UK Expert Cautions on Using Card PINs for Online Transactions

A British-Nigerian chartered engineer and information security expert, Dr. Kingsley Chibuzor Aguoru, has cautioned customers on using card personal identification number (PINs) for online transactions.

He made this known in a statement where he urged the Central Bank of Nigeria (CBN) and the Economic and Financial Crime Commission (EFCC) to take action, and also called for the ban on ATM card PIN usage for online payments. 

He said payment providers such as Paystack, Flutterwave, and Interswitch who offer card PIN payments put Nigerians at risk of online fraud.

“With over 20 years of experience in financial technologies and security, I pioneered the concept of  one-time password (OTPs) for card-not-present payments as a postgraduate researcher at the University of Liverpool in 2005.

“I am compelled to bring attention to the critical flaws in Nigeria’s current online card payment practices, specifically the continued use of card PINs in online transactions, which exposes Nigerian consumers to unnecessary risks and significant danger,” he said.

Aguoru opined that card PINs were designed for face-to-face transactions at ATMs and POS terminals where secure encryption methods protect users.

“Using them online exposes consumers to serious cyber risks, including phishing, keylogger, man-in-the-middle attacks, even some dubious staff at the payment provider company can misuse customer’s PIN captured on the internet,” he said.

Aguoru acknowledged that Nigerians are familiar with OTPs for secure online transactions but advised that they should not be combined with card PINs for online payment authentication.

“Instead, global best practices require using OTPs or Multi-Factor Authentication alone for online payments, which adds a secure layer of protection, an alternative to using card PINs online is to issue hardware card readers. With these devices, customers would simply insert their card, enter their PIN directly on the reader, and receive a generated OTP, keeping the entire process offline and secure,” he said.

The expert noted that the CBN “holds a vital responsibility to protect consumers from cyber vulnerabilities. I respectfully call on the CBN to address these issues head-on by prohibiting web PIN entry for card payments and enforcing OTP or MFA requirements across all payment providers.”

He also urged the apex bank to “Require OTPs to be time sensitive and multi-digit to provide optimal security and reduce exposure to interception.

“Educate consumers on safe online payments practice to minimize exposure to phishing and other cyber threats.

“Enforce industry wide compliance with modern security standards to protect Nigerian customers, especially on the web, through policies, such as security, payments compliance policies,” he said.

Alternatively, Aguoru suggested the issuance of hardware card readers: “With these devices, customers would simply insert their card, enter their PIN directly on the reader, and receive a generated OTP, keeping the entire process offline and secure.”

Related Articles