The new guidelines, set to take effect on May 1, 2026, mark the end of the era of flexible identity modification.

By restricting BVN enrollment to individuals aged 18 and above and limiting phone number changes to a single instance, the apex bank is directly targeting the identity looping tactics used by fraudsters to mask illicit transactions.

The New Rulebook: What is Changing?

The Age Gate: BVN enrollment is now strictly for adults (18+), ensuring that the biometric database is populated by individuals with full legal accountability.

The Single Update Clause: Customers can only change the phone number linked to their BVN once. This closes a major loophole where fraudsters repeatedly updated contact details to intercept One-Time Passwords (OTPs).

The 24-Hour Watchlist: Financial institutions must now implement a temporary flag system. Any BVN linked to a suspicious transaction can be restricted for up to 24 hours, requiring the customer to provide immediate verification before further movement of funds.

Centralized Data Sovereignty: The CBN is asserting exclusive control over the BVN database, granting limited access only to licensed entities under strict security protocols.

Tracing Similarities: The Global War on Synthetic Identity

Nigeria’s move mirrors a global trend where regulators are moving away from knowledge-based authentication (passwords) toward biometric-locked identities.

India’s Aadhaar System: Much like the BVN, India’s Aadhaar, the world’s largest biometric ID system, introduced the Virtual ID (VID) and strict biometric locking features.

This was done to prevent Identity Cloning, which had previously cost the Indian economy billions in welfare leakage and banking fraud.

The UK’s Confirmation of Payee (CoP): The CBN’s 24-hour watchlist strategy shares DNA with the UK’s CoP and APP Fraud (Authorised Push Payment) regulations. In the UK, banks use real-time data sharing to flag discrepancies between a name and an account number before the money leaves the sender’s account.

Brazil’s PIX Security Brackets: To curb Express Kidnappings and digital theft, Brazil’s central bank introduced Nighttime Limits and stricter biometric triggers for high-value transfers.

The CBN’s new restrictions on data updates follow this logic: adding friction to the system to protect the user.

For the Nigerian tech ecosystem, these friction-heavy rules are a necessary evil. As Nigeria’s fintech sector matures, the cost of fraud, estimated to have the potential to hit ₦1.2 trillion annually if left unchecked, becomes a barrier to international investment.

By aligning BVN rules with Tier-1 global standards, the CBN is not just stopping fraud; it is increasing the trust quotient of the Nigerian Naira in the global digital economy.

For startups, this means more robust KYC (Know Your Customer) data, and for consumers, it means a safer, albeit more disciplined, banking experience.

During a New Year media session themed “Setting the Narrative for the Year,” leadership from the wellness and lifestyle giant outlined a shift from reactive damage control to a fact-based “Contribution Model.”

The goal for 2026? To move the needle from speculation to clarity in its most critical growth market: Nigeria.

The Three Pillars of the QNET 2026 Strategy

Ayokunmi Solesi, general manager of QNET Nigeria, identified three technical pillars that will define the company’s “Energised Every Day” theme for the fiscal year:

Entrepreneurship Development: Positioning direct selling as a viable economic engine in markets with high informal employment.

Compliance & Consumer Protection: Establishing a “zero-tolerance” policy for fraudulent recruitment and unauthorized brand representation.

Wellness Product Innovation: Leveraging research-driven solutions to meet the rising consumer demand for preventative healthcare.

Addressing the ‘Brand Misuse’ Deficit

A significant portion of the roadmap focuses on Legal and Regulatory Alignment. Kwasi Fredua Agyeman Danso, QNET’s regional legal counsel, emphasized that the company’s 2026 success is tied to its ability to differentiate legitimate direct selling from the “misunderstandings” that often plague the sector.

The strategy involves a “transparency loop” where journalists participate in international conventions and product education expos.

This is designed to create a verifiable audit trail of the company’s operations, ensuring that regulators and consumers can distinguish between official QNET opportunities and rogue actors.

“Strict adherence to regulatory frameworks and zero tolerance for brand misuse… remain non-negotiable,” Solesi stated, reinforcing that Nigeria is the “critical growth market” where these standards will be most rigorously tested.

From Controversy to Contribution

Reflecting on 2025, Cherif Bassirou Abdoulaye Sarr, the deputy regional general manager, noted that collaborative media efforts have already begun to move the conversation toward QNET’s actual economic impact.

By prioritizing “fact-based engagement,” the company aims to build what Solesi calls a “Proactive Narrative.”

The Governance Challenge in Direct Selling

For QNET, 2026 is a “Foundational Infrastructure” year. QNET is attempting to build a Digital Trust System within a business model that has historically operated in a regulatory grey area.

By integrating KYC (Know Your Customer) and KYB (Know Your Business) principles into their recruitment and distribution channels, QNET is attempting to professionalize its independent representative (IR) network.

In a market like Nigeria, where the informal economy is the primary employer, the success of this “Ethical Entrepreneurship” model depends entirely on the company’s ability to enforce its compliance protocols at the “last mile” of recruitment.

Through this collaboration, banks, fintechs, mobile money operators, and other enterprises will be able to onboard customers more quickly while reducing identity fraud and widening access to the financial system.

The partnership brings together Mastercard’s global expertise in identity technology with Smile ID’s robust data verification and fraud detection capabilities, creating a stronger framework for trusted digital interactions.

Addressing Africa’s Fraud & Inclusion Gap

As Africa’s digital economy is projected to reach $1.5 trillion by 2030, trusted identity solutions are a critical enabler of financial inclusion, fraud prevention, and cross-border commerce. Additionally, smartphone penetration is continuing to rise, necessitating an urgent need to unlock opportunities for millions through secure identity verification services that work across digital channels.

For over five decades, Mastercard has worked alongside African governments, businesses, and communities to advance financial inclusion and economic development.

Mastercard, together with Smile ID, is well positioned to address these challenges by expanding access to financial services, while helping to support compliance with Know Your Customer (KYC) requirements and Anti-Money Laundering (AML) regulations across Africa.

As part of the agreement, Mastercard has also made a minority investment in Smile ID, reinforcing its long-term commitment to digital inclusion and innovation in Africa.

“This partnership with Smile ID is a pivotal step in advancing digital trust and inclusion across Africa. As fragmented identity systems slow down businesses and lock millions out of the digital economy, Smile ID’s innovative identity platform complements Mastercard’s commitment to fostering secure and inclusive digital ecosystems,” said Selin Bahadirli, Executive Vice President, Services, Mastercard EEMEA.

Through this partnership, Mastercard customers, including banks, telecom providers, mobile money operators, and fintechs can gain access to Smile ID’s advanced identity verification tools. These tools will be integrated into Mastercard’s digital platforms, assisting the enablement of:

• Instant, secure onboarding of users across all African markets.
• Enhanced fraud detection and prevention, including synthetic identity fraud.
• Compliance with local and international KYC/AML regulations.
• Scalable solutions for cross-border commerce and digital expansion.

Smile ID’s integrations with local governments and trusted data sources offer unique capabilities that differentiate this partnership in the region, for example, pan-African reach, near real-time onboarding, integration with Mastercard’s insights.

“The surge in synthetic identity fraud in Africa is costing banks and lenders hundreds of millions of dollars a year,” said Mark Straub, CEO of Smile ID. “By joining forces with Mastercard we can help turn the tide. As we combine insights and technologies, we can expand opportunities for consumers by giving banks and mobile wallets the confidence to onboard the next 300 million African users securely, in seconds.”

Similarly, President Bola Ahmed Tinubu has directed the use of NIN Authentication for verification and authentication across Ministries, Departments and Agencies (MDAs).

This is In line with the Commission’s mandate of regulating a reliable National Digital Identity for citizens and legal residents to affirm their identity

The launch of the “NIN Authentication (NINAuth),” a cutting-edge suite of services that include web, API and mobile verification designed to enhance data security, protect privacy, and simplify access to government services, is part of President Tinubu, Renewed Hope Agenda on strengthening the National Identity Management System.

Confirming the development in a statement available to Techecoonomy, Dr. Kayode Adegoke, head , Corporate Communications at National identity Management Commission (NIMC), said that the NIMC NINAuth application is the official service for integration with the Commission’s backend infrastructure.

“It Introduces a robust layer of protection, empowering individuals with greater control over their personal information.

“By requiring explicit consent before data is shared for Know Your Customer (KYC) processes or other verifications, the platform fosters trust, transparency, and user autonomy in digital identity management”, he said.

The NINAuth application provides a secure, scalable, and interoperable interface for identity verification through API integration.

It is designed to facilitate real-time authentication of NIN records, thereby promoting effective service delivery, database harmonization, and compliance with the National Identity Policy of the Federal Government of Nigeria.

The NINAuth service has been designated as the exclusive platform for all NIN-based verification and authentication integration processes for optimal services.

In a 21-page report titled ‘Nigeria Cyber Threat Forecast 2025,’ CSEAN highlights the urgent need for stakeholders across government, the private sector, and civil society to address the growing complexities of Nigeria’s cybersecurity landscape.

This comprehensive report details the persistent and emerging threats expected to shape the digital environment in 2025, emphasizing the pressing need for strategic actions to mitigate risks and foster resilience.

The forecast draws from surveys, open-source intelligence, cyber threat reports, and incident analyses. It examines the interplay of economic conditions, growing digitization, and the shortage of cybersecurity professionals.

These factors collectively underscore the vulnerabilities Nigeria faces in safeguarding its digital ecosystem.

The report was co-authored by Oluwafemi Osho, John Odumesi, Jonathan Ayodele, Polra Victor Falade, Hamzat Lateef and Olajumoke Oloyede, who are members of the Directorate of Research and Development at the Cyber Security Experts Association of Nigeria. In anticipating the road ahead, the Nigeria Cyber Threat Forecast 2025 points to malicious actors becoming more resourceful and deploying increasingly advanced tactics and tools, Nigeria must brace itself for a challenging 2025.

These threat actors pose a significant challenge to even the world’s most experienced cybersecurity defenders, making it critical for Nigeria’s stakeholders to anticipate emerging risks and implement robust protective measures.

This report forecasts a dynamic and challenging 2025 for Nigerian cybersecurity. AI-powered attacks, including deepfakes, will intensify, while misinformation campaigns will continue to manipulate public opinion.

While ransomware attacks may decline, crypto scams, government benefit scams, and data breaches are expected to surge.

The “Japa” of skilled IT professionals will strain the sector, exacerbated by weak enforcement of the Cybercrime Act. Insider threats, the exploitation of unlinked FinTech accounts, and the persistent threat of APTs and credential-stealing malware will further complicate the landscape.

The 2024 cyber threat landscape in Nigeria mirrored global trends, marked by increasingly sophisticated attacks.

Nigeria faced significant cybersecurity challenges from ransomware incidents targeting critical infrastructure to the pervasive use of AI-driven scams and misinformation campaigns.

Individuals, businesses, and institutions endured a series of security breaches and sophisticated scams that permeated various digital platforms. The report warns that 2025 will likely witness a further escalation of these threats as malicious actors refine their tools and tactics.

In light of the evolving cyber threat landscape, the following predictions outline key challenges and trends anticipated for Nigeria in 2025:

1. AI-powered cyberattacks are poised to intensify in 2025, targeting both individuals and businesses. Deepfakes and other AI-manipulated content will be leveraged in phishing, social engineering, romance, and sextortion scams.
2. Misinformation and disinformation will continue to be potent tools for cyber-influence operations, enabling malicious actors to manipulate public perception and sway decision-making across various platforms.

iii. While a decline in ransomware attacks is anticipated due to increased global law enforcement efforts and improved organizational defences, the threat remains.

1. The surge in cryptocurrency scams is expected to escalate in 2025, driven by rising crypto prices. Inexperienced investors will be targeted through social media scams, Ponzi schemes, and fake cryptocurrency exchanges.
2. Government-benefit scams are expected to increase, exploiting economic vulnerabilities. Phishing messages and fake social media posts will be used to steal personal information.
3. Data breaches in Nigeria are expected to continue. Strengthening regulatory frameworks and public education are crucial to mitigating these risks.

vii. The emigration of skilled IT and cybersecurity professionals will continue, straining Nigeria’s digital ecosystem. Addressing underlying factors and creating a more supportive work environment is essential.

viii. The weak enforcement of the amended Nigeria Cybercrime Act 2024 remains a significant hurdle. Investment in advanced investigation tools and strengthened legal frameworks are needed.

1. Cybercriminals will continue to exploit unlinked FinTech accounts for money laundering and illicit transactions. Collaboration among stakeholders is needed to fortify compliance.
2. Insider threats within Nigerian organizations, particularly in the financial sector, are expected to remain a pressing concern. Robust insider threat management strategies and a culture of accountability are essential.
3. Advanced Persistent Threats (APTs) pose a significant but under-recognized threat. Organisations and institutions must take proactive measures, such as routine system updates and security audits, to guard against these persistent attacks.

xii. Credential and information-stealer malware will remain a threat in 2025. Organisations should focus on improving access management and user education.

As Nigeria braces for an increasingly complex cyber threat landscape in 2025, the report identified targeted recommendations for various stakeholders to enhance cybersecurity resilience.

For individuals, adopting robust digital hygiene practices such as enabling multifactor authentication and avoiding unverified links is crucial, alongside promptly reporting suspicious activities.

Businesses are encouraged to invest in AI-driven threat detection systems and provide continuous employee training to mitigate insider threats.

Policymakers should focus on enhancing the enforcement of the Nigeria Cybercrime Act [Amendment] 2024 by allocating better resources and fostering international collaboration against transnational cybercrimes. Regulators and financial institutions must tighten Know-Your-Customer (KYC) protocols to address vulnerabilities in unlinked FinTech accounts, thereby curbing fraud.

Finally, the nation should prioritize retaining cybersecurity talent by improving economic conditions and creating competitive opportunities for IT professionals.

By implementing these strategies, Nigeria can strengthen its defences against the evolving cyber threats anticipated in the coming year.

Commenting on the report, the President of the Cyber Security Experts Association of Nigeria, Mr Ade Shoyinka, emphasized that the Nigeria Cyber Threat Forecast 2025 serves as a clarion call for stakeholders to embrace a proactive and unified approach to cybersecurity.

By addressing these challenges head-on, Nigeria can strengthen its digital resilience, safeguard critical infrastructure, and empower its citizens in an increasingly interconnected world.

A united approach from individuals, organisations, and policymakers is critical to building a more resilient digital ecosystem.

The full report can be accessed HERE.

This, the company said, is to ensure smooth transactions and prompt repayment in the event of bank closure.

This was stated by Bello Hassan, the managing director and chief executive of the NDIC, at the 2024 NDIC Editors Forum at the weekend.

Hassan who was represented by Mustapha Muhammed, the executive director, Corporate Services, stressed the importance of updated KYC in the Nigerian financial system.

Noting that some customers of the defunct Heritage Bank are yet to get their insured deposits, Hassan said this was mainly due to lack of KYC and mismatch of names.

Adding that the NDIC was working to ensure that the insured deposits are paid, he said the corporation is not “unaware of the case of some depositors who are yet to access their guaranteed sums.

“This development is a result of reasons ranging from reconciling inconsistencies in the defunct bank’s depositor’s database to the absence of Bank Verification Numbers (BVN), placement of restrictions on some accounts and in some cases name mismatch.

“The Corporation is therefore working assiduously to resolve these challenges to ensure that depositors are promptly paid. I would like to seize this opportunity to emphasise the importance for depositors to ensure strict compliance with all Know Your Customer (KYC) regulations as prescribed by the CBN.

This will not only promote hitch-free transactions with their banks, but it will also go a long way in ensuring prompt reimbursement in the event of bank closure.

Hassan while pointing out that uninsured deposits represent a significant portion of the total deposits in Heritage Bank, furthered that the NDIC is working to ensure that depositors with amounts over the maximum insured amount of N5 million are paid through liquidation dividends from the realisation of the defunct bank’s assets and recovery of debts.

He furthered that the Corporation has already initiated the process of debt recovery and realisation of investments and physical assets of the defunct bank to ensure timely payment to the uninsured deposits of the defunct bank.

Beyond repaying depositors, he said the NDIC’s responsibilities extend to the creditors of the defunct bank, who according to him will receive payments after all depositors have been fully reimbursed.

“This orderly process, based on asset realisation and priority of claims, is essential in maintaining public trust in the banking system and promoting financial system stability.

As one of the financial safety nets, the NDIC boss reassured depositors of the safety of their funds, which he said is critical to “instilling trust in the banking system and preventing bank runs at times of uncertainty. Over the years, the NDIC has been instrumental in promoting stability by ensuring that when banks fail, depositors are protected, and their funds are reimbursed promptly.

“The NDIC was established over three and half decades ago to protect depositors, especially the uninformed, and contribute to the financial system’s stability. Our core mandate includes; providing deposit insurance cover to depositors of licensed banks, supervising insured financial institutions, Distress resolution and ensuring orderly resolution in the event of bank failure. Thus, the role of the deposit insurer cannot be overemphasised.”

[Featured Image Credit]