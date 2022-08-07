The criminals realized that the cell phone is a fundamental “window” into people’s digital lives: devices don’t just carry apps most used, but they are also a fundamental part of the line for the confirmation of financial operations. It is the cell phone that the consumer receives SMS messages, emails and confirmation messages that often give access to services and transactions. Fabiana Saenz, from zetta (an association that brings together national digital banks), admits that the physical theft of devices makes it difficult for financial institutions to act.

The situation is complex, and banks have chosen to classify the issue as a public safety issue. Although they say they make investments in areas such as biometrics, artificial intelligence and behavioral analysis, the institutions attribute the fraud epidemic to a “public safety problem” and the low digital education of people, which would have been aggravated by the expansion of the database. users. “Most fraud occurs through social engineering,” says Bruno Magranidirector of institutional relations at the Nubank.

Cell phones have become a gateway for criminals to access customer bank accounts. Photograph: Daniel Teixeira/Estadão

The institutions’ initiatives are varied: the C6 says it uses its own facial recognition to validate operations. Nubank claims to have biometrics for proof of life and artificial intelligence to validate transaction risks in an attempt to predict user behavior. Despite this, a case of a Nubank customer who says he lost BRL 140,000 after having his cell phone stolen. About the case, the company says: “This case has been resolved and the client has been reimbursed. Aiming at the continuous improvement of services and processes, the company has been working since day 1 on the development of technologies that guarantee the integrity and security of customers and assets”.

In what is one of the strangest sensations I’ve ever felt, the cell phone disappeared from my hand. I screamed, looked back and saw a figure running into the darkness, an image I will never forget. It was awful, but it’s just a cell phone. Then I buy another. Then I realized it was unlocked. freaked out — VanDep (@MrVanDep) May 5, 2022

“The Brazilian banking sector is a world reference in cybersecurity. For this reason, fraudsters often focus their efforts on end users, who, due to lack of knowledge of the risks, are often the most vulnerable vector. In this context, customer education and awareness are extremely important to change the current fraud scenario”, says Thiago Garridesrisk director at Inter bank.

This, however, seems not to have been enough to combat the actions of criminals. In the first half of this year, Nubank ranked first in the ranking of complaints about bank invasions on the site Complain herewith 299 complaints. MercadoPago (270) and PicPay (128) complete the “top 3″. About the ranking, Nubank says: “The ReclameAqui methodology does not take into account the total number of active customers. Nubank is the fintech with the fewest complaints with the central bankaccording to Regulated rankingr, which takes into account 15 traditional banking institutions and leading fintechs”.

The discourse on the subject is repeated among the large banks. Recently, the Estadão searched all the banks to talk about the theft of cell phones. All major financial institutions in the country – Itau, Bradesco, Bank of Brazil, Federal Savings Bank and Santander – declined to give interviews, limiting themselves to releasing notes stressing that they are attentive to customer safety, with options such as numeric passwords, facial reading, biometrics and double authentication.

With access to unlocked phones, criminals access banking apps and perform transactions such as Pix transfers and even take out financial loans. Photograph: Marcello Casal Jr/Agência Brasil

wanted, the Brazilian Federation of Banks (Febraban) said that it is “aware of public security problems and their impact on banking transactions and the safety of its customers”. The entity declared that the member banks have followed the normative instruction of the Central Bank on the transactional limits of pix via cell phone.

“Febraban encourages customers to use this functionality in their applications to adjust the limits according to their needs and security”. On the entity’s guidance, a survey by the digital bank C6 also points out that 72% of users know the functionality that limits transaction values ​​via Pix, however, only 32% of the public has already configured this tool in banking services.

What the experts say

For experts heard by the Estadãothe lack of investment in security focused on mobile applications and the slowness in the registration of occurrences have contributed to the increase in the number of cases and even in the organization of new forms of coup.

For Álvaro Martins, from the consultancy IT By Inside, despite the updates made by the banks, companies are always far behind organized crime. Martins points out that, in most cases, investments in bank security aim to protect the bank’s own investments, and not the money of account holders. “The financial sector has tools to prevent these cases, but they don’t focus on it.”

In the teacher’s assessment of Institute of Informatics of the Federal University of Rio Grande do Sul (UFRGS), Jéferson Campos Nobre, even with a division of responsibilities, and care by account holders, institutions need to assume the role of protagonists in security. “Customers can collaborate with the security process, but obviously there is an expectation of investments in technologies that detect and block unexpected movements.”

To Estadão, when questioned on the subject, the large banks gave information without details. In a note, Santander stated that it follows the prevention rules established by the Central Bank and “constantly invests in protection systems to preserve its customers’ transactions”. Bradesco reported that it has a “high degree of security” and that it follows “the best national and international practices”.

Sought, banks say that cell phone theft problems and financial scams are a matter of public safety. Photograph: Nilton Fukuda/Estadão

Like the others, Banco do Brasil did not detail which actions have been taken to ensure the safety of account holders. In a note, BB stated that it uses analytical intelligence systems to monitor the behavior patterns of account holders in case of transactions by application. “Security in financial transactions is a priority for BB”, he said.

Itaú declared that it continually invests in technologies to strengthen security systems and processes in the use of its application by customers. “The bank submits all operations to risk monitoring, which analyzes transactions to identify any suspected fraud or scam attempts,” the institution said in a note.

Zetta, an association that represents the main national digital banks, said that the sector has adopted initiatives such as the second factor of password authentication, use of biometrics and care with the management of user credentials. “Zetta and its associates have sought to expand cooperation with law enforcement authorities and the Central Bank to address the ongoing challenge of fighting crime.”

In addition to investing in the prevention of new cases, it is necessary to speed up the response time in blocking accounts, as the professor at UFRGS explains. “Often, despite call center services informing that a certain operation has been carried out, the time required for this demand to be carried out is a little long, which allows criminals to continue carrying out illegal transactions in the applications”.

The issue of fraud must be prioritized, according to Nobre, with more service options related to loss and theft, as is already common in credit card call centers. “Updates to this support service will be required to include account blocking options in the future. I believe that this topic is already on the agenda of companies in the financial sector”, he says.