PIX
PIX is Brazil's instant-payment scheme, operated by the Banco Central do Brasil (BACEN). The BR Code QR format is an EMVCo MPM subset with Merchant Account Information (tag 26) carrying a PIX key — which can be a CPF, CNPJ, email, phone number, or random EVP. PIX settled its first trillion reais in under two years from launch (2020 → 2022) and is now the dominant retail payment rail in Brazil.
Canonical spec: Banco Central do Brasil — PIX documentation. Core resolution: BACEN Resolution 103/2021 — Manual de Padrões para Iniciação do Pix.
Parent spec: EMVCo MPM v1.1. PIX reserves merchant-account tag
Encoding: TLV (Tag-Length-Value) with 2-digit tags, 2-digit lengths, CRC16-CCITT trailer.
Parent spec: EMVCo MPM v1.1. PIX reserves merchant-account tag
26; everything else inherits from EMVCo.Encoding: TLV (Tag-Length-Value) with 2-digit tags, 2-digit lengths, CRC16-CCITT trailer.
BR Code structure — tag 26 (PIX Merchant Account Information)
The PIX-specific content lives in tag 26. It's itself a nested TLV structure with these sub-tags:
| Sub-tag | Name | Length | Notes |
|---|---|---|---|
00 | GUI — Global Unique Identifier | 14 | Fixed value br.gov.bcb.pix. Identifies the scheme as PIX. |
01 | PIX key | variable | CPF (11 digits), CNPJ (14 digits), email, phone (+55DDPHONE), or EVP (UUID-like random key). |
02 | Additional info | variable, ≤72 | Free-text payer message. Displayed to the payer in their banking app. |
25 | URL — dynamic PIX | variable | Used only for dynamic PIX: the payer's app fetches the full payload from this URL at scan time (amount, due date, expiration, discount/fine). Static PIX omits tag 25 entirely. |
PIX key types
| Key type | Format | Validation |
|---|---|---|
| CPF (individual tax ID) | 11 digits, no punctuation in QR payload | Mod-11 checksum on last 2 digits. Mask 123.456.789-09 → raw 12345678909. |
| CNPJ (corporate tax ID) | 14 digits, no punctuation | Two mod-11 checksums. Mask 12.345.678/0001-95 → raw 12345678000195. |
| RFC 5321 compliant, max 77 chars | Lowercased by BACEN on registration; QR payload must match the registered case. | |
| Phone | E.164 with +55 country code, max 14 chars | Format: +55DDNNNNNNNNN where DD is the 2-digit area code. No spaces, no dashes. |
| EVP (random key) | UUID v4 format, 36 chars | Generated server-side by the payer's bank during registration. Preferred for merchants who don't want to expose CPF/CNPJ/email/phone. |
Static vs dynamic PIX
- Static PIX (Point of Initiation
11). Everything encoded in the QR: PIX key, merchant name, merchant city, optional fixed amount, optional reference. The payer's app reads it directly and authorises. Best for printed stickers, invoices, window posters. Amount can be omitted (payer types it in) or fixed (exact charge). - Dynamic PIX (Point of Initiation
12). QR carries a URL (sub-tag25). The payer's app fetches a JWS-signed JSON payload from that URL with amount, due date, expiration window, and optional late-fee/discount rules. Required for billing invoices with expiry dates (boletos híbridos). Also used for PIX Cobrança (billing).
Canonical test vector — static PIX with CPF key and fixed amount
CPF 12345678909, merchant LOJA TESTE in SAO PAULO, fixed amount R$10.00, no transaction reference:
00020126360014br.gov.bcb.pix0114123456789095204000053039865406010.005802BR5910LOJA TESTE6009SAO PAULO62070503***6304XXXX| Tag | Value | Meaning |
|---|---|---|
00 | 01 | Payload format indicator (always 01) |
01 | 11 | Static point of initiation |
26 | 36 bytes of nested TLV | PIX Merchant Account Information |
├─ 00 | br.gov.bcb.pix | GUI |
├─ 01 | 12345678909 | CPF key (11 digits) |
52 | 0000 | MCC — unknown / personal |
53 | 986 | ISO 4217 currency code for BRL |
54 | 10.00 | Fixed transaction amount |
58 | BR | Country code |
59 | LOJA TESTE | Merchant name (max 25 chars per EMVCo) |
60 | SAO PAULO | Merchant city (max 15 chars) |
62 | 7 bytes nested | Additional data template |
├─ 05 | *** | Reference label (placeholder when no ref) |
63 | XXXX | CRC16-CCITT over everything before (recompute at encode time) |
Common pitfalls
- CPF/CNPJ masking. The QR payload uses the unmasked digits only (
12345678909, not123.456.789-09). Some code generators leave the dots and dashes in by mistake — the resulting QR fails every banking app with "chave PIX inválida." - Character set matters. BACEN spec says ISO/IEC 8859-1 (Latin-1) for merchant name and city. Accented chars (
São Paulo) must be encoded in Latin-1 before TLV length is calculated, not UTF-8. UTF-8 encoding inflates the byte count and breaks the length field. - CRC computation. The CRC16-CCITT (polynomial
0x1021, init0xFFFF, no final XOR) covers everything from tag00through6304— including the literal tag+length of the CRC field itself. Common bug: CRC computed over the wrong range, QR parses correctly on some apps and fails on others. - Amount format is string, not number. Tag
54is a string:10.00not1000. Two decimal places required. Max two decimals — BRL has no sub-cent denominations. - Static PIX has no built-in refund. Once paid, a static PIX is instant and final. Merchants must handle refunds out-of-band (a reverse PIX from the merchant back to the payer). Display this clearly on printed materials.
- Sticker-overlay fraud. Physical PIX QR stickers at cashier counters have been attacked by overlay fraud — attackers paste their own QR on top of the merchant's. Rotate static QRs periodically, laminate them, and display the expected PIX key as plain text next to the sticker so the payer can verify.
- Investment / securities restriction. The Comissão de Valores Mobiliários (CVM) prohibits PIX for unregistered investment solicitation. PIX QRs on landing pages for tokens, "guaranteed return" products, or MLM schemes trigger CVM enforcement action.
- Dynamic PIX requires a live endpoint. If tag
25URL is dead, the payment fails at scan time. Use a host you control and keep it up for at least the QR's printed lifetime.
Banking-app compatibility
Every licensed PIX participant (bank or payment institution) supports BR Code in their consumer app. Notable implementations:
| App | Static | Dynamic | Notes |
|---|---|---|---|
| Itaú, Bradesco, Santander, BB, Caixa | Yes | Yes | Top-5 banks. Full PIX support including Cobrança, agendado, and devolução. |
| Nubank | Yes | Yes | Most popular neobank in Brazil. Clean PIX UX. |
| Inter, C6 Bank, PicPay | Yes | Yes | Full PIX support. |
| Mercado Pago | Yes | Yes | Payment institution; PIX is one of several payment rails in the same app. |
| Generic iOS/Android camera | No | No | Native camera apps don't parse BR Code as a payment intent. User must open their banking app first. |
See also
- /pix-qr-code/ — the PIX generator with CPF/CNPJ validation and live BR Code encoding.
- /standards/emvco/ — the EMVCo MPM parent spec.
- /standards/upi/ — UPI India, another EMVCo-derived scheme with tag 26.
- /standards/ — back to the standards index.