Expanding the Zentoria/NovaForge Payment Map

“Spinsopotamia.com” Billing Descriptor Now Connected to FCA-Regulated EMI xpate

Following the February 19, 2026 compliance report on Zentoria Limited and the NovaForge casino network (including Robycasino and Spinsy), new whistleblower material suggests that the billing descriptor “Spinsopotamia.com” may be linked to xpate (xpate.com) — a payment services provider that publicly states it is authorised by the UK Financial Conduct Authority (FCA) as an Electronic Money Institution (EMI).

If this information is accurate, it would represent a notable development. It indicates that the previously described “clean EU/UK-facing descriptor layer” may operate within, or in proximity to, an FCA-regulated payments environment. This raises several compliance questions relating to:

• merchant onboarding procedures
• exposure to gambling-related transactions
• card scheme monitoring
• potential indicators of transaction laundering

Key Findings

Whistleblower Attribution

According to documentation provided by a whistleblower, the descriptor “Spinsopotamia.com” appears on card statements linked to deposits made at Robycasino.com. The source attributes this descriptor to xpate.

xpate Email Communication

In email correspondence shared by the whistleblower, xpate support reportedly described the company as a “payment processing technology provider.” The message stated that xpate generally cannot resolve disputes directly but noted that the issue had been “exceptionally forwarded” to the relevant merchant for review.

Original Network Structure Remains Consistent

Earlier reporting from February 19 connected deposits on Robycasino to the descriptor “Spinsopotamia.com Dublin” The structure also pointed to Zentoria Limited as an Irish-facing entity associated with the payment setup.

Indicated Regulatory Perimeter

Public disclosures on the xpate website state:

• xpate Ltd (UK) is authorised by the Financial Conduct Authority (FCA) (FRN listed on xpate’s site) to issue electronic money and payment services.
• xpate SIA (Latvia) operates under an EEA EMI licence.

Compliance Analysis: What This Update Changes

In the original investigation, Zentoria Limited was described as a potential Trojan Horse merchant layer. The concept referred to a legitimate-looking EU-registered merchant identity — Spinsopotamia — that could be used to route deposits for offshore gambling brands such as Robycasino while avoiding standard gambling transaction filters used by banks and card issuers.

The newly provided whistleblower material introduces a possible upstream payments node.

The whistleblower reportedly contacted xpate in an attempt to recover funds associated with “Spinsopotamia.com” transactions. In response, xpate indicated that the complaint had been forwarded to the relevant merchant.

This response pattern is consistent with scenarios where a payment provider may operate as:

• a payment service provider (PSP)
• a technical facilitator
• a platform enabling merchant payment rails

while the merchant of record remains a separate entity.

Why This Matters From a Compliance Perspective

If “Spinsopotamia.com” transactions are indeed processed through a payments environment associated with an FCA-regulated EMI, then the expected compliance framework becomes significantly stricter.

Typical control expectations would include:

• Merchant KYC/KYB verification
• Gambling policy enforcement
• Monitoring for MCC or descriptor manipulation
• Chargeback and dispute pattern monitoring
• Enhanced due diligence on high-risk merchants

This becomes particularly relevant if the underlying service relates to offshore gambling targeting multiple jurisdictions without local licensing.

The “Facade Casino” Strategy

Re-Examining the Model With xpate in the Processing Chain

Banks, acquiring institutions, and card networks heavily rely on merchant identity signals when evaluating transactions. These signals typically include:

• billing descriptor
• merchant website
• merchant category code (MCC)
• declared jurisdiction
• onboarding narrative

The operational pattern described in the earlier investigation remains unchanged:

1. A front-facing domain or descriptor appears legitimate (e.g., Spinsopotamia).
2. Behind the scenes, the payment is tied to offshore gambling brands such as Robycasino.

The whistleblower emails reinforce the possibility that the structure may involve multiple payment participants, rather than being limited to a simple domain-level disguise.

Operational Breakdown: The Bait-and-Switch Mechanism

The transaction flow described in earlier reporting remains largely the same, with a possible additional processing element:

1. A user deposits funds on Robycasino.com.
2. The card statement displays “Spinsopotamia.com Dublin”.
3. The whistleblower claims the descriptor is connected to xpate, while xpate support confirmed escalation to the relevant merchant.
4. The issuing bank authorises the transaction because it does not clearly appear to be an offshore gambling charge.

This mechanism highlights a well-known transaction laundering blind spot. The bank’s transaction-monitoring systems may see a low-risk merchant descriptor, while the funds ultimately support restricted or high-risk activity.

Evidence Overview

What the Whistleblower Documentation Shows

Based on the email correspondence submitted:

• The whistleblower identified multiple transactions in December 2025, each typically €20–€30, showing the descriptor “spinsopotamia.com Dublin”.
• The source claims the actual service used was Robycasino.com.
• In a response dated February 20, 2026, xpate support stated that xpate was not the direct provider of the goods or services and advised the cardholder to contact the merchant or issuing bank, while noting the case had been forwarded to the merchant as an exception.
• In a follow-up message dated February 23, 2026, the whistleblower indicated that no merchant response or refund had been received, urging xpate to investigate further and referencing previous reporting on the Zentoria/NovaForge network.

While this evidence does not independently confirm the full acquiring or processing chain, it provides credible indications that xpate may be operationally close to the merchant configuration involved.

Summary Table: Updated Payment Nodes

Compliance Implications and Next Steps

For regulators, card networks, and banking compliance teams, several investigative steps are likely warranted:

Merchant KYB Review

Identify the legal merchant entity behind the Spinsopotamia.com descriptor and assess potential links to Zentoria Limited or NovaForge-related platforms.

Descriptor and MCC Integrity Checks

Evaluate whether the billing descriptor, merchant category code, and merchant website content accurately reflect the true nature of the underlying activity.

Chargeback and Complaint Monitoring

Analyse dispute ratios and customer complaint volumes associated with Spinsopotamia-related transactions.

Jurisdictional Gambling Exposure Controls

If the underlying services target EU or UK customers without proper local gambling licences, this may trigger high-risk merchant review, potential account restrictions, or SAR/STR reporting obligations, depending on the jurisdiction and findings.

Call for Whistleblowers: Help Complete the Payment Rail Map

Scam-Or Project continues to expand its investigation into Zentoria Limited, the NovaForge casino network, and the potential xpate payment node.

If you possess any of the following materials:

• bank or card statements showing Spinsopotamia, Zentoria, Robycasino, or other NovaForge-related descriptors
• merchant onboarding emails, checkout screenshots, or payment page captures
• internal knowledge about which acquirer or processor supports these payment flows

please submit the information securely through the Scam-Or Project website.