Annually, about R$ 5 billion is invested by the Brazilian Federation of Banks (Febraban) and the associated banks in cybersecurity. In an attempt to contain scams involving the main payment methods used by Brazilians, around 150 financial institutions use technology developed by women that has already avoided R$ 4 billion in losses from scams involving Pix, cards, TED, and boletos just in 2025. Of the more than 400,000 scam attempts blocked until April, 95% involved Pix. This payment method also represents the largest share of the R$ 4 billion.
The 400,000 blocked scam attempts already represent more than the transactions blocked in 2024 and previous years, says the company Data Rudder.
Banks, financial institutions, cooperatives, payment institutions, and banking as a service companies (companies that provide banking infrastructure services to non-financial companies) use technology that covers the complete cycle of transactions, from receipt to settlement, and utilizes artificial intelligence and exclusive algorithms to identify atypical patterns.
The DeLorean Anti-Fraud Transactional platform, the company's main technology, maps the network of connections between suspicious accounts and identifies accounts rented by third parties or created with stolen data, the so-called 'pass-through accounts', which serve as intermediaries to hinder the tracking of the defrauded money.
The creation of orange accounts to move illicit values and hinder the tracking of the origin and destination of the resources was placed on the Central Bank's agenda in May. To attempt to prevent the opening of fraudulent accounts with false identities, the Central Bank will offer, starting December 1, 2025, a new system that will allow citizens to inform, on a voluntary basis, the entire National Financial System that they do not wish to open new accounts (checking, savings, or payment). Furthermore, Joint Resolution No. 6 of 2023 provides for the sharing of information on indications of fraud among financial institutions regulated by the Central Bank.
Rafaela Helbing, data scientist and CEO of Data Rudder, comments that the so-called 'orange accounts' tend to follow a standard behavior, which allows, in many cases, their identification through behavioral analysis and network mapping.
"Some of the main characteristics observed by us in these accounts include high transaction volumes in short periods, especially via Pix, but with an average balance close to zero. That is, the money comes in and goes out almost immediately, without remaining in the account. They are usually accounts of young people, with lower purchasing power or in vulnerable situations, often recruited by scammers to 'rent' their accounts in exchange for small amounts. And the Pix descriptions serve as a communication channel between fraudsters, with coded messages or operational instructions disguised as common text."
The transaction times are also unusual, such as high-value transactions made at night or in the early morning. Additionally, it is common for these accounts to be used only for short periods, being discarded or abandoned after triggering alerts from the monitoring systems of the institutions or by victims who notice the fraud.
"Although orange accounts also exist in traditional banks, we notice that it is more common for these accounts in digital banks to show a lack of historical relationship with the financial institution. Another point is that, in general, an orange account is linked to other suspicious accounts, forming transaction networks that indicate routes for the outflow of defrauded money."
Data released in April by Febraban shows that the illicit use of Pix, as a means of funneling values from scams and fraud, grew 43% in two years, resulting in losses of R$ 2.7 billion. The entity points out that this reflects a public safety issue.
Helbing endorses Febraban's view that, despite constant technological evolution, the main scams still heavily rely on social engineering, that is, on manipulating human behavior.
"Criminals exploit emotions such as fear, urgency, or trust to convince victims to share sensitive information, click on malicious links, or even authorize financial transactions. Additionally, we have observed a growth in the use of deep fakes, which are manipulated content with artificial intelligence, such as fake videos or audios that closely mimic a person's voice or face. This technique has been used, for example, to impersonate company executives or family members in video calls, increasing the credibility of the fraud," he points out.
Another type of scam that has become more common is mobile malware, malicious programs that install on the victim's device (usually through fake apps) and can directly interfere with financial transactions, changing, for example, the Pix key of the recipient at the moment the money is sent — all without the user noticing. "That is, although the tools evolve, the essence of the scams remains to deceive and manipulate people."
For the executive, the advancement of initiatives from the Central Bank and the cooperation between institutions has led to an increase in the use of analytical models and network graphs to identify the use of fake accounts more accurately. One of the main operational challenges in instant transaction environments is the incidence of false positives, that is, alerts that incorrectly indicate that a security threat is present in that specific environment.
"A calibrated system according to the institution's profile and the use of a combination of transactional behavior data, account holder profile, and network patterns has proven effective in preventing and interrupting the fraud cycle involving 'orange accounts'."
In 2023, the startup received an investment of R$ 10 million in a Series A funding round led by LA Venture Builder, an investment fund created by B3. The company was also founded by Thais Nolasco.