Central Bank introduces new security measures for Pix transactions

DC

Dragos Cernescu

07 Mar 2025 / 5 Min Read

 

Specifically, the new rules require these entities to ensure that the names associated with Pix keys match the records held by the Federal Revenue Service. The measure aims to reduce fraudulent activities by preventing scammers from using mismatched names when registering keys.  

While these changes primarily affect institutions managing the system, individuals and businesses making or receiving payments will not experience any operational differences.

 

The Central Bank of Brazil has announced a series of important security updates to the Pix Regulation, affecting financial and payment institutions.

 

Verification and compliance measures

Under the new guidelines outlined in BCB Resolution No. 457, institutions must verify compliance whenever a Pix key is registered, modified, transferred, or claimed. Any discrepancies between registered names and official records will necessitate corrective action. 

A representative from the Central Bank stated that accounts with a ‘pending regularisation’ status will not be immediately affected and can continue using Pix. According to data released by the authority, around 8% of registered Pix keys contain errors, with spelling mistakes being the most common issue. Despite these inconsistencies, 99% of individual keys and 95% of business keys remain correctly registered. 

The Central Bank estimates that approximately 8 million Pix keys are associated with irregular CPF records. Among these, 4.5 million cases involve spelling inconsistencies, while 3.5 million belong to deceased individuals. Smaller proportions include suspended (30,000), cancelled (20,000), and null (1,000) CPF registrations. In terms of business keys, the majority of irregular cases are linked to companies classified as ‘unfit’ (984,881), ‘closed’ (651,023), or ‘suspended’ (33,386).

Implementation timeline and additional restrictions

The revised regulations will be implemented in phases. Changes to Pix key portability and update rules will take effect on 1 April 2025. Name validation with Federal Revenue Service records will be enforced starting 1 July 2025, and updated rules for portability and ownership claims will be applied from 1 October 2025. Additionally, from April 2025, financial institutions must verify users’ tax information before allowing the creation of new Pix keys. 

The Central Bank has also introduced restrictions on modifying information linked to random Pix keys. Individuals and businesses using random keys will no longer be able to update associated details. Instead, they must delete the existing key and generate a new one with the correct information. However, mobile number-linked Pix keys remain exempt from this restriction, allowing for necessary changes in cases where prepaid numbers change ownership. 

Institutions will be monitored to ensure compliance, with penalties applicable for failures in the verification process. To further enhance security, the Central Bank is developing an additional safeguard to identify and address discrepancies between registered Pix key names and official tax records.

Countries:
DC

Dragos Cernescu

07 Mar 2025 / 5 Min Read

sign up banner
the paypers logo

The Paypers is the Netherlands-based leading independent source of news and intelligence for professional in the global payment community.

 

The Paypers provides a wide range of news and analysis products aimed at keeping the ecommerce, fintech, and payment professionals informed about the latest developments in the industry.

 



No part of this site can be reproduced without explicit permission of The Paypers (v2.7).

Privacy Policy / Cookie Statement

Copyright