Key points
- Kingsley Aguoru warns that card PIN reliance poses significant security threats in Nigeria’s online transactions.
- Aguoru calls on the CBN and EFCC to ban card PINs and promote OTPs for safer payments.
- He emphasizes the need for public awareness on secure online payment practices to enhance consumer safety.
Kingsley Aguoru, a renowned Nigerian-British information security expert, has issued a critical warning about the dangers posed by the reliance on card PINs for online transactions in Nigeria. He is calling for urgent action from the Central Bank of Nigeria (CBN) and the Economic and Financial Crimes Commission (EFCC) to address these vulnerabilities. In a petition revealed by The Punch, Aguoru emphasizes that this practice poses a significant security threat to the financial safety of Nigerians.
Need for change in payment security practices
With over 20 years of experience in financial technology, Aguoru, a Chartered Engineer and Director of Information Security, argues that the CBN should prohibit the use of card PINs for online payments.
He cites that this outdated practice exposes consumers to a myriad of cyber threats, including phishing, keylogging, and man-in-the-middle attacks. “Nigerian payment processors like Paystack, Flutterwave, and Interswitch continue to mandate card PINs for online transactions, a practice that is increasingly regarded as outdated on a global scale,” he stated in his petition titled, Urgent Call to Ban Card PIN Usage for Online Payments in Nigeria.
Vulnerabilities in current systems
Aguoru elaborates that card PINs were initially designed for secure environments like ATMs and POS systems, which employ robust encryption. However, their use in online transactions leaves consumers vulnerable to significant cyber threats.
He warns that the ongoing dependence on PINs could enable the interception of sensitive information by malicious entities.
Advocating for secure alternatives
Pioneering the use of one-time passwords (OTPs) for card-not-present transactions, Aguoru insists that consumers should rely exclusively on OTPs or multi-factor authentication (MFA) for online payments instead of using them alongside card PINs. “The combination of OTPs and card PINs is not only unnecessary but also dangerous.
Consumers should be provided with secure alternatives, such as hardware card readers that generate OTPs independently,” he advised.
Call to action for regulatory bodies
Aguoru is calling on the CBN to adopt these crucial security measures and to enhance public awareness regarding safe online payment practices. “I respectfully urge the CBN to address these vulnerabilities decisively by prohibiting the entry of card PINs for online payments and mandating OTP or MFA protocols across all payment platforms,” he stated.
He believes that implementing these security practices would not only bolster consumer safety but also align Nigeria’s payment systems with international standards, significantly reducing the risks associated with online transactions.