Pix gets new security rules; see what changes

As of this Friday, 1, the new Pix rules come into force, with changes made by the Central Bank (BC) aimed at combating fraud and scams.

The novelty involves changes to security rules, some of which affect bank account holders more directly. These include changing the transaction limit for devices not registered by bank customers.

From now on, anyone who has a new cell phone or computer or is using Pix for the first time will have a limit of R$200 per transaction, with a daily ceiling of R$1,000. To transfer a larger amount, it will be necessary to register the new device with the bank. For devices that have already been used for Pix transfers, nothing changes.

"The registration requirement only applies to access devices that have never been used to initiate a Pix transaction by a specific user. The aim is to hinder the type of fraud in which the malicious agent obtains, through theft or social engineering, the credentials such as login and password of customers," says the Central Bank in a statement.

It's worth remembering that banking apps offer the Pix Limits function, which allows customers to request an increase or decrease in the maximum Pix values. Limits can be set, for example, for day or night transfers, for the customer's saved contacts, for legal entities or for people who are not registered. The customer can set how much they can allocate to each of these groups on a daily basis. This limit increase takes effect between 24 and 48 hours after the customer requests it.

Moving banks

For banks and financial institutions, some rules have also changed. With the new Central Bank resolution, institutions will have to advise customers on good security practices, providing information on how to protect themselves from possible fraud.

Banks will therefore have to manage fraud risks more closely and implement processes to identify Pix transactions that are atypical or not compatible with the customer's profile. It will also be mandatory for account holders to be provided with an electronic channel aimed at fraud prevention.

"With the new security rules, institutions will have to adopt preventive measures, such as continuous monitoring of transactions, identification of atypical transactions that are not compatible with the clients' profile, and even stop initiating or receiving transactions in accounts held by suspicious users," explains Thiago Amaral, a partner at Barcellos Tucunduva Advogados (BTLAW).

In addition, banks must check - at least once every six months - whether customers have been flagged for fraud within the Central Bank's database, rejecting key registration requests for users who have these active tags.

Pix key adjustments

Along with the changes to good security practices, banks must also, from November, implement solutions for registering, deleting, changing, porting and claiming ownership of Pix keys.

With the widespread adoption of this payment method, the number of problems with keys has grown along with the volume of transactions.

Data from the Central Bank shows that between January and September 2024 alone, around 126,000 pieces of personal data linked to Pix keys were leaked - an increase of 44% compared to the entire year of 2023.

Payment by approximation

Another new feature is Pix by approximation.

According to recent statements by the president of the Central Bank, Roberto Campos Neto, users who use Google's digital wallet - called Google Pay - will be able to use proximity payments via Pix very soon.

"It's not like everything will be up and running next week, because people need to log in, register... But it will be up and running very soon, it's being implemented in phases," he said.

The Central Bank expects to launch the functionality for the entire population in February 2025 - when Pix by approximation becomes mandatory for all financial institutions.

Automatic pix on the radar

In addition to the changes to Pix that come into effect in November 2024, the payment method will undergo further modernizations in the following months.

Automatic Pix will come into force in 2025, and should automate the collection of recurring debts - such as water and electricity bills and school or gym fees. The functionality is similar to Pix Scheduled Recurring, which came into force and became mandatory for financial institutions at the end of October.

Thus, payments will be simplified and automatic after express authorization by the customer, without the transactions even needing to be authenticated.

Operational costs should be reduced and the complexity of payments should also be reduced for the other end, the bill collectors - in addition to a marginal reduction in delinquency, by avoiding cases of forgetting to pay bills and operational problems at banks.

The monetary authority expects this Pix functionality to be operational by mid-June.

Source: Isto é Dinheiro