CBN tightens mobile banking security, setting a N20,000 cap on first-time transactions.

Nigeria’s financial system is set to experience a new wave of digital security reforms following the introduction of stricter regulations by the Central Bank of Nigeria (CBN). In a move aimed at strengthening the integrity of electronic payment channels and curbing financial fraud, the apex bank has directed all financial institutions to impose a transaction limit of N20,000 within the first 24 hours of activating a mobile banking application.

The directive was communicated through an official circular issued on March 12, 2026, and addressed to commercial banks, other financial institutions, and licensed payment service providers operating in Nigeria. According to the central bank, the new measures are designed to enhance the safety of Nigeria’s instant payment ecosystem, which has expanded rapidly in recent years due to increasing adoption of digital banking platforms.

The regulation will officially take effect from July 1, 2026, allowing financial institutions several months to upgrade their technological infrastructure and adjust internal procedures to comply with the updated requirements.

Transaction Limits for Newly Activated Mobile Banking Apps

Under the newly announced framework, banks must apply strict transaction restrictions on newly activated mobile financial service applications during the first 24 hours after activation.

The policy requires that all transactions—both incoming and outgoing—must not exceed N20,000 within the first day of activation for newly opened accounts. While the central bank has set N20,000 as the maximum allowable limit, financial institutions are permitted to adopt even lower limits if their internal risk assessment models consider it necessary.

This temporary restriction is intended to provide a security buffer during the early stage of account activation, which regulators say is often a vulnerable period for fraudulent activities.

The directive also applies to existing bank customers who activate their mobile banking application on a new device. In such cases, banks must impose an outgoing transaction cap of N20,000 during the first 24 hours, ensuring that suspicious activities can be identified and contained before large transactions are processed.

Addressing Rising Digital Fraud Risks

The new measures reflect growing concerns among financial regulators about the increasing sophistication of digital fraud schemes targeting online banking platforms.

According to the Central Bank of Nigeria, cases involving account takeover, identity theft, and unauthorized device migration have become more prevalent as millions of Nigerians shift to digital banking and instant payment services.

Mobile banking apps and internet banking platforms have significantly improved convenience for consumers. However, the rapid growth of these technologies has also created opportunities for cybercriminals who attempt to exploit vulnerabilities within digital financial systems.

By restricting transaction volumes during the first day of app activation, regulators aim to give banks enough time to verify the authenticity of new device registrations and detect unusual account activity.

Mandatory Device Binding for Mobile Banking Apps

Another major provision introduced by the central bank is the mandatory device binding requirement for mobile banking applications.

Under this rule, customers will only be permitted to operate their mobile banking application on one device at a time. This means that users will no longer be able to simultaneously access their banking apps across multiple smartphones or tablets.

If a customer decides to switch to a new device, the migration process will trigger a fresh authentication procedure. This verification process will require the user to confirm their identity before the application is fully reactivated.

Regulators believe that this device restriction will significantly reduce the risk of unauthorized access to banking applications, especially in situations where login credentials have been compromised.

Stronger Authentication for Online Banking Access

The security framework also includes enhanced login verification procedures for internet banking services.

Financial institutions are now required to enforce additional multi-factor authentication steps when customers attempt to log into internet banking platforms for the first time using a new device.

These additional authentication layers may include combinations of verification methods such as:

• Biometric authentication

• One-time passwords

• Hardware tokens or soft tokens

• Additional identity verification prompts

The aim is to ensure that only legitimate account holders can successfully access digital banking services, even if sensitive login information falls into the wrong hands.

Real-Time Fraud Monitoring Systems

Beyond user authentication measures, the Central Bank of Nigeria has also directed financial institutions to deploy enterprise-grade fraud monitoring systems capable of analyzing transactions in real time.

These advanced monitoring tools must track both incoming and outgoing transactions across digital channels and identify patterns that may indicate fraudulent activity.

By leveraging real-time monitoring technology, banks will be able to detect suspicious behavior more quickly and temporarily restrict transactions before financial losses occur.

Experts say such systems are already widely used in advanced financial markets and are becoming increasingly essential as digital payments continue to grow.

Stricter Rules for Online Account Opening

The central bank’s circular also introduced tighter requirements for online account creation and reactivation processes.

Financial institutions are now required to implement liveliness detection checks when individuals open accounts digitally. These checks help confirm that the person initiating the account registration is physically present and not using stolen or manipulated identity data.

Additionally, all online account opening and account reactivation processes must undergo real-time verification with Nigeria’s identity databases, including:

• The Bank Verification Number (BVN) system

• The National Identity Number (NIN) database

This integration will enable financial institutions to cross-check customer information instantly, ensuring that identities are verified before accounts become fully operational.

Enhanced Authentication for Account Reactivation

The updated security framework also introduces stricter requirements for reactivating dormant or restricted bank accounts through online channels.

Before an account can be reactivated digitally, customers must complete additional verification steps using advanced authentication methods such as:

• Biometric verification

• Soft token authentication

• Hardware token devices

• Other approved multi-factor authentication systems

These safeguards aim to prevent fraudsters from reactivating inactive accounts and using them for illegal financial activities.

Customers Can Disable Instant Transfers

One of the most notable consumer-focused provisions in the new framework is the introduction of an optional opt-out feature for instant payment services.

This feature allows customers to temporarily disable instant transfers on their bank accounts if they wish to reduce the risk of unauthorized transactions.

Under the rule, account holders can choose to opt out of instant payment services at any time. However, the process will require multi-factor authentication to ensure that the request is legitimate.

When instant payments are disabled, customers will not be able to perform digital transfers through online banking platforms or mobile apps. Nevertheless, they can still conduct transfers by visiting their bank branches physically.

For new account holders, the default configuration will remain opt-in, meaning instant payment services will be automatically enabled when the account is created.

Flexible Transaction Limit Adjustments

The new framework also allows customers to adjust their personal transaction limits if needed.

However, such adjustments must remain within the existing maximum thresholds established by regulators, which currently stand at:

• N25 million for individual accounts

• N250 million for corporate accounts

Before any limit modification takes effect, banks must conduct enhanced due diligence and risk assessments to confirm that the request is legitimate and does not expose the financial system to additional risk.

Strengthening Nigeria’s Digital Financial Ecosystem

According to the Central Bank of Nigeria, the newly introduced measures represent minimum operational standards that financial institutions must implement to safeguard Nigeria’s fast-growing digital payment ecosystem.

Nigeria has become one of Africa’s most active markets for electronic payments, driven by widespread mobile phone usage, fintech innovation, and the expansion of online banking services.

While this digital transformation has improved financial inclusion and convenience for millions of Nigerians, regulators say it must be accompanied by stronger security frameworks to maintain trust in the financial system.

By introducing stricter transaction controls, stronger identity verification procedures, and advanced fraud monitoring technologies, the central bank aims to protect consumers while ensuring that Nigeria’s digital financial infrastructure remains resilient against evolving cyber threats.

As the July 2026 implementation date approaches, banks and payment service providers are expected to intensify efforts to upgrade their systems and educate customers about the new security procedures that will shape the future of mobile banking in Nigeria.