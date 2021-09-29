BRASILIA – THE central bank published on Tuesday, 28, new measures aimed at improving the security mechanisms of Pix, the payment system. The innovations approved in a Resolution, published in the BC Mail, are exclusive to Pix. As of November 16, financial institutions will be able to preventively block, in cases of suspected fraud, the funds received in an individual user account, for up to 72 hours.

According to BC, this way, the institution will be able to carry out “a more robust fraud analysis, increasing the probability of recovery of resources by paying users who were victims of some crime”. Whenever this blockage occurs, the institution must notify the user receiving the transfer via Pix.

Another measure provided for in the resolution is the obligation to notify the infringement. Today, this notification is optional. In addition to becoming mandatory, the measure extends its use to transactions in which payer and recipient have an account at the same institution, for example, as well as transactions rejected on suspicion of fraud.

“This mechanism allows institutions to register a marking in the Pix key, in the CPF/CNPJ of the user and in the account number when there is a well-founded suspicion of fraud”, explains the BC. The information will be shared with the other institutions whenever there is a query to a Pix key, giving more support to the institutions’ fraud prevention mechanisms.

A new functionality is also being created that will allow the consultation of information linked to Pix keys for security purposes. “The objective is that this consultation is carried out to feed the participants’ fraud analysis mechanisms, including in processes that are not directly related to Pix. Thus, fraud notification information linked to end users will be available to all Pix participants , who will be able to use this information in their processes, such as opening accounts.”

According to BC, these measures encourage participants to increasingly improve their security and fraud analysis mechanisms. All of these new measures, exclusive to Pix, will take effect on November 16th.

On September 23, the BC had already announced other anti-fraud measures, which included, in addition to Pix, other means of payment. The main one was the establishment of a limit of, at most, R$1,000 for operations carried out between 8 pm and 6 am the following day. This measure must be implemented by October 4th.

These limits can be changed at the customer’s request, as long as they are formalized in the electronic service channels. The institution, however, must establish a minimum period of 24 hours and a maximum of 48 hours for effecting the expansion of the transaction limit. This prevents the immediate increase in the customer’s risk situation.

Popularization

The measures come in the wake of rising cases of lightning hijackings, cell phone thefts and cyberscams by criminals who aim to access victims’ bank accounts to steal money via Pix transfers. In addition to the efforts of the Central Bank, the Brazilian Federation of Banks (Febraban) and the Ministry of Justice are also planning a joint strategy against cybercrime. The objective is precisely to expand the identification and repression of those responsible for these types of crimes.

The quest to make the system safer is also a response to the rapid adhesion of Brazilians to Pix. With less than a year of operation, it already disputes with the debit card and cash as the main means of payment, according to research done by Zetta in partnership with the Datasheet.

Given the popularization, BC wants to expand the services offered by Pix, through the Pix Saque functions (which will allow cash withdrawals at commercial establishments) and the Pix Troco (which will also allow withdrawals, but associated with a purchase or the provision of a service). They will be available from November 29th.

See what are the new measures adopted by the Central Bank to give more security to Pix:

72 hours precautionary block:

In case of suspected fraud, the bank or institution that holds the account of the payment recipient may prevent the funds from being blocked for up to 72 hours. Receiving user must be informed in case of blocking;

Mandatory infringement notification:

The notification of infringement becomes mandatory — before it was optional. This mechanism allows institutions to register a “mark” in the Pix key, in the CPF/CNPJ of the user or in the account number when fraud is suspected. This information will be shared with other institutions;

Use of data for fraud prevention:

A new functionality will be created that allows the consultation of information linked to Pix keys for security purposes. The objective is for the consultation to be carried out to feed the fraud analysis mechanisms;

Banks and institutions shall have identification and handling procedures in case of excessive Pix key queries that do not result in payments or in case of many invalid key queries;

Accountability of institutions:

Institutions that offer Pix have a duty to be responsible for fraud arising from failures in their risk management mechanisms. Institutions must use Pix key data as one of the factors to be considered for the authorization of transactions.