Alipay Presents Real Risks—But Don’t Rush to Ban It

Having spent years trying to ban TikTok for allegedly spying on Americans, Congress has set its sights on Alipay with the No Alipay Act of 2025—a blanket ban on China’s biggest payment app. Critics are right to flag Alipay’s national security, censorship, and market access reciprocity risks. They are wrong to think banning it without audits or reciprocity safeguards is anything but a self-inflicted wound.

Chinese payment platforms pose national security risks in terms of data collection and governance. While public debate over TikTok has mostly centered on the risks of a Chinese-owned social media app harvesting personal preferences and influencing speech, Alipay and WeChat Pay offer a window into Americans’ real-world behavior, not just their online interests.

They process purchase histories, device locations, government IDs, health data, and biometric markers. This poses privacy and security risks, as China’s government has broad authority to compel companies to share data under its National Intelligence Law and in a system that lacks the judicial review and legal oversight of democratic nations.

A 2024 academic analysis of the user agreements of Alipay and WeChat Pay reveals notable concerns about the platforms’ data governance structures. Although these platforms claim to comply with U.S. privacy laws like the California Consumer Privacy Act, these laws do nothing to limit whether these companies transfer data to the Chinese government or notify consumers of these transfers, or how authorities might use that consumer data once obtained.

Consumers may also be surprised by some of the details of these user agreements. WeChat Pay’s user agreement, for instance, requires conflicts or disputes to be resolved under Chinese law and in China.

However, removing Alipay from the U.S. market could provoke reciprocal actions from China, such as restricting Apple Pay, PayPal, or other U.S.-based financial services—none of which are banned in China’s market, but face software compatibility limitations and regulatory hurdles not present in other major markets.

That creates asymmetry in market access, and if China blocks U.S. platforms in its own market, the United States should be justified in responding in kind. But in this case, the reciprocity argument does not warrant a full ban because there is no full ban in China.

A ban would also impact Chinese tourists, who are among the highest-spending international visitors to the United States and spent approximately $5,800 per visit in 2024. With an estimated 1.3 million Chinese tourists in 2024, that amounts to approximately $7 billion in tourism revenues—down from pre-pandemic levels of $15 billion in 2019 but still significant for American businesses in major tourist destinations.

According to a 2018 survey issued in part by Alipay, 91 percent of Chinese tourists were more willing to increase their spending overseas if merchants accept Chinese payment platforms. Of course, Alipay has clear incentives to publish that data, and Chinese tourists have alternative payment methods available in the United States, but a ban would likely depress some spending.

A better approach, rather than jumping right to a ban, would be a structured process identifying national security or privacy risks and ensuring that any action taken is necessary, targeted, and effective.

Chinese tech companies continue to build popular apps, games, and devices that millions of Americans use. Recently, China’s largest coffee chain, Luckin, acquired Blue Bottle, showing how an app’s ultimate ownership and potential government control can shift from American to Chinese without consumers downloading anything new or noticing a change. Regulators should ideally evaluate Chinese platforms for national security risk on a case-by-case basis.

To do so, regulators will need better criteria for evaluating whether a product is secure for the U.S. market, other than solely based on whether it was made by a Chinese company. Similarly, they should have clear criteria for which Chinese-made products to evaluate to avoid a politicized environment where the U.S. government uses security testing and evaluation as a penalty against targeted companies rather than a genuine effort to protect Americans.

However, if Congress wants to pursue legislation targeting a specific Chinese company, a better option than a ban would be to direct the Federal Trade Commission (FTC) to audit Alipay, requiring disclosure of where the company stores data, who can access it, how long the company retains it, and what legal oversight applies in China.

The Consumer Financial Protection Bureau (CFPB) announced in 2021 that it would investigate “the practices” of Chinese payment platforms, but never made public any follow-up regulatory action. Senator Scott and his No Alipay Act of 2025 cosponsors should revisit this initiative and require public disclosure of the findings.

A closer look might well prove Alipay is too risky to keep. If the FTC, CFPB, and other regulators identify substantive consumer and national security risks, Congress should ban it without hesitation. Until those facts are on the table, however, a blanket ban sets a bad precedent by turning what should be a technocratic process into a political one.