In a decisive move aimed at strengthening the security of Nigeria’s rapidly expanding digital payment ecosystem, the Central Bank of Nigeria (CBN) has announced a new directive restricting the use of mobile banking applications to a single device per customer at any given time. The policy, which forms part of broader regulatory measures designed to safeguard instant payment systems, marks a significant shift in how Nigerians will access and manage their mobile banking platforms moving forward.
The directive was formally communicated through a circular issued to banks, financial institutions, and payment service providers across the country. The circular, signed by Musa Jimoh, Director of the Payments System Policy Department at the Central Bank of Nigeria, outlines new operational guidelines for instant payment services in Nigeria’s financial system. According to the apex bank, the new measures are intended to reinforce the stability, integrity, and reliability of digital financial transactions while addressing rising concerns over fraud and unauthorized access in the banking sector.
Under the new regulation, customers will no longer be able to operate the same mobile banking application simultaneously on multiple devices. In practical terms, a banking app registered on one smartphone, tablet, or other device cannot be actively used on another device at the same time. This means that individuals who previously logged into their banking apps across several devices—such as both a phone and a tablet—will now be limited to just one active device.
The Central Bank explained that this new security layer, known as mandatory device binding, is intended to reduce the likelihood of unauthorized access to bank accounts and limit the potential for fraudulent activities carried out through compromised devices. Should a customer wish to migrate their banking application to a new device, the system will automatically trigger a reactivation process. This process will require authentication procedures to confirm the identity of the account holder before access is restored on the new device.
According to the circular, financial institutions providing instant payment services must incorporate this mandatory device-binding feature into their mobile financial service applications. The CBN emphasized that customers will not be allowed to operate their banking apps concurrently on multiple devices under any circumstance once the new rule takes effect.
Beyond the device restriction policy, the circular also introduces several additional security and operational features aimed at enhancing customer control and improving fraud monitoring within the digital banking environment. One of these provisions allows customers the flexibility to opt out of instant payment services temporarily or permanently if they so choose. This means that individuals who prefer not to have immediate transfer capabilities available on their accounts can disable the feature at any time.
However, the process of opting out—or opting back in—will not be automatic or casual. Instead, it will require a Multi-Factor Authentication (MFA) process to ensure that only the legitimate account holder can make such changes. MFA typically involves multiple verification steps, such as password entry, biometric identification, token codes, or other authentication methods.
For newly created bank accounts, the default configuration will automatically enroll customers into instant payment services when they are onboarded. Those who decide to opt out will lose the ability to carry out instant online transfers from their accounts, whether the transfer is to another account within the same bank or to an account in a different financial institution. In such situations, customers would need to physically visit a bank branch to conduct transfers.
Another key element introduced in the new guideline is the concept of voluntary transaction limits. While existing maximum thresholds for instant transfers remain at ₦25 million for individual customers and ₦250 million for corporate entities, the CBN now allows customers to adjust their transaction limits according to their personal or business needs.
Customers who wish to increase or reduce their limits can do so through their financial institutions, but any adjustment will be subject to strict scrutiny. Banks will be required to conduct enhanced due diligence and carry out risk assessments before approving such changes. Once the necessary authentication and customer consent procedures are successfully completed, the revised transaction limits will become effective immediately.
In addition to these measures, financial institutions are now mandated to implement Enterprise Fraud Monitoring systems capable of tracking both incoming and outgoing transactions. These systems are expected to automatically detect suspicious patterns or irregular activities and restrict questionable transactions before they can result in financial losses.
The guidelines also address the security of online account opening and account reactivation processes. The CBN has directed that accounts created online must undergo a liveliness check, a technology that verifies that the person opening the account is physically present and not using a static image, recording, or stolen identity. Furthermore, all online account openings and reactivations must be validated in real time against national identity databases such as the Bank Verification Number (BVN) and the National Identity Number (NIN).
Enhanced authentication procedures—including biometric verification, soft tokens, hard tokens, and other advanced identity confirmation technologies—will also become mandatory for online account reactivation processes. These requirements are intended to further strengthen protection against identity theft and unauthorized account access.
Another significant provision in the new framework concerns transaction limits for newly activated mobile banking apps. For both new and existing accounts, a temporary transaction cap will be imposed during the first 24 hours after activating a mobile financial services application on a device. During this period, the maximum allowed transaction limit will not exceed ₦20,000, although financial institutions may impose lower limits depending on their internal risk policies.
Similarly, customers attempting to access internet banking services from a device for the first time will be required to complete an additional Multi-Factor Authentication step before gaining full access to their accounts.
The Central Bank stressed that these requirements represent the minimum standards expected of financial institutions offering instant payment services in Nigeria. Banks and payment service providers may choose to implement even stricter security measures depending on their internal risk management frameworks.
Industry observers believe the policy could significantly reshape digital banking habits among Nigerians, many of whom have grown accustomed to accessing their financial accounts across several devices for convenience. While some users may initially view the change as restrictive, financial regulators argue that the benefits of enhanced security and fraud prevention far outweigh the temporary inconvenience.
As the Nigerian financial sector continues to evolve in response to technological advancements and increasing cyber threats, the new directive highlights the regulator’s commitment to maintaining a secure and resilient payment system. According to the circular, financial institutions are expected to fully implement all provisions of the new guidelines by July 1, 2026.
Financial analysts note that the move aligns with global best practices in digital banking security, where device authentication and strict identity verification processes are increasingly becoming standard. By introducing these measures, the Central Bank hopes to reinforce public confidence in electronic banking while minimizing vulnerabilities within the instant payment infrastructure.
As the policy begins to take shape in the coming months, customers and financial institutions alike will need to adapt to the new framework governing mobile banking operations in Nigeria. For many Nigerians who rely heavily on digital transactions for everyday financial activities, the development represents a major milestone in the ongoing evolution of the country’s fintech landscape.
DDM News reports that the new policy is expected to prompt banks to upgrade their digital platforms and enhance their fraud detection systems ahead of the July 2026 implementation deadline. Meanwhile, DDM News understands that regulators believe the strengthened safeguards will play a crucial role in protecting millions of banking customers and preserving trust in Nigeria’s growing digital economy.
