Newly obtained chat records raise a central question for Europe: when does payment infrastructure cease to be neutral and become part of the machinery that keeps fraud alive?
Persistence matters
German prosecutors have proved exceptionally skilled at keeping victims away from the underlying court files: ongoing investigations, ongoing proceedings, documents allegedly not yet scanned, confidentiality objections, and the usual catalogue of procedural barriers. For victims seeking the truth, this means one thing above all: delay. Years of delay.
These records do not raise a minor compliance issue. They raise a far more serious public-interest question: when does payment infrastructure cease to be neutral and become part of the machinery that keeps fraud alive? And why are these payment institutions not adequately held accountable?
What the Chats Now Show
What makes these chat records so important is that they do not appear to show a European-regulated, DNB-supervised payment institution trying to distance itself from obvious fraud risk. Nor do they merely show a firm struggling with AML compliance. They appear to show proximity, familiarity, operational problem-solving, and continued support in an environment already saturated with red flags.
Public warnings had been issued. Chargeback ratios had escalated. Fraud indicators were mounting. Suspicious transaction reports were reportedly being filed. And yet the payment rails remained open.
What also emerges from the record is a striking sense of impunity: the apparent assumption that, even in the face of mounting indicators of fraud, meaningful accountability would not follow.
Fraud Needs Infrastructure
This is the point the public debate has too often failed to confront. Large-scale online investment fraud does not survive on lies alone. It survives on infrastructure. It needs payment rails, merchant entities, onboarding channels, acquiring access, settlement routes, banking continuity, and someone willing to keep the machinery working when the first obstacles arise. Without that infrastructure, many of these online fraud schemes would collapse far earlier. Without that infrastructure, many online fraud schemes would collapse far earlier. That was true of the Barak and Lenhoff schemes, and it remains true of the many fraud operations still active today.
When the Payment Layer Stops Being Neutral
That is why these chats matter. They are not important because they are sensational. They are important because they illuminate the operational layer behind the fraud. They help show what happened when merchant structures came under pressure, when payments became difficult, when bank accounts were blocked, and when risk signals should have triggered real intervention rather than commercial accommodation.
If the record shows that a payment institution was not merely processing transactions, but helping solve the operational problems of a fraudulent network, then the issue is no longer one of technical compliance at the margins. It becomes a question of system enablement.
Exhibit 1: The Payment Setup That Helped the Scheme Scale
The first exhibit matters because it goes to the mechanics of fraud conversion. This is not just about whether Payvision processed payments. It is about whether Payvision accepted a payment setup that made the scheme work better.
What this shows
According to the court files, Payvision accepted MOTO transactions for Lenhoff’s schemes and used the Merchant Category Code MCC 6211 even though the operating entities did not hold a MiFID licence. The dossier further records that in a seized chat dated 19 February 2016, Lenhoff stated that after Payvision was introduced, the decline rate for card payments fell by 65%. The acceptance rate rose by 80%.
The effect of the wrong MCC (also called "transaction laundering")
The effect of the MOTO transactions
Lenhoff had reportedly complained in early December 2015 — weeks before Payvision took over — that the 3D Secure procedure resulted in the loss of too many customers. According to the dossier, that issue was addressed by allowing boiler-room staff to manually enter cardholder details (“MOTO transactions”), despite the evident risks associated with such a setup in a high-risk environment.
Why it matters
A processor that materially improves payment acceptance in an unlicensed, high-risk financial environment is not incidental to the scheme. It helps make the scheme commercially viable. This is the point at which “payment processing” starts to look less like background infrastructure and more like operational enablement.
If the payment layer makes the fraud easier to convert, it is already doing more than merely standing in the background.
Exhibit 2: Keeping the Operation Alive
Intro
The second exhibit is where the story becomes much harder to dismiss as “mere processing.”
What this shows
According to the dossier, after Wirecard Bank blocked the Payific Ltd bank account due to fraud complaints with effect from 1 November 2016, the Lenhoff organisation came under acute liquidity pressure. Payvision was reportedly instructed to stop settling to the Wirecard Bank account of Payific, which had been the onboarded merchant, and was asked to reroute settlement flows.
The court records further show that on 14 November 2016, Payvision made its first direct payment from Stichting Payvision’s payment account to one of Lenhoff’s most pressing creditors — the marketing affiliate — in order to prevent the organisation from losing its key advertising agency for Option888 and ZoomTrader. The record also shows that Payvision informed Dahlgren on 15 November 2016 that the transfer had been executed.
According to the court materials, such third-party transfers occurred repeatedly during the approximately forty months of cooperation between Payvision and the organisation.
All of these “special” transfers allegedly required the approval of Rudolf Booker, then CEO of Payvision.
Why it matters
These events were not a technical clearing events. According to the court records, these transfers were direct operational interventions that helped preserve the continuity of the organisation after its ordinary banking route had broken down. In plain terms, when the system was under pressure, Payvision appears to have helped keep it alive.
This is the kind of document that forces a simple question: where does processing end and operational support begin?
Exhibit 3: Third-Party Payouts and Management Approval
Intro
At the beginning of 2018, MoneyNetInt Ltd, an FCA-regulated e-money provider, reportedly stopped cooperating with Lenhoff’s organisation because of excessive suspicious activity relating to settlement transfers to Hitchcliff Ltd, another merchant onboarded by Payvision.
That again left the organisation with a central problem: how to access the millions of euros paid by victims via Visa and Mastercard into Stichting Payvision’s payment accounts held with ING Bank N.V. and Deutsche Bank.
What this shows
According to the chats, starting on 2 February 2018, €3.1 million was transferred from the Stichting Trusted Third Party Payvision account at ING Bank N.V. to Winslet Enterprises EOOD, a company identified in the dossier as directly under Uwe Lenhoff’s control (he was the official beneficial owner). The court records further state that an additional EUR 2.7 million was later paid to Winslet from the Stichting account at Deutsche Bank, and that the chat records show each transfer required Rudolf Booker’s approval.
Why it matters
Once funds are not merely settled to the formal merchant but are routed onward to third parties within the same control sphere — and each transfer allegedly requires management sign-off — it becomes increasingly difficult to maintain the image of a neutral intermediary. According to the dossier, these transfers served to maintain liquidity and operational continuity. That is a central public-interest issue.
Exhibit 4: Payvision´s Commercial Reward
Intro
The fourth exhibit is an invoice for “Chargeback and Fraud Risk Premiums,” issued by Payvision and signed by Booker. According to the available materials, Payvision charged a 1:1 premium for excessive chargeback rates. In relation to Lenhoff-linked schemes, Payvision allegedly imposed chargeback-related fees of approximately €658,000 over just five months.
According to the materials available to EFRI, Payvision processed more than €134 million for Barak and Lenhoff-linked schemes, with chargeback volumes exceeding €12.5 million between January 2016 and January 2019.
The payment-processing contracts available to EFRI indicate that Payvision charged a 7% processing fee, an additional fee of €24 per chargeback claim handled, and the extra “Chargeback and Fraud Risk Premiums” referred to above. (So please do your own calculation how much of the stolen money remained with Payvision (20% ?))
Why it matters
The commercial picture is difficult to ignore. According to the available records, Payvision did not merely continue processing despite mounting fraud indicators. It also generated substantial revenue from doing so.
That raises a broader public-interest issue: what happens when a payment institution is not only aware of escalating fraud risk, but is also financially rewarded while that risk continues to materialise?
A Question Europe Cannot Avoid
How is it possible that Rudolf Booker and Cheng Liem Le walked away from the Dutch criminal case with a fine of just €330,000? And how is it possible that the Dutch FIOD carried out a criminal investigation into Payvision without obtaining the criminal case files from Austria and Germany that directly related to the same broader fraud complex? In a cross-border fraud case of this scale, that omission raises a serious question as to whether the evidentiary picture before the Dutch authorities was ever complete.
What role did the Dutch supervisory authority (DNB) play? Since 2020, the Payvision inspection report has remained withheld on grounds of confidentiality. No licence was withdrawn, and no public announcement was ever made in relation to what may be regarded as one of the most serious Dutch compliance failures of recent years.
These are not rhetorical questions. They go to the heart of whether Europe is serious about accountability for those who help move, process, and stabilise the proceeds of large-scale fraud.
The Supervisory Question Does Not End with Payvision
The supervisory question does not end with Payvision itself. According to the court records available to EFRI, Gijs op de Weegh signed contracts with the Barak/Lenhoff network during his time at Payvision. Against that background, the later granting of an EMI licence to StablR in Malta raises a serious public-interest question.
If individuals connected to a payment institution associated with one of Europe’s most damaging online investment-fraud complexes can later reappear in newly licensed financial structures, then the issue is no longer confined to past misconduct. It becomes a live question about the quality of regulatory scrutiny, fit-and-proper assessment, and supervisory gatekeeping in Europe.
Europe Must Hold Financial Enablers Accountable
What emerges from the Payvision record is not merely a case about one payment institution, one fraud network, or one historical compliance failure. It points to a much larger European problem: large-scale fraud cannot operate for years without financial infrastructure, and yet Europe still seems remarkably reluctant to confront the institutions that provide it. If payment institutions can continue processing, rerouting, and stabilising suspicious flows in high-risk environments without timely and meaningful intervention, then enforcement is failing at precisely the point where fraud becomes scalable. The real question is therefore not only what Payvision did, but why Europe has still not found a credible way to hold payment intermediaries to account when they become part of the machinery that keeps fraud alive.
Stay with us, as we have only started to work on the Payvision chats..
