How to Protect Your OPay, PalmPay or Kuda Account

🔐 A stolen phone can empty your OPay, PalmPay or Kuda balance in minutes, but a non-guessable PIN, real-time alerts and one USSD code can shut the door before a stranger gets through it.

Everything explained below ⬇️⬇️⬇️

Recommended Content:

WHAT TO DO IF YOUR WALLET TRANSFER FAILS IN NIGERIABEST VIRTUAL CARDS IN NIGERIA FOR ONLINE PAYMENTS

Losing your phone or tapping the wrong link does not have to mean losing your money. Access to an OPay, PalmPay or Kuda wallet almost always runs through one of three doors: a PIN that is easy to guess from a stolen phone, a hijacked SIM card, or a moment of panic where someone reads out a code to a stranger on the phone.

Get budget-safety tips like this every week


This piece walks through what each of Nigeria’s three big mobile-wallet apps actually offers for security, the fraud patterns that have been reported around them since 2025, and the exact steps and channels to use the moment something feels wrong, starting with the habit most people get wrong first: the PIN itself.

See how a business-grade wallet like Moniepoint handles personal-account security

YES, SHOW ME MY OPTIONSNOT NOW, THANKS

* You’ll stay on an official, CBN-licensed provider’s site. 🔒 ✅

Lock Down Your PIN, Biometrics and Login

Your transaction PIN is the single easiest thing fraudsters exploit, because so many people pick one that is guessable straight from a stolen phone: a birth year, a slice of a phone number, or a family member’s birthdate. Provider guidance is consistent on this across the board: never use those patterns, and never share your PIN or OTP with anyone, including someone claiming to be OPay, PalmPay or Kuda support, since none of them will ever ask for it by phone or message. Kuda backs this up with a concrete, confirmed feature: its app sends a real-time push notification and email for every single transaction on the account, so a debit you did not authorize shows up the moment it happens rather than at month-end. Turn on fingerprint or Face ID login in your app’s security settings as a second layer, so a stolen, unlocked phone still cannot open your wallet without a biometric match.

Recognize Phishing, SIM-Swap and Fake-Account Fraud

Two fraud patterns keep showing up around Nigeria’s mobile wallets. The first is phishing: fake websites cloned to look exactly like OPay’s login page, plus scammers who call or message pretending to be customer support and ask directly for your OTP or PIN, a request no legitimate provider makes. The second, more damaging pattern is SIM-swap fraud, where a criminal convinces a telecom support agent that they are you and gets your number reissued on a new SIM; once that happens, they intercept the OTPs meant for you and can drain linked accounts, a mechanism reported specifically against OPay and Moniepoint users in 2025-2026 coverage. Identity-fraud abuse of onboarding is a related risk: Techpoint Africa documented a case where fraudsters used a stolen phone plus facial recognition to open an OPay account under a Lagos resident’s real name and siphon over ₦100,000 from her contacts. PalmPay’s 2025 update requiring BVN or NIN before wallet creation was introduced specifically to close a similar loophole.

What to Do the Moment a Device Is Lost

Speed matters more than anything else once a phone is gone. OPay publishes two USSD codes that work on any handset without internet, using your registered SIM: dial star 955 star 131 hash to instantly lock your OPay account, and star 955 star 132 hash to lock your OPay ATM card specifically, both confirmed through OPay’s own official channel. Kuda and PalmPay do not publish an equivalent standalone USSD lock code in the same way, so the faster path with those two is contacting in-app or phone support the moment you notice the phone is missing, then changing your PIN as soon as you regain access on a new device. Beyond the app itself, call your telecom provider to block the SIM, since a working SIM in someone else’s hands is what makes OTP interception possible in the first place. Save your provider’s support number somewhere other than the phone itself, written down or with a family member.

ProviderLost-Device ActionAlert TypeReport Channel
Compare Kuda alerts →Compare OPay lock codes →Compare PalmPay tips →Report to CBN or NIBSS →

⚠️ A caller asking for your OTP is never really your bank — OPay, PalmPay and Kuda all state plainly, across their own help-center and support guidance, that no genuine staff member will ever call, text or email you asking for your transaction PIN, OTP or login password. Scammers impersonate customer support using exactly this request, and separately run cloned login pages that look identical to the real app to harvest whatever you type. If a call, SMS or WhatsApp message asks you to read out a code you just received, hang up and reach the provider through the number or in-app chat you already know, not one they gave you.

Steps

  1. Set a transaction PIN that has nothing to do with your birth year, phone number or a family member’s birthdate, then turn on fingerprint or Face ID login for the extra layer the app already offers.
  2. Confirm that push and email transaction alerts are switched on in your app so every debit reaches you the instant it happens, the way Kuda’s real-time notification system is built to work.
  3. Write down your provider’s lost-device lock code or support number somewhere other than the phone itself, such as OPay’s star 955 star 131 hash account-lock and star 955 star 132 hash card-lock USSD codes, so you can still act if the device disappears.
  4. If you lose a device or suspect SIM-swap fraud, call your telecom to block the SIM, lock the account through your provider immediately, and escalate to NIBSS’s fraud reporting portal or CBN’s Consumer Protection Department if the provider does not resolve it.

Treat Your Wallet App Like Your House Keys

None of the steps above cost money or take more than a few minutes, and that is the point: account security on OPay, PalmPay and Kuda is mostly a matter of habits, not technology you have to buy. A PIN that is not guessable, alerts that are switched on, and a lock code written down somewhere safe close off the most common ways Nigerian mobile-wallet users actually lose money.

The bigger fraud patterns, phishing, SIM-swap and fake-account onboarding, work because most people do not expect them, not because the providers have no defenses. Now that you know how they operate and which official channels exist to report them, you are already ahead of the people they are counting on catching off guard.

Frequently asked questions

What is OPay’s Safety PIN and how is it different from my normal PIN?

The Safety PIN is a separate code you can set up so that entering it instead of your regular transaction PIN silently processes the request while locking your OPay account for up to 24 hours, without alerting anyone forcing you to transact under duress.

How do I lock my OPay account or card if my phone is stolen?

Dial star 955 star 131 hash from any phone to instantly lock your OPay account, or star 955 star 132 hash to lock your OPay ATM card specifically; both codes work without internet using your registered SIM.

Does Kuda notify me every time money moves on my account?

Yes, Kuda’s own help center confirms it sends a real-time push notification and email for every transaction, so an unauthorized debit appears on your phone immediately rather than only in a monthly statement.

What exactly is SIM-swap fraud?

It is when a criminal convinces your telecom provider’s support agent that they are you and gets your phone number reissued on a new SIM card, after which they receive your OTPs and can access accounts linked to that number, including OPay and Moniepoint wallets in cases reported since 2025.

Why do PalmPay and OPay now ask for my BVN or NIN before I can use the app?

PalmPay introduced a BVN or NIN requirement in 2025 specifically to stop accounts being opened under a false identity, closing a loophole fraudsters had reportedly used to register wallets in other people’s names.

Where do I report fraud if my provider does not fix it?

Raise it first with OPay, PalmPay or Kuda’s own support using your transaction reference number; if it is not resolved, NIBSS runs a dedicated fraud reporting portal, and CBN’s Consumer Protection Department can be reached at cpd@cbn.gov.ng, contactcbn@cbn.gov.ng or 07002255226.

Sources consulted: help.kuda.com, secureblitz.com, yomiprof.net, dailypost.ng, legit.ng, techpoint.africa, technext24.com, meetcyber.net, nibss-plc.com.ng, cbn.gov.ng (checked July 2026)

⚠️ Disclaimer

This is an independent information portal, not affiliated with CBN, FCCPC, NIBSS, CAC, OPay, PalmPay, Kuda, Moniepoint, or any provider named above. We don’t process transactions, loans, or guarantee approval from any provider. Requirements and terms change over time — always confirm current rules through official channels before acting.

Rolar para cima