CBN Tightens Digital Banking Controls As Fraud Rises In Instant Payments

By Johnson Emmanuel

The Central Bank of Nigeria (CBN) has introduced new security requirements for digital banking operations, mandating stricter identity verification and device controls for account opening, reactivation and mobile banking access.

Under a circular issued on March 12, 2026 to banks, financial technology firms and payment service providers, the regulator directed that all new accounts and reactivated accounts must undergo liveness verification and real time validation against the Bank Verification Number (BVN) or National Identity Number (NIN) database.

The framework also introduces new restrictions for mobile banking applications. Newly activated apps will face a transaction cap of N20,000 on inflows and outflows within the first 24 hours after activation.

Financial institutions have been given until July 1, 2026 to comply with the new requirements.

The move represents the CBN’s latest attempt to strengthen fraud prevention measures within Nigeria’s expanding instant payments ecosystem.

DECISION HIGHLIGHT

The CBN has mandated liveness verification for account opening and reactivation, real time validation against the BVN or NIN database, and a N20,000 transaction cap within the first 24 hours of new mobile banking app activation.

The framework also introduces mandatory device binding, limiting mobile banking applications to a single device at a time while requiring additional authentication when users migrate to new devices.

DECISION MEMO

Nigeria’s financial system has undergone a rapid shift toward digital payments over the past decade, driven by widespread mobile banking adoption, financial technology platforms and instant payment infrastructure.

The scale of that transformation is now visible in transaction volumes. Instant payments reached N284.99 trillion in the first quarter of 2025, reflecting the increasing centrality of digital channels in everyday financial activity.

However, the expansion of digital banking has also created new vulnerabilities within the financial system.

Data from the Financial Institutions Training Centre (FITC) indicates that fraud losses rose by 603% year-on-year to N3.29 billion in the first quarter of 2025, with more than 12,000 reported cases.

Against that backdrop, the CBN’s latest directive signals a regulatory shift from reactive fraud investigation toward preventive digital infrastructure controls.

The introduction of liveness verification for account opening reflects the regulator’s concern about synthetic identity fraud, where criminals use stolen or fabricated identity data to create bank accounts used for illicit transfers.

Real time validation against the BVN and NIN databases attempts to strengthen identity assurance across Nigeria’s financial system.

Device binding rules address another emerging risk. Fraud schemes increasingly exploit compromised mobile devices or cloned banking applications to initiate unauthorised transfers.

By limiting banking applications to one device at a time and requiring additional authentication when users migrate to new devices, the framework attempts to reduce the speed with which fraudulent transactions can be executed.

The N20,000 transaction cap during the first 24 hours after mobile banking activation targets a specific vulnerability window that fraud networks often exploit immediately after new devices or applications are registered.

The directive also introduces user-controlled security features. Customers will be able to disable instant payment functionality on their accounts entirely, allowing individuals to restrict digital transfers when they perceive elevated fraud risks.

At a systemic level, the CBN has also directed financial institutions to deploy enterprise grade fraud monitoring systems capable of detecting suspicious transaction patterns in real time.

Earlier regulatory updates have also recognised artificial intelligence and machine learning tools as instruments for financial crime detection within the banking system.

Taken together, these measures illustrate the growing complexity of regulatory oversight within a digital financial ecosystem where transaction speed, technological innovation and criminal sophistication evolve simultaneously.

DATA BOX

Instant payment transaction value in Q1 2025: N284.99 trillion

Reported fraud losses in Q1 2025: N3.29 billion

Year-on-year increase in fraud losses: 603%

Reported fraud cases in Q1 2025: 12,000+

New mobile banking activation transaction limit: N20,000 within 24 hours

Maximum individual transaction limit (existing ceiling): N25 million

Maximum corporate transaction limit (existing ceiling): N250 million

Compliance deadline for financial institutions: July 1, 2026

WHO WINS / WHO LOSES

Retail banking customers stand to gain improved protection against digital fraud, particularly in the vulnerable period immediately after account creation or device activation.

Financial institutions may benefit from stronger fraud prevention frameworks that reduce reputational risk and financial losses associated with cybercrime.

Financial technology platforms may face higher compliance costs as they upgrade identity verification systems, device management protocols and real time monitoring infrastructure.

Fraud networks operating through compromised accounts or mobile applications are likely to face reduced operational speed and higher barriers to executing unauthorised transactions.

POLICY SIGNALS

The directive reflects a regulatory pivot toward infrastructure level digital security rather than purely transactional oversight.

It also indicates increasing coordination between identity management systems and financial regulation, linking banking operations more tightly with national identity infrastructure.

More broadly, the policy suggests that regulators view digital fraud as a systemic financial stability risk rather than a purely operational issue for individual banks.

INVESTOR SIGNAL

The tightening of digital security standards may stimulate investment in fraud detection technologies, identity verification platforms and cybersecurity infrastructure within Nigeria’s financial services sector.

Technology firms specialising in biometric authentication, device identity management and artificial intelligence driven fraud analytics could see increased demand from banks and payment service providers seeking regulatory compliance.

However, stricter compliance requirements may raise operational costs for smaller financial technology firms operating within Nigeria’s payments ecosystem.

RISK RADAR

Operational risk remains significant. Implementing real time identity verification and device binding systems across the entire banking sector requires complex technology integration.

Customer experience risk also exists. Additional authentication layers and device restrictions could create friction for users accustomed to seamless mobile banking services.

Adaptive fraud risk also persists. As regulators strengthen identity and device verification controls, fraud networks may shift toward social engineering tactics and account takeover schemes that exploit human rather than technological vulnerabilities.