Nigeria: CBN Mandates Liveness Checks, Transaction Controls for Mobile and Online Banking

The Central Bank of Nigeria (CBN) has introduced new security measures requiring banks and payment service providers to strengthen fraud controls across mobile and internet banking platforms.

The directive, outlined in a circular dated March 12 and signed by Musa Jimoh, Director of the Payments System Policy Department at the CBN, will take effect from July 1. The new framework is designed to improve customer protection and enhance security within Nigeria’s instant payment ecosystem.

Under the guidelines, financial institutions offering instant payment services must allow customers to choose whether to activate or deactivate the service at any time. While new customers will be automatically enrolled by default, they will retain the ability to opt out whenever they wish, subject to multi-factor authentication (MFA).

Customers who choose to opt out will be unable to carry out instant online transfers—either within the same bank or across different institutions—until the service is reactivated. However, such customers may still complete transactions by visiting their bank physically.

The CBN also directed financial institutions to allow customers adjust their digital transaction limits within existing caps of ₦25 million for individual accounts and ₦250 million for corporate accounts. Any request for limit adjustments must be subject to enhanced due diligence and risk assessment before approval.

Once authorised and confirmed through multi-factor authentication, the revised transaction limit will take effect immediately.

Beyond transaction controls, the regulator has mandated banks to deploy enterprise fraud monitoring systems capable of tracking inflows and outflows across accounts. These systems are expected to detect unusual activity and automatically flag suspicious transactions for further review.

The guidelines also introduce stricter identity verification requirements for digital banking services. Financial institutions must now perform liveness checks when opening or reactivating accounts online, validating customers against the Bank Verification Number (BVN) and National Identification Number (NIN) databases.

Liveness verification requires users to perform actions—such as blinking, smiling, turning their heads, or speaking—during authentication to confirm their physical presence and prevent identity fraud.

For mobile banking applications, the CBN has also introduced a device binding requirement. Under this rule, a mobile banking app can only be active on one device at a time, preventing customers from accessing the same account simultaneously on multiple devices.

If a customer switches to a new device, the system must trigger a fresh authentication and reactivation process before access is granted.

In addition, newly activated mobile banking apps will be subject to temporary transaction restrictions during their first 24 hours. Both new and existing accounts activating the app on a new device will face a maximum transaction limit of ₦20,000 during this period, with specific limits determined by each financial institution within the regulatory cap.

Similarly, customers logging into internet banking platforms from a new device will be required to complete additional multi-factor authentication checks before gaining access.

According to the CBN, the new provisions establish minimum operational standards for instant payments in Nigeria and form part of broader efforts to strengthen fraud prevention, improve digital payment security, and give customers greater control over their online financial activities.