The Central Bank of Brazil (BCB) noted in an update that Pix now has security rules that apply for registering new devices.
As mentioned in the update from BCB, cellphones, computers, and tablets being used in Brazil must now be registered with the bank to “enhance Pix user security.”
These new rules reportedly took effect on November 1, 2024.
As explained in the announcement from the BCB, the new security measures apply for registering cellphones, computers, and tablets for use with Pix, Brazil’s instant payment service managed by Banco Central do Brasil (BCB).
These rules aim to “strengthen security” for Pix users.
As mentioned in the update from the BCB, any device that hasn’t been previously registered for Pix transactions—such “as a newly acquired phone or computer—must be registered through the user’s bank.”
Without registration, transactions on that device will be “limited to R$200 per transaction, with a daily cap of R$1,000.”
To make transactions above this limit, users need “only to register” the new device using their bank’s app.
According to Ricardo Mourão, Head of the BCB’s Competition & Financial Market Structure Department (Decem), the process is designed to “be straightforward and user-friendly.”
Mourão said that users should look for the device management option within their bank’s app and follow the steps in order to register a new device. Each institution may have its registration procedures, “so follow the steps provided during the process.”
Mourão added that once registration is complete, transactions on the device can be made up to the established “limit set by the bank, ensuring both convenience and security that the Pix service provides.”
As stated in the update, two-factor authentication will be required during the device registration “to enhance security further.”
This safeguard helps prevent unauthorized registration attempts in cases where fraudsters “gain access to a user’s password.”
The protocol was addressed in the Strategic Security Group (GE-Seg) of the Pix Forum, which brings together security professionals from the BCB and the market, “demonstrating the entire system’s commitment to the highest security standards in Pix.”
The new rule aims to reduce scams in which malicious agents exploit users’ passwords, often through “social engineering tactics.”
This may include deceptions such as “pretending to be bank employees in fake call center scams to obtain password information, allowing them to perform Pix transactions from any device.”
With the new measure in place, transactions over R$200 from an unregistered device will be blocked, which prevents scammers from making high-value Pix transactions, even if they have obtained the user’s password.
As an additional tip, users should remember “to unregister devices they no longer use for Pix transactions.”
The update also notedthat one can do it easily through the device management option in the bank’s app.
By doing so, any future transactions attempted from “an unregistered device will be subject to stricter transaction limits.”
Mourão also stated that the new rules apply to cellphones, computers, tablets, and other devices “never used for Pix transactions on a given account.”
Mourão clarified that nothing will change for those “already used within the scope of the service created by the BCB.”