Companies that provide information technology services to connect Banks to Pix must see an increase in operating costs after the hacker attack discovered in early July. Sector sources say the Central Bank opened dialogue with companies in the segment shortly after.
New requirements and a Central Bank inspection squeeze are expected to increase infrastructure costs for those who act as an Information Technology Service Provider (PSTI). It is the technology companies responsible for connecting financial institutions to the NATIONAL FINANCIAL SYSTEM (RSFN) network, where you can participate in systems such as instant payments, Pix.
“If regulation rises, costs go up automatically,” says the head From Tivit Techfin, Rafael Maia. “Obviously, PIX is not charged from the end customer customer, but from companies and institutions it is,” says the company’s executive who was recently approved as PSTI, a process before the first contract to obtain active status.
Enjoy!
NFL in Brazil: Extra Tickets
NFL Game in SP: With XP card you compete for 10 pairs of tickets
Among the most rigorous attitudes that can enter the scope of the BC, companies consider that the municipality should define new standards and expand the checking of documentation. But for Evertec + Sinqia’s vice president of technology, Carlos Sangiogio, the main measure of the BC should be to take an auditor role.
“The Central Bank cannot control if someone stole a credential, but he can tell the company the following: ‘Give me the list of everyone who has access to the environment and could steal a certificate.’ From the names, he confirms if everyone has authentication, can even pull the criminal record,” says Sangiiorgio. “This obviously increases security. With audit, the company has to evidence that it really takes action, not just talking.” Synchy is one of the seven active institutions in the PSTI.
Today, the journey to become a PSTI takes up to eight steps, ranging from regulatory planning, undergoing the formal request to the BC, selection and approval, technical tests, security certificates, an operational pilot, evaluation and, finally, continuous monitoring operation.
Continues after advertising
For each pix operation made in a financial institution, the provider receives an average of 1 penny of real, against an infrastructure cost involving networks, links, contingency data centers and 24 hours support, for example. This value may be higher or lower depending on the proposal made in the competition, considering the volume of monthly negotiations of the financial institution.
The problem lives just there: PSI profit margins are already tight and an increase in security -related costs would further press business, which would need to pass on to new contracts with financial institutions. It is important to reinforce that none of this implies costs for people who send or receive Pix, which is still free.
According to Sinqia’s Sangiorgio, 20 million transactions per month ensure such a viability. He assesses, however, that the costs for those who already act with high security standards should not be so changed.
Continues after advertising
The Central Bank did not respond to Infomoney If you want to change the inspection rules and security audit involving the PSTIS or what they would be.
According to the Infomoneysince the week following the case involving C&M Software the regulator sought companies in the sector to address the initiatives adopted by the companies regarding safety. At least to Sinqia, the BC asked for a response to a form involving network security factors, behavioral and the company’s ability to trigger a circuit breaker For risk cases, a kind of “panic button”.
Remember how the hacker attack went
On July 2, it was revealed that an attack on C&M accessed accounts maintained by financial institutions from the BC. Estimates pointed to losses between $ 500 million and $ 1 billion that did not directly impact customers of the affected institutions. The police arrested.
Continues after advertising
PSTIS are normally hired by smaller financial institutions, such as average, digital, regional, fintechs, payment institutions and cooperatives, to outsource infrastructure development and connect to the Pix system.
The incumbent banks – Bradesco, Itaú, BB, Santander – have PSI within their own digital infrastructure. BTG, harvest, Banrisul and BV institutions may have their own model or hybrid.
Any institution that wants to act as a direct participant in systems such as Pix needs a PSI, whether internal or hired. Indirect participants, those who do not connect with RSFN, need to have a direct intermediary.
Unique opportunity
Legacy Card: Far beyond a service
