CBN Introduces Stricter Security Rules for Instant Payments to Combat Rising Digital Fraud

The Central Bank of Nigeria (CBN) has unveiled a new regulatory framework aimed at strengthening the security of instant payment services and reducing digital fraud across the country’s banking system.

In a circular dated March 12 and signed by Musa Jimoh, Director of the Payments System Policy Department, the apex bank introduced a set of mandatory security measures for financial institutions and payment service providers. The new rules will take effect on July 1.

The directive represents a major shift in the regulation of mobile and internet banking in Nigeria, with a stronger emphasis on customer control and enhanced fraud prevention.

Under the new framework, banks must allow customers to opt in or opt out of instant transfer services at any time. While new users will be automatically enrolled in the opt-in option, customers who choose to opt out will be temporarily unable to carry out online transfers to other accounts. However, they will still be able to conduct transactions physically at bank branches.

Customers who wish to reactivate instant transfer services after opting out will be required to complete a multi-factor authentication process.

The CBN also introduced provisions allowing users to adjust their transaction limits within the approved caps of ₦25 million for individuals and ₦250 million for corporate accounts. Any request to increase or modify these limits will be subject to enhanced due diligence and risk assessment by the bank. Once approved, the changes will only take effect after successful multi-factor authentication confirming the customer’s consent.

To strengthen identity verification, the regulator directed that all online account openings and reactivations must now include liveness detection checks. These checks require users to perform actions such as speaking, smiling, or moving their heads to confirm their physical presence during the onboarding process.

The data collected will be verified against the national identity systems, including the Bank Verification Number (BVN) and the National Identification Number (NIN).

The new framework also mandates device binding for mobile banking applications. This means a financial service app can only operate on one registered device at a time. If a user switches to a new device, the system will automatically trigger a fresh authentication process before access is granted.

As an additional safeguard, the CBN introduced a 24-hour restriction period for newly activated mobile banking applications. During this period, transactions will be capped at ₦20,000 to allow banks time to monitor for suspicious activity and prevent unauthorized access.

Financial institutions are also required to deploy advanced fraud monitoring systems capable of tracking account activity and flagging suspicious inflows and outflows.

The apex bank said the measures are designed to improve consumer protection and strengthen confidence in Nigeria’s growing digital payment ecosystem.

Industry observers, however, note that while the stricter controls may help curb rising cyber fraud, they could also introduce additional technical steps that may prove challenging for some users, particularly those less familiar with digital banking platforms.