With the debut of the Pix – scheduled for November 16 – users’ concern about possible fraud involving transactions increases. But the central bank and the participating institutions signal that measures to guarantee the security of the system will be adopted from the initial phase.
At the MobiShop seminar, promoted by Mobile Time, Carlos Brandt, deputy head of the competition and financial market structure department at the Central Bank, explained that the security issue has been treated as a central pillar of Pix since the system was conceived. “We have the greatest security experts discussing (the topic)”, he declared.
In fact, a number of security mechanisms will be in place when Pix debuts. One of them concerns the authorization for participating financial institutions to apply value limits respecting certain criteria and to ease any restrictions as the experience with the system progresses.
In a workshop held in early October, the Brazilian Federation of Banks (Febraban) explained, for example, that transfers via Pix may have different limits according to the time or day of the week during the period between November 2020 and February 2021.
Transactions may also undergo rigorous analysis before they take effect. As a rule, each payment or transfer transaction must be carried out within 10 seconds, however, if the institution identifies a transaction that is outside the client’s profile, it will have up to 30 minutes to perform an anti-fraud analysis or 60 minutes if the transaction is carried out. held at night.
In general, financial institutions are more concerned with a risk factor that is beyond systemic control: frauds based on social engineering. It is feared, for example, that criminals will approach WhatsApp to trick Pix users.
Brandt signaled that institutions will have mechanisms to track atypical transactions, including those carried out under duress. This can be a way to hinder fraud by social engineering. It is to be expected, however, that the institutions also take actions to educate clients about the risks of approaches via e-mail, instant messages and the like.