Expert warns EFCC, CBN against online card pin use
A Nigerian-British information security expert, Dr. Kingsley Aguoru, has raised alarm over the continued use of card PINs for online payments, urging the Central Bank of Nigeria and the Economic and Financial Crimes Commission to address what he describes as a pressing security risk to Nigerians’ finances.
In a petition obtained by The PUNCH on Sunday, Aguoru, a Chartered Engineer and Director of Information Security with over two decades of experience in financial technologies, highlighted the need for the CBN to ban card PIN use for online transactions.
He noted that the current practice exposes Nigerian consumers to high risks, including phishing, keylogging, and man-in-the-middle attacks.
“Nigerian payment providers like Paystack, Flutterwave, and Interswitch continue to require card PINs for online transactions, a practice that is virtually obsolete globally,” Aguoru noted in the petition, titled ‘Urgent Call to Ban Card PIN Usage for Online Payments in Nigeria.’
He added that PINs are designed for ATM and POS use, where secure encryption is employed, but using them online leaves consumers vulnerable to cyber threats.
Aguoru, credited with pioneering one-time passwords for card-not-present transactions, stated that the continued PIN usage could allow unscrupulous elements to intercept consumers’ details and misuse them.
He further argued that Nigerian consumers should rely solely on OTPs or multi-factor authentication for online payments, rather than combining them with card PINs.
“Combining OTPs with card PINs is unnecessary and risky. Instead, customers should be provided with secure alternatives, such as hardware card readers that generate OTPs independently,” he said.
Aguoru called on the CBN to take immediate steps to enforce these security measures and educate the public on safe online payment practices. “I respectfully call on the CBN to address these issues by prohibiting web PIN entry for card payments and enforcing OTP or MFA requirements across all payment providers,” he stated.
According to him, adopting these measures would align Nigeria’s payment systems with global best practices and significantly reduce the risk to Nigerian consumers.