Nigeria’s financial regulatory bodies are implementing stringent measures to bolster the nation’s digital identity framework, a proactive response to escalating risks of fraud within the burgeoning digital economy. Two significant developments highlight this intensified focus: the Central Bank of Nigeria (CBN) has announced a strict limitation on changing phone numbers linked to a Bank Verification Number (BVN), and the Nigerian Communications Commission (NCC) is set to launch a dedicated system to manage telecom identity risks.
The CBN’s directive, slated to take effect from May 1, 2026, stipulates that Nigerians will only be permitted to alter the phone number associated with their BVN once in their lifetime. This move aims to create a more stable and traceable link between a customer’s financial identity and their primary contact method.
Concurrently, the NCC is preparing to unveil its Telecom Identity Risk Management System (TIRMS) portal by late March 2026. This initiative is designed to tackle the persistent challenges posed by mobile number recycling and the broader implications for identity security across the telecommunications sector.
These parallel initiatives underscore a growing consensus among Nigerian regulators that the confluence of banking and telecommunications identities represents a critical vulnerability in the nation’s digital landscape.
Introduced in 2014, Nigeria’s BVN system was conceived as a cornerstone of financial security. Developed by the CBN in collaboration with the Nigeria Inter-Bank Settlement System (NIBSS), its primary objective was to establish a unified biometric identity for all bank customers, thereby curbing fraudulent activities within the financial sector. Each BVN acts as a unique identifier, consolidating multiple bank accounts under a single biometric profile.
However, the practical application of the BVN system has revealed an unintended reliance on linked mobile phone numbers. These numbers have become indispensable for critical functions such as:
This dependency, while facilitating convenience, introduces a significant layer of risk. Mobile numbers are dynamic and can change ownership through various means:
The increasing prevalence of financial fraud linked to SIM swaps and identity manipulation globally has not spared Nigeria. Criminals often exploit vulnerabilities in identity verification processes to gain unauthorized access to banking credentials or intercept crucial authentication codes. The CBN’s decision to restrict BVN phone number updates to a single instance is a strategic attempt to prevent fraudsters from repeatedly altering phone numbers linked to an identity to facilitate illicit transactions. This policy prioritizes stability and traceability within the banking identity system, adopting a preventative stance against fraud.
The banking sector’s efforts to secure digital identities are inextricably linked to long-standing issues within Nigeria’s telecommunications industry, particularly mobile number recycling. This practice is common in many markets, including Nigeria, where telecom operators reassign inactive numbers to new subscribers after a designated period of inactivity, often ranging between 180 and 360 days. While this process is essential for efficient management of limited numbering resources, it presents a serious security concern when recycled numbers remain connected to financial accounts or digital identity systems of previous users.
Public discourse and online forums frequently highlight instances where individuals purchasing new SIM cards begin receiving bank alerts intended for previous owners. This can also occur when individuals return from extended periods abroad or discontinue the use of their local SIM cards, only to find their numbers have been reassigned. These incidents underscore how number recycling can inadvertently expose sensitive financial information and create confusion within the banking system.
Further insights into these operational challenges emerge from ongoing research. Field interviews with outlet operators of a prominent Nigerian telecom provider revealed that customers experiencing irregularities, such as not receiving messages or discovering a number is not properly assigned to them, are advised to report immediately to their network provider. One operator explained the typical procedure: “If you discover that your line is not receiving messages or is not properly assigned to you, what you have to do is to come and report. You go to your network provider office, you report so that they will know what to do. They will either block or reactivate it, or they will advise you on what to do.”
These interviews also confirmed that reports of number reassignments linked to previous users’ financial activities have been received. Operators indicated that inactive SIM cards are typically deactivated after approximately six months and then reassigned. However, they acknowledged that synchronization issues across systems can sometimes lead to new users receiving bank alerts belonging to former owners. “Yes, we have received such reports from people… normally if your SIM is dormant for about six months, they will block it and assign the line to another customer. But the issue of still receiving alerts, that is something they are working on… maybe the disconnection was not done properly,” one operator stated.
The limitations of frontline service centers were also evident, with operators noting that many complex issues stem from backend processes beyond their immediate control. Their role is often advisory, with more intricate technical resolutions handled at higher operational tiers.
Interestingly, the interviews also highlighted an informal shift of responsibility towards consumers to maintain control over their phone numbers. Customers planning extended travel are often advised to keep their SIM cards active by leaving them in a device at home rather than storing them separately. “If you want to travel for six months, you can just put it in a small phone and keep it at home. Don’t remove it and keep it. Let it stay active,” was a common piece of advice.
These observations reveal a significant disconnect between regulatory intent and real-world usage. While regulators are moving towards stricter identity controls, the underlying telecom infrastructure often operates on assumptions of temporary number ownership and user-managed continuity.
The NCC’s planned TIRMS is expected to address some of these issues by providing a mechanism to track recycled numbers and manage associated identity risks. The system aims to assist banks and telecom operators in identifying instances of number ownership changes, thereby preventing the misdirection of financial alerts and authentication messages. If implemented effectively, TIRMS could substantially mitigate the risks arising from number recycling.
However, the CBN’s one-time BVN phone number update policy introduces further complexity. While it may curb the ability of fraudsters to repeatedly manipulate identity records, it could pose practical challenges for legitimate bank customers. Mobile number stability in Nigeria is relatively low compared to many developed economies, with ownership being far more fluid than regulatory assumptions often suggest. Factors such as network quality, device loss, the widespread use of multiple SIM cards, and the routine recycling of inactive numbers contribute to many individuals not maintaining a single, stable phone number over extended periods.
This situation exposes a deeper structural conflict within Nigeria’s digital identity architecture. Financial systems increasingly treat phone numbers as stable anchors of identity, while the telecommunications sector views them as temporary, reusable assets. Nigeria is, in essence, attempting to construct a persistent identity layer atop an inherently non-persistent infrastructure.
A policy that restricts BVN-linked phone number updates to a single lifetime instance presumes individuals will maintain a singular phone number indefinitely—an assumption that may not align with the realities of Nigeria’s telecom environment. Should a person utilize their single allowed update and subsequently lose permanent access to that phone number, regaining access to banking services could become exceedingly difficult, potentially locking users out of essential financial systems.
This underscores a broader truth: identity security cannot be resolved solely within the banking sector. It necessitates robust coordination between financial and telecommunications regulators. If mobile numbers remain susceptible to recycling without stringent verification safeguards, restricting BVN updates alone may not eradicate the underlying risk but rather shift the burden onto consumers.
Nigeria’s drive towards a more secure digital financial ecosystem is commendable. However, policies must accurately reflect user behaviour and infrastructure limitations. The CBN’s rule is a step towards fraud prevention, but without adaptability, enhanced telecom integration, and clearly defined recovery mechanisms, it risks creating new barriers for legitimate users.
A more balanced approach would prioritize both security and adaptability, ensuring that Nigeria’s digital identity system remains not only secure but also inclusive and resilient in the face of real-world challenges.
Pemerintah Akan Bangun Rumah Susun di Tanah Abang, Jakarta Pusat Pemerintah Indonesia berencana membangun rumah…
Denada Akhirnya Bertemu Putra Kandung Setelah 24 Tahun Terpisah: Momen Penuh Haru dan Klarifikasi Setelah…
Pendekatan Orang Tua yang Berbeda dalam Menghadapi Perubahan Anak Keputusan Sienna untuk melepas hijab belakangan…
JAKARTA – Transformasi digital bukan lagi sekadar tren, melainkan kebutuhan utama di hampir semua sektor…
Alvaro Carpe, pembalap Red Bull KTM Ajo, kembali mengungkap perjuangannya dalam meraih podium secara dramatis…
Lima Fakta Mencengangkan Persib Bandung yang Mengalahkan Semen Padang Pertandingan antara Persib Bandung dan Semen…