The use of password-protected slips has become more frequent in the last six years. This trend is linked to the need to protect customer information, especially after the implementation of the General Data Protection Law (LGPD) in 2020.
The use of password-protected slips has become more frequent in the last six years. This trend is linked to the need to protect customer information, especially after the implementation of the General Data Protection Law (LGPD) in 2020.
The LGPD established companies' responsibility for consumers' personal data, such as CPF and address. Due to this, large corporations began incorporating tools and software that encrypt and protect slips with passwords. However, this measure is not mandatory; the decision to implement the password belongs to the issuing company of the slip.
Washington Fonseca, a postgraduate professor at IBMEC and partner at the law firm FMIS Law, clarifies that there is no specific rule from the Central Bank (BC) forcing the use of a password to access financial documents or slips. He states that it is an extra layer of security adopted by certain financial institutions and companies, primarily aimed at safeguarding customer data.
Fonseca adds that there are no general guidelines standardizing these passwords. The security methods are diverse: some use application authentication, others employ tokens, validate access via CPF, or use predefined passwords. According to him, each institution defines the security mechanisms it deems most appropriate.
In addition to helping companies comply with LGPD security requirements, passwords help hinder fraudsters' actions. Daniel de Morais, development consultant at ACBr Boleto, points out that there are specialized viruses capable of modifying the printable line and barcode of a slip when it is not encrypted. This causes the payment to be directed to the scammer's account, with the invasion occurring during the loading of the slip's PDF, a phenomenon known as boleto malware.
These malware can be introduced into devices through fraudulent emails, file downloads, or visits to untrustworthy websites. In these schemes, the slip amounts usually remain unchanged, which complicates fraud detection. The presence of a password in the PDF file prevents the virus from reading or altering the document's information, and often, the virus does not even recognize it as a slip.
To ensure the legitimacy of a slip, it is essential to check the document's origin and meticulously examine the data presented at the time of payment, not just the charged amount. Additionally, it is possible to confirm authenticity by contacting the bank or the company responsible for issuing it directly.