The Civil Liability of Financial Institutions for Fraud in the PIX System

Exponential growth of transactions via PIX in Brazil it has been accompanied by a significant increase in the cases of financial fraudaccording to a recent study by ACI Worldwide, a company specialized in technology for means of payment, Brazil can reach the mark of R$ 11 billion in PIX scams by 2028.

The speed and practicality of PIX, which revolutionized the payment system in the country, also arouse the interest of fraudstersexploiting financial system vulnerabilities for the application of scams, including the use of artificial intelligence (AI).

Given this scenario, it is essential to understand the limits of liability of financial institutions and the rights of victims of bank fraud.

Central Bank Regulations and the Security Duty of Financial Institutions

THE Resolution no. 147/2021 do Central Bank of Brazil (BCB) establishes guidelines for the prevention and mitigation of PIX fraud. Articles 39-B and 78-F they determine that when financial institutions suspect fraud, they must cautiously block transferred values, either on its own initiative or upon request of the customer.

Moreover, the article 32, paragraph V, of the same resolution, imposes on PIX Participants the obligation to be responsible for fraud resulting from failures in their risk management mechanisms. This includes failure to comply with security measures, such as monitoring suspicious transactions and quick response to potential fraud.

The Central Bank guidelines make it clear that financial institutions have a duty to continuously monitor the services they provide, adopting preventive measures to avoid the occurrence of fraud and scams. Among these measures, we highlight:

• Immediate blocking of suspicious transactions;
• Continuous monitoring of atypical movements;
• Adoption of strict security and authentication protocols;
• Collaboration between financial institutions to share fraud data.

When Can Financial Institutions Be Responsible?

The responsibility of financial institutions can be configured in the following situations:

1. Negligence in meeting the block request: When the victim of a coup communicates immediatelyfraud to the bank and requests the value lock, but it is not met in time, allowing the values to be moved by fraudsters.
2. Failures in the security system: If identified intrusion into the internal system of the bank, demonstrating vulnerability in the protection mechanisms, the institution can be held responsible for the damage caused.
3. Non-compliance with Central Bank guidelines: If the institution do not observe established security protocols, as the absence of adequate monitoring or failure to implement preventive measures, may be ordered to fully reimburse the injured user.

Once proven a omission or failure to provide the servicethe financial institution may be required to indemnify the client for the financial losses suffered.

Prevention Measures for Financial Institutions and Users

To minimize the impact of fraud and ensure greater security to customers, financial institutions should adopt preventive strategies such as:
Set transaction limits to reduce the impact of high value scams;
Monitor user behavior patterns to detect suspicious activity;
Investing in technology and artificial intelligence to strengthen authentication and security mechanisms;
Share information about fraud between banks and regulatory bodies to improve policies to combat financial scams.

Essential Care for PIX Users

On the other hand, users should also take measures to protect themselves against fraud, including:
Avoid clicking on unknown links or provide banking data to third parties;
Be wary of suspicious messages requesting urgent transfers;
Always verify the authenticity of the recipient before making any transaction;
Enable bank movement notifications to monitor your transactions in real time.

What to Do If You're a Victim of PIX Fraud?

If the user is the victim of a PIX scam, he must act quickly to try to recover the values:

1 – Contact the financial institution immediately and report fraud;
2 – Request blocking of transferred values through Special Return Mechanism (MED);
3 – Register a police report and gather evidence of fraud; and
4 – If the value is not returnedseek legal assistance to assess the responsibility of the financial institution.

The Special Return Mechanism (MED) allows recovery of values in cases where fraud or failure in the banking system is proven.

If the financial institution not returning the values and it is found that there was failure to comply with Central Bank rules or failure to secure the systemthe victim may demand full compensation for material damage suffered.

Vitor Henrique Mainardes Specialist in Civil and Business Law from PUC/PR and lawyer at the office Alceu Machado, Sperb & Bonat Cordeiro Advocacia.