Player-owned account: Pix/transfer must come from CPF-matched account
BR.SPA.PIX.PAYMENT.1 · BR-SPA · aml_ctf
Requirement
Deposits and withdrawals must use payment instruments held in the same CPF as the player. Pix and bank transfers cross-checked against registered CPF.
Source: Portaria SPA/MF — Payment methods · Audit artifact: SPA Payment AML Audit
Remediation guidance
PSP returns payer CPF; reject mismatched.
Evidence specification
| Evidence type | Connector | Spec | Acceptance criteria |
|---|---|---|---|
payment_event | pam-generic | {
"query": "br_payment_cpf_match",
"required_fields": [
"tx_id",
"player_cpf_hash",
"payment_cpf_hash",
"matched"
]
} |
|
Recent evaluations (Apollo Gaming Ltd.)
✗
| When | Status | Findings |
|---|---|---|
| 5/28/2026, 12:52:56 AM | fail | 1 finding — Acceptance criterion failed: "matched = true for 100% of accepted transactions" — no evidence rows r… |