A Nigerian-British Chartered Engineer and Director of Information Security, Dr. Kingsley Chibuzor Aguoru, has petitioned the Economic and Financial Crimes Commission, EFCC, and the Central Bank of Nigeria, CBN, seeking a halt to card PIN usage for online payments to protect Nigerians from being fleeced of their hard earned money.
He said he was making the passionate appeal in order to secure financial practices in the country..CLICK TO READ THE FULL NEWS HEREā¶ā¶
According to him, with his over 20 years of experience in financial technologies and security, he was compelled to draw attention to the critical flaws in the Nigeriaās current online card payment practices, which exposes customers to unnecessary risks and significant danger.
Specifically, according to Aguoru, the continued use of PIN in online transactions places Nigerians at a grave risk of being defrauded.
Aguoru noted that card PINs were designed for face-to-face transactions at ATMs and POS terminals where secure encryption methods protect users rather than online usage.
In the petition titled, āUrgent Call to Ban Card PIN Usage for Online Payments in Nigeriaā, Aguoru stated: āIn 2005, I developed a solution to tackle prevalent fraud in card-not-present transactions in the United Kingdom using both online and offline OTP models, drawing on Cartesian geometry.
āAlthough major networks like Visa and Mastercard declined the innovation at the time, my OTP model has since become a standard worldwide for authorization.
āNigerian payment providers, such as Paystack and Flutterwave, and Interswitch still require card PINs for online card transactions, a practice virtually obsolete elsewhere or not ever used. Card PINs are designed for face-to-face transactions at ATMs and POS terminals, where secure encryption methods protect users.
āUsing them online exposes consumers to serious cyber risks, including phishing, keylogger, man-in-the-middle attacks, even some dubious staff at the payment provider company can misuse customerās PIN captured on the internet.
āNigerians are already familiar with OTPs for securing online transactions. However, it is critical to understand that OTPs should never be combined with Card PINs in an online setting.
āInstead, global best practices require using OTPs or Multi-Factor Authentication alone for online payments, which adds a secure layer of protection, an alternative to using card PINs online is to issue hardware card readers.
āWith these devices, customers would simply insert their card, enter their PIN directly on the reader, and receive a generated OTP, keeping the entire process offline and secure.ā
Enumerating the role of CBN in financial matters in the present digital age, Aguoru called on the apex financial regulator to protect consumers from cyber vulnerabilities.
āI respectfully call on the CBN to address these issues head-on by prohibiting web PIN entry for card payments and enforcing OTP or MFA requirements across all payment providers.ā
He advised the CBN to urgently step forward for the safety of Nigerian cardholders by banning the use of card pins for online transactions and mandate the use of OTPs or other dynamic authentication methods, such as authorization through mobile banking apps.
He noted that there was need for consumers to be educated on safe online payments practice to minimize exposure to phishing and other cyber threats.
He said it was also necessary for the apex bank to enforce industry wide compliance with modern security standards to protect Nigerian customers, especially on the web, through security payments compliance policies.
Aguoru emphasized that by adopting these measures, the CBN will greatly reduce the risks Nigerian consumers face and bring the nationās payment systems in line with international best practices…CLICK TO READ THE FULL NEWS HEREā¶ā¶