Dr. Kingsley Aguoru, a Nigerian-British information security expert, has issued a strong warning regarding the continued use of card PINs for online payments in Nigeria. He called on the Central Bank of Nigeria (CBN) and the Economic and Financial Crimes Commission (EFCC) to intervene, highlighting what he describes as a serious risk to the financial security of Nigerian consumers.
In a petition seen by The Punch on Sunday, Dr. Aguoru—a Chartered Engineer and seasoned information security director with over 20 years in financial technology—urged the CBN to phase out card PIN requirements for online transactions. According to Aguoru, the prevalent use of PINs online exposes Nigerian consumers to heightened threats, such as phishing scams, keylogging, and man-in-the-middle attacks.
“Nigerian payment providers like Paystack, Flutterwave, and Interswitch continue to require card PINs for online transactions, a practice that is virtually obsolete globally,” stated Dr. Aguoru in his petition titled, “Urgent Call to Ban Card PIN Usage for Online Payments in Nigeria.”
Aguoru argued that while PINs are designed for secure environments such as ATMs and POS systems, where encryption is robust, their use online renders consumers susceptible to cyber fraud. “Using PINs online compromises security, making Nigerian consumers more vulnerable to cyber-attacks,” he said.
A recognized pioneer in the introduction of one-time passwords (OTPs) for card-not-present transactions, Aguoru noted that Nigeria’s continued use of PINs online could lead to intercepted customer details and financial exploitation. Instead, he advocated for sole reliance on OTPs or multi-factor authentication (MFA) for all online payments, urging the CBN to replace PINs with advanced security measures.
“Combining OTPs with card PINs is unnecessary and risky. Customers should be provided with secure alternatives, such as hardware card readers that generate OTPs independently,” Aguoru advised.
He also appealed to the CBN to educate the public on safe online payment practices and to mandate OTP or MFA protocols across payment providers. “I respectfully call on the CBN to address these issues by prohibiting web PIN entry for card payments and enforcing OTP or MFA requirements across all payment providers,” he concluded.
Dr. Aguoru emphasized that implementing these measures would not only align Nigeria’s payment systems with global standards but also provide enhanced protection for Nigerian consumers against escalating cyber threats.