top of page

Anti-Fraud: Third-Party Payments

The third-party payment service providers are not primarily involved in the dissemination of fraudulent content, the regulatory framework for third-party payment services primarily revolves around duties of care and stringent data retention protocols, as elaborated below.


 Definition of "Third-Party Payment Service Providers"


Under the provisions of the Anti-Fraud Bill , third-party payment service providers are defined as those entities, excluding electronic payment institutions, which offer services for "agency collection and payment for online transactions."


 Compliance Obligations for Third-Party Payment Service Providers


Duties of Care 

To thwart the exploitation of third-party payment systems by nefarious actors for illicit financial flows, service providers are mandated to bolster customer identity verification processes. This includes ongoing identity scrutiny, delaying disbursements, and in some cases, outright refusal to establish business relationships to avert misuse. Additionally, inter-provider notification systems can be employed to mitigate information asymmetry and enhance collective vigilance.


Data Retention 

Service providers are required to preserve customer identity verification data and transaction records for a minimum duration of five years. In instances where a customer is suspected of engaging in fraudulent activities, this data must be reported to law enforcement agencies. Law enforcement will then determine the appropriate duration for which disbursements should be delayed or other control measures enforced. The precise definitions of suspected fraudulent activities, the types of data to be retained, the reporting mechanisms, and related control measures will be further detailed in subsequent implementation guidelines issued by the competent authorities.


Good Samaritan Clause 

When executing anti-fraud measures as stipulated by the Anti-Fraud Bill , third-party payment service providers are exempt from confidentiality obligations and are indemnified against liabilities for any harm caused to users or third parties during cooperation with law enforcement authorities.


 Penalties for Non-Compliance


The Anti-Fraud Bill  mposes stringent penalties on third-party payment service providers for non-compliance, with fines ranging from NT$100,000 to NT$1 million. Moreover, should the competent authority or law enforcement determine a necessity to curtail public access to fraudulent websites, they possess the authority to halt domain resolution or restrict access without necessitating court approval.



Editor: Doris Lin, Harvey Huang

bottom of page