The Central Bank of Nigeria has drawn a sharper line in the sand against digital fraud. In a series of directives issued in early 2026, the CBN is requiring commercial banks, payment service providers, and fintech platforms to enforce biometric liveness detection for high-risk transactions and impose strict device-binding limits on customer accounts. The goal is straightforward: make it materially harder for scammers to hijack accounts, clone SIMs, or use stolen credentials at scale.
The changes arrive at a moment when digital banking has become the default for millions of Nigerians. Instant payments through the Nigeria Inter-Bank Settlement System (NIBSS) now process trillions of naira monthly, but the fraud numbers have kept pace. Authorised Push Payment scams, SIM-swap attacks, and account takeovers remain persistent threats, costing the industry and customers billions annually. Previous layers, BVN linkage, NIN verification, two-factor authentication, helped, yet they have proven insufficient against sophisticated actors who can bypass static passwords or OTPs delivered to compromised phones.
ALSO READ: CBN Requires Automated Anti-Money Laundering Tools with AI and Machine Learning by 2027–2028
Liveness checks change the equation. Unlike static selfies or fingerprint scans that can be spoofed with photos or silicone replicas, the new requirement demands real-time facial movement analysis during authentication for transfers above certain thresholds. Banks and fintechs must integrate technology capable of detecting blinks, head turns, or micro-expressions to confirm the person on the other end is physically present and not a deepfake or replay attack. The CBN has not set a uniform technical standard yet, but the expectation is clear: systems must achieve high spoof-detection rates, with regular independent testing.
Device limits add another layer. Accounts will be restricted to a maximum number of registered devices, typically two or three smartphones or tablets, with any additional login triggering multi-factor re-verification or temporary blocks. Users who switch phones frequently, share devices, or use emulators will face friction. The measure targets the common fraud pattern in which criminals register a victim’s account on multiple devices or use virtual environments to evade detection.
Implementation timelines are staggered. Deposit money banks have 18 months for full compliance on the broader automated monitoring framework that encompasses these controls, while smaller players and fintechs have 24 months. Early adoption is already visible in some apps: several major banks began piloting enhanced liveness in late 2025, and fintechs like those powering mobile wallets have quietly updated their SDKs to include device fingerprinting alongside the new rules.
The industry reaction is mixed but pragmatic. Bankers’ associations have welcomed the focus on fraud reduction, noting that faster response times, already pushed toward 30 minutes for confirmed incidents, will pair well with these preventive tools. Fintech executives, however, worry about user experience. “Extra friction at checkout can hurt conversion rates, especially for lower-income users who rely on shared phones or public cybercafés,” one product lead at a leading digital lender told industry forums in February 2026. Regulators have signalled flexibility for low-value transactions but made clear that convenience cannot override security in high-risk flows.
This is not the CBN’s first swing at fraud. The migration to EMV chip cards virtually eliminated ATM cloning years ago. Mandatory NIN-BVN linkage cleaned up account opening. The new rules build on that foundation, shifting from reactive monitoring to proactive, real-time prevention. They also align with the broader push toward automated AML systems rolled out in March 2026, where transaction monitoring now feeds directly into fraud engines.
For customers, the changes will feel incremental at first, another prompt to look at the camera, a notification when a new device is detected. For the ecosystem, the implications are deeper. Banks and fintechs must invest in better biometric infrastructure, vendor partnerships, and user education. Those who treat compliance as a checkbox risk higher operational costs and customer churn. Those who integrate it intelligently could gain trust and market share in a sector where safety is becoming the primary differentiator.
Nigeria’s digital economy has grown too large and too fast to tolerate yesterday’s security standards. The CBN’s latest mandate acknowledges that reality: protecting the system now requires making the easy fraud paths much harder to walk. Whether the combination of liveness checks and device limits delivers the expected drop in losses will depend on execution, but the direction is unmistakable. In the battle between innovation and fraud, the regulator has decided that security must lead.
