Dr. Kingsley Aguoru, a Nigerian-British expert in information security, has issued a stark warning regarding the persistent use of card personal identification numbers (PINs) for online transactions. His concern, articulated in a petition submitted to the Central Bank of Nigeria (CBN) and the Economic and Financial Crimes Commission (EFCC), highlights a significant security vulnerability impacting the financial well-being of Nigerians. With over twenty years of experience in the financial technology sector and as a Chartered Engineer, Aguoru argues that the reliance on PINs for online payments poses a severe risk to consumers, who are increasingly targeted by cybercriminals utilizing techniques like phishing, keylogging, and man-in-the-middle attacks.
In his petition, titled ‘Urgent Call to Ban Card PIN Usage for Online Payments in Nigeria,’ Aguoru criticizes local payment providers such as Paystack, Flutterwave, and Interswitch for maintaining the use of card PINs, a practice he deems outdated and unnecessary in the current digital landscape. He emphasizes that PINs were originally designed for use at ATMs and point-of-sale (POS) terminals, where secure encryption protocols are enforceable. When implemented online, however, these same PINs expose consumers to heightened risk since the necessary security measures are often not in place. This notable contrast between the intended secure usage of PINs and their vulnerability in online contexts raises pressing questions about consumer safety in Nigerian e-commerce.
Going further, Aguoru points out that retaining PINs in online transactions not only exposes users to increased threats of cyber attacks but also enables malicious parties to intercept sensitive financial information. He, therefore, advocates for a shift away from traditional PIN usage in favor of more secure authentication methods, such as one-time passwords (OTPs) or multi-factor authentication (MFA). Having been instrumental in introducing OTPs for card-not-present transactions, Aguoru insists that consumers should not be required to combine multiple authentication methods, such as OTPs with card PINs, as this redundancy only serves to increase risk without enhancing security.
His recommendations include providing consumers with advanced security solutions, such as hardware card readers that generate OTPs independently, thus enhancing the process of online banking. Aguoru’s proposition is that simply eliminating the requirement for card PIN entry during online transactions could strengthen the overall integrity of Nigeria’s payment systems. He asserts that this recalibration of security measures is not just a matter of consumer protection but also one of aligning Nigeria’s financial transactions with global best practices.
Aguoru is calling on the CBN to take immediate and decisive actions, including the prohibition of web PIN entry requirements for online card payments, as well as mandating the use of OTPs or MFA across all payment platforms. Such reforms, he argues, would not only protect Nigerian consumers from fraudulent activities but also lay the groundwork for a more robust digital financial ecosystem. Enhanced public awareness and education regarding safe online payment practices are also critical components of this initiative, according to Aguoru.
In conclusion, Dr. Aguoru’s urgent appeal comes at a crucial time when digital payments are proliferating in Nigeria and across the globe. By championing the transition away from outdated card PIN practices and advocating for modern security measures, he strives to mitigate cyber risks that impact Nigerian consumers’ financial security. His insights underscore the necessity of evolving payment systems to protect users better and ensure Nigeria remains competitive in the international landscape of secure digital transactions.
