Boleto payment system susceptible to frauds

According to the recent study on information security, a “malware-based fraud ring” had infiltrated the online payment method known as the boleto, diverting payments to accounts held by members of the ring.

Boleto Payment System

Boleto Bancário, simply referred to as Boleto is a payment method in Brazil regulated by Brazilian Federation of Banks.A boleto can be paid at ATMs, branch facilities and internet banking of any Bank, Post Office, Lottery Agent and some supermarkets until its due date. After the due date it can only be paid at the issuer bank facilities.

Boletos are used in a wide range of transactions, such as telephone, school tuition, mortgage and credit card payments.

Impact of Fraud on Boleto Payment System

The report said the scheme may have compromised close to 500,000 transactions with an estimated value of $3.75 billion over a two-year period. However, researchers were unable to determine how many of those boletos were paid by victims or whether they went to fraudster-controlled bank accounts.”

It said transactions of 34 banks were affected, though it did not name the banks.

The Federation of Brazilian Banks that represents Brazil’s banking industry said the country’s banks lost 1.4 billion reals (about $700 million) to electronic fraud in 2012.

According to the report, the boleto system is the second most popular payment method in Brazil after credit cards.

E-bit, a Brazilian e-commerce market research firm, estimates that 18 percent of all purchases made in 2012 in Brazil were transacted via boletos.

The report says the malware appears to affect only boletos generated or paid online via infected Windows-based PCs using Google Chrome, Mozilla FireFox and Microsoft Internet Explorer. It modifies the boleto information “so that payments are redirected to a fraudster’s account,” the reports said.