In the digital payments industry, where trillions of euros change hands annually, European giant Worldline and its German subsidiary Payone have become embroiled in a major scandal. An investigation by European Investigative Collaborations (EIC), published on June 25, 2025, revealed how the companies systematically serviced high-risk clients for over a decade – from illegal online casinos and porn platforms to fraudulent subscription schemes. The findings point to selective compliance, delayed regulatory responses, and ignored red flags, allowing billions of euros to move through dubious networks.
Worldline, a French payment processor with annual volumes of €500 billion, and Payone, which handles more than 5 billion transactions a year, worked with so-called “master merchants” – hidden networks controlling thousands of websites. These sites included fake dating platforms, pornography portals, and illegal casinos. Internal documents show that since 2014, billions of euros flowed through their systems from such operations. For instance, in December 2020, Worldline processed over €5 million in payments for online casinos operating in six countries where gambling is banned – including Norway.
Among the clients was Maltese operator Soft2bet, which runs 140 websites targeting the Norwegian market with localized “/no/” domains. These domains, such as example.com/no/, featured Norwegian language content, local currency, and tailored user experiences, making them attractive despite being illegal in Norway. Another case was Bethard, which in April 2025 was warned by Norway’s regulator Lotteritilsynet for unlawfully targeting Norwegian users. Payone also serviced 311 merchants linked to consultant Ruben Weigand, generating €50 million in transactions in 2019 despite fraud suspicions. Its portfolio also included networks tied to American Andrew Garoni, dubbed the “porn baron,” previously convicted in the U.S. for fraudulent schemes.
A key tool enabling circumvention was Payment IQ (PIQ), Worldline’s proprietary software, which could route a single transaction through up to 250 intermediaries – massively boosting the odds of success. In Norway, where gambling payments via bank cards are banned, PIQ enabled deposits from Norwegian Visa cards to 11 Soft2bet casinos. “The gambling industry is constantly finding new ways,” said Lotteritilsynet director Atle Hamar, stressing that new countermeasures are planned. Similar schemes surfaced in Belgium, France, Germany, and the Netherlands, where regulators flagged violations of anti–money laundering (AML) rules.
Warnings were ignored for years. In 2021, Worldline launched Project Spark, aimed at doubling revenues in four years by onboarding more high-risk clients, including casinos. Internal Payone documents show “red flags” raised by Commerzbank: multiple card use without website visits, links to Weigand and Garoni networks – both previously tied to the Wirecard scandal. In 2023, German regulator BaFin banned Payone from working with 450 clients and imposed fines for compliance failures, appointing a special monitor. Yet at least 400 of those clients continued working through other Worldline subsidiaries for another seven months. In Belgium, Brussels prosecutors opened a money-laundering probe into Worldline’s local unit after reports in Le Soir and De Standaard. The Federal Judicial Police took charge, while Paris prosecutors declined comment.
The financial fallout has been dramatic. On June 25, 2025, Worldline shares plummeted 41% to a record low of €2.70, wiping out 96% of their value since 2021. Bond yields jumped 54%, reflecting heightened risk. The company admitted losing €130 million in revenues after “cleaning” its portfolio since 2023, insisting on a “zero-tolerance” policy for violations. Yet the measures appear belated: internal records show Worldline deliberately concealed details about “master merchants” to avoid scrutiny.
The scandal also stretches to Dubai, where a criminal network created thousands of fake sites for “quishing” – phishing via QR codes placed in public spaces like parking lots or restaurants. Users scanning the codes landed on fraudulent sites that triggered bogus subscriptions and drained accounts. Exposed under the Dirty Payments project, the scheme highlights the global scale of the problem – with payment giants indirectly enabling fraud. EU regulators, from BaFin in Germany to France’s AMF, have reacted slowly, underscoring systemic weaknesses in financial oversight.
The affair exposes the vulnerabilities of Europe’s financial system, where millions of citizens have fallen victim to scams due to regulatory gaps. For Europeans accustomed to secure payment systems, urgent reforms are now needed: stronger compliance frameworks, more advanced automated transaction monitoring, and tighter coordination among EU regulators to close loopholes exploited by illegal operators.