Dr. Kingsley Aguoru, a Nigerian-British information security expert, has issued a strong warning regarding the continued use of card PINs for online transactions in Nigeria. In a detailed petition to the Central Bank of Nigeria (CBN) and the Economic and Financial Crimes Commission (EFCC), Aguoru highlighted the significant cybersecurity threats associated with this outdated practice, urging authorities to take immediate action to safeguard Nigerian consumers.
Aguoru, a Chartered Engineer and seasoned information security expert with over 20 years in the financial technology sector, argued that Nigerian payment providers like Paystack, Flutterwave, and Interswitch continue to require card PINs for online transactions—a practice he describes as “virtually obsolete” in global financial systems. The expert noted that while card PINs are typically encrypted and secured for use at ATMs and POS terminals, using them online significantly increases consumers’ exposure to phishing, keylogging, and man-in-the-middle attacks.
In the petition titled “Urgent Call to Ban Card PIN Usage for Online Payments in Nigeria,” Aguoru, who is credited with pioneering one-time passwords (OTPs) for card-not-present transactions, outlined that relying on card PINs for online transactions invites serious security vulnerabilities. He emphasized that the continued use of PINs alongside OTPs is both unnecessary and risky, suggesting that Nigerian consumers should instead rely solely on OTPs or multi-factor authentication (MFA) as safer alternatives for online payments.
“Combining OTPs with card PINs is redundant and exposes customers to unnecessary cyber risks,” Aguoru explained, suggesting that customers should be provided with more secure alternatives, such as hardware card readers that can independently generate OTPs. He added that Nigeria’s payment security framework would be significantly enhanced by shifting to OTPs or MFA, aligning with global best practices.
Dr. Aguoru also called on the CBN to take the lead in educating the public on secure online payment methods and to implement mandatory measures to prohibit web-based PIN entry. “It’s crucial for the CBN to eliminate the option of entering PINs for online payments and enforce secure OTP or MFA protocols across all Nigerian payment providers,” he said.
Adopting these security enhancements, he argued, would reduce the risk of cyber theft, help protect Nigerian consumers from increasingly sophisticated cyber threats, and modernize Nigeria’s financial security systems in line with international standards.
