The Central Bank of Nigeria has introduced a new set of regulations aimed at strengthening the security of instant payment systems and giving bank customers more control over digital transactions.
The measures were announced in a circular dated March 12 and signed by Musa Jimoh. The guidelines will take effect on July 1 and will apply to all banks and payment service providers operating in Nigeria.
According to the apex bank, the new framework is designed to reduce fraud risks and improve security within Nigeria’s rapidly expanding digital payment ecosystem, particularly for services such as mobile banking and internet transfers.
One of the major changes introduced by the regulator allows customers to decide whether instant payment services should be active on their accounts. Under the new rules, financial institutions must provide users with the option to opt in or opt out of instant payment services at any time.
The CBN explained that customers who choose to opt out will temporarily lose access to online instant transfers. During that period, transfers can only be completed by physically visiting a bank branch.
The regulator said the opt-in and opt-out process will require multi-factor authentication to ensure proper customer authorization. By default, instant payment services will remain enabled when a new customer opens an account.
The circular also permits customers to adjust their transfer limits within the existing regulatory caps of ₦25 million for individual accounts and ₦250 million for corporate accounts. However, banks must conduct enhanced due diligence and risk assessments before approving such changes.
Once approved and authenticated through multi-factor verification, any new transaction limit will take effect immediately.
In addition, the CBN has directed banks and payment service providers to deploy enterprise-grade fraud monitoring systems capable of tracking transaction inflows and outflows to detect suspicious activity in real time.
Financial institutions are also required to strengthen identity verification procedures. For online account openings and reactivations, banks must conduct liveness checks against the Bank Verification Number (BVN) and National Identification Number (NIN) databases to confirm that the user is physically present.
The liveness verification process may require customers to perform actions such as blinking, speaking, smiling, or turning their heads during identity confirmation.
The new rules also introduce a device binding requirement for mobile banking applications. Under this policy, a mobile banking app can only be linked to one device at a time, preventing customers from accessing the same account simultaneously from multiple devices.
Switching to a new device will automatically trigger a full re-authentication process before the app can be used again.
The CBN also imposed temporary transaction limits for newly activated mobile banking apps. For new accounts, both incoming and outgoing transactions on a newly activated app will be restricted within the first 24 hours, with a maximum limit of ₦20,000.
A similar restriction will apply when existing users activate their banking apps on a new device.
For internet banking services, first-time logins from a new device will also require additional multi-factor authentication checks before access is granted.
The regulator said the guidelines represent the minimum security standard for instant payment systems in Nigeria and form part of ongoing efforts to enhance customer protection, improve fraud detection, and strengthen oversight of digital payment services across the financial sector.
