4 min read
Instant payment platforms like Pix in Brazil and CoDi in Mexico have transformed how money moves. What once took days now happens instantly. For consumers and businesses, that speed delivers real benefits. There are lower fees, fewer intermediaries, and payments that simply work. It’s no surprise these systems are now embedded in everyday economic life, from street vendors to large retailers.
The faster and more seamless a payment becomes, the more valuable it is to criminals who rely on urgency, social engineering, and misdirection. So, fraud adapts to these intricacies of instant payment platforms. Increasingly common scams on Pix and CoDi show how traditional fraud controls struggle when there is no meaningful window to intervene after a payment is sent.
How Pix and CoDi Work
Pix is Brazil’s national instant payment system, launched by the Central Bank of Brazil in 2020. It enables real-time, 24/7 account-to-account transfers between individuals and businesses. Payments settle in seconds rather than days.
Users initiate transfers using phone numbers, email addresses, national ID numbers, or QR codes, and are typically free for consumers. Pix is deeply integrated into Brazilian banking apps and widely used for everyday transactions, from utility bills to peer-to-peer payments. There are now almost 8 billion monthly Pix transactions, and an estimated 70-93 percent of Brazil’s population uses it.
CoDi (Cobro Digital) plays a similar role in Mexico. Developed by Banco de México, it allows users to make payments via QR codes using their existing bank accounts. CoDi transactions are processed through Mexico’s SPEI real-time interbank payment system, meaning funds move instantly between banks.
Like Pix, CoDi is designed to reduce reliance on cash and card networks and to lower costs for merchants and consumers. Uptake of CoDi has not yet reached the remarkable degree of popularity of Pix in Brazil. The latest stats show over 18 million validated accounts on the platform.
From a technical and operational standpoint, both systems share several defining characteristics:
- Immediate settlement, with no meaningful recall window once a payment is sent
- Strong authentication, typically via bank-app credentials and device binding
- Broad accessibility, requiring no separate wallets or third-party apps
- High transaction velocity, enabling frequent, low-value transfers at scale
These features make Pix and CoDi popular, but they also reshape the fraud landscape.
The point of failure shifts upstream, to how users are prompted, manipulated, or misdirected before they ever tap “send.”
Common Pix and CoDi Scam Patterns
A recent Tiinside Brasil story highlighted a report by Brazil’s Association for the Defense of Personal and Consumer Data (ADDP) that Pix-related cases reached 28 million cases between January and September 2025, significantly outpacing other reported scam categories.
Source: ADDP survey data (Jan–Sept 2025), reported by Tiinside Brasil. Categories may not be mutually exclusive.
Fraud on platforms like Pix and CoDi relies on tactics like persuasion, urgency, and the fact that the victim is the one initiating the payment. That distinction places these scams firmly in the category of authorised push payment (APP) fraud. These scams are notoriously hard for banks and financial institutions to detect.
Impersonation-driven scams
One common pattern is impersonation-driven urgency. Victims are contacted by someone posing as bank support, a merchant, or a trusted service provider and told that an issue must be resolved immediately. The solution, almost invariably, involves sending a Pix or CoDi transfer to a “temporary” or “safe” account.
Fake receipt scams
An interesting one is the fake receipt scam. Fraudsters send victims a forged confirmation screen or PDF that closely resembles a legitimate Pix transfer receipt, often via WhatsApp. Sellers are persuaded that payment has already been made and release goods or services before checking their balance.
Marketplace and rental scams
Another frequent pattern involves marketplace and rental scams. Fraudsters advertise goods or services on legitimate platforms, move the conversation to private messaging, and request payment via Pix or CoDi to secure the deal. Once funds are sent, the seller disappears.
QR code manipulation
There’s also the potential to manipulate QR codes in online listings or physical locations. Fraudsters can then temporarily redirect payments for goods or services to accounts they control. Users might believe they’re paying legitimate merchants, but instead they send funds directly to criminals.
Lessons for Instant Payment Fraud Prevention
Platforms like Pix and CoDi ostensibly have good intentions behind them. Also, it’s worth noting that they are not uniquely vulnerable to fraud. However, the popularity of platforms like these exposes structural weaknesses that will surface wherever instant payments become the default. Here are five important takeaways:
- Speed collapses recovery
When payments settle in seconds, post-transaction controls and reimbursement processes become blunt instruments. Once funds move, the opportunity to intervene is largely gone. - Authorisation is no longer a reliable indicator of legitimacy
Pix and CoDi scams show how easily users can be manipulated into initiating transfers themselves. Strong authentication, device binding, and verified identities do little to help when the victim is convinced that sending money is the correct action. From the system’s perspective, nothing is technically wrong. The payment is legitimate in form, even if fraudulent in substance. - The most meaningful fraud signals appear upstream
Sudden urgency, changes in payment patterns, new counterparties, or account activity that reflects social engineering rather than organic use, transaction monitoring alone struggles to capture this context. - Mule activity becomes harder to distinguish from normal behaviour
Victims, witting participants, and complicit mules may all initiate legitimate-looking payments. Without account-level classification and longitudinal analysis, financial institutions are left reacting to outcomes rather than understanding intent. - Pix and CoDi demonstrate that fraud is increasingly ecosystem-wide
Scams originate across messaging apps, marketplaces, and social platforms. For banks and PSPs watching the growth of instant payments globally, the challenge is clearly adapting fraud prevention to this new dynamic.
Account-Level Signals that Precede Instant Payment Fraud
Changes in behaviour, interaction patterns, counterparty relationships, and account usage often precede fraud on Pix and CoDi by days or weeks. But for banks and PSPs, these indicators are fragmented across internal systems, customer touchpoints, and external signals.
This is where pre-fraud intelligence becomes essential. Rather than asking whether a single outgoing payment from a bank account looks risky, fraud teams need the ability to assess whether an account is becoming risky; whether it is drifting toward victimhood, mule activity, or laundering use.
Acoru is designed for exactly this challenge. By continuously monitoring accounts and evaluating events across channels and counterparties, Acoru helps banks and payment providers classify accounts based on emerging risk. This makes it possible to intervene earlier, apply friction proportionately, and take action before fraudulent instant payments get initiated.