Telecom and online fraud have grown rampant in China in the past decade.
It may surprise many, that China has developed an extensive number of laws regarding the regulation of Internet activities, and enforcement by a number of different government departments. There is no doubt though that despite these laws, Internet crimes in China are on the rise, as more and more consumers log in and use the Internet for various activities. It is hoped that China will continue to adequately staff the enforcement authorities so that Internet crimes are managed efficiently.
The new Law Against Telecom and Online Fraud [反电信网络诈骗法], adopted by the NPC Standing Committee on September 2, 2022, is the latest official action to tackle such crimes.
It supplements criminal statutes by prescribing administrative punishments for those who organize or otherwise directly participate in less serious cases of telecom and online fraud (art. 38, para. 2). The bulk of its provisions, however, focus on preventing such fraud from occurring in the first place. Below we take a close look at this new law.
Responsibilities of Service Providers
The Law imposes on key businesses in the telecom, financial, and internet sectors, telecom companies, banks and other payment service providers, and internet service providers, a range of responsibilities aimed at controlling and preventing risks of fraud.
Telecom companies must “comprehensively implement” the real-name registration requirement for all telephone subscribers and enforce the maximum number of SIM cards allowed per customer under separate regulations (arts. 9–10). When the companies identify an “abnormal, fraud-related” SIM card, they may require re-verification of the user’s identity, and may restrict or suspend the card if re-verification fails (art. 11). In addition, telecom companies must accurately display the caller’s true number (including country and area codes) on the recipient’s caller ID display and must block and trace spoofed calls (art. 13).
The Law reiterates the requirement that telecom companies and internet service providers (ISPs) verify users’ identities before they may provide a range of services, including internet access, proxy service, domain registration, web hosting, cloud service, content and software distribution, instant messaging, online payment, gaming, livestreaming, and advertising (art. 21). When discovering an “abnormal, fraud-related” account, ISPs must reverify the user’s identity (art. 22, para. 1). When requested by authorities, they must also do so for any internet account associated with a SIM card involved in a fraud case or with an abnormal, fraud-related SIM card (id. para. 2). Further, the Law imposes on telecom companies and ISPs a “duty of reasonable care” to monitor, identify, and address the use of their services to commit fraud (art. 25, para. 2).
Banking institutions and nonbank payment services bear responsibilities analogous to those discussed above. They must conduct due diligence on customers, identify the beneficial owners, and take corresponding risk management measures (art. 15). They must also establish mechanisms to monitor abnormal accounts and suspicious transactions and take appropriate preventive measures when discovering such an account or transaction (art. 18, para. 3). When carrying out such monitoring, banks and other payment services are expressly authorized by the Law to collect customers’ IP addresses, MAC addresses, point-of-sale terminal information, and other necessary transaction or device-location information (id. para. 4). Unless the customer consents, however, they must not use the information for any purpose other than to combat fraud (id.).
The service providers mentioned above also have the obligation to raise their customers’ awareness of telecom and online fraud, including by reminding them to guard against fraud during business transactions and by issuing prompt alerts of new tactics used by scammers in their respective sectors (art. 30).
Law Enforcement Obligations & Powers
Like service providers, all levels of government have a duty to raise citizens’ awareness of telecom and online fraud and their ability to identify scams (art. 8, para. 1). Education and civil affairs departments, among others, are specifically directed to launch education campaigns targeting the elderly (who are prone to fall victim to scams), teenagers (who are susceptible to recruitment by scammers), and other vulnerable groups (id. para. 2).
The Law requires the police to open a formal investigation whenever they are made aware of or discover any telecom and online fraud activity (art. 27, para. 2). In investigating such fraud cases, the police must also look into the source of any personal information being used (art. 29, para. 2). In addition, the police must work with financial, telecom, and cyber regulators, as well as service providers, to establish “a system of early warning and dissuasion” [预警劝阻系统] to identify potential victims and dissuade them from proceeding with the fraudulent transactions (art. 34).
With approval from the State Council’s inter-ministerial conference on cybercrime, the police as well as financial and telecom regulators may take “temporary risk control measures” against “specific regions with a high level of telecom and online fraud activities” (art. 35). The Law does not further elaborate what those measures could entail.
Fraud-Enabling Technologies & Activities
Next, the Law cracks down on the technologies and so-called “upstream offences” without which telecom and online fraud would not have been able to flourish.
It prohibits any individual or organization from “unlawfully manufacturing, selling, buying, supplying, or using” any device or software that is used to commit telecom and online fraud, such as SIM boxes, technology that enables caller ID spoofing, automatic account-switching systems, and platforms that can send or receive SMS verification codes in bulk (art. 14).
In addition, the Law broadly prohibits any conduct offering “support or assistance” to telecom and online fraud, including selling or supplying personal information and helping scammers launder money (including through cryptocurrency) (art. 25). Recognizing that scammers depend on using SIM cards, bank and other payment accounts, or internet accounts associated with third parties, the Law outlaws a range of activities concerning such cards and accounts, whether or not they are used for fraud, such as unlawful trade, assisting with real-name verification, and opening cards or accounts by impersonating others (art. 31, para. 1).
Violations of all these prohibitions will result in the confiscation of any unlawful gains, a fine, and when the violations are severe, concurrent administrative detention of up to 15 days (arts. 42, 44). Those that flout real-name registration rules (in addition to those convicted of telecom and online fraud or related crimes) will face additional legal consequences: the functions of their cards or accounts may be restricted, and they may be barred from conducting remote transactions or transacting new business (art. 31, para. 2).
The MPS and the Ministry of Foreign Affairs are directed to strengthen cooperation with foreign and international law enforcement authorities over information exchange, investigation, apprehension of suspects, and recovery of stolen funds (art. 37).
List of Chinese Scam or Fraud Reporting Websites
If you have fallen victim to a Chinese scam it is often difficult to know who or where to turn to, and the help available can be quite limited.
If you are the victim of a Chinese scam, choosing to report it will help protect others.
If you reside in the UK you can report a Chinese scam to Action Fraud, the UK’s national fraud and cybercrime reporting centre.
Australian readers should consider reporting online scams to the Australian Cybercrime Online Reporting Network (ACORN).
Canadian Anti-Fraud Centre
Canadian readers can report Chinese scams to this website, which is the central agency in Canada for such matters.
The Hong Kong Police’s ‘e-Report Centre’ is worth trying for scams involving companies registered in Hong Kong.
Internet Crime Complaint Center (IC3), managed by the FBI, the Internet Crime Complaint Center (IC3) may be a useful website for US readers to report more serious Chinese scams.
If you have been a victim of a Chinese scam or fraud, we understand how devastating it can be. That’s why we want to offer our assistance to help you retrieve your stolen assets. Our forensic and legal team at Crypto Legal are experts in tracing funds and recovering lost assets, please note that we can only work on cases where the financial loss is £10,000 GBP or more.
It’s important to act quickly if you’ve been the victim of a scam or fraud. The longer you wait, the harder it can be to recover your stolen assets. Our team can help you gather evidence and build a strong case to bring the scammers to justice.
To get started, simply reach out to us at firstname.lastname@example.org with the details of your case. We’ll review your information and let you know if we’re able to take on your case.
Remember, you don’t have to go through this alone. Our team is here to help, so don’t hesitate to reach out if you need assistance.