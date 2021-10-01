Ana Marques “Quadrilhas do Pix”, lightning kidnapping and monetary fraud make the Central Bank add security measures to the payment modality

The Central Bank (BC) introduces new rules for Pix as of this Friday (1) in order to reduce user risks and make transfers safer. The changes range from deposit limits to data sharing with public safety institutions. Banks and financial institutions have until October 4th to adapt to the changes.

In August, when the resolution was approved, BC president Roberto Campos Neto said that the end of the quarantine had increased movement in bars and restaurants, and, as a result, the number of coups also increased.

“When someone Pix another person, to get the resource they need an account. It can be an orange account, and we have taken steps to make the orange accounts not happen, or the person himself. person, we have data on who committed the crime,” explained Campos Neto at the time.

It also shot up the number of lightning kidnappings and robberies with reception, the “quadrilhas do Pix”. According to the Secretariat of Public Security of São Paulo, between January and July this year, there was an increase of 39.1% in cases, with 206 police reports and 100 arrests.

“From a technological point of view, there is nothing safer than Pix. The measures taken by the Central Bank were to guarantee the other side of security, linked to the so-called social engineering and public safety attacks. Social engineering is used when, for example, , someone sends a bank slip pretending to be the customer’s telephone company and diverting this money to it. Thefts and lightning kidnappings are serious public safety issues. The changes made in Pix improve the security in these two points”, commented Rodrigoh Henriques, leader of financial innovations at Fenasbac (National Federation of Associations of Central Bank Servers) and coordinator of the Financial and Technological Innovations Laboratory (LIFT Lab).

To help solve crimes, the BC defined that financial institutions will be required to share transaction information suspected of involvement in criminal activities to public security authorities.

In addition, banks and payment institutions are now required to report to the Transactional Account Identifier Directory (DICT) accounts that contain evidence of use in fraud. This database will be available for consultation to prevent other crimes involving the same suspicious account.

Changes

The main change is the new limit of R$1,000 for individuals and individual micro-entrepreneurs (MEIs), which will also apply to TEDs, transfers between accounts in the same bank and debit cards. The user can choose to change the limit on their own or pre-register accounts that may receive above the stipulated limit.

In this case, the system also presents one more change. Previously, the deadline for banks to increase the Pix limit varied between one hour and the next business day. Now, there will be a minimum of 24 hours and a maximum of 48 hours to place an order.

According to the Central Bank, the new rules will have no impact on trade. “The limit of BRL 1,000 applies for payments of the same payment arrangement between individuals at night, that is, in which payer and receiver are individuals [pessoas físicas], thus, there is no need to talk about cooling down trade, as this limit does not apply to payments to companies,” says the BC in a note.

“With the set of novelties in Pix, the modality tends to rise in commerce. The possibility of withdrawal and change in a purchase, the Pagador QRcode, in addition to the Guaranteed Pix and Automatic Debit in Pix are evolutions that help a lot the commerce” , said Rodrigoh Henriques.

Limits may also vary depending on the time of day, whether day or night. Another change between night and day will be the analysis period for a risky transaction.

“As far as Pix is ​​concerned, transactions should take up to 40 seconds. But in the case of unusual transactions suspected of fraud, financial and payment institutions can retain this transaction for a period of 30 minutes, if it is carried out between 8 am and 20h or 60 minutes, the rest of the day. During this time, the institution can carry out additional security procedures and then analyze whether it will reject the transaction or authorize its sending”, explains the monetary authority.

More news ahead



As of November 16, new measures will be implemented, such as a precautionary block, which allows the suspension of the account for up to 72 hours in cases of suspected fraud. The bank must notify the customer immediately after making the decision to retain the account.

“The option will allow the institution to carry out a more robust fraud analysis, increasing the probability of recovery of resources by paying users who were victims of some crime”, informs the BC in a note.

With the new measures in place, institutions that offer Pix to their customers have a duty to take responsibility for fraud arising from failures in their own risk management mechanisms. These measures, in the assessment of the BC, create incentives for participants to increasingly improve their security and fraud analysis mechanisms

In addition, new criteria for evaluating the account in case of suspected fraud were also stipulated, namely:

the number of infringement notifications linked to the receiving user, his Pix key and his transaction account number;

the time elapsed since the opening of the transaction account by the receiving user;

the time and day of the transaction;

the paying user profile, including in relation to the recurrence of transactions between users; and

other factors, at the discretion of each participant.

Both updates were well received by Banco do Brasil. “The nightly limit of BRL 1,000.00 and the preventive block, added to the other measures proposed by the Central Bank, are a way to reduce risk situations and increase the possibility of recovering the funds withdrawn from the account by the scammer,” he said in a statement.

Nubank also stated that it supports the measures announced by BC and reinforces that Pix has always been safe and that, like any system, it receives constant improvements aimed at usability and security.

“Nubank constantly monitors the application’s security mechanisms and the operations performed by its users, with the frequent implementation of technologies that help in this regard. The company also has teams dedicated to fraud prevention, it is always updating and improving the internal processes and systems and seeks to guide customers about preventive measures in financial transactions”, he informs.

data leakage

Last night, the Central Bank reported that data from nearly 400,000 clients of the State Bank of Sergipe, Banese, were leaked. According to the institution, it was the first time that something like this has happened.

“No sensitive data, such as passwords, information on transactions or financial balances in transactional accounts, or any other information under bank secrecy were exposed. The information obtained is of a cadastral nature, which does not allow the movement of resources, nor access to accounts or the other financial information”, he completes.

The BC says that it has taken the necessary actions for the detailed investigation of the case and will apply the sanctioning measures provided for in the current regulation. In addition, whoever had the data leaked will be notified by the northeastern bank.