Oyo State’s modernised public transport system is emerging as one of the clearest examples of state-level Digital Public Infrastructure (DPI) adoption in Nigeria.
Through the Omituntun and CNG bus schemes operated by Pacesetter Transport Services (PTS), the government has introduced electronic ticketing with printed receipts, a reusable transport card, GPS-enabled fleet tracking, CCTV monitoring, onboard Wi-Fi and digital administrative systems for HR and finance.
At the centre of this transformation is the Pacesetter Card, a reloadable smart card designed to digitise fare payments and reduce cash handling across the transport system.
While the initiative reflects core DPI principles; publicly led infrastructure that enables digital payments and traceability, commuters say some operational gaps remain. Questions also persist around backend integration, identity linkage, and whether the system is fully interoperable with broader national digital identity frameworks.
– Advertisement –
Under the leadership of Chairman and Sole Administrator of Oyo State Pacesetter Transport Services, Dr Ibrahim Oladeji Salami-Dikko, the Pacesetter Card was launched in September 2023 as part of a wider modernisation drive.
Commuter experience: convenience meets constraints
For many commuters, the system has simplified daily travel.
Adeoti Joshua Oluwadamilare, who works at a private company, says he mostly uses the Omituntun bus in the afternoon. “I collected the card for ₦500 at the entrance of the bus,” he said. “From Gate to Olodo is ₦300 per trip. You just give the money to the staff and they load it on your card.” However, timing remains a challenge. “In the morning, I’m usually in a hurry, so I can’t always wait for the bus to fill up before it moves.”
Affordability is a major advantage for users. A public school teacher, Idowu Alabi, noted that fares are significantly lower than those charged by conventional transport operators. “We pay ₦300, unlike public transport that charges ₦500,” he said.
Like many users, he recharges his card through staff using POS machines, as there is currently no mobile app for remote top-ups. “The only challenge is that sometimes you expect the bus, and it doesn’t show up,” he added, though he acknowledged recent improvements in scheduling.
He also recounted a real-time experience that highlights how the system works. “This morning, the bus had already taken off from Olodo bank. I quickly brought out my card, and the driver waited so I could enter.”
A commuter using the card inside the Omituntun bus: Shot taken by Adedamola Adedigba
Daily commuters also point to efficiency gains.
A civil servant, Mrs Funke Aderanti, said she typically loads ₦1,000 daily for her round trip. “By 8:00 am, the bus leaves, and by 8:30 we should be at Gate,” she said. She added that the buses are faster because they stop only at designated points. “There is Wi-Fi, and it works, especially for Android phones,” she noted.
Although the cards were initially distributed free at launch, they now cost ₦500. Lost or damaged cards must be replaced at the same cost, though any remaining balance can be transferred.
Adoption and system reach
From the operator’s perspective, adoption is growing steadily.
A staff member of the Agency, Ifa Samuel, said increased usage reflects public trust. “If someone wants to collect the Pacesetter Card, they pay ₦500, and there is no amount you cannot load on it,” he explained. While some commuters recharge daily, others load larger sums up to ₦5,000 for extended use.
He attributed growing confidence to reliability and safety. “A lot of people board this bus because of consistency and also because of safety,” he said, noting that GPS tracking and CCTV monitoring enhance accountability. The card is also usable beyond Ibadan city routes, covering destinations such as Iseyin, Oke-Ogun, Ogbomosho, Oyo, Saki, and Igboora.
However, the system still depends heavily on physical interaction for recharging. “Once you reach the entrance of the bus, you ask the staff to load your card,” Samuel said. The absence of a mobile app means digital payments are still mediated through staff-operated POS devices.
From a DPI perspective, the system raises important questions about identity integration. Strong DPI systems typically link digital payments seamlessly with national identity frameworks, enabling secure, self-service access. In Oyo’s case, commuters still rely on in-person top-ups, limiting the efficiency gains expected from a fully digitised system.
Government perspective: transparency and revenue gains
Despite these gaps, the initiative positions Oyo State as a potential model for subnational digital adoption. By digitising fare collection and integrating GPS monitoring, the administration of Governor Seyi Makinde has made visible progress in improving transparency and commuter experience.
Yet DPI strength lies not only in visible infrastructure but also in backend architecture, secure systems, interoperable databases, and clear identity integration. Strengthening these elements could transform the Pacesetter Card into a broader digital public infrastructure asset usable across multiple government services.
For now, commuters say the system works and works better than many alternatives. “It really works for me,” Idowu said.
How the PTS system work
According to the Public Relations Officer of PTS, Dare Adekanbi, the introduction of digital systems has significantly improved transparency, revenue tracking, and service delivery. GPS trackers enable real-time monitoring of bus movement from origin to destination, improving operational efficiency.
He explained that the shift from cash payments to the card system in September 2023 helped address revenue leakages. “Before, we were using cash payments, and a lot of the revenue was going into individual pockets instead of the company’s account. The card system blocked those leakages,” he said.
The Pacesetter Card operates as a tap-and-go system using validators installed in each bus, supported by backend software developed in partnership with a private technology firm. “Once you enter the bus, you tap your card on the validator, and it deducts your fare automatically,” Adekanbi explained.
While the system is government-led, it runs on a public-private partnership model, which aligns with one of DPI principles on collaboration. “We own the system, but we partner with a company that provides the backend support. Their payment is a percentage of the revenue,” he added.
On identity linkage, Adekanbi said registration requires a National Identification Number (NIN) and phone number, though verification is primarily done through SIM registration. “We don’t directly collect NIN data. We use the phone number, which is already linked to NIN,” he clarified.
He also highlighted backend transparency. “Every payment goes to the backend, where we can see records in real time, how many passengers paid and how much was generated,” he said.
However, challenges remain, particularly in expanding services to rural areas due to road infrastructure constraints. The agency is considering deploying smaller buses to reach underserved communities.
Adekanbi acknowledged occasional network issues but noted that the system is designed to function offline, with transactions syncing later. He also revealed plans to enable direct bank transfers to the card, allowing commuters to recharge without physical interaction.
Cybersecurity risks: expert concerns
From a cybersecurity perspective, expert Gbemisola Esho raised concerns about the underlying technology. She explained that tap-and-go cards rely on short-range communication technologies such as Near Field Communication (NFC) or Radio Frequency Identification (RFID), which can be vulnerable to attacks.
“So the thing about the tap-and-go card is that it uses technologies like NFC or RFID,” she said. “The card broadcasts on a short-range radio signal when it is tapped against a reader, which then picks up the data.”
She explained that these technologies can expose users to security threats. “There are risks like card skimming and eavesdropping. An attacker can intercept the signal, and in what is called a relay attack, reuse that signal elsewhere to make fraudulent transactions,” she said.
While some systems incorporate cryptographic protections, she cautioned that vulnerabilities remain. “Some of these cards use cryptographic tokens, meaning each transaction has a unique one-time code, but even at that, it is not entirely secure,” she added.
Esho also highlighted backend concerns and third-party risks. “You have weak backend authentication in some cases, and then there are vendor and supply chain risks between the service provider and the government,” she said.
Beyond financial risks, she raised concerns about privacy and surveillance. “When you combine a transit card with a SIM linked to a NIN and GPS tracking, you are creating a system that can monitor people’s movements,” she said. “It means you can know which bus a person boarded, the route they took, and the time they travelled.”
She described this as a significant design concern. “The SIM and NIN linkage is one of the most sensitive aspects. It creates the possibility of tracing individuals’ movements in real time,” she noted.
To address these risks, she called for stronger data protection measures. “There should be strict data minimisation and retention policies. For example, transaction logs should not be kept indefinitely; 30 days is a reasonable limit,” she said.
She also recommended stronger encryption and oversight. “Data should be encrypted both in transit and at rest, and there should be regular security audits. Independent oversight is also important to ensure accountability,” she added.
Esho further emphasised the need to reduce identity exposure. “Instead of displaying full personal details, systems should use masked identifiers to protect users’ identities,” she said.
She concluded with a caution on governance. “All of this requires clear legal safeguards. Without that, what you have is not just a transport system, but a potential surveillance infrastructure that many users may not even be aware they are part of.”
Another cybersecurity expert, Isreal Olatunji, offered a comparative perspective based on international systems, particularly in the United States.
“I’ve used tap-and-go systems in the U.S., and they are extremely safe because all you need is cash or a bank card to fund them,” he said. “What is stored on the card is just the token value used for commuting, not your name or any sensitive personal data.”
He cautioned that the level of risk in Oyo’s system depends on how deeply user identity is embedded. “Except the Pacesetter Card is locked to users’ biodata, which is not very clear, then the security depends on how robust the infrastructure is,” he noted.
Olatunji also raised concerns about overreliance on regulatory assurances without practical safeguards. “Authorities will always say they are complying with data protection laws, but until a breach happens and sensitive data appears on the dark web, you cannot be certain how secure the system is,” he said.
On payment design, he warned that linking transport cards too closely to identity-based banking systems could increase risk exposure. However, he pointed to a widely used solution in other countries.
“There should be self-service options like vending machines or kiosks where commuters can buy and load cards using cash, cards, or mobile wallets,” he said. “This allows people to choose cash if they want to avoid identity-linked transactions.”
Drawing from his experience abroad, he emphasised simplicity and anonymity as key design strengths. “I got my transport card in the U.S. without providing my name. I just inserted cash into a machine, and the card was issued instantly with the loaded value,” he said.
He also addressed the role of GPS tracking, acknowledging its operational value while warning about misuse. “GPS tracking is useful for fare calculation and monitoring, but it can also enable surveillance,” he said. “The real issue is who can access that data and what legal restrictions exist to prevent abuse.”
Olatunji stressed the need for stronger legal and institutional safeguards. “There must be clear data protection rules that define when and how commuter data can be accessed. Without that, the system can easily be misused,” he added.
This report is produced under the DPI Africa Journalism Fellowship Programme of the Media Foundation for West Africa and Co-Develop.
