Banks blame victims for scams, say consumer protection agencies

For consumer protection agencies, banks do not do enough against scams. Despite investing in information campaigns, institutions fail to exempt themselves from responsibility and blame the client, also making it difficult to help victims.

“They say all the time that it’s the victim’s fault”, says Guilherme Farid, executive director of Procon SP. Farid points out that education is important, but it is not enough to avoid the damage caused by institutions by allowing transactions that are outside the consumer’s profile.

“From the moment you decide to deposit your assets in a financial institution, you want the security that it will not leave without your authorization. And in this scenario, it is up to the service provider to adopt all possible precautions and technologies to not authorize “, he explains.

Even so, institutions disclaim responsibility. The economist and coordinator of the financial services program at the Institute for Consumer Protection (Idec), Ione Amorim, criticizes the lack of attention to customers who are victims of financial scams.

“What they find when they use the SAC over the phone is a sequence of recordings, with a script full of questions that make it difficult to speak directly with someone who guides them and provides the necessary blocks or correct referral for contesting involuntary operations”, explains Amorim.

She adds that the agencies do not have prioritized service or standardized responses to occurrences, leaving the quality of service dependent on the interpretation of those who receive the demand.

On social media, chats with robots do not help to resolve the issue, in addition to delaying blocking procedures, repairs or guidance on how to improve security settings.

Procon and Idec see security flaws in institutions

Representatives of Procon SP and Idec indicate that there is a flaw in the bank’s security system, especially by not identifying abnormal operations in bank accounts, which could be questioned before confirmation.

The failure, for Farid, would be in the management of the customer’s consumption profile. He points out that banks have information about users’ financial habits and routines, as well as enough technology to identify suspicious transactions, but do not act to prevent scams.

“How do you justify, for example, a consumer who had his cell phone stolen and eventually the thief managed to make a loan of R$ 50 thousand at 3 am? Or 50 Pix transactions in less than 30 minutes and empty the consumer’s account?”, he asks. .

Amorim adds that banks need to develop security systems not only for their internal protection, but also for the customer, and exemplifies what he observed in the launch of Pix.

“The system was announced with great emphasis on practicality and security in instant operations, but that was among the banks. Little has been done to provide security to the users of the system, and today we are experiencing a serious situation of fraud and violence due to lack of security for those who use the system. opera.”

The economist also criticizes the automatic availability of overdraft limits and pre-approved credit at levels far above the income profile of consumers. “In addition to encouraging indebtedness, they favor the practice of fraud in cell phone theft.”

Febraban says banks have invested in preventing fraud

wanted by SheetFebraban (Brazilian Federation of Banks) says that, together with banks, it constantly and massively invests in awareness campaigns and actions.

“Banks have implemented several technologies, such as georeferencing, biometrics, tokenization, IP recognition, as well as communication with customers to preserve their passwords and communicate to the bank immediately after some event, cell phone theft for example.”

It adds that customers have at their disposal mechanisms such as SMS notification, suppression of functionalities and limit of transactions, and that banks contact them when they identify abnormalities in transactions.

“On the Federation’s social networks, anti-fraud and scam communication continues uninterrupted through the website https://antifraudes.febraban.org.br/ and with the ‘Pare & Pense, Pode ser Golpe’ campaign, widely publicized in 2021 , which restarts in September 2022.”

Febraban also declares that, in addition to carrying out educational campaigns, banks invest approximately R$ 3 billion per year in information technology systems aimed at security. According to the federation, the amount corresponds to about 10% of the sector’s total expenditure on information technology.

The entity also states that banks work in partnership with police forces to assist in the identification and punishment of cyber criminals, with a technical cooperation agreement with the Federal Police since 2015 to combat electronic bank fraud.

“In this period, through the intelligence and investigation work of the Federal Police, more than 60 operations such as Boleto Real, BR 153, Creeper, Valentina, among others.”

It adds that it supported the process of processing Law 14,155, enacted in May last year, which provides for severe punishments for fraud and scams committed in electronic media and declares that, regarding reimbursement, “each financial institution has its own analysis and return policy, based on individual analyses, considering the evidence presented by the clients and information from the transactions carried out”.

Cybersecurity companies say banks are benchmarks for best practices

Daniel Barbosa, an information security specialist at Eset, says that banks are considered benchmarks of best practices when it comes to protecting their assets, always implementing new technologies and additional layers of protection.

“The application, being owned by the bank, has the same robust security that I mentioned earlier, however, when the scam is dedicated to compromising the user itself, the scenario gains variables that add different complexities to the equation”, says Barbosa.

The expert praises the information campaigns and points out that, in terms of helping victims, he considers it essential that they know what means to turn to in the event of incidents. “This type of information can be disseminated in the awareness campaigns themselves”, he adds.

For Barbosa, automatic blocking measures such as those suggested by Farid are possible to be implemented, but they can negatively impact the user’s perception of the system, since it could block legitimate actions and generate delays in the use of the platform.

“Still, it is possible to think of different forms of user validation, such as the ostensible use of biometrics, restriction of times to perform certain activities, additional authentication factors with the possibility of using geolocation and several other points”, he says.

Eduardo Bernuy Lopes, executive director of Redbelt Security, says that he sees the initiatives by banks with great optimism, especially those dedicated to information and awareness.

“As an analogy, we don’t give information about the security of our homes if someone asks us, but many people still enter personal and confidential data if the person asking is a website or a robot-like call, asking them to enter their password on the keyboard. numeric.”

Lopes believes that the priority should be information. “Banks are on the right track. The more people who know, the less chance they will be deceived.