CBN Mandates Liveness Checks and Device Limits to Combat Digital Banking Fraud

The Central Bank of Nigeria (CBN) has introduced a stringent new regulatory framework to fortify the country’s digital payment ecosystem against a surge in financial crimes. In a circular dated March 12, 2026, the apex bank mandated that all banks, fintechs, and payment service providers implement “liveness verification” for account openings and reactivations. These checks must be validated in real-time against the Bank Verification Number (BVN) or National Identity Number (NIN) databases.

This directive comes as a response to alarming fraud data. In the first quarter of 2025 alone, Nigeria’s instant payment volume reached ₦284.99 trillion, but fraud losses simultaneously skyrocketed by 603% year-on-year, totaling ₦3.29 billion. To curb this, the CBN is targeting the primary vulnerabilities in mobile and internet banking.

Device Binding and Transaction Limits Under the new rules, financial institutions must enforce “device binding,” ensuring a customer’s banking application is active on only one device at a time. If a user attempts to migrate their account to a new smartphone, the app must trigger rigorous re-authentication protocols. Furthermore, first-time logins on new devices via internet banking will now require mandatory multi-factor authentication (MFA).

To mitigate “bust-out” fraud where stolen accounts are quickly drained the CBN has imposed a ₦20,000 ($14.58) transaction cap on both inflows and outflows for the first 24 hours after a mobile app is activated on a new device. This limit applies to both newly opened accounts and existing users setting up the app on a replacement phone.

Customer Control and Monitoring In a significant shift toward consumer autonomy, the CBN now requires banks to provide an “opt-out” feature for instant payments. While the default setting remains “opt-in,” customers can now choose to disable real-time digital transfers entirely, requiring a physical visit to a bank branch for any fund movements.

READ ALSO: Dino Melaye: Peter Obi Is “Fantastic” but Not Ready for Presidency

Additionally, financial institutions are mandated to deploy enterprise-level fraud monitoring systems. These systems are expected to use artificial intelligence and machine learning to detect suspicious patterns in real-time.

The regulator has set a compliance deadline of July 1, 2026. By integrating biometric liveness checks, limiting device concurrency, and capping initial transactions, the CBN aims to slow down the speed at which fraudsters can exploit the financial system, ultimately restoring trust in Nigeria’s rapidly evolving digital economy.