Security is one of the factors that attracts millions of Brazilians to use Pix, and it is also a priority for the Central Bank of Brazil (BC) regarding this transfer method. After all, scams involving Pix are becoming more sophisticated every day, requiring users to take some precautions to avoid fraud. On Monday (22), the BC announced changes aimed at improving Pix’s security mechanisms.
The new general rule defined by BCB Resolution No. 402 will apply to access devices (cell phones or computers) used to initiate Pix transactions. Starting November 1 of this year, transfers initiated through unregistered devices will be limited to R$ 200 per transaction and up to R$ 1,000 per day. Transfers above this amount will be available only for devices previously registered by the customer.
“In order not to inconvenience users who already use a specific device, this registration requirement applies only to access devices that have never been used to initiate a Pix transaction,” says the statement, which also explains the motivation for the change. “This measure minimizes the probability of fraudsters using devices different from those used by the customer to manage keys and initiate Pix transactions. This will make it more difficult for fraud in which the malicious agent obtains, through theft or social engineering, people’s credentials, such as login and password.”
The Resolution also defines new procedures for banking institutions to increase the security of electronic transfers. Three points were described in the BC’s statement:
- Use a fraud risk management solution that includes security information stored at the Central Bank and is capable of identifying atypical Pix transactions or those not compatible with the customer’s profile;
- Provide, through an electronic channel widely accessible to customers, information about the precautions customers should take to avoid fraud;
- Verify at least once every six months if their customers have fraud markers in the BC’s database.
In the case of customers who have fraud markers, institutions must treat them differently, “either by ending the relationship or using a differentiated time limit to authorize transactions initiated by them and the precautionary blocking of received transactions,” says the statement. The BC’s note also clarifies that the agency will continue developing solutions to combat fraud and scams, focusing on the population’s security. “These improvements are part of the permanent security agenda discussed with leading financial market experts in the Strategic Security Group, coordinated by the BC within the Pix Forum,” says the text.