CBN Introduces Strict Single-Device Rule for Mobile Banking Applications
The Central Bank of Nigeria (CBN) has unveiled a comprehensive new security directive that will fundamentally change how Nigerians access mobile banking services. In a bold move to combat rising digital fraud, the apex bank will now restrict the use of mobile banking applications to just one device at any given time, eliminating the previous practice of simultaneous access across multiple phones or tablets.
Enhanced Security Framework for Nigeria's Financial Ecosystem
This groundbreaking policy forms part of a broader security enhancement initiative for Nigeria's instant payment systems. According to a circular issued by Musa Jimoh, Director of the CBN's Payments System Policy Department, financial institutions must ensure that mobile banking apps are bound exclusively to one device per customer. The circular was distributed to all banks, financial institutions, and payment service providers across the country.
What this means for bank customers: Once you activate your banking application on a specific device, you cannot use the same app simultaneously on another phone or tablet. Should you decide to switch devices, you'll need to undergo a complete authentication and reactivation process to verify the new device before gaining access to your banking services.
Multi-Factor Authentication for Instant Payment Controls
The CBN has introduced additional security layers for instant payment services. Customers now have the flexibility to temporarily opt out of instant payment features, but activating or deactivating this service will require multi-factor authentication (MFA) to verify identity. By default, instant payment services remain active when customers open new accounts.
When customers choose to deactivate instant payments, they will be unable to perform online transfers—whether within the same bank or to other financial institutions—until they reactivate the feature. During such periods, customers must visit physical bank branches to initiate transfers.
Voluntary Transaction Limits and Enhanced Fraud Monitoring
The new guidelines introduce a voluntary transaction limit feature that empowers customers to adjust their daily transfer limits according to personal preferences. While maximum limits remain at ₦25 million for individuals and ₦250 million for corporate accounts, customers can choose to set lower thresholds.
Important note: Any request to increase these limits will trigger enhanced due diligence and risk assessment by financial institutions, with changes only taking effect after successful multi-factor authentication and explicit customer consent.
A critical component of the new framework mandates financial institutions to deploy Enterprise Fraud Monitoring systems. Banks must now monitor both incoming and outgoing transactions in real-time to detect suspicious activities and block potentially fraudulent transfers before completion.
Stricter Verification for Digital Account Management
The CBN has implemented more rigorous verification requirements for online account opening and reactivation processes. All digitally opened accounts must undergo "liveliness checks" to confirm the physical presence of users during verification. Additionally, provided details must be validated in real-time against both Bank Verification Number (BVN) and National Identification Number (NIN) databases.
For account reactivation, enhanced authentication tools including biometric verification, soft tokens, hard tokens, and other multi-factor security measures will become mandatory.
Temporary Restrictions for New Activations
Newly activated mobile banking applications will face temporary transaction limits during their first 24 hours of operation. Both new and existing accounts will be subject to an outgoing transaction cap of up to ₦20,000 within the initial activation day, with financial institutions permitted to set even lower limits based on their internal risk management policies.
Customers accessing internet banking on a new device for the first time will also need to complete additional multi-factor authentication checks as part of the enhanced security protocol.
Implementation Timeline and Industry Impact
The CBN has designated these requirements as minimum security standards that all financial institutions must adopt for instant payment services in Nigeria. Full implementation of the comprehensive guidelines is scheduled to commence on July 1, 2026, providing banks and payment service providers with adequate time to upgrade their systems and ensure compliance.
This security overhaul represents the CBN's proactive response to Nigeria's rapidly expanding digital payments landscape, where transaction volumes continue to grow alongside emerging security challenges. The measures aim to significantly reduce fraud risks associated with unauthorized access and account takeover while maintaining the convenience that has made mobile banking increasingly popular among Nigerian consumers.
