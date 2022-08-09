Criminals have realized that the cell phone is a “window” into people’s digital lives: the devices not only carry the most used applications, but are also a fundamental part of the line for confirming financial transactions. Consumers receive SMS messages, emails and confirmation notices through their cell phones, which usually give access to services and transactions.

Fabiana Saenz, from Zetta (an association that brings together national digital banks), says that the physical theft of devices makes it difficult for financial institutions to act. For experts heard by Estadão, the lack of investments in security for mobile applications and the slowness in the registration of occurrences have contributed to the increase in the number of cases and even in the organization of new forms of coup.

For Álvaro Martins, from IT By Inside consultancy, despite the updates made by banks, companies are always far behind organized crime. Martins says that, in most cases, investments in bank security aim to protect the bank’s own investments, not the money of account holders. “The financial industry has tools to prevent these cases, but they don’t focus on it.”

In the opinion of Jéferson Campos Nobre, professor at the Institute of Informatics at the Federal University of Rio Grande do Sul (UFRGS), even with a division of responsibilities and care by account holders, institutions need to assume the role of protagonists in security. “Customers can collaborate with the security process, but obviously there is an expectation of investments in technologies that detect and block unexpected movements.”

The issue of fraud has to be prioritized, according to Nobre, with more service options related to loss and theft, as is already common in credit card call centers. “Updates to this support service will be required to include account blocking options in the future. I believe that this topic is already on the agenda of companies in the financial sector”.

Initiatives

Although they say they make investments in areas such as biometrics, artificial intelligence and behavioral analysis, institutions attribute the explosion of fraud to a “public safety problem” and the low digital education of people – and that this has been compounded by the expansion of the user base. . “Most fraud occurs through social engineering,” says Bruno Magrani, director of institutional relations at Nubank, about the crime of psychologically manipulating users to provide confidential information.

The institutions’ initiatives are varied. Digital bank C6 says it uses its own facial recognition to validate transactions. Nubank claims to have biometrics for proof of life and artificial intelligence to validate transaction risks in an attempt to predict user behavior.

Despite this, a case of a Nubank customer who says he lost R$140,000 after having his cell phone stolen had repercussions on social media. About the case, the company says: “This case was resolved and the client, compensated. Aiming at the continuous improvement of services and processes, the company has been working since day one in the development of technologies that guarantee the integrity and security of customers and assets”.

Thiago Garrides, risk director at Banco Inter, says that “the Brazilian banking sector is a world reference in cybersecurity”. “Even because of this, fraudsters often focus their efforts on end users, who, due to lack of knowledge of the risks, are often the most vulnerable vector. In this context, customer education and awareness is extremely important to change the current fraud landscape.”

big banks

The discourse is repeated among traditional banks. In a statement, Santander stated that it follows the prevention rules established by the Central Bank and that it “constantly invests in protection systems to preserve its customers’ transactions”. Bradesco reported that it has a “high degree of security” and that it follows “the best national and international practices”.

In a note, Banco do Brasil stated that it uses analytical intelligence systems to monitor the behavior patterns of account holders in case of transactions by application. “Security in financial transactions is a priority for BB.”

Itaú declared that it continually invests in strengthening security systems and processes in the use of its application. “The bank submits all operations to risk monitoring, which analyzes transactions to identify any suspected fraud or scam attempts.”

When contacted, the Brazilian Federation of Banks (Febraban) said that it is “aware of public safety problems and their impact on banking transactions and the safety of its customers”. According to the entity, the banks have followed the normative instruction of the BC on the transactional limits of Pix via cell phone.

“Febraban encourages customers to use this functionality in their applications to adjust the limits according to their needs and security.” A survey by C6 showed that 72% of users are aware of the functionality that limits transaction amounts via Pix. However, only 32% of the public has already configured this tool in banking services.

Here’s how to protect cell phones and accounts from criminal attacks:

Basic level:

Use different alphanumeric passwords (including symbols and combining lowercase and uppercase letters) for each registration; Use random number sequences in financial institutions, such as card passwords or credentials in banking apps; Activate two-step verification via mobile or email; Put a password on the operator’s SIM card, which will prevent thieves from inserting the card into another device and having access to your number; Do not click on dubious links or give out personal information, even if the request is from a known contact; Activate all biometrics on your device, such as fingerprint and face readers, which create additional layers of security.

Intermediate level

Have random, complex and impossible to memorize passwords: use specific apps (1Password and Last Password) or browser tools (Google Chrome and Safari) that create passwords and put them in a “vault” in the cloud; Enable one-time passwords as another verification step. These are random numbers that work as a second code. They are created by their own applications (Google Authenticator, Microsoft Authenticator, Authy, 1Password); Contact the financial institution and lower daily transfer limits (DOC, TED and Pix), withdrawals and pre-approved loan; Consider including a trusted contact in your iCloud (Apple) family, allowing family members to remotely wipe the device in case of theft — Android phones (Google) do not have the feature.

Advanced level

Purchase a physical security key for password recovery and logins, such as Titan (from Google), Yubico, and OnlyKey. These objects are small and can be kept on key chains, for example, but prices can exceed R$800; Generate and print alternative backup codes, passwords created automatically by the service registration itself. They must be kept at home, in a safe place; If you have adopted a password generator app, delete saved passwords from browsers to avoid breaches; Create a “secret email” that only you have access to: this account cannot be saved on any everyday device, it must have strong passwords and two-factor authentication enabled. Through this email, you will recover the most important accounts; Leave a device at home (such as an old tablet or cell phone) to be the place where you access your “secret” email, your own password apps or even less used financial institutions.

Related