In recent years, with the rapid development of the digital economy and the continuous deepening of user engagement strategies, the "points mall" as a marketing tool has become increasingly favored by various enterprises. Whether it's e-commerce platforms, banking and insurance institutions, social media apps, or content platforms, points malls have become important tools for user interaction and loyalty management. However, in the process of setting, using, redeeming, and managing points, multiple legal challenges arise, including consumer rights protection, data compliance, anti-money laundering, tax compliance, and the definition of virtual property. How to maintain business innovation in a fiercely competitive market while ensuring the legal and compliant operation of points malls has become a critical issue for enterprises.

This article will start from the current state of legal regulation, analyze the main compliance risks that points malls may face, and, using practical cases, explore how enterprises can build comprehensive and systematic compliance mechanisms to effectively address the challenges posed by relevant laws and policies.

I. Analysis of the Basic Forms and Legal Attributes of Points Malls

1. The Commercial Functions and Basic Models of Points

Essentially, a points system is a "virtual incentive tool" issued by enterprises to record user behaviors (such as consumption, logins, sharing, invitations, etc.). Users can accumulate points and then redeem them for goods, coupons, services, or even use them for draws, cash offsets, and other diverse purposes on the enterprise's platform or through third-party channels. A points mall materializes this incentive model in the form of a mall, creating a digital scenario for "consumption" on the platform.

Common points mall models include:

• Self-Redemption Type: The platform builds its own product library for users to redeem with points;

• Cooperative Operation Type: Partners with third-party brands or platforms to expand redemption options;

• Hybrid Payment Type: Allows users to pay part of the product value with "points + cash";

• Gamified Incentive Type: Enhances user activity through points draws, challenges, etc.

2. Defining the Legal Attributes of Points

Currently, China's legal system does not provide a unified definition for "points." In different contexts, points may be regarded as having the following legal attributes:

• Virtual Property: According to Article 127 of the Civil Code, "online virtual property" is protected by law, and some regional judicial practices have recognized points in user accounts as virtual property;

• Prepaid Tool or De Facto Currency: If points can be used in multiple scenarios or function like cash, they may violate the "Regulations on the Administration of Renminbi" and "Payment and Settlement Measures";

• Promotional Gifts or Discount Tools: In marketing contexts, points can be understood as a form of discount or promotion, regulated by the "Anti-Unfair Competition Law" and "Advertising Law."

Different attribute classifications will directly impact the regulatory direction and compliance path for points malls.

II. Main Legal Issues in Points Mall Compliance

1. Consumer Rights Protection Issues

Points usage involves multiple rights protection aspects such as users' right to know, fair trade, and the right to refund of residual value. Articles 8 to 10 of the "Consumer Rights Protection Law" explicitly require operators to truthfully inform service terms, prices, usage methods, and not to establish unfair or unreasonable standard terms.

Common issues include:

• Non-transparent Points Validity: Some platforms do not clearly inform users about points expiration or unilaterally adjust rules;

• Arbitrary Changes to Redemption Rules: Malls often temporarily remove products or raise redemption thresholds;

• False Advertising: Advertised redemption values significantly differ from actual product values.

Enterprises should optimize user agreements, clearly list redemption conditions and adjustment mechanisms to protect consumers' right to know and fair trade.

2. Data Security and Privacy Compliance

The process of earning points typically involves a large amount of user behavior data, consumption records, location information, and other personal or even sensitive information. According to the "Personal Information Protection Law" and "Data Security Law," enterprises must establish comprehensive mechanisms for information collection, use, sharing, and protection.

Risks include:

• Mismatch between points earning and user authorized data;

• Using user behavior data for ad targeting without explicit consent;

• Cross-sharing data without completing desensitization.

Compliance recommendations include: establishing a minimal necessary data collection mechanism, clearly stating data usage purposes, providing convenient cancellation and opt-out mechanisms, and strengthening data storage and transmission security.

3. Points Redemption and Tax-Related Issues

Points are essentially a tool for realizing rights, and when redeemed for goods or services, they may involve tax obligations such as value-added tax, corporate income tax, and personal income tax. For example, should giving away goods through points be considered a "sales activity"? Do points rewards to employees constitute "salary payments"? Different scenarios require careful analysis of tax treatment methods.

Typical case:

• An internet platform was identified by tax authorities as evading value-added tax for not declaring tax on points mall product redemption activities.

Enterprises should work closely with tax advisors, carefully design points redemption logic, and establish clear tax calculation benchmarks and declaration processes.

4. Anti-Money Laundering and Anti-Illegal Fundraising Regulatory Risks

When points have features like transferability, cross-platform redemption, transferability, or cash-out capabilities, they may be abused for money laundering, illegal fundraising, fraud, and other illegal activities, violating the "Anti-Money Laundering Law," "Criminal Law," and other regulations.

High-risk design behaviors include:

• Enabling points gifting and resale functions;

• Allowing free exchange between points and cash;

• Lack of real-name registration mechanisms preventing regulatory oversight.

Enterprises should proactively connect with banking and regulatory systems, build customer identification, transaction monitoring, and anomaly reporting mechanisms to prevent points platforms from becoming tools for illegal financial activities.

III. Strategies and Recommendations for Addressing Compliance Challenges

1. Establish a Legal Risk Identification System

Enterprises should establish a cross-departmental legal risk control team to identify potential compliance risks in product design, user operations, financial taxation, data security, and other aspects of the points mall, and engage professional legal teams for pre-review and dynamic compliance monitoring.

2. Improve User Agreements and Operational Rules

Through fair and transparent user agreements and operational guidelines, clearly state terms for points earning, usage, expiration, and clearance, and maintain user complaint channels to strengthen the platform's legal protection mechanisms and public opinion risk management capabilities.

3. Strengthen Technical and Data Security Safeguards

Promote the "internalization" of data compliance by adopting data classification and grading mechanisms, permission isolation, data encryption, access auditing, and other technical measures to ensure the security and controllability of user information throughout collection, transmission, and usage.

4. Establish a Closed-Loop Compliance Operation Mechanism

Including internal training, audit reviews, reporting mechanisms, emergency response processes, etc., to achieve closed-loop management of the points mall from "prevention before the event" to "monitoring during the event" and "remediation after the event."

5. Actively Communicate with Regulatory Authorities

For innovative products and cross-border business models, it is recommended that enterprises proactively establish communication mechanisms with market supervision, taxation, financial regulatory authorities, and other relevant bodies to seek policy understanding and compliance guidance, avoiding "crossing red lines."

IV. Conclusion

As an effective tool for connecting enterprises with users, points malls have immense development potential and undeniable commercial value. However, in an increasingly strict legal compliance environment, "speed" is no longer the sole pursuit; enterprises must also prioritize "stability" and "long-term sustainability." Only by facing the legal responsibilities behind points malls and improving compliance systems and technical governance can enterprises innovate within compliance, grow through innovation, and truly achieve sustainable user value operations.

In the future, with the advancement of legislative work such as the "Consumer Rights Protection Law (Revised Draft)" and the "Digital Economy Promotion Law," the legal boundaries of points malls will become clearer. Enterprises must keep pace with the times and build corresponding institutional systems to address more complex compliance challenges.