FG urged to interrogate call for ban of card PIN for online transactions

The Federal Government has been called on to further interrogate the call for a ban on card PIN for online transactions, where cybersecurity concerns have been raised, especially regarding user security and data protection.

In a widely circulated petition to the Central Bank of Nigeria (CBN) and the Economic and Financial Crimes Commission (EFCC), UK-based Nigerian Chartered Engineer and information security expert, Dr. Kingsley Chibuzor Aguoru, noted critical security gaps in the country’s financial sector and called for a regulatory body akin to the UK’s Financial Conduct Authority (FCA) to protect customers from being duped by hackers.

The development, which made waves in the Nigerian financial and cybersecurity landscape, called for a close scrutiny of the transaction system.

Abuja-based legal practitioner and public affairs analyst, Barr. Charles Ude Esq., with a background spanning technology and finance, called for the escalation of the advocacy effort by Dr. Aguoru, urging government intervention for a safer, more secure financial environment in Nigeria.

“In the petition, Dr. Aguoru, a specialist in information security, had called on the CBN and EFCC to stop forthwith the use of card PIN for online transactions while outlining the risks involved. He postulated that customers could be defrauded of their hard-earned money.

“He argued that the use of card PINs in online transactions and the risks associated with current National Identity Card practices were too much of a burden for customers to bear. He shared his concerns regarding the use of card PINs online.

“When you use your PIN at a POS terminal, there are secure encrypted layers in place, and some cards validate PINs within the microprocessor on the card without sending it over the internet, making the transaction very difficult for fraudsters to compromise.

“However, when a PIN is used online, there’s minimal control over security. A web browser cannot protect the input device, nor can it prevent network sniffing and keyloggers, leaving consumers vulnerable to fraud,” he explained.

Barr. Ude noted that in an unusual partnership with MasterCard, Nigeria’s National Identity Management Commission (NIMC) allowed the corporation’s logo to appear on the national identity card, a practice he finds deeply concerning. Ude asserted that the national identity card should serve as a government-issued document, free from corporate branding and influence. He said that blurring these boundaries only raises ethical concerns.

“In 2005, Dr. Aguoru experienced first-hand the devastating impact of CNP fraud. I was running a business similar to PayPal, offering third-party payment processing for online transactions. Unfortunately, a hosting company used stolen card details to purchase its own services, and I ended up wiring money overseas on their behalf. This incident, which cost me tens of thousands of pounds, led me to shift my career focus from Software Engineering to Information Security.

“While pursuing his Master’s in Information Technology at the University of Liverpool, he researched CNP fraud extensively, noting the sharp rise in CNP-related fraud in the UK, from £4.6 million in 1995 to £183.2 million by 2005, as documented by the APACS “Fraud the Facts” reports,” he said, clarifying Dr. Aguoru’s experience-driven advocacy.

Dr. Aguoru’s research proposed the use of dynamic one-time passwords (OTPs) instead of static passwords to better secure online transactions, a concept he termed “SMSVerify.” Although Visa and MasterCard declined to implement the solution, he took a different path, establishing Paymenex. This payments network introduced SMSVerify (now called 3Widentity), a dynamic OTP system that ensures each transaction is secure, unique, and temporary.