UK-based Nigerian alerts EFCC, CBN on danger of card PIN usage for online transactions

A Nigerian-British Chartered Engineer and Director of Information Security, Dr. Kingsley Chibuzor Aguoru, has petitioned the Economic and Financial Crimes Commission, EFCC, and the Central Bank of Nigeria, CBN, seeking a halt to card PIN usage for online payments to protect Nigerians from being fleeced of their hard earned money.

He said he was making the passionate appeal in order to secure financial practices in the country.

According to him, with his over 20 years of experience in financial technologies and security, he was compelled to draw attention to the critical flaws in the Nigeria’s current online card payment practices, which exposes customers to unnecessary risks and significant danger.

Specifically, according to Aguoru, the continued use of PIN in online transactions places Nigerians at a grave risk of being defrauded.

Aguoru noted that card PINs were designed for face-to-face transactions at ATMs and POS terminals where secure encryption methods protect users rather than online usage.

In the petition titled, ‘Urgent Call to Ban Card PIN Usage for Online Payments in Nigeria’, Aguoru stated: “In 2005, I developed a solution to tackle prevalent fraud in card-not-present transactions in the United Kingdom using both online and offline OTP models, drawing on Cartesian geometry.

“Although major networks like Visa and Mastercard declined the innovation at the time, my OTP model has since become a standard worldwide for authorization.

”Nigerian payment providers, such as Paystack and Flutterwave, and Interswitch still require card PINs for online card transactions, a practice virtually obsolete elsewhere or not ever used. Card PINs are designed for face-to-face transactions at ATMs and POS terminals, where secure encryption methods protect users.

“Using them online exposes consumers to serious cyber risks, including phishing, keylogger, man-in-the-middle attacks, even some dubious staff at the payment provider company can misuse customer’s PIN captured on the internet.

“Nigerians are already familiar with OTPs for securing online transactions. However, it is critical to understand that OTPs should never be combined with Card PINs in an online setting.

“Instead, global best practices require using OTPs or Multi-Factor Authentication alone for online payments, which adds a secure layer of protection, an alternative to using card PINs online is to issue hardware card readers.

“With these devices, customers would simply insert their card, enter their PIN directly on the reader, and receive a generated OTP, keeping the entire process offline and secure.”

Enumerating the role of CBN in financial matters in the present digital age, Aguoru called on the apex financial regulator to protect consumers from cyber vulnerabilities.

“I respectfully call on the CBN to address these issues head-on by prohibiting web PIN entry for card payments and enforcing OTP or MFA requirements across all payment providers.”

He advised the CBN to urgently step forward for the safety of Nigerian cardholders by banning the use of card pins for online transactions and mandate the use of OTPs or other dynamic authentication methods, such as authorization through mobile banking apps.

He noted that there was need for consumers to be educated on safe online payments practice to minimize exposure to phishing and other cyber threats.

He said it was also necessary for the apex bank to enforce industry wide compliance with modern security standards to protect Nigerian customers, especially on the web, through security payments compliance policies.

Aguoru emphasized that by adopting these measures, the CBN will greatly reduce the risks Nigerian consumers face and bring the nation’s payment systems in line with international best practices.

UK-based Nigerian alerts EFCC, CBN on danger of card PIN usage for online transactions

Share

Leave a Reply

Your email address will not be published. Required fields are marked *