The increase in cases of lightning kidnappings and Pix-related robberies made the Central Bank (BC) introduce security measures in the instant payment system. The changes announced today (27) also affect other types of electronic payment, such as Available Electronic Transfer (TED), debit cards and transfers between accounts of the same bank.
In the most important change, the limit for transfers between individuals, including individual micro-entrepreneurs (MEI), will drop to R$1,000 between 8 pm and 6 am. The new limit applies to both Pix and the settlement of TEDs, debit cards and intrabank transfers.
In another change, the BC decided to prevent the instantaneous increase in transaction limits with means of payment by electronic means. Now, institutions will have a minimum period of 24 hours and a maximum of 48 hours to carry out the account holder’s request if made through a digital channel. The measure covers both Pix and TED, the Credit Order Document (DOC), intrabank transfers, debit cards and bank slips.
Financial institutions will now offer customers the ability to set different Pix movement limits during the day and night, allowing for lower limits at night. They will also allow the prior registration of accounts that may receive Pix above the established limits, keeping the limits low for other transactions.
• allow Pix participants to hold a transaction for 30 minutes during the day or for 60 minutes at night for transaction risk analysis, informing the user of the hold;
• make mandatory the mechanism, which already exists and is now optional, for marking the Transactional Account Identifier Directory (DICT) of accounts with evidence of use in Pix fraud, including in the case of transactions carried out between accounts of the same participant;
• allow consultations with the DICT to feed the institutions’ fraud prevention systems, in order to curb crimes involving the same account in other means of payment and with other banking services;
• require Pix participants to adopt additional controls in relation to transactions involving accounts marked on the DICT, including for the purpose of refusing to process them, thus combating the use of rental accounts or so-called oranges;
• determine that participants in electronic payment arrangements share, in a timely manner, with law enforcement authorities, information about transactions suspected of involvement in criminal activities;
• require additional controls on fraud from regulated institutions, reporting to the Audit Committee and the Board of Directors or, in their absence, to the Executive Board, as well as keeping such information available to the Central Bank;
• Require behavioral and credit history so that companies can anticipate same-day card receivables, reducing the occurrence of fraud.
In a statement, the BC said that the measures will help prevent crimes related to electronic payment methods. “Together, these measures, as well as the possibility for customers to set the limits of their transactions to zero, increase the protection of users and help to reduce the incentive to commit crimes against the person using payment methods, since the low amounts to be eventually obtained in such actions tend not to compensate for the risks”, informed the agency in a statement.
For BC, the security mechanisms present in Pix and in other payment methods are not capable of completely eliminating the exposure of its users to risks. However, the joint work of the Central Bank, the regulated institutions, the public security forces and the users themselves will make it possible to reduce the occurrence of losses.
The Central Bank responded to the demands of the banks. This week, several financial institutions asked the agency to tighten Pix’s rules to make it harder for criminals to act. As of March, Pix’s limits were the same as those for wire transfers. In April, users were able to customize the limits in the application of financial institutions.
Despite the practicality, the changes have increased cases of fraud, theft and lightning kidnapping related to Pix. Criminals took advantage of the speed of instant transfers to apply scams or force victims to transfer large amounts overnight to the oranges account. The money was then pulverized to other accounts, making it difficult for financial institutions and security forces to track them.