Spotlight on Brazil’s Pix

Brazil’s Pix is among the newest and most successful IIPSs. As the Pix rules authority and operator, the Central Bank of Brazil has taken a very active approach toward increasing adoption.

Brazil's Pix

In its regulatory and rules authority capacity the Central Bank of Brazil is responding to incidences of fraud in Pix by increasing requirements on participating DFSPs and supporting DFSP risk management efforts by providing shared tools.

What’s Notable Related to Fraud Mitigation?

Pix rules specify numerous DFSP requirements, including those on tools for end user authentication and verification of security and validity of payment requests. The controls required by the scheme at the pre-payment and payment stages of the journey contribute to raising the bar on DFSPs’ risk management.

DFSPs are also required to report suspicious fraud transactions to a centralized database maintained by the Pix scheme. Consultation of this database by DFSPs was initially optional and is now required. DFSPs must use the information either to decide whether to authorize transactions, reject them, or hold back for further analysis. If held, DFSPs can take 30 minutes during daytime and 60 minutes at night to conduct additional analysis. They may also use the information in the database for other internal processes, such as account opening.

Requirement to report fraudulent payments is designed to support all DFSPs in their transaction screening processes.

Complaint and Resolution Mechanisms

Pix rules provide a Special Mechanism for Return to enable the return of funds in cases of suspected fraud or operational failure in the system technology.

The Pix-provided tool enables parties to more easily initiate fraud complaints.

If unable to reach resolution, the parties can initiate a formal dispute to the Central Bank of Brazil. The Central Bank standardizes the procedure and deadlines for complaint resolution, giving the user more clarity about the process. As soon as the user makes a complaint to his or her DFSP, the other DFSP in the transaction receives the information and blocks the credited funds.

Alias Addressing

Pix maintains a directory that supports multiple forms of aliases, including a randomly generated number composed of 32 characters.

The use of a randomly generated number helps protect end user privacy by avoiding the use of personal identifiable information.

Example of a DFSP receipt for a payment using a random alias*

Next Topic in this Section: Spotlight on India’s UPI