The Central Bank of Nigeria (CBN) has issued fresh standards for the deployment, operation, and maintenance of Automated Teller Machines (ATMs) across the country. The new directives, contained in its exposure draft titled “Guidelines on the Operations of Automated Teller Machines (ATMs) in Nigeria,” will supersede all previous regulations.
According to the CBN, the framework is aimed at improving ATM availability, strengthening security, enhancing consumer protection, and expanding nationwide access to cash and electronic payment services. Below are the major provisions contained in the new guidelines:
- 1. ATM Deployment and Density– Card issuers are required to deploy at least one ATM for every 5,000 payment cards issued, with full compliance to be achieved within three years — 30 per cent by 2026 and 100 per cent by 2028.– ATMs must be installed in safe locations that ensure user security and confidentiality, and machines placed outdoors must be firmly bolted to the floor.– Any deployment, relocation, or decommissioning of ATMs must receive prior written approval from the CBN.– Independent ATM Deployers (IADs) must also obtain CBN approval and show evidence of a cash-provision partnership with a licensed bank.
- 2. Failed Transactions and Refund Timelines– For on-us transactions (a bank’s customer using its own ATM), failed transaction reversals must be instant; where this fails, refunds must be completed within 24 hours.– For not-on-us transactions (using another bank’s ATM), refunds must be completed within 48 hours.– Acquirers are required to adopt systems that automatically process refunds for non-dispense errors without waiting for customer complaints.
- 3. Security and Technology Requirements– All ATMs must be equipped with cameras that record activities during transactions without capturing customer PIN entry.– Anti-skimming devices are now mandatory to combat card fraud.– ATM encryption keys must be changed at least once a year and cannot be reused across multiple machines. Customers must also be allowed to change their PINs at no cost.– All deployers and acquirers must comply with PCI-DSS data security standards.
- 4. Operations and Maintenance– ATM downtime must not exceed 72 consecutive hours, and customers must be notified where this is unavoidable.– Banks remain responsible for ensuring cash availability at all ATMs under their agreements.– Contact information, fees, and charges must be clearly displayed on ATM screens.– Receipts must be issued for all transactions upon request, except balance enquiries.
- 5. Monitoring, Reporting, and Sanctions– The CBN will carry out periodic audits and onsite inspections to enforce compliance.– Monthly reports on ATM deployment and status must be submitted to the CBN by the 5th of every month.– Penalties will apply to institutions that fail to meet the guidelines.
The CBN noted that the policy is designed to improve ATM density, strengthen security protocols, reduce failed transaction complaints, and guarantee better service delivery to customers nationwide.
Source: https://www.kemifilani.ng/
