CBN Orders Banks to Restrict Mobile Banking Apps to One Device Per Customer Starting July 2026

Nigeria’s financial regulators have introduced a significant overhaul of the country’s instant payment framework, including a new rule that restricts mobile banking applications to a single device per customer.

The policy was disclosed in a circular released by the Central Bank of Nigeria (CBN) through its Payments System Policy Department. PulseNets learnt that the document was signed by the department’s director, Musa Jimoh, and circulated to banks as well as other stakeholders within the financial sector.

Under the new directive, customers of Nigerian banks will no longer be allowed to run the same mobile banking application simultaneously on multiple devices.

PulseNets reported that the measure forms part of additional guidelines introduced by the apex bank to strengthen the operational security and reliability of instant payment systems across the country. The new framework is scheduled to take effect on July 1, 2026.

In the circular obtained by PulseNets, the apex bank stated:

“The Central Bank of Nigeria, in line with its mandate of promoting financial system stability, hereby issues additional guidance for the operations of Instant Payments in Nigeria:

All Financial Institutions (FIs) offering Instant Payment (IP) shall provide the following additional functionalities: Mandatory device binding: Mobile financial services applications (apps) shall only be enabled on one device at a time, and customers cannot operate the apps concurrently on multiple devices.

“Migration to another device shall trigger automatic re-activation and authentication.

“Customers shall have the option to opt out of or opt in to IP service at any time and for any given period. This process shall be subject to Multi-Factor Authentication (MFA) control. The default setting shall be opt-in upon onboarding a new customer.

“In the opt-out mode, a customer shall not be able to carry out online instant transfer of funds (intra or inter) from his/her account to another customer.

“However, customers can physically visit the financial institution to effect a transfer during this period.

“Voluntary Transaction Limit: Subject to the existing maximum limits of N25 million for individuals and N250 million for corporates, customers shall have the option to adjust the limits as needed.

“Any such adjustment shall be subject to enhanced due diligence and appropriate risk assessment by the financial institution.

“The new transaction limit shall take effect immediately upon successful completion of multi-factor authentication (customer consent).

“Enterprise Fraud Monitoring functionality: All FIs shall implement and activate Enterprise Fraud Monitoring for both inflows and outflows to facilitate fraud detection and restriction of suspicious transactions.

“Liveliness Checks for online account opening/account reactivation: Accounts opened online shall be subjected to a liveliness check; all online account openings/online reactivations shall be validated in real time with the BVN/NIN database; and enhanced authentication mechanisms (such as MFA, biometric authentication, soft token, hard token, liveliness check, etc.) shall be adopted for online account reactivation.

“For new accounts, transaction limits (inflow and outflow) shall be imposed on a newly activated mobile financial services app in the first 24 hours of activation.

“The limit shall be as determined by the financial institution, subject to a maximum transaction limit of N20,000.00.

“For existing accounts, transaction limits (outflow) shall be imposed on a newly activated mobile financial services app in the first 24 hours of activation.

“The limit shall be as determined by the financial institution, subject to a maximum transaction limit of N20,000.00.

“For internet banking access, the first-time log-on on a new device shall require additional MFA. The above are the minimum standard requirements for instant payments in Nigeria.

“Implementation of the above provisions shall take effect from July 1, 2026.”

PulseNets also reported that the new compliance framework is part of broader efforts by the CBN to strengthen fraud detection mechanisms and improve trust in Nigeria’s rapidly expanding digital banking ecosystem.

Also Read: CBN Governor Cardoso Reassures US Investors of Nigeria’s Macroeconomic Stability Drive

Financial sector analysts who spoke to PulseNets noted that device binding and enhanced authentication layers are expected to reduce cyber fraud, particularly cases involving account compromise and unauthorized instant transfers.

Earlier, the apex bank had issued another regulatory circular directing banks to enforce stricter restrictions against loan defaulters, a move aimed at tightening credit discipline within the financial system.