Reported by The Economist

Brazilians have long been early adopters of fintech. In 2017, EY, an accounting firm, found that two-fifths of Brazilians regularly used online banking, one of the highest rates worldwide. In 2020 44% of customers had a digital-only account, compared with less than 20% in the United States and Canada, according to a survey by Accenture, a consulting firm. That year the central bank released Pix, an instant-payments platform. It has been wildly successful. Today it has 3bn transactions a month. That is five times more than transactions by debit and credit cards combined.

This bonanza has attracted cyber-criminals. Their main weapon has been the “banking trojan”, a programme that steals users’ account information. According to Kaspersky Lab, a cyber-security firm, Brazil is the top country for attacks by banking trojans, with 1.8m attempted infections from June 2022 to July 2023 (the latest data available). Globally eight of the 13 most popular types of trojans are made in Brazil.

Cyber-criminals initially focused on trojans as they require little skill to use. However, as banks developed better defences, criminals were forced to branch out into more complex and lucrative attacks. Brazil’s underworld has developed the most advanced “point of sale” malware, which scammers use to filch bank details from card readers, according to Kaspersky Lab. Known as Prilex, this application can block contactless payments by stopping the short-range connection between a credit card and the payment terminal. The terminal reads: “Error. Please Insert.” When a customer inserts her card and PIN, the malware uses the credentials to authorise a fraudulent transaction. During Rio’s carnival in 2016, a hacker used a basic version of this software to remotely take over 1,000 ATMs.

Read full report: https://www.economist.com/the-americas/2024/01/04/why-is-brazil-a-hotspot-for-financial-crime