A prominent Nigerian-British information security specialist, Dr. Kingsley Aguoru, has sounded the alarm over the persistent use of card PINs for online transactions, calling on the Central Bank of Nigeria (CBN) and the Economic and Financial Crimes Commission (EFCC) to mitigate what he considers a significant financial security risk to Nigerians.
In a petition seen by The PUNCH on Sunday, Aguoru, a Chartered Engineer with over 20 years of experience in financial technology and Director of Information Security, emphasized the urgent need for the CBN to discontinue the practice of card PINs in online payments.
Aguoru outlined that this method exposes consumers in Nigeria to severe risks, including phishing attacks, keylogging malware, and man-in-the-middle exploits.
“Payment platforms in Nigeria, such as Paystack, Flutterwave, and Interswitch, continue to require card PINs for online transactions—a practice that has become virtually obsolete globally,” Aguoru stated in his petition titled ‘Urgent Call to Ban Card PIN Usage for Online Payments in Nigeria’.
He explained that while PINs are meant for use in ATMs and point-of-sale (POS) systems, where encryption protocols are securely applied, their use in online transactions renders consumers susceptible to cyberattacks.
Aguoru, credited with pioneering the implementation of one-time passwords (OTPs) for card-not-present transactions, warned that the continued reliance on card PINs could lead to criminals intercepting and exploiting consumers’ financial details.
He further recommended that Nigerian consumers should rely exclusively on OTPs or multi-factor authentication (MFA) for online transactions, rather than the combined use of OTPs and card PINs.
“Requiring both OTPs and card PINs is redundant and dangerous. Customers should instead be given secure alternatives, such as hardware-based card readers that can generate OTPs independently,” he noted.
Aguoru urged the CBN to take immediate action to enforce these security improvements and launch public awareness initiatives on safe online payment practices. “I respectfully urge the CBN to eliminate web-based PIN entry for card payments and mandate OTPs or MFA across all payment providers,” he concluded.
Implementing these measures, Aguoru argued, would bring Nigeria’s payment systems in line with global best practices and greatly reduce the risk to consumers.
Comments