A Nigerian-British information security expert and Chartered Engineer, Dr. Kingsley Aguoru, has raised significant concerns regarding the ongoing practice of using card PINs for online payments in Nigeria.
In a petition obtained by The PUNCH, Aguoru called on the Central Bank of Nigeria and the Economic and Financial Crimes Commission to take immediate action to address what he describes as a critical security vulnerability threatening the financial safety of Nigerian consumers.
Aguoru, who serves as the Director of Information Security and boasts over two decades of experience in financial technologies, highlighted in his petition the pressing need for the CBN to outlaw the use of card PINs for online transactions.
He pointed out that the current requirement exposes consumers to various cyber threats, including phishing, keylogging, and man-in-the-middle attacks.
In his petition, titled “Urgent Call to Ban Card PIN Usage for Online Payments in Nigeria,” Aguoru emphasized that major Nigerian payment platforms like Paystack, Flutterwave, and Interswitch still mandate card PINs for online transactions— a practice that he argues has become obsolete in many parts of the world.
“Nigerian payment providers like Paystack, Flutterwave, and Interswitch continue to require card PINs for online transactions, a practice that is virtually obsolete globally,” he stated.
Aguoru further explained that card PINs were primarily designed for use at ATMs and point-of-sale terminals, where secure encryption is standard.
He stressed that using these PINs online places consumers at risk of being targeted by cybercriminals.
“The continued PIN usage could allow unscrupulous elements to intercept consumers’ details and misuse them,” he warned.
Renowned for his innovations, including the development of one-time passwords for card-not-present transactions, Aguoru argued for a shift away from the reliance on card PINs.
He advocated for the adoption of OTPs or multi-factor authentication as the sole means of securing online payments.
“Combining OTPs with card PINs is unnecessary and risky. Instead, customers should be provided with secure alternatives, such as hardware card readers that generate OTPs independently,” he explained.
Aguoru’s call to action extends beyond just banning card PINs; he urged the CBN to implement robust security measures and conduct public awareness campaigns about safe online payment practices.
“I respectfully call on the CBN to address these issues by prohibiting web PIN entry for card payments and enforcing OTP or MFA requirements across all payment providers,” he implored.
He believes that embracing these security enhancements would not only align Nigeria’s payment systems with global best practices but also significantly mitigate the risks faced by consumers in the digital landscape.