The Little-Known Right for Bank Customers: Central Bank and Superior Court of Justice (STJ) Confirm That Financial Institutions Are Required to Refund Amounts in Pix Fraud Cases and Even When Money Is Used After Mobile Phone Theft

STJ And Central Bank Confirm: Banks Must Reimburse Fraudulent Amounts in Pix, Unless They Prove Client’s Guilt. Understand Your Rights.

Since its launch in 2020, Pix has established itself as the most widely used payment method in Brazil. According to the Central Bank, by 2025 there will be more than 165 million active users and around R$ 2.1 trillion transacted per month. The convenience is undeniable: transfers in seconds, no fees, 24 hours a day. But along with its popularity came a problem: the rise in banking fraud. Social engineering scams, account cloning, and unauthorized transfers have skyrocketed, leaving customers at a loss. Many believe that in these cases, the consumer bears the loss alone.

The truth, however, is different: the law and jurisprudence of the Superior Court of Justice (STJ) confirm that banks are responsible for funds taken in frauds, unless they prove the client’s exclusive guilt.

What the Law and the Consumer Defense Code Say

The Consumer Defense Code (Law 8.078/1990) establishes that financial institutions are liable for service delivery failures. Article 14 states:

Recomendado para você

Oil and Gas

Major Oil, Gas, and Energy Event Will Take Place in Brazil: Macaé Energy Will Gather Petrobras, Equinor, Prio, Among Other Suppliers and Energy Executives for Business, Networking, and Employment Opportunities

The Technical Agenda and the Fair in the City of Macaé Should Boost Discussions on Investments, Energy Transition, and Development of the Oil, Gas, and Energy Chain in the National...

Paulo Nogueira

1

“The service provider is liable, regardless of fault, for compensating consumers for damages caused by defects related to the service provision.”

In practice, this means that the bank is objectively liable for losses resulting from fraud, unless it can prove that the client acted with intent or gross negligence (for example, providing their password to third parties).

The STJ has consolidated this understanding in Summary 479:

“Financial institutions are objectively liable for damages resulting from internal fortuitous events related to frauds and crimes committed by third parties in the context of banking operations.”

In other words: frauds are part of the risks of banking activity, and the client cannot be penalized for security failures in the system.

STJ Jurisprudence: Landmark Cases

The STJ has judged dozens of cases in which banks were ordered to refund customers for losses incurred due to fraud. A notable case is REsp 1992474/SP (2022), in which the Court reaffirmed that:

• The bank must reimburse the consumer in cases of bank transfer fraud, including Pix;
• The only exception is if there is clear proof of the exclusive fault of the account holder;
• It is up to the financial institution to demonstrate that the customer acted imprudently or contributed to the fraud.

Thus, judicial decisions reinforce that the burden of proof lies with the bank, not with the consumer.

The Role of the Central Bank and Pix Rules

The Central Bank has also created protective mechanisms for Pix users:

• Special Reimbursement Mechanism (MED): since 2021, allows blocking and reimbursement of amounts in cases of fraud or operational failures, at the victim’s request.
• New rules for 2025: expanded deadlines and obligations for banks to monitor suspicious transactions, with the possibility of immediate precautionary blocking.
• Joint liability: the receiving institution of fraudulent amounts may also be held liable, as it must monitor accounts used for scams.

These rules reinforce that security is the banks’ duty and that the client should not be left unprotected.

When the Bank Can Exempt Itself from Responsibility

Despite the legal protection, there are situations in which the bank can evade the obligation to reimburse amounts. This occurs when it proves:

• Exclusive fault of the client: providing passwords to third parties, sharing security codes, or evident negligence.
• Fraud outside the banking environment: when the client voluntarily transfers funds after falling for a WhatsApp scam or fake customer service centers, and there was no security failure by the bank.
• Express authorization of the user: if the transfer was validated by biometrics or token, it will be more difficult to claim institutional failure.

Even so, many courts have considered that, in cases of highly sophisticated frauds, the consumer cannot be held solely responsible.

Impact on Consumers and the Banking System

The recognition of banks’ responsibility has two direct effects:

Consumer Protection: ensures that retirees, workers, and businesses are not at the mercy of gangs specialized in digital fraud.

Pressure on Banks: forces institutions to invest more in security systems, artificial intelligence, and fraud prevention.

According to experts, this measure strengthens trust in the financial system, essential for Pix to continue growing without becoming synonymous with risk.

What the Account Holder Should Do in Case of Fraud

If the client notices a fraudulent transfer in their account, they should:

1. Immediately notify the bank and file a police report;
2. Request activation of the Special Reimbursement Mechanism (MED);
3. File a complaint with the Central Bank and with Procon;
4. If there is no reimbursement, file a lawsuit seeking reimbursement and, in some cases, compensation for moral damages.

Jurisprudence is on the consumer’s side, but it is essential to act quickly and gather evidence (screenshots, protocols, reports).

Pix has revolutionized payments in Brazil, but it has also opened the door to a wave of frauds. What almost no one knows is that, in these cases, the bank cannot simply exempt itself from responsibility.

The STJ and the Central Bank have made it clear: the risk of the activity lies with financial institutions, not the account holder. Thus, the injured consumer has the right to reimbursement, unless their exclusive guilt is proven.

This is a powerful message: in the digital world, security is not a favor, it is an obligation. And those who profit from the banking system must also be accountable for the risks.

Inscreva-se

Entre com

Entrar

Eu concordo em criar minha conta

Quando você faz login pela primeira vez usando um botão de Login Social, coletamos informações de perfil público de sua conta compartilhadas pelo provedor de Login Social, com base em suas configurações de privacidade. Também obtemos seu endereço de e-mail para criar automaticamente uma conta para você em nosso site. Depois que sua conta for criada, você estará conectado a esta conta.

Não concordoConcordo

Notificar de

novos comentários de acompanhamento novas respostas aos meus comentários

Label

Nome*

Email*

Salvar meus dados para a próxima vez que eu comentar

Salvar meu nome, e-mail e site nos cookies deste navegador para a próxima vez que eu comentar.

ONESIGNAL ID

ONESIGNAL ID

Eu concordo em criar minha conta

Quando você faz login pela primeira vez usando um botão de Login Social, coletamos informações de perfil público de sua conta compartilhadas pelo provedor de Login Social, com base em suas configurações de privacidade. Também obtemos seu endereço de e-mail para criar automaticamente uma conta para você em nosso site. Depois que sua conta for criada, você estará conectado a esta conta.

Não concordoConcordo

Label

Nome*

Email*

Salvar meus dados para a próxima vez que eu comentar

Salvar meu nome, e-mail e site nos cookies deste navegador para a próxima vez que eu comentar.

ONESIGNAL ID

ONESIGNAL ID

0 Comentários

Mais recente

Mais antigos Mais votado

Feedbacks

Visualizar todos comentários