The Central Bank of Nigeria (CBN) has introduced a major security enhancement for digital banking, restricting mobile banking applications to operate on only one device at a time and prohibiting simultaneous use across multiple phones or tablets.
The directive, outlined in a circular issued on Friday to all banks, financial institutions, and payment service providers (PSPs), forms part of additional guidelines aimed at bolstering the safety and stability of instant payment (IP) services in Nigeria. Signed by Musa Jimoh, Director of the Payments System Policy Department, the rules take effect from **July 1, 2026**.
Under the new “mandatory device binding” requirement, mobile financial services apps must be enabled on a single device only. Customers will no longer be able to log in and transact concurrently on different devices using the same banking profile. Switching to a new device will automatically trigger re-authentication and reactivation processes to ensure secure access.
The CBN explained that the measure addresses rising risks in Nigeria’s rapidly digitizing financial landscape, where mobile and instant payments dominate everyday transactions. “As financial services become increasingly digitised and complex, enhanced controls are essential to manage evolving threats,” the circular stated.
Other key provisions in the framework include:
Opt-in/Opt-out flexibility for instant payments: Customers can voluntarily enable or disable IP services at any time via multi-factor authentication (MFA). New customers default to opt-in, but in opt-out mode, online instant transfers (intra- or inter-bank) are blocked—though physical branch visits remain allowed for transfers.
Voluntary transaction limit: Within existing caps (N25 million for individuals and N250 million for corporates), customers can adjust their personal limits after enhanced due diligence and risk assessment by their bank. Changes take immediate effect upon MFA confirmation.
Enterprise fraud monitoring: All institutions must activate real-time monitoring for both inflows and outflows to detect and restrict suspicious activity.
Liveliness checks and enhanced authentication for online account opening or reactivation: Accounts opened digitally must undergo real-time validation against BVN/NIN databases, with stronger MFA, biometrics, soft/hard tokens, or liveliness verification required.
The guidelines aim to curb fraud, account takeovers, and unauthorized access amid surging digital transactions and persistent electronic crime challenges. They build on the CBN’s ongoing efforts to tighten payment system security while preserving user convenience.
Financial institutions have been directed to integrate these features and submit implementation plans accordingly. The policy is expected to require updates to banking apps and backend systems, with potential impacts on users who frequently switch devices or share access.
The move has sparked early discussions among customers and observers, with some welcoming the added layer of protection against device compromise, while others question the inconvenience for legitimate multi-device use. The CBN emphasized that the changes prioritize financial system stability and customer safety in an era of widespread mobile banking adoption.
