The Central Bank of Nigeria (CBN) has pegged the maximum transfer from mobile phones using short codes at N100,000. According to a statement from the director, banking and payment system of CBN, Dipo Fatokun, the decision was made because of the risk associated with mobile banking. The bank says the new directive will take effect from June 2018.
“Concerns have been expressed on the likely exposure of CBN approved entities to the possible breaching of the USSD accessed financial services in view of likely vulnerabilities in the technology and the ever-growing threats,” the circular read.
The bank added that any customer that would like to do transactions over N20,000 will require a pin and soft token which they would get from their banks.
“Put a limit of N100,000.00 per customer, per day for transactions as may be required. However, customers desirous of higher limits shall execute documented indemnities with their banks or MMOs. Mandate the use of an effective 2nd factor authentication (2FA) by customers for all transactions above N20,000. This shall be in addition to the PIN being used as 1st level authenticator, which applies to all transaction amounts,” the statement read
Accordingly, the CBN said the second factor authentication should not be sent to the customer’s phone or displayed on the USSD channels.