A Nigerian-British information security expert, Dr. Kingsley Aguoru, has expressed serious concerns regarding the ongoing reliance on card PINs for online transactions. He is urging the Central Bank of Nigeria and the Economic and Financial Crimes Commission to tackle what he identifies as a significant security threat to the financial well-being of Nigerians.
In a petition acquired on Sunday, Aguoru, a Chartered Engineer and Director of Information Security with over 20 years of experience in financial technology, emphasized the necessity for the CBN to prohibit the use of card PINs in online payments. He pointed out that this practice places Nigerian consumers at considerable risk, exposing them to threats such as phishing, keylogging, and man-in-the-middle attacks.
Aguoru remarked that payment platforms in Nigeria, including Paystack, Flutterwave, and Interswitch, still mandate the use of card PINs for online transactions, a method that has become outdated on a global scale. The petition, titled ‘Urgent Call to Ban Card PIN Usage for Online Payments in Nigeria,’ underscores this concern.
He explained that while PINs are intended for use at ATMs and POS terminals, where secure encryption is in place, their application in online settings leaves consumers susceptible to cyber threats. Aguoru, who is recognized for introducing one-time passwords for card-not-present transactions, warned that the ongoing use of PINs could enable malicious actors to capture and exploit consumers' information.
He further contended that Nigerian consumers should depend exclusively on one-time passwords or multi-factor authentication for online payments, rather than using them in conjunction with card PINs. “The combination of OTPs and card PINs is both unnecessary and hazardous. Customers should be offered secure alternatives, such as hardware card readers that generate OTPs independently,” he stated.
Aguoru urged the CBN to promptly implement these security measures and to educate the public on safe online payment practices. “I respectfully call on the CBN to address these issues by banning web PIN entry for card payments and mandating OTP or MFA requirements across all payment providers,” he concluded.
In his opinion, implementing these measures would ensure that Nigeria’s payment systems are in line with international best practices, thereby substantially mitigating the potential risks faced by Nigerian consumers.