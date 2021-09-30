This Tuesday (28), the Central Bank (BC) published a resolution with new security measures approved for the PIX. The rules take effect from November 16th.

Among the initiatives, payment service providers can preventively block the receipt of user transfers for up to 72 hours, if there is a suspicion of fraud. Whenever the action is imposed, the bank must immediately notify the receiving user.

Until then optional, the notification of infringement will now be mandatory. In this mechanism, financial institutions register irregularities and share the data with other entities. The functionality has also been extended for transactions where the payer and receiver use the same bank and for transactions “rejected due to well-founded suspicion of fraud”.

making security easier

In addition, the use of PIX key data will be expanded to improve bank security mechanisms. Institutions will be able to consult fraud notifications linked to users, for example, for processes that are not directly related to the payment system, such as opening accounts.

Finally, PIX participants must have, at a minimum, the same mechanisms for preventing read attacks as the Directory of Transactional Account Identifiers (DICT).

Entities also need to create procedures for identifying and handling cases that involve excessive key queries without settling transactions or invalid keys. In addition, they may be held liable if there is evidence of fraud resulting from a failure in the security mechanisms.

And the night limit?

Last Thursday (23), BC approved the limitation to R$ 1 thousand in payments and transfers made between 8 pm and 6 am on the PIX. That said, the measure only takes effect on October 4th.