Blog Details

Over the past decade, Nigeria’s digital payments landscape has undergone a profound transformation.

Mobile banking, electronic transfers, and agent banking have brought millions of Nigerians into the formal financial system.

These technologies have delivered something remarkable: access to banking services through mobile phones and neighbourhood agents for people who previously had none.

This expansion has created new vulnerabilities. As digital payment channels have grown, so have the schemes designed to exploit them.

From my experience in banking and digital payments, one essential truth stands out: innovation in payments holds value only when matched by the security that protects it.

The Central Bank of Nigeria’s new circular, issued on March 12, 2025, introduces security standards for mobile banking applications, Bank Verification Numbers, and POS terminals. These measures represent a calculated response to real threats facing Nigeria’s financial ecosystem.

When customers activate their banking app on a new device, they will face a ₦20,000 transaction limit for the first 24 hours. For newly opened accounts, this restriction applies to both incoming and outgoing transfers. For existing accounts on new devices, it restricts only outgoing payments.

The measure addresses a specific fraud pattern. Criminals who gain access to banking credentials move quickly.

They register the account on their own device and begin draining it immediately, usually during weekends or after business hours when victims cannot easily reach their banks. By the time the customer discovers the breach, the money has disappeared.

This 24-hour cap creates critical breathing room. It dramatically reduces the window of opportunity for fraudsters while giving customers and banks time to detect suspicious activity before significant damage occurs.

The new restrictions on BVN-linked phone numbers close another dangerous gap. Under the updated rules, customers can update their BVN phone number only once, and only after rigorous identity verification.

The BVN serves as the backbone of identity verification in Nigerian banking. Fraudsters have exploited weaknesses in SIM registration and identity validation with growing sophistication. When they successfully change a customer’s BVN-linked number, they can intercept authentication messages and reset banking credentials. This grants them effective control of the account.

These tighter rules reinforce the identity framework upon which the entire digital banking system depends. The process becomes less convenient for legitimate updates. The alternative, which is allowing identity theft cases to multiply, comes with far greater costs.

The requirement for POS terminals to be geo-tagged and restricted to a 10-metre radius of their registered location addresses a different set of challenges. POS terminals and agent banking have expanded financial inclusion dramatically, particularly in rural areas where traditional bank branches remain scarce.

Rapid proliferation has created oversight gaps. Some terminals operate in unregistered locations. Others facilitate activities unrelated to legitimate merchant services. Criminal networks have exploited these gaps to enable illicit transactions, including ransom payments and money laundering.

Geo-tagging makes every terminal traceable and ties merchant operations to verified physical locations. This strengthens regulatory oversight while enhancing accountability within the agent banking ecosystem. This measure extends beyond fraud prevention, it helps ensure that financial infrastructure cannot be weaponized for criminal activity.

According to NIBSS data, our financial institutions lost over ₦52 billion to fraud in 2024 alone. While improved monitoring has reduced losses in subsequent periods, fraud attempts continue to climb as digital transactions grow.

Mobile banking and internet payments remain prime targets. Their speed, remote accessibility, and growing adoption make them attractive to criminals. Without stronger security frameworks, the technologies designed to enhance accessibility could become vectors for substantial losses.

These measures will create friction. Customers will need to adjust their expectations. Banks will need to update their systems. Some legitimate transactions will face temporary delays.

The CBN’s approach remains proactive rather than reactive. Instead of waiting for losses to mount, the regulator is building defenses before breaches occur. This represents prudent risk management in a rapidly evolving digital landscape.