By Byron V. Acohido
As RSAC 2025 convenes next week in San Francisco, digital trust is poised to take center stage.
Related: PKI and the IoT cloud
One quiet but consequential development now taking root in the financial sector could prove pivotal: the emergence of a dedicated Public Key Infrastructure (PKI) framework, tailored to banks and payment networks, guided by the Accredited Standards Committee X9 (ASC X9), and being rolled out by DigiCert.
In this Fireside Chat podcast, I caught up with DigiCert CEO Amit Sinha, who offered a lucid breakdown of why this shift matters—and why it may well signal the start of something much bigger.
For decades, browser-based PKI has served as the bedrock of digital trust online. It underpins everything from e-commerce transactions to secure app logins and device authentication. But here’s the rub: it was never designed for the intricate, high-stakes choreography of modern financial systems.
Sinha outlined how today’s PKI mechanisms, while effective on the open internet, often falter in high-complexity financial environments—such as ATM networks, POS systems, and cloud-centric banking operations. In these cases, banks need the flexibility of private PKI, but with the interoperability benefits of public PKI—a blend that the X9 PKI is purpose-built to deliver.
That’s where the X9 PKI comes in. Developed under the stewardship of ASC X9—a consortium of major financial institutions and industry experts—this new governance model establishes a hardened, auditable PKI infrastructure with policies written specifically for the financial ecosystem. Think of it as a sector-specific trust backbone, designed not just to plug gaps, but to anticipate what’s coming next.
One of those looming disruptions? Post-quantum cryptography. Sinha pointed out that the arrival of scalable quantum computing will eventually render current encryption methods obsolete, ushering in what security professionals are calling ‘Q Day.’ The X9 PKI is designed with this reality in mind—supporting NIST-approved post-quantum algorithms from the outset, and allowing for hybrid deployments that can smooth the transition.
This forward-looking approach isn’t simply a technology upgrade. It’s a hedge against operational disruptions, insider risk, and cryptographic obsolescence. With quantum threats on the horizon, and machine identities multiplying by the millions, PKI must become not only resilient—but agile.
Sinha emphasized that DigiCert’s approach combines the operational maturity of public PKI with the governance flexibility of private systems. In doing so, they’re creating a model that may eventually extend beyond finance to other regulated sectors such as healthcare and critical infrastructure.
•Listen to the full podcast interview to hear why DigiCert believes the X9 PKI is just the beginning—and how modernizing PKI could become the foundation of cyber resilience across multiple sector.
Acohido
Pulitzer Prize-winning business journalist Byron V. Acohido is dedicated to fostering public awareness about how to make the Internet as private and secure as it ought to be.
(LW provides consulting services to the vendors we cover.)