Brazil payments & fraud basics for online sellers

Brazil represents one of the most dynamic and idiosyncratic payments environments in the world, and merchants who understand its payments and fraud landscape protect revenue while keeping checkout friction low.

Table of Contents

Key Takeaways

Layered approach: Combine frictionless checks, progressive challenges, and manual review to balance conversion and security.
Payment-native signals: Treat PIX, boleto, and cards as distinct ecosystems with unique signals and timing considerations.
Operational readiness: Build a fraud operations team, define SLAs, and codify playbooks for common scenarios and incidents.
Data-driven tuning: Use experiments, holdouts, and KPIs to iterate rules and prioritize cost-effective controls.
Compliance and privacy: Align fraud controls with LGPD, Banco Central rules, and consumer protection to reduce legal risk.

Thesis: what online sellers in Brazil must prioritize

The central argument is that successful online sellers in Brazil must combine payment-native understanding (PIX, boleto, card schemes), data-driven fraud controls, and operational playbooks to manage risk without sacrificing conversion.

Also in Tech

Brazil’s mixture of instant payments, widely used bank slips, and rapid e-commerce growth creates specific fraud patterns that differ from many markets. Therefore, the best approach is a layered strategy: lightweight automated checks at checkout to preserve conversion, adaptive risk scoring for edge cases, and fast manual review and remediation processes for high-value or ambiguous orders.

When a seller adopts this layered approach, they reduce direct financial losses, limit chargebacks and disputes, and create repeatable processes that scale as the business grows. This article maps the fraud funnel, highlights the top risk signals, describes verification and refund best practices, lists monitoring metrics, provides an incident checklist, surveys tool options relevant to Brazil, and supplies practical implementation guidance and organizational recommendations to operationalize a fraud program.

Payments landscape overview: the local context that shapes fraud

Brazil’s payments ecosystem is shaped by three features that materially affect fraud patterns: the rapid adoption of PIX (an instant payment system launched by the central bank in 2020), continued widespread use of boleto bancário (bank slips that can be paid offline), and a mature card market with significant card-not-present (CNP) volume. Each method brings specific signal sets and attack vectors that must be treated differently.

PIX enables near-immediate settlement and is attractive to merchants for fast reconciliation, but its instant nature can be abused when payer identity and account provenance are weak; see operational rules at the Banco Central do Brasil PIX guidance. Boleto offers offline payment convenience and is commonly used by underbanked customers, but the delay between boleto generation and bank settlement creates windows where merchants might pre-fulfill goods and be exposed to fraud. Card payments remain a primary vector for CNP fraud and chargebacks, with attackers leveraging BIN testing, stolen card details, and reshipping schemes.

E-commerce growth accelerated during and after the pandemic, increasing both legitimate demand and organized fraud activity. Given this context, sellers should treat fraud prevention as a continuous program tied to payments strategy rather than a single technical integration.

Common fraud schemes in Brazil and how they manifest

Understanding common attack patterns makes signal selection and playbook design more effective. The following schemes are particularly relevant in Brazil’s environment and require targeted countermeasures.

Card testing and BIN attacks: fraud actors attempt small-value transactions across many card numbers to identify valid credentials. These tests often precede larger purchases. Detection relies on velocity limits, BIN monitoring, and small-amount decline/approval pattern recognition.
Triangulation and resale/reshipping networks: attackers operate storefronts that accept stolen card payments and then use a reseller or mule network to collect goods. Red flags include multiple orders to the same delivery hub, rapid re-listing of purchased items, or near-immediate shipment to forwarding addresses.
Synthetic identity and account creation fraud: attackers stitch together real and fabricated data (e.g., recently issued CPFs, disposable emails, virtual phone numbers) to create seemingly valid accounts. Persistent fraud rings may reuse device fingerprints or IP ranges across many synthetic identities.
Social engineering and refund fraud: attackers contact customer support claiming non-delivery or damage to obtain refunds or reships. Strong verification during refund requests and audit trails in customer service interactions mitigate this risk.
PIX-targeted scams: because PIX settles instantly, attackers use tactics like social-engineered transfers or fake merchant notifications to trick payers; merchants may be targeted by mule accounts that rapidly move funds. Monitoring PIX key metadata, payer name mismatches, and new-account behavior is crucial.
Boleto manipulations and fake payment confirmations: attackers may try to spoof bank confirmations or submit fake payment proofs before settlement. Merchants must rely on bank reconciliation feeds and not mark orders as paid based on uploaded images alone.

Fraud funnel map: where risk appears and what to do at each stage

A clear fraud funnel helps the merchant identify where to place controls so that checks appear in the moment that maximizes detection while minimizing friction.

1. Pre-transaction (traffic and onboarding)

Risk activities and threats: account creation fraud, promotional abuse, fake email/phone, synthetic identity formation.

Recommended controls: require phone or email verification for new accounts, block disposable emails and suspicious IPs, monitor signup velocity from the same device/IP range, and consider optional identity enrichment for high-value customers.

2. Checkout (payment authorization)

Risk activities and threats: card-not-present (CNP) fraud, stolen card usage, BIN testing, bot attacks, corruption of payment flow.

Recommended controls: real-time risk scoring, device fingerprinting, 3-D Secure where appropriate, OTP/2FA for riskier transactions, and rules that inspect payment method-specific signals (card BIN, boleto behavior, PIX payer name).

3. Payment confirmation & fulfillment

Risk activities and threats: false positive approvals leading to fraud shipping, triangulation scams, address manipulation for reshipping.

Recommended controls: hold fulfillment for flagged orders, verify shipping address consistency with billing identity (CPF/CNPJ), require ID or signature on delivery for high-value goods, and use courier partners with proof-of-delivery integrations.

4. Delivery and post-purchase

Risk activities and threats: chargebacks, friendly fraud, refund abuse, account takeover after purchase.

Recommended controls: maintain granular logging for disputes, require original payment method for refunds when possible, and run post-purchase behavior monitoring (sudden order changes, new device sign-ins).

Top risk signals for Brazil — what actually indicates fraud

Risk signals are observations or combinations of observations that meaningfully increase the likelihood of a fraudulent event. They should be weighted in a scoring model and mapped to action thresholds (approve, challenge, review, decline).

CPF/CNPJ anomalies: mismatched CPF (Brazilian tax ID) information — such as invalid format, recently issued CPFs, or CPFs associated with many different cards or emails — is a high-risk indicator. Sellers should validate CPF format and consult reputable validation or credit bureau services when risk exceeds a threshold. See official CPF guidance at government CPF information.
Email signals: disposable or temporary email addresses, mismatches between email domain and billing country, or newly created emails used for high-value orders are suspicious. Sellers can block known disposable domains and require additional checks for high-risk domains.
Phone signals: SMS verification failure, phone numbers tied to many accounts, or VoIP numbers increase risk. Brazilian merchants often require SMS verification for significant orders; they can enrich phone data with carrier and number type (mobile vs VoIP) via telco validation services.
IP and geolocation mismatches: IP origin that differs significantly from claimed billing address or geolocation anomalous for the customer’s usual pattern are red flags. VPN or proxy detection and high-velocity IP activity indicate bot behavior or fraud rings.
Device fingerprinting anomalies: multiple accounts or payment attempts from the same device fingerprint, or device fingerprints with spoofed characteristics, suggest automation or account takeovers. Use device identity to detect related transactions across accounts.
Velocity and pattern signals: many orders in a short time from the same CPF, card BIN, shipping address, or IP range; repeated declines followed by a single approval; or unusual cart value spikes are classic velocity signs.
Payment method-specific signals:
- Card: BIN not matching claimed issuing country, AVS (address verification) mismatches, unusual card life (very new or recently reissued), multiple cards on one account.
- Boleto: multiple boletos generated for different CPFs with similar data, boleto numbers that were created and paid quickly from unrelated accounts, or payment originating from a suspicious bank branch.
- PIX: payer name not matching CPF metadata, unusual Pix key patterns, or PIX transfers originating from newly created accounts.
Logistics and recipient signals: shipping to freight forwarding addresses, multiple deliveries to the same PO box, newly created delivery addresses, or courier refusals are concerning. High-value orders with expedited shipping requests should trigger enhanced checks.
Behavioral signals: rushed checkout, inconsistent session behavior (rapid switching between pages, incoherent form completion), or use of browser automation tools suggest automated fraud attempts.
Historical signals: accounts with past disputes, multiple chargebacks across different merchant integrations, or ties to known fraud rings should be scored higher risk by default.

Verification steps: a practical, tiered process

A tiered verification flow balances conversion and security. The goal is to use the least intrusive checks early and escalate only when signals warrant. Sellers should design rules to automate the tiering but keep human review as a safety net for borderline cases.

Tier 0 — frictionless checks (real-time and invisible)

These checks are applied to most orders and aim not to add visible friction:

Data format validation: validate CPF/CNPJ format, card PAN length, CVV presence, and email format.
Basic blacklist screening: block known bad IPs, disposable emails, and previously identified fraudulent CPFs or cards.
Device & behavioral scoring: run device fingerprinting and behavior analytics to generate a risk score without prompting the customer.

Tier 1 — light challenge (one-time friction if flagged)

When Tier 0 raises a moderate risk score, add these lightweight challenges that preserve conversion:

SMS OTP: send a one-time code to the provided phone number; success reduces risk significantly.
Email verification: require click-through on a verification link for account creation or checkout for high-ticket items.
3-D Secure: for cards, route to 3DS authentication where supported; this shifts liability in many cases and reduces chargeback exposure.

Tier 2 — documentation or third-party checks

For high-risk or high-value orders, require stronger identity proof:

Document verification: capture a photo of the customer’s ID (RG, CNH, or passport) and a selfie for facial match. This is particularly useful for expensive electronics, jewelry, or goods prone to theft.
CPF/CNPJ validation with bureaus: use credit bureaus or identity providers to confirm the CPF/CNPJ status and historical credit signals. See services like Serasa Experian.
Bank account verification: for refunding new customers by bank transfer (including PIX), require a micro-deposit verification or an instant account verification API.

Tier 3 — manual review and escalations

When automated and document checks fail or when certain triggers fire (e.g., very high order value, multiple linked signals), the order should go to a trained reviewer who follows a documented checklist. Manual reviewers should have a clear SLA (e.g., respond within 1–4 hours for domestic shipments) and playbooks for next steps such as contacting the customer, requesting more documentation, or holding fulfillment.

Refund policy: rules that protect revenue and customer experience

A well-crafted refund policy reduces abuse while maintaining consumer trust. In Brazil, sellers must also align policies with consumer protection laws and payment network rules. The policy should be transparent, accessible at checkout, and applied consistently.

Core policy elements

Clear windows and conditions: state the refund and return window (e.g., 7, 14, or 30 days), conditions for new/used items, and whether shipping is covered for returns.
Refund method: require refunds to the original payment method when feasible. For card payments, refund to the original card token. For PIX, refund back to the originating PIX key or use a verified bank transfer process. For boleto, specify whether the seller will issue credit or transfer funds to a bank account after verification.
Proof-based refunds: for high-value refunds, require photographic proof of the returned product, tracking number, or confirmation via the courier’s system before issuing funds.
Limits to reduce friendly fraud: specify limits on frequency (e.g., multiple returns may require prior authorization), and consider partial refunds or store credit for frequently abused returns.
Chargeback mitigation: encourage customers to contact the merchant before filing chargebacks and provide a clear, simple dispute process. Maintain records and documentation to support representments with the acquirer.

Operational tips:

Timeframe alignment: ensure refund timelines align with acquirer processing times and consumer law obligations in Brazil. Be explicit about how long refunds typically take to show on the customer’s statement.
Automated triggers: automate refund holds for suspicious patterns (e.g., multiple refunds to the same CPF in a short window) and route those to manual review.
Customer communication: provide clear status notifications during the refund process to reduce chargeback attempts driven by confusion.

Monitoring metrics: KPIs to watch daily, weekly, and monthly

Monitoring is about early detection and continuous tuning. The seller should build dashboards with automated alerts and regular reviews of trends and cohorts.

Daily monitoring (fast signals)

Fraud detection rate: percentage of orders flagged as suspicious or declined by fraud rules.
Chargeback volume and trend: count and value of chargebacks received that day or week; spikes often indicate fraud campaigns.
Approval/decline rates by payment method: sudden declines in card approvals or PIX failures may indicate technical issues or targeted attacks.
Velocity alerts: high-frequency orders per IP, CPF, or device fingerprint that exceed baseline thresholds.

Weekly monitoring (operational health)

False positive rate: proportion of legitimate orders incorrectly blocked or challenged; high false positives damage revenue and conversion.
Review SLA compliance: percentage of manual reviews completed within the target SLA and the approval rate of those reviews.
Refund rate and reasons: trends in refunds and the root causes (damaged item, non-delivery, customer remorse, fraud).

Monthly monitoring (strategic trends)

Chargeback rate: trend and industry benchmarking; assess representment win rate and take corrective rule changes if needed.
Losses attributable to fraud: total value lost to fraud, including shipped fraud orders, chargeback fees, and operational costs.
Customer impact metrics: conversion rate changes correlated with new rules, customer complaint volume, and NPS changes tied to fraud-handling experiences.

Additional recommended metrics:

Average order value (AOV) for flagged vs unflagged orders to decide where stricter controls are most cost-effective.
Time to detection (from order to flagging) and time to resolution for flagged orders.
Dispute representment win rate and average recovery per representment.

Incident checklist: immediate and follow-up actions

When a fraud incident occurs — such as a coordinated attack, a data breach, or a spike in chargebacks — the seller should follow a pre-defined checklist to contain damage and restore normal operations.

Immediate containment (first 0–24 hours)

Identify and isolate the affected flows (specific payment method, API key, or checkout flow). Temporarily disable or throttle the impacted endpoints if necessary.
Block offending entities: block associated IP addresses, device fingerprints, BINs, CPFs/CNPJs, emails, or phone numbers that are clearly malicious.
Preserve evidence: snapshot logs (transaction logs, web server logs, database snapshots) and store them securely for investigation and disputes.
Notify stakeholders: alert internal teams (operations, legal, finance, customer service) and external partners (acquirer, payment gateway, fraud vendor).

Investigation (24–72 hours)

Root cause analysis: determine whether the issue is technical (API misconfiguration), behavioral (new fraud vector), or data compromise.
Customer triage: identify legitimate customers affected and prioritize communication to preserve trust.
Law enforcement & reporting: if the incident involves theft or a wide attack, file the necessary police reports in Brazil and follow any legal obligations. Coordinate with the acquirer and card networks on dispute timelines.

Remediation (3–14 days)

Rule updates: adjust fraud rules and thresholds based on learnings; deploy incremental updates to avoid overcorrection that harms conversion.
Processes & training: update playbooks, train manual reviewers on new patterns, and document mitigation measures.
Customer remediation: refund or reship to legitimately impacted customers and communicate timelines transparently.

Post-incident review (14–90 days)

Metrics audit: review KPIs pre- and post-incident. Assess whether measures reduced fraud without unacceptable conversion loss.
Compliance assessment: ensure all actions adhered to LGPD data protection requirements and payment network rules.
Long-term prevention: consider investments (better device fingerprinting, enhanced KYC, partnerships with local fraud intelligence providers).

Tool options and vendor landscape for Brazil

Sellers should evaluate tools by how well they integrate with local payment methods (PIX, boleto), local credit/identity providers, logistics partners, and Portuguese-language support. Below are categories and representative vendors with brief notes.

Payment gateways & acquirers

Stripe: global product with Brazil operations and local integrations; offers Stripe Radar for fraud detection and supports PIX and boleto through partners.
Adyen: multinational acquirer and gateway with strong global risk tools and local payment method support.
Cielo, Stone, Rede: large Brazilian acquirers with extensive local networks and chargeback processes; often used by merchants for card acquiring.
EBANX: widely used for cross-border merchants selling in Latin America, supporting local payment methods and local customer experience.

Brazilian fraud prevention specialists

ClearSale: a Brazil-rooted fraud prevention company focused on manual review and AI-driven scoring, particularly popular for e-commerce in Brazil. See ClearSale.
Konduto: Brazilian provider specializing in fraud scoring for e-commerce and payments with local heuristics optimized for Brazilian behaviors.
FControl and other local analytics vendors: focus on payment fraud analytics and interfacing with Brazilian payment flows.

Global fraud prevention platforms

Sift: machine learning-based fraud prevention covering account abuse, checkout fraud, and chargebacks with global signals.
Riskified: chargeback-guarantee model for merchants who prefer to transfer fraud liability to the vendor; suited to merchants with higher ticket items.
Forter: real-time fraud prevention with instant decisions and a strong track record in CNP scenarios.
Kount (Equifax): device and behavioral analytics, widely used for detecting complex fraud patterns.

KYC, identity and bureau services

Serasa Experian and Boa Vista: local credit and identity data that merchants can use to validate CPF/CNPJ and build trust scores.
ANPD: the Brazilian data protection authority provides guidance for LGPD compliance; consult ANPD for regulatory updates.

Device fingerprinting & bot management

FingerprintJS: device identity and anti-fraud fingerprinting suitable for blocking repeat offenders and detecting device spoofing.
Cloudflare Bot Management or similar WAF/bot solutions: useful for protecting checkout endpoints from automated attacks and credential stuffing.

Chargeback and dispute management

Chargebacks911 and other dispute resolution firms: help prepare representment evidence and manage acquirer relationships to improve win rates.

Integration tips and evaluation criteria

When evaluating tools, sellers should prioritize:

Local payment method support: integration with PIX, boleto, and local acquirers to surface native signals.
Portuguese-language support and SLAs aligned to local business hours.
Latency and checkout performance: real-time scoring with sub-second responses to avoid slowing checkout conversions.
Explainability and rule control: ability for operations teams to create and tune rules without needing engineering cycles for every change.
Data privacy & LGPD compliance: ensure vendors comply with data protection regulations and support necessary data processing agreements.

Practical examples and playbook snippets

To make the guidance actionable, here are short playbook snippets merchants can adopt or adapt.

Example playbook: high-value electronics order with card payment

Tier 0 checks: CPF format, card BIN, device fingerprint — if all clear, tentative approve.
If device mismatch with billing country, route to Tier 1: require SMS OTP and 3-D Secure authentication.
If OTP or 3DS fails, block and flag; if success but CPF has anomalies (recently issued), route to Tier 2: request ID selfie and document verification before shipping.

Example playbook: boleto order with expedited shipping

Because boletos can be paid offline, wait for confirmed payment settlement via the bank feed.
For expedited shipping requests, require confirmation of the buyer’s phone via SMS verification and check CPF against bureau data. If mismatch, hold for manual review.

Organizational model: roles, staffing, and SLAs

Fraud prevention requires cross-functional coordination. Typical organizational roles and responsibilities include fraud operations, manual review team, payments engineering, customer service, legal/compliance, and partnerships with logistics and acquirers.

Fraud Operations: defines rules, monitors KPIs, runs experiments, and maintains the fraud playbook. This team should own the thresholds and the escalation matrix.
Manual Reviewers: execute investigator workflows, contact customers, and make shipping holds decisions. Reviewers should have formal training, documented decision criteria, and quality controls to manage false positive rates.
Payments Engineering: integrates vendors, instruments metrics, and ensures low-latency scoring paths. This function also handles secure handling of payment tokens and integration with acquirers.
Customer Service: front-line communications for disputed orders and refund workflows; should be equipped with scripts and access to evidence used in representments.
Legal & Compliance: ensures LGPD compliance, handles law enforcement requests, and prepares consumer-law defenses.
Logistics/Operations: coordinates with couriers for proof-of-delivery, signature requirements, and special holds for high-risk shipments.

SLA examples: manual review initial response within 1–4 hours for domestic orders, resolution for escalated incidents within 24–72 hours, and full post-incident remediation plan within 14 days.

Cost-benefit modeling and prioritization

Not all fraud controls are equally cost-effective; sellers should prioritize actions based on potential loss reduction and customer impact. A simple financial model compares the expected loss prevented by a control versus its cost and the revenue impact from false positives.

Key variables to estimate include average order value (AOV), fraud incidence rate, conversion loss from false positives, manual review cost per case, and chargeback fees. Using these, the merchant can calculate a break-even effectiveness threshold for any proposed control. The model should be updated periodically as fraud patterns and volumes change.

Testing, experimentation and iteration

A data-driven program uses experiments to validate rule changes before full deployment. Typical experiments include:

Holdout tests: deploy a new rule to a percent of traffic and compare fraud loss and conversion against a control group.
Shadow mode: run new vendor scoring in parallel without affecting customer flow to verify decision accuracy and latency.
A/B for UI challenges: test different challenge flows (e.g., SMS vs email) to measure conversion and verification success rates.

Iterate using a pre-defined cadence (weekly for tactical tuning, monthly for strategy) and guardrails that limit negative impact on conversion and customer experience.

Privacy, data governance and LGPD specifics

Under Brazil’s General Data Protection Law (LGPD), merchants must be deliberate about data collection, retention, purpose limitation, and subject rights. Fraud prevention is commonly justifiable under legitimate interest or legal obligation, but merchants should document the lawful basis, conduct a Data Protection Impact Assessment (DPIA) for intrusive processing (e.g., biometric matching), and maintain clear privacy notices.

Operational guidelines include minimizing retention of sensitive identifiers (store only what is necessary), encrypting logs and backups, executing Data Processing Agreements (DPAs) with vendors, and providing mechanisms for data subject access and objection. Consult the ANPD for current regulatory guidance.

Cross-border and marketplace considerations

Cross-border merchants and marketplaces have additional complexity. When selling into Brazil from abroad, using local acquirers or PSPs that support PIX and boleto can surface native risk signals and reduce friction for Brazilian buyers.

Marketplaces must balance fraud tolerance across many sellers. Typical approaches include centralized fraud scoring for transactions, shared blacklists for bad accounts or device fingerprints, and marketplace-level holds until seller and buyer verifications pass.

Sample rule set and playbook templates

Below are concise, actionable rule examples that a merchant can translate into their fraud engine or vendor configuration.

Rule: New CPF + high AOV — If a CPF was issued within the last 30 days and the order AOV > 3x median, escalate to Tier 2 (document verification).
Rule: BIN-country mismatch — If card BIN country does not match shipping country and AVS fails, require 3-D Secure and SMS OTP; if either fails, decline.
Rule: PIX payer mismatch — If PIX payer name does not align with CPF metadata, hold order until PIX reconciliation confirms matching key and beneficiary.
Rule: High-velocity IP — If an IP address generates >N orders within T minutes with differing CPFs, block and require a CAPTCHA and manual review.

Customer service scripts and dispute evidence

Customer service plays a critical role in reducing chargebacks. Scripts should encourage customers to contact the merchant before filing a dispute, provide step-by-step guidance for refunds and returns, and collect evidence consistently for representments.

Evidence packages for card network representments should include order metadata, payment authorization logs, device fingerprinting data, ID verification copies (where permitted), shipment tracking and POD, and call/chat transcripts. Clear labeling and versioning of evidence enable faster acquirer communication and better win rates.

Implementation roadmap: a phased approach

A pragmatic rollout reduces operational risk and preserves conversion. A recommended phased roadmap:

Phase 1 — Audit & baseline: map payment methods, current fraud incidence, existing controls, and data availability. Implement basic format checks and blocklists.
Phase 2 — Instrumentation & vendor pilots: integrate device fingerprinting and one fraud vendor in shadow mode. Define KPIs and initial rules for Tier 0 and Tier 1.
Phase 3 — Scale & manual review: enable Tier 2 flows, hire or train manual reviewers, and set SLAs. Run A/B tests for rule changes.
Phase 4 — Optimization & partnerships: iterate on models, onboard local bureau integrations, and formalize courier proof-of-delivery contracts.
Phase 5 — Continuous program: maintain monthly strategy reviews, tabletop incident simulations, and periodic vendor performance assessments.

Case vignette: anonymized scenario

A midsize electronics merchant noticed a sudden spike in high-value orders paid by PIX, all shipping to a small coastal city, with many payouts moving through new bank accounts. The merchant immediately throttled PIX payments above a risk threshold, initiated SMS verification for suspect orders, and flagged orders for manual review. Coordination with the acquirer and courier confirmed a reship network; the merchant updated rules to hold expedited shipping for PIX payments originating from accounts under 30 days old and implemented a mandatory ID verification flow for orders above a defined AOV. Chargebacks and shipped-fraud losses declined over the next quarter while conversion dipped minimally because most adjustments targeted a small high-risk cohort.

Frequently asked operational questions

What is an acceptable chargeback rate? Benchmarks vary by vertical; however, focusing on representment win rate and cost-per-fraud-lost provides better operational guidance than a single percentage target. How many manual reviewers are needed? That depends on transaction volume and false positive rate; a typical starting point is 1–2 reviewers per 1,000 daily flagged orders, with automation reducing headcount over time. When should a merchant use a chargeback-guarantee vendor? Consider this for high-ticket items where the vendor’s fee is cheaper than expected fraud losses and the seller prefers predictable liability transfer.

Legal and regulatory considerations

Sellers in Brazil must be mindful of local regulations. Key points include:

LGPD (data protection): personal data use for fraud prevention is typically a legitimate interest, but sellers should document lawful bases, minimize stored data, and provide data subject rights processes. Consult the ANPD for guidance.
PIX rules and Banco Central guidance: PIX has specific operational rules and dispute processes. Merchants should follow the Banco Central do Brasil guidance on PIX.
Consumer protection: Brazilian consumer law protects certain buyer rights; be transparent about refunds, returns, and delivery SLAs to avoid regulatory complaints.

He, she, or they who run online selling operations in Brazil should view fraud prevention as a continuous program, not a one-time project. Continuous data collection, rule iteration, and vendor experimentation will improve accuracy over time. Which part of this plan would the merchant like templated — rules, a review checklist, or a sample refund policy — to make implementation faster?