close
close

Association-anemone

Bite-sized brilliance in every update

UK-based Nigerian alerts EFCC, CBN on danger of using card PIN for online transactions
asane

UK-based Nigerian alerts EFCC, CBN on danger of using card PIN for online transactions

A Nigerian-British engineer and Chief Information Security Officer, Dr. Kingsley Chibuzor Aguoru, has petitioned the Economic and Financial Crimes Commission, EFCC and the Central Bank of Nigeria, CBN, asking to stop the use of card PIN for online payments to protect Nigerians since getting rid of their hard earned money.

He said he is making the passionate call to secure financial practices in the country.

According to him, with his over 20 years of experience in financial technology and security, he was compelled to draw attention to the critical flaws in the current online card payment practices in Nigeria, which expose customers to unnecessary risks and significant dangers.

Specifically, according to Aguoru, the continued use of PIN in online transactions puts Nigerians at grave risk of being defrauded.

Aguoru noted that card PINs were designed for face-to-face transactions at ATMs and POS terminals, where secure encryption methods protect users rather than online use.

In the petition titled “Urgent Call to Ban the Use of Card PIN for Online Payments in Nigeria”, Aguoru said: “In 2005, we developed a solution to tackle the prevailing card-not-present fraud in the UK, using both online, as well as offline OTP models based on Cartesian geometry.

“Although major networks like Visa and Mastercard rejected the innovation at the time, my OTP model has since become a worldwide standard for authorization.

“Nigerian payment providers such as Paystack and Flutterwave and Interswitch still require card PINs for online card transactions, a practice virtually obsolete elsewhere or never used. Card PINs are designed for face-to-face transactions at ATMs and POS terminals, where secure encryption methods protect users.

“Using them online exposes consumers to serious cyber risks, including phishing, keyloggers, man-in-the-middle attacks, even shady staff at the payment provider’s company can misuse the customer’s PIN captured online .

“Nigerians are already familiar with OTPs for securing online transactions. However, it is essential to understand that OTPs should never be combined with card PINs in an online setting.

“Instead, global best practices require the use of OTPs or multi-factor authentication for online payments only, which adds a secure layer of protection, an alternative to using card PINs online is to issue hardware card readers.

“With these devices, customers simply insert their card, enter their PIN directly on the reader and receive an OTP generated, keeping the entire process offline and secure.”

Enumerating the role of the CBN in financial issues in today’s digital age, Aguoru called on the apex financial regulator to protect consumers from cyber vulnerabilities.

“We respectfully call on the CBN to address these issues head on by banning web PIN entry for card payments and imposing OTP or MFA requirements on all payment providers.”

He advised the CBN to take an urgent step for the safety of Nigerian cardholders by banning the use of card codes for online transactions and mandating the use of OTPs or other dynamic authentication methods such as authorization through mobile banking applications.

He noted the need for consumers to be educated about safe online payment practices to minimize exposure to phishing and other cyber threats.

He said there was also the need for the apex bank to enforce industry-wide compliance with modern security standards to protect Nigerian customers, especially on the web, through security payment compliance policies.

Aguoru stressed that by adopting these measures, the CBN will greatly reduce the risks faced by Nigerian consumers and bring the nation’s payment systems in line with international best practices.