The Central Bank of Nigeria (CBN) has introduced new regulatory measures aimed at strengthening the security of instant payment services and giving customers greater control over digital banking transactions.

The new guidelines were announced in a circular dated March 12 and signed by Musa Jimoh. The rules will take effect on July 1 and will apply to all banks and payment service providers operating in Nigeria.

According to the apex bank, the measures are designed to reduce fraud risks and enhance security across Nigeria’s rapidly expanding digital payments ecosystem.

A key provision in the framework allows customers to decide whether instant payment services should be active on their accounts. Financial institutions are now required to give customers the option to opt in or opt out of instant payment services at any time.

The CBN noted that the process will be subject to multi-factor authentication (MFA), while the default setting for new customers will remain opt-in during account onboarding.

The regulator explained that customers who choose to opt out of instant payment services will temporarily lose the ability to conduct online transfers. However, they will still be able to carry out transactions by visiting a bank branch.

The framework also permits customers to adjust their transaction limits within existing regulatory caps of ₦25 million for individual accounts and ₦250 million for corporate accounts. Any adjustment must be subject to enhanced due diligence and risk assessment by the financial institution, the CBN said.

Once approved, the revised transaction limits will take effect immediately after the customer completes the required multi-factor authentication.

In addition, banks have been directed to deploy enterprise-level fraud monitoring systems capable of tracking inflows and outflows in order to detect suspicious transactions and strengthen fraud prevention.

The CBN also mandated stricter identity verification procedures. Online account openings and account reactivations must now include liveness checks that verify customers against their Bank Verification Number (BVN) and National Identification Number (NIN) records.

These liveness checks require users to confirm their physical presence during identity verification by performing actions such as blinking, smiling, speaking, or turning their heads.

Furthermore, the regulator introduced a device-binding requirement for mobile banking applications to prevent accounts from being accessed on multiple devices simultaneously.

Under the directive, mobile banking apps can only be activated on one device at a time. Customers attempting to switch to another device will be required to complete a full re-authentication process.

The circular also introduced temporary transaction limits for newly activated mobile banking apps. For the first 24 hours after activation, new accounts will be restricted to a maximum transaction limit of ₦20,000 for both inflows and outflows.

The same restriction will apply when existing users activate their banking apps on a new device. In addition, first-time internet banking logins from a new device will require additional multi-factor authentication checks.

The CBN said the guidelines represent the minimum security standard for instant payment systems and form part of broader efforts to enhance customer protection, strengthen fraud detection, and improve control over digital payment services in Nigeria.