Operating for almost four years, the Brazilian instant financial transfer system, Pix, is undoubtedly one of the greatest market innovations.
It sets successive transaction records and is internationally recognized for its advantages, such as payment speed and financial inclusion.
However, there are also challenges to maintain this status — ensuring user security is the main one. Just after celebrating an unprecedented number of Pix transactions — on the last Friday, 224.2 million transactions were registered in a single day, moving a record value of R$ 119.4 billion.
This time, almost 40,000 customer keys from 99Pay Instituição de Pagamento S.A were exposed. There have been 11 reports since the launch of the modality.
More than half of them, therefore, were known in the last seven months, signaling the need for constant strengthening of security measures.
In the most recent case, the Central Bank reported yesterday that no sensitive data, such as passwords or financial transactions, were exposed, only user registration information. Even so, tranquility is not guaranteed.
According to experts, the Pix key is usually the individual’s CPF/CNPJ, phone number, or email, and this information can be enough to open an account or issue a fake ticket.In addition to harming users, the recurring data leaks strain the attractiveness of instant payment methods.
One of them is inclusion. Pix allowed people who did not have access to banking services to start making financial transactions — this has become reality for more than 71 million Brazilians, as estimated by the Central Bank.
In this universe of new clients, many are not familiar with the virtual world and its constant innovations, making them easy targets for cybercrime.Another advantage attributed to Pix is the possibility of greater control in financial relationships, with technological features that enhance security.
Since all operations are traceable, for example, it is easier to identify suspicious activities. There is also an expectation of reducing the circulation of cash and, consequently, crimes related to its theft, such as the famous “bank exits.”
However, the tension and uncertainty of these situations should not be transferred to digital transactions. Nor should the responsibility for safeguarding financial transactions be passed on to users.
Companies participating in the Pix system need to be more proactive in addressing the issue by continuously improving their fraud prevention and detection models.It is worth noting that in September, the Central Bank increased penalties for financial institutions in cases of Pix data leaks.
The fines are now proportional to the number of affected keys — in other words, the larger the leak, the higher the punishment amount.
Previously, the type of institution and the percentage of total transactions in the payment system were considered.
The measure adopted by the authority, however, contrasts with the increase in the frequency of leaks this year. Therefore, it is clear that there is a need for rigorous and constant surveillance of the instant financial transaction system.
Especially because new features, such as Pix with credit cards and contactless payments, are likely to make the tool even more popular.
