Acquirers are liable for enabling the Wolf of Sofia´s scams

Case Study_ payment Institutions

Acquirers are liable for enabling the Wolf of Sofia´s scams

Why are acquirers to be held accountable for illegal activities

The digitalization pushed by governments worldwide and praised for its benefits in efficiency and productivity comes with high risks for consumers.

 Online fraud is by now the most commonly experienced crime. In England and Wales, fraud accounts for approximately 41% of all crimes against individuals. A person aged 16 or over is more likely to become a victim of online fraud than any other individual type of crime, including violence or burglary.

Extensive research shows that online fraud by now is a severe threat to our society as it costs the economy tens of billions every year.

Digitalization has transformed fraud from being the preserve of opportunist individuals to the illegal revenue streams organized by transnational criminal groups and global malign actors.

We found that the rise in online fraud activities is enabled and supported mainly by lagging cross-border law enforcement  in Europe and by massive regulatory failings in supervising the emerging fintech industry.

The role of the payment companies

The payment processing component of a crime value chain is critical for cybercriminals; without an effective mechanism to launder illicit proceeds, cybercriminals would not be able to get hold of the stolen funds and make use of the funds to finance their global activities.

It was never easier to manage money and make payments worldwide, partly due to the rapid growth in the number of payment institutions (PIs) and electronic money institutions (EMIs). The digitalization of the payment industry develops incredibly, with only a few understanding the processes’ complexity.  

While most new payment firms are legitimate payment providers, a growing body of evidence suggests that several are open to abuse by those seeking to launder corrupt and other illicit funds through the global economy.

PIEMIs are regulated under the national legislation implementing the Payment Services Directive 2 (PSD2) and the Electronic Money Directive (EMD). PIs are a category of payment service provider that provides money remittance services and issues payment instruments or acquires payment transactions. Examples of PIs are merchant acquirers, payment account operators, money remitters, and credit card issuers. EMIs are entities authorized to issue e-money (a digital alternative to cash).

Reckless Payment Institutions

The recklessness shown by Payment Institutions like Wirecard Bank, Munich (supported by the German government) and PAYVISION BV, Amsterdam (owned by ING Group NV) is shocking. Despite red flags all over the place, both companies went on to support cybercriminals for many years.  Even mainstream media reported their involvement in transnational crime organizations.

Our research  (outlined below) showed that PAYVISION onboarded NOVOX Capital Ltd in 2013, the first warnings about unregulated financial services done on optionbit and optionStars (domains  operated later on by NOVOX Capital Ltd) had already been issued by different financial supervisory authorities. Numerous warnings for fraudulent websites followed, but no one hindered the Dutch PAYVISION BV (supervised by the Dutch DNB) from onboarding dozens of sham companies for this transnational criminal organization up to January 2019.

But even when Uwe LENHOFF and Gal BARAK were arrested and charged with fraud, PAYVISION BV processed other scam websites like 24option (up to April 2020!) and continued to be involved in US bank fraud up to May 2021.

Our detailed report on why payment companies facilitating money laundering are complicit in transnational organized crime

Part I: Why are acquirers to be held accountable for illegal activities can be downloaded here.