Toss Payments, a payment gateway subsidiary of Viva Republica, has fully adopted post-quantum cryptography (PQC) for the first time in South Korea’s finance and information technology sectors.

Toss Payments said on Thursday the rollout applies to the entire electronic payment service process where payment data is created and transmitted. It includes its overall infrastructure, such as its own data centres and cloud services on AWS, as well as the payment page, a key point of contact between merchants and consumers.

As a result, users have post-quantum cryptography-based security applied automatically during payments without any separate settings. The encryption scheme is activated in server communications on the latest browsers that support the technology, including Chrome, Edge, Safari and Firefox. In unsupported environments, existing encryption methods remain in place, ensuring service compatibility.

The move comes ahead of a plan presented by the National Intelligence Service and the Ministry of Science and ICT to convert major national infrastructure to post-quantum cryptography by 2035. In South Korea’s financial sector, there are cases of technical verification or limited application restricted to some sections, but applications spanning customer-facing web services and APIs are assessed to be rare.

Toss Payments has pushed ahead in stages to advance its security protocols. It introduced HTTP/3 in 2022 and fully applied TLS 1.3 in 2025, followed by the post-quantum cryptography rollout, completing the buildout of a next-generation security system.

Toss Payments CISO Yong-seok Shin (신용석) said advances in quantum computing technology would bring major changes to the financial security environment. He said the company would continue strengthening its security systems so merchants and users can use its payment services reliably.