The Central Bank of Nigeria has introduced a N20,000 transaction limit on newly activated mobile banking applications within their first 24 hours of use, as part of new security measures aimed at strengthening Nigeria’s digital payment system.

The directive was contained in a circular dated March 12, 2026 and issued to banks, financial institutions and payment service providers across the country.

According to the apex bank, the new rules are designed to curb fraud and improve the safety and resilience of instant payment platforms as digital financial services continue to expand in Nigeria.

The Central Bank of Nigeria said the new provisions will take effect from July 1, 2026, allowing financial institutions time to upgrade their systems and comply with the updated requirements.

Under the directive, banks must impose transaction limits on newly activated mobile banking applications within the first 24 hours. During this period, the total value of transactions—covering both incoming and outgoing transfers—must not exceed N20,000 for newly opened accounts.

However, the regulator noted that banks may impose lower limits if required by their internal risk management frameworks.

For existing customers activating mobile banking applications on a new device, the central bank also directed financial institutions to place a N20,000 limit on outgoing transactions within the first 24 hours of activation.

The apex bank explained that the measure is intended to reduce risks associated with account takeover, identity theft and unauthorised device migration, which have become more frequent with the rapid growth of digital banking.

In addition to the transaction cap, the Central Bank of Nigeria introduced mandatory device binding for mobile banking applications.

Under the rule, customers will only be allowed to operate their mobile banking app on a single device at a time, effectively preventing the use of the same banking application across multiple devices simultaneously.

Any attempt to migrate the application to a new device will trigger a fresh authentication and reactivation process to verify the identity of the account holder.

Financial institutions were also directed to implement additional multi-factor authentication procedures for first-time logins to internet banking platforms from new devices.

Beyond device restrictions, the central bank instructed banks and payment service providers to deploy enterprise fraud monitoring systems capable of tracking both incoming and outgoing transactions in real time.

These systems are expected to help financial institutions detect suspicious activity early and prevent potentially fraudulent transactions before they are completed.

The regulator also tightened procedures for online account opening and account reactivation.

It stated that accounts opened digitally must undergo liveliness checks to confirm that the person initiating the process is physically present and not using impersonation tools.

Furthermore, all online account opening and reactivation processes must be validated in real time using the Bank Verification Number and National Identity Number databases.

Financial institutions were also directed to adopt stronger authentication tools such as biometric verification, soft tokens, hard tokens and other multi-factor authentication methods for online account reactivation.

In another major provision, the central bank introduced a voluntary opt-out feature for instant payment services.

The policy allows bank customers to temporarily disable instant transfers on their accounts if they wish to limit exposure to fraud risks.

Under the arrangement, customers who activate the opt-out option will be unable to perform instant transfers online, either within the same bank or to other banks. However, they will still be able to conduct transfers by visiting their financial institutions physically.

The default setting for new customers will remain opt-in during account opening.

The Central Bank of Nigeria also stated that customers may voluntarily adjust their personal transaction limits, provided such changes remain within the existing maximum thresholds of N25 million for individual accounts and N250 million for corporate accounts.

However, any request to change transaction limits must undergo enhanced due diligence and risk assessment by the financial institution before approval.

According to the apex bank, the measures represent the minimum operational standards required to strengthen the integrity and security of Nigeria’s instant payment ecosystem.