Pix has become popular among Brazilians, standing out for its convenience, efficiency, and security. Of course, there are always those who devise increasingly sophisticated methods for fraud (see here how to prevent the latest ones), but the system features various factors aimed at ensuring the security of the payment method.
StarsPay has provided numerous resources to help online service users prevent fraud. For example, offering practical measures that consumers can take to avoid scams, more important tips to prevent online fraud, how not to fall for a famous Pix scam, and a golden rule when receiving phone calls.
Regarding Pix, the Central Bank of Brazil (BCB) states on its website that the system’s security is based on four dimensions. Check them out below in full:
User Authentication
Every transaction, including those related to managing Pix keys, can only be initiated in the secure environment of the user’s banking institution, accessed through a password or other security devices integrated into the mobile phone, such as biometric recognition, facial recognition, or the use of a token.
Transaction Traceability
Due to its technological design, all Pix operations are fully traceable, which allows the identification of accounts receiving funds from fraud/scams/crimes, enabling more decisive action by the police and the judiciary, unlike ATM withdrawals, for example.
Secure Information Traffic
Transaction information is transmitted in an encrypted manner over the National Financial System Network (RSFN), which is a network entirely separate from the internet and where Brazilian Payment System (SPB) transactions are processed. All Pix participants must issue security certificates to transact on this network. Additionally, all transaction information and personal data linked to Pix keys are stored in encrypted form in BCB’s internal systems.
Pix Operating Rules
The Pix regulation includes measures to mitigate fraud risk, such as:
- A provision that Pix participants (financial and payment institutions offering Pix to their clients) must be responsible for fraud within Pix due to failures in their risk management mechanisms;
- Protection mechanisms by the BCB and institutions that prevent scanning of personal information related to Pix keys;
- The possibility for institutions to set maximum transaction value limits based on their clients’ risk profiles. These limits may vary by transaction time, account ownership, service channel, and user authentication method, among others;
- The ability for users, through apps, to adjust the value limits set by institutions. Requests for reductions take immediate effect, while requests for increases are not immediate and require analysis by institutions to verify compatibility with the client’s profile;
- A differentiated maximum time for transaction authorization by participating institutions in cases of unusual transactions initiated by their clients with a high probability of fraud;
- An information center shared with all participants about Pix keys, account numbers, and CPF/CNPJ involved in fraudulent transactions;
- Dynamic QR Code generation allowed only for participants who send specific security certificates to the BCB; and
- Mechanisms that facilitate the blocking and eventual return of funds in case of fraud, such as precautionary blocking and the special refund mechanism.