The Instant Payment Arrangement (Pix) is a payment arrangement regulated by the Central Bank of Brazil (BACEN) and developed to process transactions within seconds at any day and time (including weekends and holidays), at low cost to the payer. Its engine is the Instant Payment System (SPI), which is responsible for ensuring Real Time Gross Settlement (RTGS).
All keys/nicknames used to identify instant payment accounts are stored at the Transactional Account Identifier Directory (DICT) and the DICT API is the service to search details from this directory, both provided by the Pix arrangement. These key/nickname types are:
- National registration (CPF or CNPJ);
- Email address;
- Cell phone number;
- Virtual Payment Address (EVP)
It is possible to have up to 5 (five) keys to identify a single account (CPF, CNPJ, EMAIL, PHONE NUMBER and EVP). The keys are unique to their bound account, which means they can not be used as an identifier for other accounts.
The Pix arrangement will allow transactions to be performed from:
- DICT Keys
- Static QR Codes
- Dynamic QR Codes
Static QR codes can allow multiple transactions to be performed from a single QR code. That means it is possible to define fixed prices for a product or even let the payer insert an amount, which is ideal for small retailers, service providers, and individuals.
Dynamic QR codes, in turn, are exclusive for each transaction, which means they can only be used once. However, in addition to the amount, it allows inserting other information as the payee identification.
The parties within the Pix are divided into the following roles:
- Payer: Paying or transferring customer;
- Payee: Whoever receives the amount;
- Direct Participants: Financial Institutions or Payment Institutions that have accounts in BACEN for settlement.
- Indirect Participants: Fintechs, Payment Accounts, and others that do NOT have an account at BACEN.
- Service Providers: Softwares and institutions where the user holds payment accounts;
- Infrastructure and Settlement: The SPI.
Direct Participants can also connect to other Direct Participants, however they are limited to connect only to 1 (one) other Direct Participant.
The SPI is an infrasctructure regulated by BACEN's Circular No. 4,027, from June 12th, 2020, developed to centralize the settlement of instant payments between different institutions in Brazil. This system is set to be released at November 2020 and will allow transfer postings to occur directly from the paying user account to the receiving user account, through DICT Keys, without the need of intermediaries, which leads to lower transaction costs.
According to article 4 of BACEN's Circular No. 3,985, from February 18th, 2020, the participation in Pix is mandatory only for financial institutions and payment institutions authorized to operate by BACEN with more than 500,000 (five hundred thousand) active customer accounts, considering cash deposit accounts, savings deposit accounts and prepaid payment accounts.
The SPI is connected to the National Financial System Network (RSFN), that being said it is necessary to be a Direct Participant to directly access the SPI system. However, Indirect Participants can connect to Direct Participants.
Dock will offer services related to Pix in two models:
- Pix Banking as a Service (Pix BaaS);
- Pix Fintech as a Service (Pix FaaS).
The Pix BaaS connects a Pix non-participant partner to Dock, as an Indirect Participant, which calls a Direct Participant partner to access the SPI. All the regulatory, treasury, and accounting processes are done by Dock itself.
This model applies to BaaS partners, where the payment account of their bearers is issued by Dock.
The Pix FaaS is a model to provide technology to a Pix Direct Participant partner. All partners in this model already have the BACEN's license to operate the SPI messages. So in this context, as they already have a payment account at Dock, or are interested in having it, they integrate with Dock to be able to integrate with BACEN.
This model applies to FaaS partners, where the payment account of their bearers is issued by themselves.
In early July 2021, the Central Bank of Brazil (BACEN) updated their security manual for Pix. The objective is to describe the main technical security requirements for Pix.
Pix Security Manual from BACEN
To access the latest version (July 5, 2021, version 3.3), click here.
In this update, BACEN added a new section: #6 - Secure implementation of applications, APIs and other systems. It recommends that all Partners must develop applications, APIs and other systems complying with LGPD (General Data Protection Regulation) rules. Please check it out.
Recommendation: Immediate Compliance
It is recommended that all Partners adapt to all requirements immediately.
Because security is of utmost importance. And also because we are liable to audits and penalties imposed by BACEN. A compliance audit is a comprehensive review of an organization's adherence to regulatory guidelines. And the organization will benefit from being aligned with the manual.
Updated about 2 months ago