Not all encryption is actually based on public-key cryptography (asymmetric ciphers). There's symmetric ciphers (basically you share the private key and use it to both encrypt & decrypt -- more "symmetry" in the process than public/private key pairs is how I remember it), and no doubt a bunch of stuff I don't even know about -- cryptography research isn't a trivial field of math/computer science, and I'm not even going to pretend that I try to keep up with the literature. Amusingly enough, the only encryption system I know of that's actually provably as secure as randomly generating characters (meaning it's as hard to break as pure gibberish) is a one-time pad. It's not very practical though; you can look it up if you're curious. Other than that, nobody's proven that our encryption schemes are actually secure. Nobody knows of a way to break them (presumably not even the big governments), but there's no guarantee that tomorrow some genius won't discover a mathematical shortcut that allows factoring huge numbers in seconds (which would make all our public key cryptography useless). Quantum computing isn't the only issue.To answer your question though: basically brute forcing the encryption is much, much harder than finding a vulnerability in the surrounding software. Honestly I've never worked with large-scale financial systems personally and don't know what schemes they typically use, but that's just how all software is these days: it's easier to get around the mathematical encryption than it is to go through it.