APP Fraud Surge in Nigeria Pushes CBN to Redefine Liability for User-Authorised Scams

The Central Bank of Nigeria (CBN) has unveiled a draft framework on Authorised Push Payment (APP) Fraud, proposing sweeping reforms that could transform how banks, fintechs and payment service providers handle liability, refunds and investigations in user-authorised scam cases.

APP fraud, where victims are tricked into willingly transferring money to fraudsters has become one of the fastest-rising digital crime trends in Nigeria. Until now, financial institutions have largely treated such losses as the customer’s fault.

ALSO: CBN Orders Banks to Refund APP Fraud Victims Within 48 Hours in Major Consumer Protection Move

But the new draft rules mark a major shift: mandating structured reimbursement, enforcing strict deadlines for investigations, elevating fraud oversight to the Board level, and compelling industry-wide cooperation. Experts say it is the most significant intervention in Nigeria’s payments ecosystem since the introduction of the Bank Verification Number (BVN).

Why the new policy matters

Fraud has grown in parallel with Nigeria’s expanding digital payment infrastructure. Data compiled by Finance in Africa shows that Nigerian banks and fintech platforms have lost over ₦159 billion since 2020 to various fraud schemes striking Access Bank, Fidelity Bank, First Bank, Wema Bank, MTN MoMo, Flutterwave and others.

Much of the fraud follows a coordinated pattern: victims are deceived, funds are split across multiple accounts, routed through wallets, PoS agents, neobanks, betting platforms or BDCs, and quickly withdrawn while poor data-sharing and inconsistent KYC procedures hinder recovery.

APP fraud has proven particularly difficult to stop because the user initiates the transfer themselves, allowing fraud to slip past most automated security triggers.

With the new guidelines, the CBN is signalling a decisive shift away from simply warning consumers to “be careful,” toward building structural protections into the financial system.

The problem the CBN is tackling

Nigeria’s fraud landscape is reinforced by four long-standing weaknesses:

1. Weak KYC systems
Tier-1 accounts can be opened with minimal information, and leaked BVN/NIN data contributes to widespread identity abuse.

2. Insider collusion
FITC estimates show over ₦24 billion lost since 2020 due to staff-related fraud.

3. Slow fund-recovery mechanisms
Multiple court orders, fragmented law-enforcement structures and reliance on interbank cooperation delay recovery efforts—giving fraudsters a head start.

4. Poor industry coordination
While banks see system-wide transactions through NIBSS, many fintechs do not. Fraud alerts often fail to sync across institutions, and efforts like Project Radar have struggled due to weak collaboration.

The CBN’s proposed rules aim to standardise how APP fraud is handled across the industry and remove the ambiguity that has historically hindered accountability.

Key changes in the draft policy

1. Refunds become mandatory unless negligence is proven

Customers will qualify for reimbursement if:

• they were deceived into authorising a payment,

• they report the fraud within 72 hours,

• and they did not act negligently.

This shifts the burden of proof from the customer to the institution.

2. Investigations must follow strict timelines

Banks and fintechs must:

• Acknowledge complaints within 24 hours.

• Begin investigations immediately.

• Conclude cases within 14 working days.

• Refund eligible victims within 48 hours after resolution.

This ends the open-ended delays common today.

3. Real-time monitoring becomes compulsory

Institutions must deploy:

• behavioural fraud-detection systems,

• specialised fraud units,

• tools to identify mule accounts and high-velocity transfers.

4. Fraud oversight moves to the Board

Each institution must adopt a Board-approved APP Fraud Policy.
The Board Risk and Audit Committees will oversee investigations and receive regular updates.

5. Mandatory collaboration across the ecosystem

Banks, fintechs, mobile money operators and other payment providers must:

• share fraud intelligence,

• freeze suspicious funds quickly,

• escalate unresolved cases to the CBN.

Failure to act promptly will transfer full liability to the institution.

6. Tough penalties for non-compliance

Incomplete reporting, delayed escalation or false declarations will attract regulatory sanctions for both institutions and individuals.

What this means for financial institutions

If adopted, the guidelines will have far-reaching consequences:

• Liability shifts towards institutions, increasing financial exposure.

• Stricter KYC and onboarding processes will become essential.

• Fraud units must invest in advanced behavioural analytics and real-time tools.

• Complaint channels must become 24/7 and more user-friendly.

• Poor collaboration will expose organisations to legal and regulatory risks.

• Boards must treat fraud as a major enterprise risk, not just an operational issue.

A step toward global best practices

The CBN’s proposal mirrors international reforms.

• The UK will implement mandatory APP fraud reimbursements in 2024.

• Brazil’s PIX payment system uses real-time centralised fraud registries.

• India’s UPI framework enforces shared liability for social-engineering scams.

With these guidelines, Nigeria is positioning itself to adopt a similar consumer-protection model; one where fraud responsibility is shared across the ecosystem and institutions are compelled to strengthen internal controls.

If finalised without major changes, the policy could usher in a new era of accountability in Nigeria’s digital payments system, making APP fraud harder to execute and easier to resolve.