based), Application, Technology, End-use Industry and Region - Global Forecast to 2026,” MarketsandMarkets, Marketresearch.com.]

If financial institutions want to be quantum ready, they’ll need to understand how quantum computers operate and how they can effectively integrate them into their fraud-detecting operations as soon as the technology is available. Banks and anti-fraud specialists must keep abreast of this emerging trend, including training employees on the technology and implementing necessary technological updates. Quantum computers present significant challenges, especially in terms of size, scalability and the fickleness of qubits.

Another significant factor organizations face is the sheer cost of obtaining a quantum computer. The computers themselves might be too expensive for small financial institutions or other organizations. They’ve been going at the hefty price of $15 million, although financial institutions can use cloud-based services to access quantum technology through classical computers. (See “The New Hybrid Cloud: Quantum Computing + Classical Computing?” by John Koetsier, Forbes, Dec. 17, 2020, and “D-Wave is now shipping its new $15 million, 10-foot-tall quantum computer,” by Chaim Gartenberg, The Verge, Jan. 25, 2017.)

But even large firms might face an uphill battle implementing the technology. PayPal’s project was expected to go live in 2023, but cutbacks and restructuring forced the payment company to shut down its quantum operations. (See “PayPal just laid off its research team responsible for quantum computing, cryptography, and distributed ledger technology as market pressures squeeze the payments giant,” by Bianca Chan, Insider, April 11.)

“Quantum technologies are more of a marathon than a sprint,” says Cuenca Gómez. “We are talking about a long-term game here, which is a common characteristic of technological development.”

Stefano Siggia is a senior consultant specializing in anti-money laundering and compliance at risk management and consultancy firm Pideeco. Contact him at Stefano008@hotmail.com.

Mason Wilder, CFE, is research manager for the ACFE. Contact him at mwilder@ACFE.com.