Brazil today occupies a paradoxical position in the global cybersecurity scenario. On the one hand, it is a leader in financial innovation, with PIX as one of the most advanced and adopted instant payment systems in the world. On the other hand, it is also a priority target for digital criminals who exploit the speed and convenience of the system to execute scams on an industrial scale. The latest vector of this threat is powered by generative artificial intelligence and deepfakes, which ushered in a new era of fraud in which “seeing is believing” is no longer enough.
The numbers reveal the scale of the challenge. In 2024, the Central Bank recorded almost R$5 billion in losses from PIX fraud, an increase of 70% compared to the previous year. In the same period, crimes involving deepfakes have grown 822% in Brazil, a rate five times higher than that observed in the United States. Globally, Deloitte projects losses caused by AI-enabled fraud to jump from US$12.3 billion in 2023 for US$40 billion until 2027. It is not an abstract threat: just a few seconds of audio can already clone voices and generate fake videos in real time, capable of fooling even experienced professionals.
Recent cases expose the destructive power of this combination. In early 2024, a finance official in Hong Kong transferred $25 million after a video conference with deepfakes of his CFO and colleagues. The episode of the British engineering multinational Arup, with similar losses, was highlighted by the World Economic Forum as a paradigmatic example of social engineering amplified by AI. In Brazil, the Civil Police of the Federal District dismantled a R$50 million scheme that used deepfakes to access bank accounts. The common denominator is sophistication. They are no longer poorly written messages or artificial voices, but interactions that are perfect in form, and dangerously false in content.
Faced with this new frontier of fraud, traditional defenses (such as passwords, tokens or even facial biometrics) become vulnerable. The voice can be cloned, the face can be recreated, but there is something that even the deepfake most realistic cannot accurately imitate: human behavior in the digital environment. This is where behavioral biometrics comes in, a technology capable of analyzing subtle interaction patterns such as typing rate, screen pressure, mouse trajectory, switching between applications and browsing cadence.
In practice, these standards function as an “invisible protection” that distinguishes a legitimate user from a fraudster, even when the latter has correct credentials or uses convincing images and audio. Behavioral biometrics solutions already analyze billions of monthly sessions in different countries and have shown impressive results: in a large Latin American bank, for example, the adoption of this technology reduced social engineering scams by 67%, without generating additional friction for the customer – combining greater security with convenience.
Behavioral signs also help identify ongoing manipulation. One example is “induced urgency”, detected when there are quick clicks followed by long pauses, typical of those who are receiving external instructions during a transaction. Another is the presence of atypical actions, such as copying and pasting sensitive data, a behavior recorded in 30% of frauds compared to less than 1% of legitimate sessions. Upon identifying these anomalies, the system can stop the transaction or trigger additional checks before settlement.
The risk of talent shortages for Brazilian leadership
If defensive technology advances, there is an obstacle that threatens to compromise its effectiveness: the lack of qualified cybersecurity professionals. According to Fortinet, the global gap is 4 million vacancies, being 750 thousand in Brazil. The shortage is so serious that Gartner's most recent report points to the lack of talent as the main obstacle to the adoption of new technologies, cited by 63% of IT leaders, even ahead of concerns about costs and risks.
This lack has direct implications for the ability of banks, fintechs and technology companies to implement and calibrate solutions such as behavioral biometrics. Without experts to adjust models, interpret alerts and integrate defense systems into critical flows such as PIX, the risk is that part of the investment in technology will lose effectiveness. The country that has become a global reference in combating AI fraud could see its leadership weaken if it does not accelerate the training and retention of talent.
The future of banking cybersecurity requires solutions based on machine learning and data-driven decisions, which are still far from the reality of most financial institutions. The challenge of dealing with thousands of variables in real time in PIX highlights the importance of technologies capable of creating specific models for each institution, already adopted by hundreds of banks and companies around the world, and which have been consolidating themselves as essential tools for tackling digital fraud on a large scale.
The problem requires a systemic approach, such as expanding training programs, encouraging certifications recognized by the market, making hiring criteria more flexible to attract diverse profiles and promoting collaboration between companies, government and academia. More than ever, cybersecurity is an economic and strategic issue. With the popularization of deepfakes and generative AI, the challenge is no longer just technical but also human. Without qualified people, technology will not deliver its full potential.
Brazil today is a global showcase in the fight against digital fraud and a constant proving ground for security solutions. If defenses work here, with the volume and diversity of attacks we face, they can work anywhere. But maintaining this position requires more than cutting-edge technology and agile regulation, it requires massive investment in people. In the battle against the tripod formed by PIX, generative AI and deepfakes, whoever can identify, in real time, what even the most sophisticated forgery cannot hide will win: the unique way in which each person interacts in the digital world.
