The use of PIX as a flirting application, a practice that has been growing among users of the instant payments tool in the beginning of 2021, may compromise the security of the data of “pixsexuals”, as they became known. The alert is from ESET.
The practice of flirting with the PIX went viral after users started posting, on social media, prints of transfers of small amounts to some “crush”, taking advantage of the payment system’s text message feature to interact with the person – this function serves to indicate the reason for the financial transaction.
But according to ESET security researcher Daniel Barbosa, such action poses risks for those who expose their PIX keys on the internet. This is because the system shows the full name of the linked account holder and parts of his CPF, when initiating the transfer, facilitating the action of cyber criminals in search of possible victims.
For Barbosa, the danger is even greater when the “PIXTinder” practitioner chooses the CPF or e-mail as the key to inform the suitors, disclosing this information on Twitter or other platforms. He points out that, in these cases, “people with bad intentions will have practically their complete registration”, just view the post.
How to protect your data
In addition to the CPF and e-mail, it is possible to register the phone number as a PIX key or choose a “random number”. In this last option, the bank itself creates a key for you, with no link to the other data.
According to the researcher, the random number option is the least risky for those who eventually need to share the key publicly, emphasizing that it should only be informed when it is really necessary and with caution.
The Central Bank also warned of the dangers of disclosing sensitive data to flirt, noting that the PIX is “a means of payment, not a social network”.