Large-scale online investment fraud does not survive on lies alone.
It survives on infrastructure.
It needs professional websites, social-media advertising, boiler rooms, CRM systems, fake trading platforms, shell companies, merchant accounts, card acquiring, gateway access, settlement routes, chargeback handling, withdrawals, bank accounts and payment service providers, crypto exchanges, ramp-on, ramp-off services willing to keep the machinery running.
Understanding the role of each service provider — and each enabler — within transnational fraud structures is difficult. In reality, it is becoming harder every day. Since 2020, EFRI has been analysing the role of payment rails in online fraud. The more we uncover, the clearer it becomes: payment infrastructure is the critical path. Without payment rails, online fraud cannot convert deception into money, cannot scale across borders, and cannot remain operational. This infrastructure layer must therefore become a central focus for enforcement, regulation and civil accountability.
The report is based on EFRI’s detailed review of criminal court files, investigative materials, payment records, chat logs and settlement documents made available through Austrian and German proceedings as well as by hundreds of victims. These materials reveal far more than the conduct of the fraud operators themselves. They also show the infrastructure that allowed the schemes to receive money, process card payments, manage chargebacks, execute withdrawals, route settlements and continue operating despite repeated warning signals.
While the criminal proceedings focused mainly on the fraud operators and their organisations, EFRI’s investigation focuses on the layer that was left largely unexamined: the payment rails that enabled the fraud to scale.
The Payvision case is not just a historical case about one Dutch payment institution. It is a case study of a much larger European problem: online fraud becomes scalable only when it obtains access to payment rails.
Payvision as a case study, not the exception
EFRI’s factual report examines Payvision B.V., Acapture B.V. and related Dutch payment and settlement structures in connection with the Lenhoff and Barak investment scam platforms, including option888, zoomtrader/global, xmarkets, tradovest, tradeinvest90, optionstars/global, xtraderfx, safemarkets and goldenmarkets.
According to the criminal case files and records reviewed by EFRI, these platforms were part of large-scale investment fraud structures that affected more than 60,000 European consumers and caused losses of approximately EUR 340 million.
Payvision is important because the report shows what can happen when the infrastructure of a regulated payment institution becomes functionally relevant to the operation, scaling and continuity of a fraud model.
The report documents Payvision and Acapture, and their payment infrastructure (i.e., ING Bank N.V. and Deutsche Bank pooled payment accounts), in connection with card acquiring, gateway access, merchant structures, MID allocation, reporting, reconciliation, chargeback handling, reserve mechanisms, withdrawals, settlements, and third-party payouts. This is why the case cannot be understood by looking only at isolated card transactions. The relevant question is broader: how did the payment infrastructure support the commercial operation and continuity of the fraud structures?
ING’s multiple roles around the Payvision structure
The report also shows why the Payvision case cannot be viewed without looking at ING – one of Europe’s largest banking group.
ING was not merely a distant financial institution appearing at the end of the story. According to the documents reviewed by EFRI, ING appears in several roles around the Payvision structure: as account-holding institution for Payvision/Stichting payment and trust accounts, as former lender or financing partner of Payvision B.V., from the first quarter of 2018 as majority shareholder, later as sole owner, and finally as group parent in connection with the discontinuation and liquidation of the Payvision business.
The report documents that ING had already appeared in the payment-account environment of the Payvision/STTP structure in 2016. It also records that in 2018, the Stichting Trusted Third Party Payvision account was used for card payments from investors and customers of the Lenhoff and Barak platforms, and for subsequent forwarding to operators and companies based in the Seychelles and/or the Republic of Samoa.
ING’s role was therefore not limited to ownership. The report describes ING-related banking infrastructure at several points in the wider payment environment, including account relationships involving MoneyNetInt Ltd and Celtic Pay Ltd, both connected to the processing or forwarding of investor funds for the Barak/Lenhoff platforms.
In 2018, ING acquired 75% of Payvision at a valuation of EUR 360 million, thereby becoming the majority shareholder; in 2020, it completed the full acquisition. The report also documents that ING was not only a shareholder but, in the year of the majority acquisition, also a financing partner of the Payvision group, with facilities totalling EUR 25 million. The 2017 accounts described the ING-Payvision relationship as a strategic cooperation intended to accelerate growth, expand the product portfolio and combine payment and banking products.
This multi-role position matters. It shows that the Payvision structure was not operating in isolation from the wider banking system. It was connected to one of Europe’s largest banking groups through accounts, financing, ownership, and governance. ING was also the entity to decide to wind down the entity shortly after realising the actual role of Payvision in numerous fraud schemes.
Why the infrastructure layer matters
The visible fraud layer is easy to identify: fake brokers, fake trading platforms, offshore entities and call-centre agents.
The infrastructure layer is harder to see.
But it is the infrastructure layer that allows the fraud to become financially effective. The chat communications in the court files show that access to payment rails was not a peripheral issue but a central operational concern for the fraud organisations. A fake trading platform cannot cause hundreds of millions in losses unless victims can be made to pay. A call centre cannot monetise victims unless the payment channels work. A fraud network cannot continue operating if payment routes, merchant accounts, settlement structures and payout channels are consistently shut down when warning signs appear.
This is why payment infrastructure must no longer be treated as a neutral background service when the available documents show that it was operationally relevant to the functioning of a fraud model.
The accountability gap
The Payvision case also raises a question that European regulators cannot avoid: how can a payment institution be documented in such a central infrastructure role and yet face no sanction that reflects the consumer-fraud dimension of the case? Dutch authorities later found that Payvision, under the leadership of Rudolf Booker and Cheng Liem Li, had systematically and structurally failed to comply with anti-money-laundering rules between 2016 and 2020; the matter was resolved by penal orders imposing EUR 180,000 on Booker and EUR 150,000 on Cheng Liem Li — amounts that appear strikingly limited when compared with the scale of the consumer harm documented in the criminal files.
Interestingly, the documentation found in the criminal court files does not reflect a simple absence of KYC. They suggest a more serious failure: risks were identified, including the lack of MiFID authorisation for the Barak and Lenhoff platforms, yet the payment relationships continued. According to the chat communications, risk and compliance concerns were repeatedly raised, but commercial considerations appear to have prevailed at the management level. This is particularly relevant in light of Payvision’s rapid growth and the period leading up to the ING acquisition.
This leaves the central question unanswered: if the criminal files document payment flows, merchant structures, chargebacks, withdrawals, third-party settlements and personal contacts with the fraud organisations, why has the payment-infrastructure layer not been addressed as a core accountability issue? The same question applies to the transaction with ING: Payvision was sold at a valuation of EUR 360 million, while the then- shareholders financially participated in that valuation. The report also documents strong revenue and profit growth in 2018, the year of the ING acquisition, and a sharp decline after the disappearance of the Lenhoff/Barak business.
The accountability gap becomes even harder to explain when viewed against the later licensing environment. Gijs op de Weegh, documented in the report as the Payvision/Acapture executive who signed the merchant agreements with the Lenhoff/Barak merchants, is now presented by StablR as its Founder and Chief Executive Officer; StablR describes itself as authorised and regulated by the Malta Financial Services Authority as a financial institution licensed to issue electronic money tokens under MiCA.
This is not a personal point. It is an institutional one. If documented involvement in a payment institution with systematic AML failures, high-risk merchant structures and unresolved consumer-fraud consequences does not trigger serious accountability and at least fit-and-proper scrutiny across Europe, then the payment industry has no reason to comply, and the regulatory system is not learning from the very cases it claims to supervise. The Payvision case is therefore not only about past misconduct. It is about whether Europe’s licensing, supervision and enforcement architecture is capable of preventing the same payment-infrastructure failures from reappearing under new labels, new licences and new technologies.
The victims Europe still leaves behind
Behind every payment flow in this report stands a real person.
Many victims of the Lenhoff/Barak platforms did not merely lose money. They lost retirement savings, family security, trust in banks and institutions, and, in many cases, their health—some committed suicide. Many got sick as a result of dozens of sleepless nights after the trauma experienced. Some became isolated. Most of them are still ashamed. More or less all are still contacted almost every day by so-called “recovery” scammers who exploit the same wound again: the hope that someone, somewhere, will finally help them recover what was stolen.
The fraud does not end when the platform disappears. For the victims, it often continues for years — through debt, illness, shame, legal uncertainty, repeated scam attempts and the experience that no authority takes responsibility for the full chain of what happened.
EFRI has seen this pattern since 2019. Victims are sent from police to prosecutors, from prosecutors to regulators, from regulators to banks, from banks to card issuers, from card issuers back to merchants that no longer exist. Everyone looks at a fragment. Almost nobody looks at the system.
This is why the Payvision case matters. If the documents show that payment infrastructure helped a fraud system receive funds, process card payments, manage chargebacks, route settlements, execute test-withdrawals and continue operating despite warning signals, then the victims should not be left with the answer that the responsible infrastructure layer was merely “technical” or “in the background”.
Other jurisdictions have created stronger consumer-protection and enforcement tools to address misconduct in the financial sector. In the United States, agencies such as the Consumer Financial Protection Bureau and the Federal Trade Commission can bring enforcement actions, seek consumer redress and, in appropriate cases, pursue payment processors and financial intermediaries that facilitate unlawful or deceptive schemes. Europe urgently needs comparable institutional capacity: a framework that does not merely punish individual fraudsters after the damage is done, but also examines the financial infrastructure that enabled the damage to occur at scale.
This report is therefore not only about Payvision, ING or the Lenhoff/Barak platforms. It is about the people left behind when payment infrastructure fails, when enforcement remains fragmented and when consumer harm is treated as a side effect rather than the central consequence of financial crime.
Conclusion
Europe cannot credibly speak about trust in the financial system while victims of payment-enabled fraud are left alone for years. Trust is not built through compliance language, annual report statements, or gatekeeper rhetoric. Trust is built when institutions that enabled, processed, routed or profited from suspicious payment flows are investigated, held accountable and required to contribute to redress. For the victims, accountability is not an abstract legal concept. It is the difference between being abandoned by the system and being recognised by it.
EFRI publishes this report because evidently the Payvision/ING case raises several questions that reach far beyond one company, one banking group or one historical fraud scheme. The most important one is when does payment infrastructure cease to be a neutral service and become part of the fraud infrastructure
The answer matters for victims, regulators, prosecutors, courts, banks, payment institutions and policymakers across Europe. If online fraud depends on payment rails to convert deception into money, then those payment rails must become a central point of scrutiny and accountability. Europe will not stop the growth of online investment fraud by looking only at fake websites and call centres. It must also examine the banks, acquirers, PSPs, gateways, EMIs, settlement accounts and payout structures that allow fraud networks to receive, move, disguise and extract victim funds at scale.
The Payvision report is EFRI’s contribution to that debate, and a factual basis for asking whether Europe is still looking at online fraud in the wrong place.
