By Ologeh Joseph Chibu
A prominent Nigerian-British information security expert, Dr. Kingsley Aguoru, has raised concerns over Nigeria’s continued use of card PINs for online payments.
He described it as a significant security risk to Nigerian consumers.
He has petitioned the Central Bank of Nigeria (CBN) and the Economic and Financial Crimes Commission (EFCC) to address this urgent issue.
Dr. Aguoru, a Chartered Engineer and Director of Information Security with over 20 years of experience in financial technologies, is advocating for the CBN to ban card PIN usage for online transactions altogether. He highlighted the security risks inherent in the current system, which exposes Nigerian consumers to cyber threats such as phishing, keylogging, and man-in-the-middle attacks.
In his petition, titled “Urgent Call to Ban Card PIN Usage for Online Payments in Nigeria”, Dr. Aguoru emphasized that Nigerian payment platforms like Paystack, Flutterwave, and Interswitch are still requiring card PINs for online transactions, a practice that has largely been phased out internationally.
PINs were designed specifically for ATM and POS transactions, where secure encryption protects users, he explained.
Using PINs for online transactions leaves consumers open to various cyber threats, this could be mitigated by adopting more secure measures.
Dr. Aguoru, recognized for pioneering one-time passwords (OTPs) for card-not-present transactions, also argued that Nigerian consumers should rely solely on OTPs or multi-factor authentication (MFA) for online payments, rather than the outdated combination of OTPs and card PINs.
“Combining OTPs with card PINs is unnecessary and risky. Instead, customers should be provided with secure alternatives, such as hardware card readers that generate OTPs independently,” he suggested.
In urging immediate action, Dr. Aguoru called on the CBN to prohibit web-based PIN entry for card payments and to enforce OTP or MFA as standard for all payment providers. “These measures are essential for aligning Nigeria’s payment systems with global standards and reducing the security risks facing Nigerian consumers,” he concluded.
