China’s National Immigration Administration (NIA) ended 2025 with a cybersecurity alert: on December 31 the agency warned that fraudsters operating overseas websites are charging fees to fill out the newly introduced online arrival card for foreign travellers. The official service, launched nationwide on November 20, is free of charge and accessible only through NIA’s government portal, the “NIA 12367” app, or verified WeChat/Alipay mini-programs.
The bilingual notice—posted by the Beijing Foreign Affairs Office—urges inbound visitors to avoid third-party platforms that mimic the official interface and harvest passport data or credit-card details. Authorities emphasise that travellers without internet access can still complete the form at smart kiosks or rely on traditional paper cards upon arrival.
Why it matters: • China processed over 35 million foreign entries in 2025, and the switch to digital arrival documentation is a pillar of its push toward “smart ports.” • Cyber-criminals view the transition period as an opportunity to monetise confusion, risking identity theft and phishing attacks that could compromise corporate travellers’ data.
![China Warns Foreigners of Fake Arrival-Card Websites After Launch of Digital Entry Form]()
For travellers who still want expert assistance navigating China’s fast-changing entry requirements, VisaHQ’s dedicated China portal (https://www.visahq.com/china/) tracks all official NIA updates in real time and provides step-by-step guidance on completing the free arrival card. The service can be bundled with visa procurement and document translation, giving both individual passengers and corporate mobility teams a trusted, one-stop resource that eliminates any need to rely on risky third-party websites.
Corporate compliance teams should distribute the official URL (s.nia.gov.cn/ArrivalCardFillingPC) to employees and instruct them not to pay any fee. Travel-management companies may embed the QR code in pre-trip briefings. Airlines have been requested to remind passengers at check-in.
The NIA says it is collaborating with the Ministry of Public Security to block rogue domains and may pursue extradition of operators where treaties allow. Meanwhile, the agency is exploring biometric authentication for the next iteration of the digital card, slated for pilot testing at Shanghai Pudong in Q2 2026.
The episode demonstrates how rapid digitalisation of border formalities, while improving efficiency, also creates ancillary cybersecurity risks that mobility managers must monitor.
The bilingual notice—posted by the Beijing Foreign Affairs Office—urges inbound visitors to avoid third-party platforms that mimic the official interface and harvest passport data or credit-card details. Authorities emphasise that travellers without internet access can still complete the form at smart kiosks or rely on traditional paper cards upon arrival.
Why it matters: • China processed over 35 million foreign entries in 2025, and the switch to digital arrival documentation is a pillar of its push toward “smart ports.” • Cyber-criminals view the transition period as an opportunity to monetise confusion, risking identity theft and phishing attacks that could compromise corporate travellers’ data.
For travellers who still want expert assistance navigating China’s fast-changing entry requirements, VisaHQ’s dedicated China portal (https://www.visahq.com/china/) tracks all official NIA updates in real time and provides step-by-step guidance on completing the free arrival card. The service can be bundled with visa procurement and document translation, giving both individual passengers and corporate mobility teams a trusted, one-stop resource that eliminates any need to rely on risky third-party websites.
Corporate compliance teams should distribute the official URL (s.nia.gov.cn/ArrivalCardFillingPC) to employees and instruct them not to pay any fee. Travel-management companies may embed the QR code in pre-trip briefings. Airlines have been requested to remind passengers at check-in.
The NIA says it is collaborating with the Ministry of Public Security to block rogue domains and may pursue extradition of operators where treaties allow. Meanwhile, the agency is exploring biometric authentication for the next iteration of the digital card, slated for pilot testing at Shanghai Pudong in Q2 2026.
The episode demonstrates how rapid digitalisation of border formalities, while improving efficiency, also creates ancillary cybersecurity risks that mobility managers must monitor.
