Your shield against financial fraud
Your shield against financial fraud
Back
DNB

Payvision Chats: Alleged Evidence at the Core of Europe’s Payment Scandal

Payvision Chats: Alleged Evidence at the Core of Europe’s Payment Scandal

For years, Payvision was marketed as a Dutch fintech success story. The newly disclosed Payvision chat excerpts, however, paint a far darker picture. According to criminal case materials cited in the reports, the payment institution allegedly did far more than merely process transactions for scam structures linked to Uwe Lenhoff and Gal Barak. The materials suggest it may also have helped sustain those networks at moments when fraud complaints, chargebacks, frozen accounts, and liquidity pressure threatened to shut them down.

If the published chats reflect the underlying reality, this is no ordinary compliance failure. It points instead to a payment infrastructure allegedly serving as an operational pillar of fraud.

Key Findings

  • From processor to operational enabler: The published chat materials suggest that Payvision allegedly went beyond payment processing and helped solve urgent settlement and routing problems for scam-linked merchant structures.
  • Strong signs of fraud awareness: The messages indicate that Payvision was allegedly aware it was handling merchants connected to fraudulent broker operations associated with Uwe Lenhoff and Gal Barak.
  • Conversion prioritized over compliance: The materials suggest that Payvision allegedly supported higher card acceptance for scam merchants through high-risk processing arrangements, including MOTO transactions and the use of MCC 6211.
  • Critical role in keeping schemes active: The chats repeatedly reference blocked accounts, delayed transfers, and urgent payment needs, showing how important Payvision allegedly was for the continued operation of the schemes.
  • Senior-level approval: Several excerpts indicate that unusual transfers and exceptional payment decisions allegedly required sign-off at the highest level, reportedly involving founder and CEO Rudolf Booker.
  • ING-linked fund flows: The report points to the use of Stichting Payvision accounts, including ING-linked accounts, to move or reroute funds when ordinary payment channels were disrupted.
  • Profiting from risk and fallout: The materials suggest Payvision allegedly earned not only from processing scam-related payments, but also from chargeback fees and so-called fraud-risk premiums.
  • Risk allegedly monetized: The “Chargeback and Fraud Risk Premiums” document appears to support the claim that fraud-related distress became a revenue source rather than a trigger to terminate merchant relationships.
  • More than an AML-control issue: While Dutch prosecutors established structural AML failures, the published material suggests conduct that may have extended beyond weak controls into active operational support.
  • A scandal touching ING: Because ING acquired Payvision at a high valuation and later closed it down, the affair raises deeper unresolved questions about due diligence, internal oversight, and institutional responsibility.
  • The payment layer as crime infrastructure: The broader takeaway is blunt: large-scale broker fraud could not have operated without payment partners willing to keep funds moving despite glaring warning signs.
  • Potentially decisive documentary evidence: The Payvision chats may rank among the most damaging exhibits disclosed so far in the wider Lenhoff-Barak cybercrime complex.

Where the Scandal Begins: Conversion

The first published exhibit goes straight to the commercial core of broker fraud: conversion. According to the cited court materials, Payvision allegedly accepted MOTO transactions and used MCC 6211 for Lenhoff-linked schemes even though the operating entities reportedly did not have a MiFID licence. It is further claimed that a seized chat dated 19 February 2016 recorded Lenhoff celebrating that, after Payvision entered the picture, the decline rate dropped by 65% while acceptance increased by 80%.

That is not a minor technical detail. In scam operations, conversion is the lifeblood of the business. Boiler rooms can pressure victims endlessly, but if card payments fail, the model breaks down. Another screenshot reportedly reinforces this point: in December 2015, Lenhoff allegedly complained that 3D Secure on Option888 was costing too many clients.

Payvision and Option888

The implication is deeply troubling. Based on the cited materials, the fraud network needed fewer controls and smoother card acceptance, and Payvision allegedly delivered exactly that.

Operational Support After the Pressure Hit

The affair becomes even more serious in the chats concerning blocked accounts and rerouted payments. According to the published materials, after Wirecard Bank blocked the Payific Ltd account effective 1 November 2016 due to fraud complaints, Lenhoff’s organization came under major pressure.

The disclosed chat excerpts reportedly show panic and urgency, with messages such as references to losing Tomer, needing funds urgently, and explanations that Payvision could not provide a SWIFT confirmation but that the money had already left its account and would reach the beneficiary. These messages are presented as evidence of direct intervention to keep a key creditor satisfied and maintain the cashflow of the scam operation after normal banking channels became unavailable.

That is the point where the classic defense — that the processor was merely handling transactions — begins to fall apart. Payment processors do not normally act as emergency coordinators for merchants overwhelmed by fraud complaints. Yet the materials describe repeated “special” transfers, including direct payments from Stichting Payvision accounts to third parties, allegedly to preserve the operational stability of the Lenhoff network.

If accurate, that would not amount to neutral processing. It would amount to active support for a fraudulent cashflow system.

Rudolf Booker’s Reported Role

One of the most damaging aspects of the published material is not only the existence of the transfers, but the apparent need for top-level approval. The reports state that these extraordinary payments allegedly required the approval of Rudolf Booker, Payvision’s founder and then CEO.

One screenshot reportedly includes statements such as “that depends on what Rudolf agrees to do” and “ask Chang before, cause Rudolf is in Asia.” Another line reportedly adds, “at least then we can do the big ones from there.”

Even under a cautious reading, these are not the optics of a processor distancing itself from toxic merchants. Instead, they suggest a senior-management-controlled relationship in which the payment provider was allegedly helping solve liquidity and routing issues in a clearly red-flagged environment.

That is precisely why the chats are so dangerous. They shift the case away from poor onboarding or weak monitoring and toward possible deliberate operational enablement.

The ING Account Dimension

The matter becomes even more explosive when moving from chats to money flows. According to the report, after MoneyNetInt stopped cooperating because of suspicious settlement activity, millions paid by victims through Visa and Mastercard into Stichting Payvision accounts held at ING Bank N.V. and Deutsche Bank were allegedly redirected to Winslet Enterprises, identified in the materials as a company under Lenhoff’s control.

The published tables reportedly show the following transfers:

Source Account Bank Approximate Amount Alleged Destination
Stichting Payvision account ING Bank N.V. €3.08 million Winslet Enterprises
Stichting Payvision account Deutsche Bank €2.75 million Winslet Enterprises

This is where the scandal ceases to be only a Payvision story and becomes an ING legacy issue as well. ING acquired a 75% stake in Payvision in 2018 at a valuation of €360 million. Three years later, it announced the phase-out of the business. Reports also noted that ING had written down €188 million in goodwill and had earlier sold half of Payvision’s operations for a nominal €1.

ING stated in 2021 that governance and compliance at Payvision had been strengthened after the acquisition. Yet the sharper public question remains: what exactly did ING acquire, what did it know, and at what point did it know it?

Payvision Allegedly Profited From the Fallout

One of the most striking exhibits is a Payvision letter titled “Chargeback and Fraud Risk Premiums,” reportedly addressed to Hitchcliff Ltd and signed by Rudolf Booker. According to the disclosed document, Payvision imposed an additional fee of €1 per euro of chargeback and fraud volume, with the published pages showing a debit amount of €658,057.31.

The report presents these charges not as isolated fees, but as part of a broader business model in which Payvision allegedly processed more than €134 million for Barak- and Lenhoff-linked schemes while generating revenue from high processing fees, chargeback handling fees, and private penalty-style premiums.

That is what gives the case its especially disturbing character. Based on the published record, Payvision allegedly was not suffering financially because the merchants were toxic. It may have been earning more because of that toxicity. The more fraud pressure materialized, the more fees could allegedly be charged around it.

In that context, the so-called risk premium looks less like prudent pricing and more like a way of monetizing fraud-related damage.

Dutch Enforcement Established AML Failures — But Only Part of the Story

In April 2024, the Dutch Public Prosecution Service stated that two former Payvision directors were fined €150,000 and €180,000 because, from 2016 through April 2020, Payvision carried out inadequate customer due diligence, failed to properly identify beneficial owners and the purpose of business relationships, and failed to conduct ongoing monitoring properly (OM).

That official finding is already serious. But compared with the picture emerging from the published chat materials, it appears limited in scope.

The disclosed evidence does not suggest a processor passively failing at KYC procedures. It suggests, according to the case materials cited in the reporting, a firm allegedly embedded in the daily payment problems of known scam networks, rerouting money flows, supporting third-party payouts, approving exceptional transfers, and benefiting from chargeback-driven distress.

If that picture broadly holds, then this was not merely a weak gatekeeper. It was a financial enabler.

The Broader ING Background

The Payvision affair also sits against a wider ING backdrop involving AML and control failures. In 2018, ING agreed to pay €775 million in the Netherlands after admitting that criminals had been able to launder money through its accounts for years. Later reporting also noted that, in 2020, a Milan court ordered ING to pay €30 million to settle an Italian money-laundering case (Reuters).

None of that proves liability for the conduct alleged in the Payvision materials. But it does make it harder to view Payvision as an isolated anomaly inside an otherwise spotless control environment.

The Pressure to Bury the Story

ING has every reason to frame Payvision as an embarrassing acquisition that simply failed. Payvision has been dissolved, the former executives received relatively modest fines, and the preferred market narrative would likely be that this was a bad M&A decision and little more.

But the published chats challenge that narrative. They suggest that what ING acquired may not have been just a fast-growing fintech company, but a highly profitable payment business allegedly fueled by some of Europe’s most notorious scam broker networks.

According to the materials, the same criminal case record points not only to awareness of the fraud environment, but also to apparent help in resolving the payment and settlement obstacles that kept those schemes alive.

That is why this case matters beyond one company. Fraud does not scale without financial infrastructure. Boiler rooms need card acquiring, settlement channels, merchant entities, trust structures, and counterparties willing to keep money moving once warning signs become impossible to ignore.

The Payvision chats, as presented in the disclosed materials, go directly to that architecture. They portray the payment layer not as a passive bystander, but as a core part of the scam economy’s operating system.

Conclusion

What emerges from the Payvision chats is not the image of a negligent payment processor that simply failed to ask enough questions. It is the image of a financial intermediary that, according to the documented communications and cited case materials, appears to have known what kind of merchants it was dealing with and nonetheless allegedly helped keep those fraud operations running.

If these materials withstand full judicial scrutiny, then Payvision was not standing on the sidelines of the scam economy. It was operating within it — managing friction, protecting flows, and allegedly earning from victims’ losses at every stage.

That is why this case should not end with legacy fines, corporate silence, and institutional amnesia. Europe still needs full accountability for the executives, institutions, and banking structures that allegedly transformed payment processing into a tool of industrial-scale fraud.

add a comment

Have questions? We can help!

Fill out the form for a consultation on disclosures and fraud issues.

Leave A Reply