The Central Bank of Nigeria (CBN) has issued new minimum standards for the deployment, operation, maintenance, and security of Automated Teller Machines (ATMs) across the country, introducing stricter requirements for banks and independent ATM operators.
The new framework is contained in a circular titled “Exposure of the Draft Guidelines on the Operations of Automated Teller Machines (ATMs) in Nigeria,” released over the weekend. The apex bank said the guidelines supersede all previous ATM regulations.
Under the new rules, all card issuers are required to deploy at least one ATM for every 5,000 payment cards issued. The CBN directed that full compliance must be achieved within three years, with 30 per cent implementation by 2026 and 100 per cent compliance by 2028.
The bank also stressed that ATMs must be installed in secure locations that guarantee user safety and transaction confidentiality. Machines should not be placed outside buildings unless they are firmly bolted to the floor.
According to the circular, ATM deployment, redeployment, and decommissioning will now require prior written approval from the CBN. Independent ATM Deployers (IADs) must also obtain approval and meet licensing and registration requirements, including proof of partnership with a bank for cash provisioning.
On failed transactions, the apex bank directed that on-us ATM transaction reversals must be instant. Where instant reversal is not possible due to technical issues, manual reversals must not exceed 24 hours. For not-on-us transactions, refunds must be completed within 48 hours.
The guidelines further mandate automatic refunds for non-dispense errors without requiring customers or issuing banks to initiate complaints.
In terms of security, all ATMs are required to be equipped with cameras that record activities such as card insertion and cash withdrawals, while excluding the recording of customers’ keystrokes. Networks used must also meet strict data confidentiality standards, and all machines must be fitted with anti-skimming devices to reduce fraud.
The CBN also ordered that ATM keys be changed annually, with unique keys for each machine, and customers must be allowed to change their PINs free of charge. All ATM operators are required to comply with Payment Card Industry Data Security Standards (PCI DSS).
On operations, the apex bank said technical downtime must not exceed 72 consecutive hours, and customers must be informed where this is unavoidable. Banks are also required to ensure continuous cash availability at ATMs, with partner banks bearing full responsibility for cash provisioning in non-bank deployments.
Other requirements include clear display of helpdesk contacts, charges, and fees; issuance of receipts for all transactions except balance enquiries; and monthly reporting to the CBN on new ATM deployments by the 5th day of the following month.
The CBN warned that it would conduct periodic audits and onsite checks and impose appropriate penalties on institutions that fail to comply with the new guidelines.
