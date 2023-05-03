Absolute success, Pix will gain security reinforcement from the 5th of November, reported this Tuesday, 2, the Central Bank. like the Broadcast (Grupo Estado’s real-time news system) anticipated in October, the BC will start to make specific fields available in fraud notifications so that the types of fraud are specified, such as ideological falsehood or “orange account”, and the reason for the notification , such as coup, embezzlement, account invasion and duress.

Infraction notification is the functionality that allows institutions to mark keys and users whenever there is suspicion of fraud in the transaction.

Another change announced by the BC is the expansion of the Pix security dataset that is made available for consultation by participating institutions for anti-fraud analysis of transactions.

Will be included: the number of infractions of the orange account type or ideological falsehood related to the user or key Pix, number of participants who accepted notification of violation of that user or key and number of accounts linked to a certain user.

In addition, the time limit for which the data is available will be extended. Currently, data for 6 months is available and will now include data for up to 5 years. According to the BC, this query can be made by institutions by Pix key or by the user (CPF/CNPJ), 24 hours a day, every day of the year.

“The result of these changes is greater effectiveness in the fight against fraud, since institutions will have better subsidies to improve their own fraud prevention and detection models. In practice, institutions will be better able to act preventively (rejecting fraudulent transactions or cautiously blocking resources) and, ultimately, this will result in greater protection for users,” says Breno Lobo, consultant at Pix’s Management and Operations Department.

The BC highlighted that the deadline of November 5 for the measures to come into effect is due to the adjustments that will be necessary in the systems of the BC and the Pix participants. The measures were developed together with the market, the Strategic Security Group (GE-SEG), formed within the framework of the Pix Forum.

To increase security, the BC also began to require a security self-assessment questionnaire from institutions that want to participate in the Pix, with the signature of the director responsible for the cybersecurity policy, “in order to guarantee that the institutions meet the technical requirements of security determined by BC”.

The novelty, which tries to increase the responsibility of financial and payment institutions with security rules, imposing yet another “barrier” to try to contain episodes of data leakage, was also anticipated by Broadcast in October.

According to BC, the questionnaire addresses issues related to personal data security, communication security, digital signature and certificates, QR Codes security, secure implementation of applications and APIs.

“Security is one of Pix’s fundamental pillars and is understood as an ongoing process, as new forms of fraud and scams frequently emerge. As a result, the BC acts permanently to ensure the maintenance of Pix’s high level of security”, said the BC in a press release.