In a decisive move to combat the escalating surge of digital financial fraud, the Central Bank of Nigeria (CBN) has announced a landmark directive mandating "device binding" for all mobile banking applications. Under the new guidelines, bank customers in Nigeria will be restricted to operating their mobile banking apps on only one device at a time, effectively banning the concurrent use of accounts across multiple smartphones or tablets.
The policy, detailed in a circular released on Friday, March 13, 2026, titled "Additional Guidance for the Operations of Instant Payments in Nigeria," represents the apex bank’s most aggressive effort yet to fortify the nation’s digital payment ecosystem.
The CBN Previously requires banks to use automated anti money laundering systems.
Ending the Era of Multi-Device Logins
The circular, signed by Musa Jimoh, Director of the Payments System Policy Department, makes "mandatory device binding" a minimum standard for all Financial Institutions (FIs). According to the CBN, restricting an app to a single "bound" device significantly reduces the surface area for account takeovers.
“Mobile financial services applications (apps) shall only be enabled on one device at a time, and customers cannot operate the apps concurrently on multiple devices,” the circular stated.
For users who upgrade their phones or lose their devices, the migration process will no longer be seamless. Moving an account to a new device will trigger an automatic deactivation on the previous hardware and require a fresh, comprehensive authentication and re-activation process.
The "24-Hour Cooling Period" and Transaction Caps
Recognizing that the first 24 hours after a device change or account opening are the most critical for fraudulent activity, the CBN has introduced a strict transaction ceiling.
Both new accounts and existing accounts activated on a new device will face a ₦20,000 maximum transaction limit for the first 24 hours. This "cooling period" applies to both inflows and outflows for new accounts, while existing accounts will primarily face the ₦20,000 limit on outflows. This measure is specifically designed to stop "drain-and-dash" schemes where fraudsters quickly empty a compromised account before the victim can alert their bank.
Empowering Customers: The "Opt-Out" Clause
In a surprising shift toward customer autonomy, the CBN is also mandating that banks provide a Voluntary Opt-Out/Opt-In functionality for Instant Payments (IP). This allows customers who do not frequently use digital transfers to disable the service entirely.
Security: If a customer opts out, they cannot perform any online instant transfers.
Access: To move funds while opted out, the customer must physically visit a bank branch.
Control: Re-enabling the service (Opt-In) will require rigorous Multi-Factor Authentication (MFA).
Liveness Checks and BVN Tightening
The reforms extend beyond device limits. The CBN now requires "Liveness Checks" for all online account openings and reactivations. Users will be required to perform real-time biometric actions such as blinking or smiling to prove they are physically present. These checks must be validated instantly against the Bank Verification Number (BVN) or National Identity Number (NIN) databases.
In a related move to seal identity loopholes, the CBN has also restricted the number of times a user can change the phone number linked to their BVN to once in a lifetime, highlighting the regulator's intent to treat the BVN as a permanent, immutable anchor of financial identity.
Implementation Timeline
While the circular has sent shockwaves through the fintech sector, the CBN has provided a transition window. Financial institutions have until July 1, 2026, to fully implement these technical changes.
Industry analysts suggest that while these measures may introduce "friction" into the user experience, they are a necessary response to the ₦285 trillion instant payment market, which saw a record number of social engineering fraud cases in 2025. By slowing down the speed of digital migration and limiting device access, the CBN aims to turn the tide against sophisticated cyber syndicates.