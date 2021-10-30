SAO PAULO – In recent months, Pix, an instant payment system, has been dealing with two situations: popularity and the consequent scams.

Pix is ​​popular with Brazilians: according to data provided by the Central Bank, Pix has already registered more than 1.04 billion transactions up to the month of September, since its launch. The number of keys already exceeds 330.7 million and there are 109.7 million users, considering individuals and companies.

On the other hand, innovation has brought a wave of scams on the internet that have turned Brazilians into victims.

Added to this context, since last Friday (29), phase 3 of Open Banking has entered into force, whose main resource is the integration of the ecosystem to Pix through payment initiators. O InfoMoney has already done a report explaining how phase 3 will work.

And the question that remains is: if the scams involving Pix are increasing, should the situation get worse with the integration with Open Banking? Experts say new and more fraud is likely to emerge considering that integration will be a new technology that could expose as-yet-unidentified weaknesses.

In this scenario, how to protect yourself from scams and fraud? Some measures have already started to be taken by the Central Bank this month, such as the R$1,000 limit on transfers and payments made by individuals at night.

The monetary authority also provides a channel for complaints about financial and/or payment institutions.

“Still, 80% of electronic crimes exploit what we call social engineering or user behavior, so there are important tips for us to prevent Pix scams, which usually happen through cell phones”, explains Marcos Zanini, CEO of Dinamo Networks, a company specializing in digital identity security and encryption.

The ideal is to always follow good security practices to protect yourself from problems when sharing data, whether information leaks or cyber scams.

So, the InfoMoney compiled protection tips with BC and security experts in the attempt

Letícia Becker, a data protection specialist atComo and member of the technical group on security at Open Banking in Brazil, says consumers should consult the Internet Security Booklet, developed by Cert.br, the tips on the Central Bank website and on the Consumer protection agencies to prevent scams.

The governance website of Open Banking in Brazil, supervised by the Central Bank, shared a series of simple tips so that the consumer stays aware and does not fall for scams.

Look:

What not to do:

Never use personal data such as a password (birthdays, license plate, etc.) or repeated or sequential numbers (111111 or 123456);

Never write down passwords on paper, on your cell phone, on your computer or anywhere easily accessible by third parties;

Never share passwords, security codes or tokens in calls or messages or from trading websites;

Never click on links that ask for updates, app maintenance, registration or token;

Never allow them to remotely access your computer or cell phone, nor accept security procedures during phone calls;

Never make transfers to settle or reverse amounts in your account (not even for testing);

never send prints, videos or make video calls showing QR Codes and screens from your computer, cell phone or ATM;

Never believe in very advantageous promotions that offer big discounts, double earnings or benefits – they can be phishing and/or scams;

Never access your account or register your Pix key by clicking on any link you receive in messages. Access your account directly on your institution’s website or in mobile and computer applications;

Never transfer money to a friend or family member who has placed the order by text message without first calling to confirm, not using the in-app audio call;

Never make your phone number public on instant messaging and social media apps;

Never give your card, cell phone, cell phone chip or notebook to third parties (Ex: a supposed motorcycle courier or employee of a financial institution);

What to do:

Always use the official channels of your bank or payment institution to confirm a request;

Always notify your banking institution if your cell phone has been stolen – the device has the application to access your account, as well as your card;

Always check all information before making transfers or making a Pix (receiver data, amount, transaction date, recurrence);

Always set the privacy of your profile picture in messaging apps so that only your saved contacts see it;

Activate the “double factor authentication” function of your WhatsApp account – just go to: settings > account > 2-step confirmation. Then, just register a password. This will prevent your Whatsapp from being misused by third parties;

Enable double factor, too, in your internet accounts that offer this option: email, social networks, applications, operating systems;

Always make sure the profile you are messaging or following has the official social network verification seal next to the name. This seal is indicative of the company’s official profile;

Always have different passwords for different accounts and create combinations with uppercase, lowercase, numbers and special characters.

“Banking scams already existed before Pix and Open Banking, new technologies are just new means that can be used by scammers. Therefore, checking out the tips can help you avoid a loss”, says Letícia.

Track your data

Fabio Assolini, senior security analyst at Kaspersky, points out that Pix and Open Banking have the potential to revolutionize the way we deal with money and financial services, and the customer should take advantage of these facilities.

“The issue of security is a process that users can start to get used to, check information, monitor their records. Today, a fraudster has no difficulty in finding a victim’s personal data to open accounts at fintechs, create cards, etc. This data is already released today, so consumers who develop the habit of following up on their records, taking care with sharing personal data can avoid losses”, he says.

He says that a tool made available by the Central Bank can help consumers to monitor their records, and who has access to their data. It is the BC Registry.

It is a free service maintained by BC for years in which the consumer needs to register, and from their internet banking they generate an access key. With it in hand, access the BC page to activate access to the Registry.

The feature provides monthly reports that show all accounts and cards opened in your name at banks, brokerages, cooperatives, in addition to all credit granted in your name, all your Pix keys and which institutions they are linked to, as well as exchange information. – such as transfers made in foreign currencies using your data.

“It’s a great way to know if someone has misused your data,” suggests the expert.

Who to contact in cases of fraud and scams?

The Central Bank advises that, if a bank scam is identified, the financial consumer must register the occurrence with the police.

In addition, you must contact the financial institution holding the transaction account (checking, savings or payment account) so that they are aware of what has happened and take the necessary steps.

“If you believe that the security of your computer or cell phone has been compromised, seek certified technical assistance. Last but not least, if you lost your RG, CPF or had documents stolen, the chances of being a victim of fraud are greatly increased. Be sure to register a BO in all these situations. It can be done online, through the official website of your state’s security agency”, says the note on the governance of Open Banking in Brazil.

Letícia Becker, a data protection specialist atComo and member of the technical security group at Open Banking in Brazil, explains that consumers can also contact the beneficiary institution of the transfer in favor of the scammer to seek information and clarification.

Consumers may also resort to consumer protection agencies (Procon of their State) or directly seek the Judiciary for data repair, if necessary, according to her.

Data sharing steps

According to BC, data sharing occurs in an encrypted form and can only happen after three mandatory steps:

Consent; Authentication; Confirmation.

This way, whenever you share data within the scope of Open Banking, you will face at least these three steps through the electronic channels of the participating institutions.

Furthermore, the consumer will only share the data if he gives an authorization and approves the action, and at any time he can cancel the sharing.

The maximum term for sharing is 12 months, and after this period the consumer must renew the authorization of the participating institution. This period may vary according to the purpose of using the data, however, the user will always have access to this information in a clear way, according to the rules defined by the governance of Open Banking in Brazil.

