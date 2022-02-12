BC President says: “Pix data leak is not relevant”

Roberto Campos Neto, evaluated, this Friday (11/2), that cases of data leakage related to Pix should still happen frequently;

On February 3rd, registration data associated with 2,112 PIX keys were leaked, including username, CPF, relationship institution and account number;

The first incident took place in September 2021, when the BC reported the leak of PIX keys under the custody of the Bank of the State of Sergipe (Banese).

The president of the Central Bank (BC), Roberto Campos Neto, evaluated, this Friday (11/2), that cases of data leakage related to Pix should still happen frequently. Despite saying that the institution will fight the activity, Campos declared: “Pix data leaks are not relevant in the sense that they are data that are not so sensitive”

“As we understand that this world of data is going to grow more and more exponentially, leaks are going to happen with some frequency. And we don’t want to trivialize leaks because we are going to attack all leaks so that they are as few as possible”, said the president of the Central Bank.

When evaluating the leak of Pix data as irrelevant and of low sensitivity, Campos gave the following example: “we have leaks, sometimes, which is the CPF name, but the name and CPF are in the person’s checkbook” The president The BC also stated: “No person has suffered any kind of damage, due to any leak, but even so, the Central Bank has decided to announce all data leaks”

The second occurrence took place in January of this year, after the Central Bank announced the exposure of data of “registration nature” of PIX users of Acesso Soluções de Pagamento, a financial institution in São Paulo.

How do these leaks happen?

While the BC has the ‘technical responsibility’ of the PIX, financial institutions are the operators and managers of customer data. Leaks occur because of vulnerability in the data protection of these companies.

Therefore, an error of this type can happen in several ways, ranging from the simplest to the most complex, such as the invasion and improper disclosure of databases and exposure of data outside the institutions’ systems, as well as emails to unprepared senders.

According to Marcelo Chiavassa, professor of digital law at Universidade Presbiteriana Mackenzie Campinas, all the leaks that took place were not the responsibility of the BC, but due to security failures in the institutions.

What are the risks?

The leaks were of PIX keys and related information. It is not possible to move accounts without access to passwords and tokens.

For Chiavassa, in isolation there are no major problems, as a criminal with a cell phone number or CPF will not be able to enter the bank account.

Still, there is a risk that someone with this information could contact the victim posing as a bank employee, as well as sending falsified invoices.

Is it possible to protect my data?

According to Bruno Diniz, partner of the Spiralem innovation consultancy, so far there is no effective way. According to the entrepreneur, discovering this security element will be the differential for companies in the future, including in the banks’ marketing campaigns.