ATM Card Security Risks Highlighted by Information Security Specialist
A British-Nigerian chartered engineer and information security expert, Dr. Kingsley Chibuzor Aguoru, has issued a strong warning against the use of ATM card PINs for online payments in Nigeria, citing serious security concerns. Dr. Aguoru, who has over two decades of experience in financial technology and cybersecurity, directed his call to the Economic and Financial Crimes Commission (EFCC) and the Central Bank of Nigeria (CBN), urging them to implement stricter payment security measures.
In his petition, Dr. Aguoru emphasized that payment providers in Nigeria, including Paystack, Flutterwave, and Interswitch, expose Nigerian consumers to heightened fraud risks by allowing online payments authenticated by card PINs. He highlighted that PINs were originally designed for face-to-face transactions, such as those at ATMs and point-of-sale (POS) terminals, where robust encryption provides added security. Using them for online payments, he argued, leaves customers vulnerable to cyber threats.
“With over 20 years of experience in financial technologies and security, I pioneered the concept of OTPs for card-not-present payments as a postgraduate researcher at the University of Liverpool in 2005,” Dr. Aguoru explained. “The critical flaws in Nigeria’s online payment practices, particularly the reliance on card PINs for internet transactions, expose Nigerian consumers to unnecessary and significant risks.”
Dr. Aguoru pointed out that using card PINs online makes consumers susceptible to phishing scams, keylogging, and man-in-the-middle attacks. He further warned that even dishonest employees within payment provider companies could potentially misuse PINs that are captured online, posing a direct threat to users’ financial security.
THE CASE FOR OTPS AND MULTI-FACTOR AUTHENTICATION
Nigerians are already accustomed to using One-Time Passwords (OTPs) for secure online payments, Dr. Aguoru noted, but he cautioned against combining OTPs with card PINs for payment verification. Instead, he recommended global best practices, advocating for OTPs or Multi-Factor Authentication (MFA) alone to enhance security.
“An alternative to card PINs in online transactions would be to issue hardware card readers,” he proposed. “These devices would enable customers to enter their PINs directly on the reader to generate an OTP, making the process offline and more secure.”
CBN’S ROLE IN PROTECTING CONSUMERS
Dr. Aguoru called upon the CBN to take proactive steps to eliminate online PIN entry for card payments, suggesting policies that enforce the use of OTPs or MFA across all Nigerian payment providers.
He proposed that the CBN should:
- Mandate OTPs that are time-sensitive and multi-digit for stronger protection against interception.
- Educate consumers on safe online payment practices to reduce phishing and other cyber risks.
- Implement industry-wide compliance with modern security standards to safeguard online transactions.
In addition to these recommendations, Dr. Aguoru reiterated the importance of hardware card readers as a long-term solution. Such devices, he argued, would eliminate online PIN entry entirely, safeguarding consumers from potential data breaches by keeping the process offline and secure.