In a move to strengthen PIX security, the Central Bank (Bacen) announced on March 6 a series of adjustments to the rules of the instant payment system. Much has already been said about the changes themselves, such as the requirement for alignment between the name registered in PIX and the one registered with the Federal Revenue Service. However, there are nuances and practical impacts that deserve special attention. These changes, although primarily aimed at making fraud more difficult, bring implications that may affect the daily lives of users and businesses.
Alex Tabor, CEO of Tuna Pagamentos, a leading fintech in orchestration in Brazil, emphasizes that the changes are an important step in combating increasingly sophisticated scams. “Imagine a scenario where a fraudster hacks into a family member’s WhatsApp and asks for a payment via PIX. If the name that appears in the transaction is identical to your relative’s, the chance of you falling for the scam is much higher,” he explains. The new requirement that the account holder’s name must match the one registered with the Federal Revenue Service aims precisely to reduce this type of fraud. However, Tabor warns: “This means banks and fintechs will have to perform a second check on registrations. If your name is incomplete or has spelling errors, you will need to correct it with the financial institution.”
Random keys and emails: what changes in practice?
Another change that may directly impact users is the prohibition of changes to information linked to random keys. Now, if a person or company wants to update data associated with a key of this type, they will need to delete it and create a new one. “This measure may seem bureaucratic, but it is essential to prevent fraudsters from exploiting loopholes in the system,” Tabor comments.
Additionally, PIX keys of the email type can no longer change ownership. This means that, if you lose access to an email account linked to a PIX key, the recommendation is to delete it immediately. “This is a preventive measure to avoid deactivated or forgotten emails being used maliciously,” says Tabor.
Irregular registration status: what happens to PIX keys?
One of the less discussed but equally relevant changes is the BC’s determination that PIX keys of individuals and companies with irregular registration status at the Federal Revenue Service be deleted. This includes CPFs with suspended, canceled, or null status, and CNPJs with suspended, unfit, canceled, or null registration status. However, Tabor clarifies that debts with the Federal Revenue will not prevent the use of PIX. “Entities with debts will continue to be able to use their keys normally. The measure aims to block only cases where there are serious registration irregularities.”
A different angle: the evolution of PIX and the user’s role
While the changes reinforce the system’s security, they also highlight the importance of users’ active participation in maintaining their data. “PIX is constantly evolving, and the Central Bank has done exemplary work in identifying fraud and adjusting the rules,” says Tabor. “But users also need to do their part by regularly checking if their data is up to date and aligned with official records.”
For those who have doubts about their registration status, the recommendation is to access the websites of the Federal Revenue Service and check the CPF or CNPJ information. “This is a simple practice, but it can prevent future problems,” says Tabor.
The new PIX rules represent a significant advance in the fight against fraud, but they also bring additional responsibilities for users and financial institutions. While the Central Bank continues to monitor and adjust the system, the collaboration of all involved will be crucial to keeping PIX as a secure and reliable payment method. As Tabor emphasizes: “Digital security is a collective effort. Every small adjustment contributes to a more robust ecosystem and less vulnerable to scams.”
