Brazil Enforces PIX MED 2.0 Multi-Hop Fraud Tracking After R$6.5 Billion in 2025 Losses

After R$6.5 billion in PIX fraud losses during 2025 and a 7 percent fund recovery rate, Brazil's central bank is enforcing MED 2.0, an upgraded refund mechanism that traces stolen money across multiple account hops with automatic blocks at each node. Supervisory penalties for non-compliant institutions begin in May 2026, completing a phased rollout that started with optional adoption in November 2025.

Sources:TI INSIDE Online →·Demarest Advogados →·Campos Thomaz Advogados →·Mattos Filho →

Brazil's Central Bank made the MED 2.0 fraud recovery mechanism mandatory for all PIX transactional account providers on February 2, 2026, replacing a system that could only block stolen funds in the first receiving account. The upgrade enables multi-hop tracking across chains of intermediary accounts with automatic preventive blocks at each step.

The original MED, deployed alongside PIX in November 2020, had a structural weakness. When scammers moved stolen funds through multiple accounts in rapid succession, the mechanism could only freeze money in the initial receiving account. By the time a dispute was filed, the funds had already cascaded through several accounts and been withdrawn. The Central Bank reported that only 7 percent of disputed PIX funds were recovered in 2025.

MED 2.0 follows the money. The system traces transfers across the full chain of accounts, applying automatic blocks at each node. The Central Bank states that recoveries should complete within 11 days of a dispute, a defined timeline that replaces the open-ended process under the original mechanism. Industry analysts estimate the upgrade could reduce successful PIX scams by up to 40 percent.

The financial case for the upgrade is clear from the numbers. PIX-related fraud losses reached R$6.5 billion in 2025, driven by social engineering attacks that exploit the system's real-time settlement finality. Brazil's instant payment system processes over 45 billion transactions annually, making fraud prevention a systemic priority.

Implementation followed a phased schedule. Participation was optional from November 23, 2025, giving institutions a window to integrate the multi-hop tracking infrastructure. The February 2, 2026 deadline made compliance mandatory. A technical adaptation period runs through May 2026, after which the Central Bank will begin applying supervisory penalties for non-compliance.

MED 2.0 is part of a broader security overhaul. Resolution BCB No. 491 and Resolution CMN No. 5,193, both issued in November 2025, introduced new cybersecurity requirements for financial institutions within the National Financial System. Together with MED 2.0, these measures represent the most significant tightening of PIX's security framework since the system launched in November 2020.

Related Systems

PIX

Found this useful?

Get the weekly payment infrastructure digest.

← Previous

BCB Activates Automatic Blocking for PIX Settlement Accounts Under Resolution 554

296 of 333

Vipps MobilePay Sells Checkout Business to Kustom in NOK 490 Million Deal, Sharpening Wallet Strategy

← Previous

BCB Activates Automatic Blocking for PIX Settlement Accounts Under Resolution 554

296 of 333

Vipps MobilePay Sells Checkout Business to Kustom in NOK 490 Million Deal, Sharpening Wallet Strategy