Friday, March, 13 2026 - The Central Bank of Nigeria has introduced new regulations aimed at strengthening the security of instant payment services and giving customers greater control over digital transactions such as mobile and internet banking.
The measures were announced in a circular dated March 12 and
signed by Musa Jimoh. The guidelines will take effect on July 1 and apply to
all banks and payment service providers operating in Nigeria.
According to the regulator, the new rules are designed to
reduce fraud risks and enhance security across Nigeria’s growing digital
payment ecosystem.
One of the key provisions allows customers to decide whether
they want instant payment services enabled on their accounts. Financial
institutions must now provide users with the option to opt in or opt out of
instant payment services at any time.
The CBN stated: “Customers shall have the option to opt-out
of/opt-in to IP service at any time and for any given period. This process
shall be subject to Multi-Factor Authentication (MFA) control. Default setting
shall be Opt-in upon on-boarding a new customer.” The circular also explains
that when a customer chooses to opt out of instant payment services, online
transfers will be temporarily disabled.
“In the opt-out mode, a customer shall not be able to carry
out online instant transfer of funds (intra or inter) from his/her account to
another customer. However, customer can physically visit the financial
institution to effect transfer during this period.”
The new framework also allows customers to adjust
transaction limits within the existing regulatory caps of ₦25 million for
individuals and ₦250 million for corporate accounts, provided banks carry out
proper risk assessments before approving any changes. The circular states: “Any
such adjustment shall be subject to enhanced due diligence and appropriate risk
assessment by the financial institution.”
It further notes: “The new transaction limit shall take
effect immediately upon successful completion of multi-factor authentication
(customer consent).” In addition to these controls, the CBN has directed
financial institutions to deploy enterprise-level fraud monitoring systems
capable of tracking inflows and outflows to detect suspicious activity.
Banks are also required to strengthen identity verification
processes. Online account openings and reactivations must include liveness
checks against the Bank Verification Number and National Identification Number
databases.
Liveness checks require users to prove they are physically
present by performing actions such as blinking, speaking, smiling or turning
their heads during identity verification. For mobile banking applications, the
regulator has introduced a device binding requirement to prevent simultaneous
access from multiple devices.
The CBN explained: “Binding Mobile financial services
applications (apps) shall only be enabled on one device at a time, and
customers cannot operate the apps concurrently on multiple devices.” The
circular adds that switching to a new device will require full
re-authentication.
“Migration to another device shall trigger automatic
re-activation and authentication.” The regulator also introduced temporary
transaction limits for newly activated mobile banking apps.
“For new accounts, transaction limits (inflow and outflow)
shall be imposed on a newly activated mobile financial services app in the
first 24-hours of activation… subject to a maximum transaction limit of
₦20,000.00.”
The same restriction applies when existing users activate
the mobile app on a new device. For internet banking, first-time login from a
new device must also undergo additional multi-factor authentication checks.
According to the CBN, the new rules represent the minimum
standard for instant payment systems in Nigeria and are part of ongoing efforts
to “enhance customer protection, strengthen fraud detection, and improve
control over digital payment services.
0 Comments