Banking
HNDL for banking: transaction archives and Mosca
Transaction records, wire audit logs, and M&A diligence materials often require confidentiality for 7–25 years — making Mosca inequality a present-day planning question.
Key terms
Mosca inequality, HNDL, crypto agility — see the HNDL hub.
Why banks face HNDL pressure
| Data class | Typical shelf-life (X) | Collection risk |
|---|---|---|
| Wire transfer archives | 7–15 years | Backup exfiltration |
| M&A diligence | 10–25 years | Data room copies |
| Core banking backups | 15+ years | Ransomware targets |
| API transaction logs | 3–7 years | Cloud misconfiguration |
When X + Y > Z (migration 5–8 years, quantum timeline ~10 years), HNDL exposure exists today.
PCI-DSS 4.0 connection
PCI-DSS 4.0 emphasizes crypto agility — knowing what algorithms protect cardholder data and planning migration before QSAs ask. Inventory TLS, JWKS, and email STARTTLS; map to IR 8547 tiers.
See PCI-DSS 4.0 guide and banking HNDL framework.
90-day plan for regional banks
- Baseline scan on external TLS + JWKS (bank scenario)
- Mosca score on longest-retained transaction archives
- Export CBOM for QSA review
- Pilot hybrid TLS on member-facing API gateway
Continue on the Q-Day hub: Harvest now, decrypt later guide
References & further reading
Authoritative primary sources cited in this article. Summaries are our own — follow links for full context.
Last verified 2026-06-04
- What Is Post-Quantum Cryptography?NIST · 2024Official overview of NIST's PQC project, finalized standards, and the harvest-now-decrypt-later threat model.
- NIST IR 8547: Transition to Post-Quantum Cryptography StandardsNIST · 2024Federal transition guidance with deprecation timelines for quantum-vulnerable algorithms.
- Quantum Threat Timeline Report (Mosca inequality)Global Risk Institute · 2023Dr. Michele Mosca's X + Y > Z framework for harvest-now-decrypt-later exposure planning.
See your exposure with evidence
Run a live PQC inventory scan, export a CBOM, and verify signed reports independently.
