In a move to strengthen the security of PIX, the Central Bank (Bacen) announced on March 6 a series of adjustments to the rules of the instant payment system. Much has already been said about the changes themselves, such as the requirement for alignment between the name registered on PIX and the one registered with the Federal Revenue Service. However, there are nuances and practical impacts that deserve special attention. These changes, although primarily aimed at making fraud more difficult, have implications that can affect the daily lives of users and companies.
Alex Tabor, CEO of Tuna Pagamentos, a leading fintech in orchestration in Brazil, emphasizes that the changes are an important step in combating increasingly sophisticated scams. “Imagine a scenario where a fraudster infiltrates your relative’s WhatsApp and asks for a payment via PIX. If the name that appears in the transaction is identical to that of your relative, the chances of falling for the scam are much higher,” he explains. The new requirement that the account holder’s name be the same as that registered with the Federal Revenue Service is precisely aimed at reducing this type of fraud. However, Tabor warns: “This means that banks and fintechs will have to do a second check on the registrations. If your name is incomplete or misspelled, you will need to correct it with the financial institution.”
Random keys and emails: what changes in practice?
Another change that can directly impact users is the prohibition of changes in information linked to random keys. Now, if a person or company wants to update data associated with a key of this type, it will be necessary to delete it and create a new one. “This measure may seem bureaucratic, but it is essential to prevent fraudsters from exploiting system loopholes,” comments Tabor.
In addition, email type PIX keys will no longer be able to change ownership. This means that, if you lose access to an email account linked to a PIX key, it is recommended to delete it immediately. “This is a preventive measure to prevent disabled or forgotten emails from being maliciously used,” says Tabor.
Irregular registration status: what happens with PIX keys?
One of the less discussed but equally relevant changes is the BC’s determination that PIX keys of individuals and companies with irregular registration status in the Federal Revenue should be deleted. This includes CPF numbers with suspended, canceled, or null status, and CNPJ numbers with suspended, inactive, terminated, or null registration status. However, Tabor clarifies that debts with the Revenue will not prevent the use of PIX. “Entities with debts will still be able to use their keys normally. The measure aims to block only cases with serious registration irregularities.”
A different approach: the evolution of PIX and the role of the user
While the changes reinforce the system’s security, they also highlight the importance of users’ active participation in maintaining their data. “PIX is constantly evolving, and the Central Bank has been doing exemplary work in identifying fraud and adjusting the rules,” says Tabor. “But users also need to do their part by regularly checking if their data is up to date and aligned with official records.”
For those who have doubts about their registration status, the recommendation is to access the websites of the Federal Revenue and verify the information of the CPF or CNPJ. “This is a simple practice that can prevent future troubles,” says Tabor.
The new PIX rules represent a significant advancement in the fight against fraud, but they also bring additional responsibilities to users and financial institutions. While the Central Bank continues to monitor and adjust the system, the collaboration of all parties involved will be crucial in maintaining PIX as a safe and reliable payment method. As Tabor emphasizes: “Digital security is a collective effort. Every small adjustment contributes to a more robust ecosystem and less susceptible to scams.”
