The Central Bank of Nigeria (CBN) has issued a stringent new directive aimed at fortifying the national payment infrastructure against cross-border financial fraud. In a circular released to all Deposit Money Banks (DMBs) and non-bank financial institutions, the apex bank has mandated the implementation of Multi-Factor Authentication (MFA) for all transactions involving foreign-issued payment cards that exceed a daily threshold of $200.
This policy shift places the onus of compliance squarely on “acquirers”—the Nigerian banks and payment service providers that own the Point of Sale (PoS) terminals, ATMs, and web payment gateways where these transactions occur. By targeting the acquiring end of the transaction, the CBN aims to create a safety net that filters out potentially fraudulent high-value transactions originating from international cards before they can impact the Nigerian financial system.
Understanding the Mandate
The core of the directive is the introduction of a friction layer for higher-value transactions. Under the new rules, any foreign-issued card—whether debit or credit—used on a Nigerian payment terminal for an amount exceeding $200 (or its equivalent in Naira) must be authenticated via a secondary security protocol. This typically involves a dynamic One-Time Password (OTP), a token, or biometric verification, commonly facilitated through the 3-D Secure protocol used by major card schemes like Visa and Mastercard.
If a transaction exceeds the $200 limit and the card or the terminal cannot support MFA, the transaction is expected to be declined. This measure addresses a common vulnerability where stolen international card details are used in jurisdictions with laxer security protocols to cash out funds or purchase expensive goods. By enforcing MFA, the CBN ensures that the person using the card is verified by the issuing bank in real-time.
The Strategic Rationale: Combatting Electronic Fraud
The timing of this directive aligns with a broader crackdown on electronic fraud within Nigeria. As the country pushes deeper into a cashless economy, the volume of electronic transactions has surged, attracting sophisticated cybercriminal syndicates. Foreign cards have historically presented a unique challenge; unlike domestic Nigerian cards, which have long been migrated to the secure Chip-and-PIN standard under previous CBN mandates, foreign cards often operate under varying security standards depending on their country of origin.
Some international jurisdictions still rely on magnetic stripe technology or signature-based verification, which are significantly easier to clone or forge. By imposing a $200 ceiling on non-MFA transactions, the CBN effectively limits the potential exposure of the Nigerian banking system to large-scale chargeback claims and fraudulent withdrawals. The limit strikes a delicate balance: it allows for seamless, low-friction transactions for tourists and expatriates buying small items like meals or groceries, while triggering heightened security for significant purchases like electronics, hotel stays, or luxury goods.
Implications for Stakeholders
For Nigerian banks and non-bank acquirers (such as Fintechs operating PoS networks), this directive necessitates immediate upgrades to payment gateways and terminal software. They must ensure their systems can distinguish between local and foreign cards and automatically trigger the MFA prompt when the value threshold is breached. Failure to comply could attract severe regulatory sanctions from the CBN, which has recently intensified its oversight of the payment space.
For merchants, particularly those in the hospitality and luxury retail sectors who frequently serve international clients, the move might introduce slight friction at the point of sale. Customers making large payments may need to have their roaming mobile numbers active to receive OTPs or use their banking apps to authorize transactions. However, this inconvenience is a trade-off for the reduced risk of chargebacks—a scenario where merchants lose both the goods sold and the money when a transaction is later reported as fraudulent by the original cardholder.
A Step Toward Global Standards
This move brings Nigeria closer to global best practices in payment security. As financial borders blur, the CBN’s proactive stance signals to the international community that Nigeria is tightening its digital borders against illicit financial flows. While the $200 limit may be adjusted in the future as economic realities evolve, the principle of “verify before you value” is now firmly entrenched in the nation’s foreign transaction policy.
