top of page
Search

Bre B: The instant payment revolution and how to protect your digital keys

In a context where digital transformation in Colombia is advancing by leaps and bounds, the financial system is adapting by integrating tools that promote the interoperability, efficiency, and traceability of electronic payments.


In this scenario, Bre-B emerges, the new national system of immediate and interoperable payments, managed by the Banco de la República, which has been in operation since July 14, 2025. This national seal aims not only to reduce the use of cash, but also to formalize informal transactions, improve traceability and reduce transaction costs, with the goal of transforming the daily economy of millions of Colombians.


However, with this speed and scope comes a new attack surface for cybercriminals. Users, businesses, and financial institutions must understand and mitigate risks such as fraud, irreversible errors, and technological vulnerabilities with a proactive and collaborative approach.


What is Bre-B and how does the Key system work?


Bre-B is Colombia's national instant payment system. It allows you to send and receive money between different banks, digital wallets, and financial institutions in real time, every day of the year, regardless of the origin or destination entity. Bre-B has been designed to make payments and transfers more agile, efficient, and secure, accelerating digital transformation and financial inclusion in the country.


Bre-B keys are unique identifiers that users manually register through their financial institution's app or website and link to their account or electronic deposit. These serve as a simplified and secure way to receive payments, rather than sharing long account numbers.


Types of keys


One or more keys can be associated with accounts, as long as they are not duplicated or associated with other accounts or electronic deposits.

A key can only be associated with one account or deposit, however, an account or deposit can be associated with multiple keys.
A key can only be associated with one account or deposit, however, an account or deposit can be associated with multiple keys.

What types of payments and transfers can be made with Bre-B?


Payments and transfers can be made from person to person or from person to business.

You can make everyday payments of up to $11,552,000 COP in transfers.
You can make everyday payments of up to $11,552,000 COP in transfers.

Bre-B Volume and Adoption


  • According to data from Banca de oportunidades, Colombia will have surpassed 34 million digital transactional accounts in 2024, with an annual growth of 22% in electronic wallet users.

  • In 2024, there were 282 million real-time transactions between people, while in 2023 there were 92 million, a 200% year-over-year increase.

  • More than 5 million people have registered keys, with 6.4 million identifiers assigned.


Risks from misuse of keys


Bre-B keys facilitate secure and fast operations, but can be a target for fraud and abuse if not properly protected:


  1. Key theft and misappropriation: If you do not register your key first, or if someone obtains your key (for example, your cell phone number or email address), a third party could receive transfers intended for you or even make unauthorized changes and transactions to your account.

  2. Data leaks and fraud exposure: Inadvertently sharing your keys or linked data can lead to social engineering or phishing attacks, where criminals try to trick you into gaining access and draining your accounts.

  3. Instant, irreversible transactions: Unlike traditional systems, where a transfer can take a long time to process, Bre-B makes payments in seconds; an erroneous or fraudulent transfer is much more difficult to reverse, increasing the financial risk for the user.

  4. Phishing and preferred cyberattacks: There are digital threats focused on tricking users into handing over their keys or credentials through fake sites or messages that simulate being from the Bre-B system, which can lead to theft of funds.

  5. Vulnerability to malware and device theft: If a mobile device or computer is compromised with malware, keys and accessories can be captured, exposing the user's money.


The success and confidence in Bre-B will depend largely on all companies and institutions involved taking a proactive and collaborative approach to managing these risks, balancing innovation and ease of use with a robust comprehensive security framework.


Key technical recommendations


For users


  • Register your keys only on the bank's official app or website. Never use links from SMS, WhatsApp, or email.

  • Don't share your keys in public or respond to requests for unknown information. No bank asks for keys on social media.

  • Be wary of urgent messages.

  • Report suspicious activity directly to your financial institution.


For companies and Fintechs


  • Adopt DevSecOps and Secure-by-Design: Integrate security controls from the early stages of development, with regular code analysis and penetration testing.

  • Ensure APIs comply with the OWASP API Security Top 10 framework and use OAuth 2.0 and encryption.

  • Establish an incident response and business continuity plan and conduct frequent simulations.

  • Promote a continuous culture of cybersecurity with phishing simulations, training, and internal campaigns.


Bre-B is a transformative tool for financial inclusion, promising fast, interoperable, and accessible payments. But its scope also opens the door to new sophisticated threats phishing, ransomware, internal fraud, and irreversible errors—that require a robust technical and strategic response.


Adopting robust practices such as DevSecOps, international certifications, real-time monitoring, and artificial intelligence is essential.


The key is:


  • Prioritize protection of digital "keys."

  • Constantly educate users and employees.

  • Adopt predictive (not reactive) technology.


Information source:


Comments

bottom of page