By Yusuf Danjuma Yunusa
The Central Bank of Nigeria (CBN) has issued new regulatory guidelines aimed at bolstering the security of mobile financial services, introducing transaction limits and mandatory authentication protocols to curb fraud in instant payment systems.
In a circular released to financial institutions, the apex bank outlined specific restrictions for new and existing accounts accessed via mobile applications. These measures are designed to mitigate the risk of unauthorized access and fraudulent transactions, particularly following the activation of banking apps on new devices.
Under the new directive, financial institutions are required to impose temporary transaction caps on accounts immediately after a mobile app is activated.
For new accounts, there will be restrictions on both inflows and outflows during the first 24 hours. The circular specifies that while individual financial institutions may set their own limits, these must not exceed a maximum of N20,000.
“For new accounts, transaction limits (inflow and outflow) shall be imposed on a newly activated mobile financial services app in the first 24-hours of activation. The limit shall be as determined by the financial institution, subject to a maximum transaction limit of N20,000.00.”
For existing accounts that are migrated to a new device, similar restrictions apply specifically to outgoing transactions. The circular clarifies that outflow transactions in the first 24 hours are also capped at a maximum of N20,000, as determined by the financial institution.
Beyond transaction limits, the CBN has made specific security features mandatory to protect user data and funds. A key requirement is device binding, which ensures that a mobile banking application can only be active on one device at any given time.
“Mandatory device binding: Mobile financial services applications (apps) shall only be enabled on one device at a time, and customers cannot operate the apps concurrently on multiple devices,” the circular stated.
Furthermore, financial institutions are now required to implement Multi-Factor Authentication (MFA) for all mobile financial services. This adds an extra layer of security beyond just a password, helping to verify the identity of users and prevent unauthorized access.
The updated guidelines are part of the CBN’s broader strategy to strengthen the integrity of Nigeria’s instant payment ecosystem. By imposing these initial limits and enforcing device binding, the central bank aims to close security loopholes often exploited by fraudsters, ensuring that customer transactions remain safe and compliant with minimum industry standards.
