Portuguese 
English 
Spanish 
4 min of reading 
0 comments 
Central Bank Measure Blocks Suspicious Keys and Pressures Banks and Fintechs: If There Was a Failure in Opening an Account for a Front, the Institution May Be Held Liable and Compensate for the Loss.
The Central Bank has tightened the grip on fraud with Pix by implementing a kind of national “dirty list” of accounts and suspicious keys. This measure, coupled with new blocking and contestation routines, aims to quickly halt transactions destined for front accounts, reducing the flow of scams and increasing the traceability of cases.
In addition to blocking irregular keys, the current framework advances in holding banks and fintechs accountable. If the institution allowed the opening of an account for a front due to failures in verification, it may be required to compensate the victim, a scenario reinforced by judicial decisions and the official Pix refund mechanism.
What Is the “Dirty List” of Pix and How Does It Work
The so-called “dirty list” of Pix is a register integrated into the payment ecosystem that marks keys and accounts with signs of fraud.
-
A beach town in Santa Catarina will distribute 4 tons of sardines completely free of charge to the population next Thursday, with a limit of 2 kilograms per person, and the distribution will end when the stock runs out.
-
A YouTuber bought all the Easter eggs from the market, from the cheapest to the most expensive, weighed each one on the scale, and discovered that some brands deliver extra grams while others charge a fortune for little chocolate.
-
Central Bank reveals: public sector ends February 2026 with a deficit of R$ 16.4 billion; Central Government loses R$ 29.5 billion, state-owned companies R$ 568 million, gross debt rises to 79.2% of GDP in 12 months.
-
The largest executive jet in Brazil belongs to the Safra Family and is for sale: it is a 2002 Boeing BBJ, with a range of 11,500 km, 80 m² of interior space, a master suite, an office, and capacity for 18 passengers.
It is not a public list but a warning signal shared among institutions and the Central Bank, used to block transfers and trigger additional checks before money changes hands.
In practice, the user may see the message “key blocked” when trying to pay.
The record of occurrences originates within the banks and fintechs themselves, which report suspicious behaviors to the Pix arrangement.
In parallel, keys linked to irregular CPFs or CNPJs can be deleted, and new contestation tools expedite the analysis of cases.
The goal is to cut off money laundering routes and reduce the lifespan of accounts used by criminal organizations.
Liability of Banks and Fintechs: When There Is a Duty to Compensate
The understanding that has been consolidating is straightforward: if the scammer’s account was opened with control flaws, for example, onboarding without effective identity validation, the institution may be liable for the damage.
The logic is that operational risk is internal to the financial business; if it spills over to the consumer, it is up to compensate.
This movement is particularly valid for front accounts. When the fintech allows third parties to use accounts to receive illicit amounts due to insufficient checks, the responsibility tends to fall on it.
In some cases, in addition to refunding the amount, there is room for moral damages, depending on the factual framework and the extent of the loss.
How to Act After a Scam: Step by Step with MED and Contestation
Upon noticing the fraud, the first step is to notify your bank immediately. This triggers the Special Refund Mechanism (MED), which prevents the amounts in the receiving bank and opens an investigation among the institutions. Acting quickly greatly increases the chance of recovery.
Next, use the contestation button in the app (when available) to formalize the report of fraud, scam, or coercion.
The victim’s bank communicates with the receiving bank; if there are sufficient indications and balance, the refund may occur.
Keep screenshots, police reports, and protocols; well-organized documentation strengthens your case.
Privacy, Prevention, and Duty of Diligence
The blocking list does not expose your data to the public: it works through internal signals, prioritizing loss prevention and disruption of fraud routes.
From the user’s side, good practices make a difference: be suspicious of urgencies and “unmissable” discounts, verify the name/CPF of the recipient before confirming, and avoid copying/pasting codes from messages or emails.
For banks and fintechs, the duty of diligence is non-negotiable: robust KYC/KYB, quality biometrics, document validation, and transaction monitoring are the minimum.
If the entrance door is loose, the legal and reputational risk skyrockets. In an objective liability environment, the cost of not investing in controls tends to far outweigh the cost of prevention.
Consumer Tools: Registrato and Useful Checks
Through Registrato, from the Central Bank, it is possible to verify Pix keys registered in your name and map financial relationships.
Keeping your registration regular and removing keys that you do not use reduces the attack surface. If a charge seems strange, do not pay: confirm with the company through an official channel before transferring.
Another defense is to divide limits into layers: keep lower daytime and nighttime limits, use separate accounts for payments and reserves, and activate transaction notifications.
The less money exposed in the day-to-day account, the smaller the impact of a possible scam.
Consequences for Fronts and the Fraud Network
Lending your account to move amounts from third parties is investigated and can lead to criminal liability, such as ideological falsification, as well as blocks and terminations of banking relationships.
The “dirty list” shortens the circuit of these profiles, making the identification of networks that recycle keys and devices quicker.
On a systemic level, coordination between the Central Bank and institutions creates correct incentives: strong controls become a competitive advantage, while failures cost dearly in refunds, fines, lawsuits, and brand wear.
The message is clear: zero tolerance for front accounts.
The new layers of security target scams that have become a digital epidemic. For you, did the Central Bank go in the right direction by creating the “dirty list” and pressuring fintechs and banks? Have you tried MED or has contestation worked? What practices have you adopted to reduce risk on Pix (limits, separate accounts, checks)? Share in the comments: your account helps show what really protects and what still needs to change.
-
-
-
-
-
-
38 pessoas reagiram a isso.