It’s no surprise China has uncovered instances of money laundering using its pilot central bank digital currency (CBDC). Given the size of the economy and hence issuance, it’s a magnet to scammers, fraudsters and hackers. That’s especially because the digital yuan pilots are now at scale, touching more than 10% of China’s population.
In China, fraudsters use similar methods to what they’d try for a debit or credit card scam but adapted for the digital yuan.
The 21st Century Herald gave two examples. In one case, the target of the fraud was contacted and told that an item he’d bought was defective, and the company wanted to give him a treble refund. But first, he had to make a payment using his digital currency wallet. Eleven people have been arrested and are allegedly linked to a Cambodian money laundering ring. Somehow China’s Skynet mass video surveillance was used to track the culprits.
In another case, a woman was told she was under investigation by the public prosector’s office. The scammers directed her to a website where she had to provide identity information. The scammers opened a digital RMB wallet using the bank details she’d already handed over and other steps. That’s apart from draining her card.
When Mu Changchun, the Director General of China’s central bank Digital Currency Research Institute, spoke at the Hong Kong Fintech Festival, he revealed that his organization is currently focusing on CBDC security. However, he spoke more about encryption algorithm security, financial information security, data security, and business continuity.
In another speech in October, Mr. Mu elaborated on the Digital yuan’s controlled anonymity. There is an anonymous tier where people can open a wallet with just a phone number. However, the transaction amounts are limited. Government departments don’t have access to phone numbers, but law enforcement can get a warrant if they suspect illicit transactions.
Hence, it’s probably just as easy for fraudsters to use their usual tactics to hijack legitimate bank accounts and use identity data to open digital wallets with higher thresholds.
There may be a partial solution to these issues. A locally stored face scan or fingerprint can be associated with the wallet. So the user needs to scan their face to make a payment. However, this would preclude prepaid cards, which are needed for inclusion. The risk is fraudsters might resort to kidnapping people and forcing them to scan their faces or fingerprints.