Search
Close this search box.
Facebook Instagram Linkedin

Tag: Instant payments

Categories
Data Protection

Scams involving Pix: Necessary Recommendations

One of the most pressing questions for banks, financial system operators and regulators is how to increase speed without sacrificing safety. In this new landscape of instant payments, can technology contribute to the prevention of scams involving Pix, rather than simply speeding up payments?

When the Central Bank of Brazil recently launched the instant payments system, scams involving Pix immediately occurred.

This new form of instant payments is a new paradigm in the way financial transactions are made, delivering 24/7 payment transfers in a matter of seconds.

But unfortunately, instant payments can open the door to real-time fraud.

Scams involving Pix can take different forms

Instant payments allow sellers and buyers to exchange money and purchase services in seconds. The funds are received in the beneficiary’s bank account almost immediately, instead of taking a few working days.

This can make a significant difference to a small business’s cash flow, in particular, and means less time spent waiting for money to clear from a buyer’s point of view.

Indeed, fast transactions are a common requirement in the new economy, especially with the rise of mobility: today’s generations of customers want to be able to make payments anytime, anywhere, using their mobile devices.

However, at the same time that financial institutions are rolling out new, faster payment solutions, they are struggling with new types of fraud and the rise of tactics such as email compromise.

Typically, a fraudster will intimidate, persuade or entice you to fork out money or valuable personal identifying information by pretending to be a person you know or an institution you trust.

The digital criminal may pretend to be a bank representative on a phone call and ask for your checking account login. He or she may pose as a government official and threaten to throw you in jail unless you pay for “taxes owed”.

The fraudster may even pretend to be a charity and trick you into donating funds to a fake organization. Scammers tend to thrive on uncertainty and panic. And with Pix, it will be no different, they will take advantage of their weaknesses.

Fighting Pix scams: a balancing act

How can you protect yourself from scams involving Pix? Here are several common sense steps consumers can take to ensure they don’t get scammed by a scammer.

1. Think before you click on a link or download an attachment

Think carefully before clicking on any link or downloading any attachment in an email or website, security experts say, even if it’s from someone you know.

Scammers and hackers hijack email addresses to send you bad links, and then use them to install malware on your computer or trick you into providing valuable personal information.

If an email seems incomplete, think twice before interacting with it. Also be very careful before conducting financial transactions on a public Wi-Fi network, which makes it more vulnerable to fraudsters.

2. Stop and breathe

During Pix scams, cybercriminals feed on your panic and fear. They are what we call social engineers, their job is to dissuade you from your information.

If you get a call from a debt collector, for example, threatening to arrest you unless you send money immediately, take a deep breath and go slowly.

Remember that debt collectors cannot threaten to arrest you. Once you let the panic subside, you may realize that there are other suspicious aspects about the interaction and realize that you are dealing with a con artist.
3. Protect your personal information

Scammers when carrying out scams involving Pix are not just after your money. They want your ID or CPF number, address, email and other personal information, which is as valuable to them as money.

So be very careful before you pass on your information to someone who calls, texts or emails you. Never identify yourself with personal details to anyone who contacts you.

Instead, hang up and call back the customer service number you find online or on the back of your credit card, for example.

There are a few reasons to provide your ID or CPF number, and the verification number on the back of your credit card should only be used by you when making an online purchase.

4. Have a strong password

Make sure you have complex passwords – made up of letters, numbers and symbols – and use a different password for each account you set up.

You should also make sure that all your computers and laptops have up-to-date antivirus and security software. Remember to update all phones or tablets with the latest software.

It is also important to have secure passwords as this makes it harder for scammers to commit financial fraud on your account.

5. Be vigilant, if it sounds too good to be true, be suspicious

If someone calls or emails with an amazing financial deal, it could be a scam involving Pix.

Offers that seem too good to be true are usually criminals trying to get their hands on your money. If you are unsure, ask them to write to you to confirm the details of the offer you are discussing with them.

Even so, you should continue to exercise caution when dealing with them until you are absolutely sure that the offer is genuine.

What to do if you get scammed in Pix scams

If you are the victim of a Pix scam or any other form of fraud, don’t let embarrassment stop you from reporting the crime to the authorities.

If your identity has been stolen, call the companies where the fraud occurred and report that someone has stolen your identity. Ask them to put an alert on their accounts and then change their login and passwords.

Some mitigation actions, such as canceling the Pix key or your credit card, are necessary to limit your financial liability if your information is stolen.

If you are concerned that identity theft is affecting your financial health, contact the bank branches or credit companies to correct any false information and request a fraud alert or freeze of your account. Depending on the type of theft or fraud that has occurred.

Finally, if you have been a victim of financial scams – also beware of the fraud recovery process. Often fraudsters will pretend to be a lawyer or police officer and say they can help you recover money you have already lost.

Pix and Eval

Eval was directly involved in the implementation process of Pix, the Central Bank’s instant payment system. E-VAL with signature solutions and digital certificates, such as E-VALCryptoCOMPE and EVALCryptoSPB, which today serves the digital signature of messages exchanged by the National Financial System.

Regarding Pix processing and performance, Eval’s EVALCryptoPix solution, which uses Rest API, facilitates integration and optimizes digital signature and XML processing, providing high performance and scalability with elasticity in Pix payment transactions.

In addition, for Pix, Eval is providing a complete solution for digital signature, from the digital signature and verification software, as well as the digital certificates required in communication and the HSM that the Central Bank recommends using.

About Eval

Eval has been developing projects in the financial, health, education, and industry segments for over 18 years. Since 2004, we have offered solutions for Authentication, Electronic and Digital Signature, and Data Protection. Currently, we are present in the main Brazilian banks, health institutions, schools and universities, and different industries.

With market recognized value, Eval’s solutions and services meet the highest regulatory standards for public and private organizations, such as SBIS, ITI, PCI DSS, and LGPD. In practice, we promote information security and compliance, increase companies’ operational efficiency, and reduce costs.

Innovate now, lead always: get to know Eval’s solutions and services and take your company to the next level.

Eval, safety is value.

Categories
Data Protection

Real-Time Payments: Transforming the Digital Economy

One of the characteristics of our digital lives today is that we live online and real-time payments have become an increasingly present reality, such as the use of credit cards.

From downloading media content to booking holidays, the latest news or video calling friends and family, our digital experience is instant. Transactions through instant payment methods in our bank account come to consolidate this new reality.

The next step in developing an efficient digital economy and extending the real-time experience to businesses and the wider financial chain is to accelerate the process of financial operations to transactions with consumers, businesses and government.

A crucial means of addressing this is the development of immediate or instant payment schemes. In some countries, real-time payments already play an increasingly important role in facilitating trade and supporting the business models of the future.

Understanding the value proposition of real-time payments

The idea behind instant payments has several features. It should operate 24/7 with an end-to-end payment process from payer to payee of one minute or less.

Payments are confirmed or rejected immediately, allowing payment instructions to be corrected and retransmitted immediately and without loss of value or time.

In addition, successful payments are final and irrevocable, so they cannot be recovered after transmission. From a banking perspective, participants periodically settle net transactions after payments have been made, either during the day or at the end of the day.

Practical benefits of using instant payments

Banks are using real-time payments to adapt quickly to changes in the environment. The emergence of value-added services and the need for speed are having a growing effect on the real-time payments market.

Adopting a holistic approach to real-time payments should help organizations seize the opportunity for advanced and broader payment initiatives.

In practice, real-time payments bring benefits to financial institutions and customers in several ways. Thus, daily transactions can now be made immediately via mobile devices.

Easy implementation and timelessness of the transaction are the drivers of the real-time market. Faster implementation of real-time payments can be achieved through technology, operational capacity building, organizational impacts, risk analysis and controls.

Real-time transparency and security as real benefits

The increasing rate of cybercrime and lack of security are the main challenges of the real-time payments market. The risk can also be caused when there is a system failure during the execution of a transaction. The operational risks involved can also be constraining factors.

Meanwhile, the growth of the real-time payments market is also expected to offer greater transparency and security within the financial system. The opportunity for the real-time payments market depends on the e-commerce and retail sector as it is expected to grow strongly in the coming years.

As well, the implementation of security requirements set by the Central Bank and a framework of standards in place for most real-time payment service providers will create a platform of real opportunity for consumers through data protection and privacy, which will be key for financial institutions.

A competitive advantage is provided by real-time payment solution providers to e-commerce and retail companies by offering a cheaper, faster and most importantly secure way of payment.

Even with the many benefits, there are major challenges

Scheduled to launch in November 2020, PIX, the new payment system of the Central Bank of Brazil, aims to speed up and reduce the costs of bank transfers between individuals and companies.

However, to make real-time payments a reality, financial institutions such as banks, cooperatives, payment institutions and payment initiation service providers need to adapt to a common set of requirements, rules and standards defined by the Central Bank for security.

A challenge for financial institutions

One of the main challenges financial institutions face in rolling out instant payments is IT systems that are not adapted to the modern customer.

Above all, there is a lack of talent, financial institutions need to attract people who bring new creative thinking to implement the dynamics of real-time payments.

Another challenge is to accelerate the innovation process, with a focus on new technologies and agile scaling, financial institutions need to overcome low levels of customer trust.

The fear of fraud or other financial losses will cause the acceptance of real-time payments to go through a phase of mistrust that can be overcome in its implementation phase.

 

Real-time payments is all about the customer experience

The digital revolution is reshaping the industry’s view on instant payments based on a few key elements: speed, security, data protection and privacy, and total customer experience.

Indeed, the payments industry is undergoing a profound transformation, with customer needs shifting from simple payments to ‘beyond payment solutions’.

Continuous improvement of the customer experience, both collectively and individually, is required at all times.

The total customer experience needs to be considered when providing value propositions: payments are an important element, but not the only one, even if they are becoming real-time.

Real-time payments or real-time payment are now a reality, with several countries implementing instant payment functionality, such as Brazil, and others actively considering the imminent roll-out of such projects in their home market.

EVAL’s commitment to implementing instant payment transactions

Clearly, there are challenges and opportunities arising from the evolving payments landscape: on the one hand, margins are falling and the traditional banking model needs to adapt quickly to new trends: speed, security, ease of use and simplicity.

On the other hand, the innovation proposed by the new payment system will open up possibilities for startups and Fintechs that are already active in the market. Leading to a strong transformation in the financial market.

Eval firmly believes that PIX will drive innovation in payment platforms, transforming the way we make payments in the coming years, adding value and opening up all kinds of possibilities for all market segments, consumers and businesses.

Exclusive benefits for Eval customers

Thinking about all the transformation generated by PIX and the revolution of real-time payments, Eval brings through its commitment to innovation and security, exclusive benefits for customers when hiring our services in the implementation of real-time payment transactions.

  1. Scalability and Elasticity: Prepared for millions of transactions and peak hours.
  2. Security: Transactions with the highest possible level of security.
  3. 24x7x365 availability: An essential infrastructure for society.
  4. Rapid Implementation: System implemented before November 2020.
  5. Speed: estimated transaction time between payee and payer less than 10s.
  6. Experience since 2004 in regulatory digital signature projects;
  7. Qualified staff for such care based on SPB/Compe experiences;
  8. Complete offer for SPI Digital Signature (Digital Signature and Verification Software, HSM and SPB Digital Certificate);

Eval is a company specialized in high-tech services and solutions focused on Digital Signature, Authentication and Data Protection.

The company has excelled in developing critical solutions and emerging technologies, e-service enhancements to add value and improvements for our customers.

Our main goal is to support your institution’s authentication, signature and data protection projects, reducing costs and maintaining a high level of security and reliability.

For real-time payments, in particular PIX, Eval is providing a complete solution for digital signature, from the digital signature and verification software, as well as the digital certificates required for communication and the HSM that the Central Bank recommends using. And so if you want to know more please contact us.

About Eval

A Eval está há mais de 18 anos desenvolvendo projetos nos segmentos financeiro, saúde, educação e indústria. Desde 2004, oferecemos soluções de Autenticação, Assinatura Eletrônica e Digital e Proteção de Dados. Atualmente, estamos presentes nos principais bancos brasileiros, instituições de saúde, escolas e universidades, além de diferentes indústrias.  

Com valor reconhecido pelo mercado, as soluções e serviços da Eval atendem aos mais altos padrões regulatórios das organizações públicas e privadas, tais como o SBIS, ITI, PCI DSS, e a LGPD. Na prática, promovemos a segurança da informação e o compliance, o aumento da eficiência operacional das empresas, além da redução de custos.  

Inove agora, lidere sempre: conheça as soluções e serviços da Eval e leve sua empresa para o próximo nível.  

Eval, segurança é valor.  

Categories
Data Protection

Instant Financial Transactions: Security with HSM

Instant financial transactions or instant payments, as they are also known, will play a key role in accelerating the economy. One of the reasons that directly impacts the development of trade in general is the lack of agility in transactions.

Despite the technological advances that have taken place to date, we still have a lot to improve.

With the new payment method, baptized by the Central Bank of Brazil as PIX, the main goal of the electronic transfer is to make financial transactions, such as a transfer between accounts, in less than ten seconds, at any time, every day of the week.

However, the immediacy of this new payment method, despite its numerous benefits, raises a problem: if instant payments are made in real time, in a short space of time, is it not also susceptible to fraudulent maneuvers and cyber attacks?

To reduce these risks, the Brazilian central bank has defined fundamental security requirements to ensure the protection of transactions and user data.

And once again, the use of technology will be key for us to adopt instant financial transactions in a safe and efficient way, promoting the transformation of the means of payment.

The big challenge of instant financial transactions

As part of the development of instant payment solutions, banks face an increasing complexity of combating financial fraudulent transactions.

The speed of transactions requires fully automated anti-fraud handling, with no manual review options. The challenge is protection while keeping pace with evolving compliance requirements.

According to the Central Bank, through the PIX technical and business specifications, the instant financial transaction ecosystem should be designed and developed considering good security practices.

This will require ensuring the privacy and protection of users’ data.

Based on this context, the following ecosystem security requirements determined by the CB will need to be met:

Encryption and mutual authentication in communication

Each Payment Service Provider (PSP) must connect to the PIX exclusively via the HTTP protocol using TLS encryption.

There must be mutual authentication when establishing the connection, i.e. both the client and the server must present digital certificates to authenticate themselves.

Digital signature of messages exchanged during instant payments

All messages transmitted on the PIX must be digitally signed by the sender. The receiver will verify the digital signature of each message to ensure its integrity and non-repudiation.

In addition, signatures must appear in the Business Application Header (BAH) of ISO 20022 messages, and the standard adopted is XMLDSig, using the RSA-SHA256 algorithm for signing.

Use and management of Digital Certificates

For both communication encryption and digital signature, ICP-Brasil certificates in the SPB standard should be used.

The activation of a new certificate for a financial institution that makes use of instant financial transactions will take place by sending a specific file in the File Transfer System (STA).

Once the certificate has been validated by the CB, it will be activated automatically.

Maintenance of security logs

All participants in the PIX ecosystem should maintain security logs to record all messages sent and received, allowing for auditing of the messages passed.

The records should contain time references identifying when the messages were signed. In addition, the certificates used and identification of the algorithms used to verify the signature of messages should also be recorded.

While the essence of protecting instant payments lies in data encryption as a solution to protect information relating to PIX transactions, companies can be challenged by the cost and complexity of deploying encryption.

This includes the management of certificates and digital signatures, as well as hardware security modules to protect cryptographic operations.

Indeed, the worsening threat landscape, combined with aggressive cloud adoption and evolving privacy regulations, new challenges related to encryption, privileged access and financial transactions have emerged for financial institutions seeking to evolve the industry.

In addition, many organizations would like to deploy data security more broadly, but are often cautious due to concerns about requirements, complexity, cost and staffing, particularly with respect to encryption and key management.

HSM technology is designed for safety practices and regulatory requirements

When it comes to instant financial transactions, security is one of the most important issues. Banks and financial institutions can suffer considerable financial losses in the event of fraud.

Reliable and flexible protection solutions integrated with payment systems are needed.

A hardware security module (HSM) is a physical device that provides extra security for sensitive data.

This type of device is used to provision cryptographic keys for critical functions such as encryption, decryption and authentication for the use of applications, identities and databases.

As an example, companies can use an HSM to protect trade secrets with significant value. This ensures that only authorized individuals can access the HSM to complete an encryption key transaction.

In the applied context of instant financial transactions, the HSM is recommended for financial institutions to perform the proper management process (generation, safekeeping, activation and revocation) of their digital certificates used within PIX.

HSM solutions are useful for companies that need to run digital rights management or a public key infrastructure.

These systems can be used to provide high levels of security for products that need it, particularly to ensure regulatory compliance.

The direct benefits of HSM applied to instant financial transactions

There are many benefits to using an HSM, these systems are often designed to meet stringent government and regulatory standards, such as the Central Bank’s PIX.

They usually have strong access controls and role-based privilege models, hardware specifically designed for cryptographic operations and resistance to physical tampering, and flexible API options for access.

Using an HSM is the most secure way to store cryptographic keys and manage their lifecycle. Its applicability is now standard practice for any highly regulated organization employing, for example, cloud services.

Cloud providers that don’t offer tools and capabilities are likely to lose business from government, financial and healthcare customers, who demand strong protection controls for all key materials.

To contribute to the transformation process and assist in the implementation of instant financial transaction systems, Eval has digital signature and certificate solutions, such as the E-VALCryptoCOMPE .

Technology developed to provide high performance Digital Signature, or even the EVALCryptoSPB which today serves the digital signature of messages exchanged by the National Financial System. To help with this challenge, your company can count on Eval’s help.

Finally, it is necessary to choose a quality HSM and for this Eval markets the Luna from Thales, the world leader in HSM.

About Eval

A Eval está há mais de 18 anos desenvolvendo projetos nos segmentos financeiro, saúde, educação e indústria. Desde 2004, oferecemos soluções de Autenticação, Assinatura Eletrônica e Digital, e Proteção de Dados. Atualmente, estamos presentes nos principais bancos brasileiros, instituições de saúde, escolas e universidades, além de diferentes indústrias. 

Com valor reconhecido pelo mercado, as soluções e serviços da Eval atendem aos mais altos padrões regulatórios das organizações públicas e privadas, tais como o SBIS, ITI, PCI DSS, e a Lei Geral de Proteção de Dados (LGPD). Na prática, promovemos a segurança da informação e o compliance, o aumento da eficiência operacional das empresas, além da redução de custos. 

Inove agora, lidere sempre: conheça as soluções e serviços da Eval e leve sua empresa para o próximo nível. 

Eval, segurança é valor. 

Where We Are

Rua Paulistânia, nº 381, 2º andar,
Sumarezinho
São Paulo - SP,
ZIP CODE: 05440-000

Contact

(11) 3670 - 3825
(11) 3865 - 1124
[email protected]

Facebook Instagram Linkedin
logo-tales-azul
keyfactor-logo
logo-valid-certificadora-digital
google-safe-browsing
Privacy Policy

Copyright © 2023, EVAL TECNOLOGIA EM INFORMÁTICA. All rights reserved - CNPJ 05.278.889/0001-97