Winnita Pay-by-Bank Compliance Review: InstantBankPayment, Token GmbH, Revolut, and Domus Payment Solutions in an Opaque Gambling Deposit Rail
The offshore casino Winnita appears to rely on a layered Pay-by-Bank payment structure that routes player deposits through several intermediaries before reaching the ultimate gambling beneficiary. The observable flow involves the gateway checkout.instantbankpayment.com, the regulated open-banking provider Token GmbH/Token.io, the player’s bank Revolut, and the payment processor Domus Payment Solutions.
From a compliance and consumer-protection perspective, the structure raises serious concerns because the actual gambling operator disappears from the visible payment flow, while the player and bank primarily interact with processors and payment infrastructure providers rather than the casino itself.
Key Findings
- Winnita’s Pay-by-Bank deposit system uses the generic gateway checkout.instantbankpayment.com instead of a clearly branded casino payment environment.
- During the authorization process, Token GmbH appears as the regulated third-party provider initiating the transaction through open-banking APIs.
- The payment review stage identifies Domus Payment Solutions as the payee rather than the casino operator.
- Publicly available materials show that Token GmbH/Token.io operates as a regulated PISP/AISP provider serving European Pay-by-Bank infrastructure, including iGaming-related merchants.
- Domus Payment Solutions publicly promotes itself as a payment and wallet platform, while external compliance-focused sources associate the company with high-risk payment activity and historical regulatory concerns.
- From the player’s perspective, the transaction is economically a casino deposit but operationally resembles a transfer to a payment processor.
- From the banking side, the visible beneficiary may be the processor rather than the underlying gambling merchant, potentially weakening gambling-risk classification and transaction-monitoring controls.
- Since Pay-by-Bank transactions are account-to-account push payments, users generally do not benefit from traditional card-scheme chargeback protections.
Overview
This report examines the Winnita Pay-by-Bank payment chain:
| Step | Entity |
|---|---|
| 1 | Winnita |
| 2 | InstantBankPayment |
| 3 | Token GmbH / Token.io |
| 4 | Revolut |
| 5 | Domus Payment Solutions |
The available evidence suggests that while users initiate deposits for gambling purposes, the visible counterparties throughout the banking flow are primarily payment intermediaries rather than the actual offshore casino operator.
This type of structure creates significant transparency concerns because the ultimate merchant identity is effectively hidden from both the payer and, at least superficially, from the executing financial institution. Such opacity can complicate complaints, refund attempts, AML investigations, and forensic transaction tracing.
Payment Rail Structure
The observed payment journey begins inside the Winnita cashier before redirecting the user to checkout.instantbankpayment.com, a generic payment interface that provides little indication of the underlying gambling merchant.
The player is then redirected into a Revolut authentication and consent flow where Revolut requests authorization for Token GmbH, indicating that Token acts as the regulated third-party provider initiating the open-banking payment.
The subsequent payment-review screen reportedly identifies Domus Payment Solutions as the beneficiary while stating that Token.io is initiating the transaction. The practical result is a multi-layered payment architecture in which the player funds gambling activity, but the visible beneficiary remains a payment processor rather than the casino itself.
Condensed Rail Analysis
| Entity | Visible To Player | Apparent Function | Compliance Relevance |
|---|---|---|---|
| Winnita | Yes | Offshore casino / deposit source | Gambling intent originates here |
| InstantBankPayment | Yes | Generic payment gateway | Minimal branding reduces transparency |
| Token GmbH / Token.io | Yes | Regulated PISP/AISP | Critical compliance chokepoint |
| Revolut | Yes | Customer-facing bank | Executes push payment |
| Domus Payment Solutions | Yes | Processor / named beneficiary | May obscure true merchant identity |
| Underlying gambling operator | No | Ultimate economic beneficiary | Hidden from payment-facing flow |
Token GmbH and Token.io
The German entity Token GmbH, operating within the Token.io group structure, is publicly presented as a regulated open-banking provider delivering payment-initiation and account-information services across Europe and the UK.
Open Banking directories list Token GmbH and Token.io Ltd as regulated entities, while Token.io markets its infrastructure to PSPs, acquirers, gateways, and financial institutions involved in account-to-account payments.
The company also publicly identifies iGaming as one of its operational sectors. Within the Winnita rail, Token appears to function as the regulated payment-initiation layer connecting the payment gateway to Revolut. Although this does not make Token the gambling merchant itself, it positions the company at a critical compliance and risk-management point within the transaction chain.
Domus Payment Solutions

Domus Payment Solutions (Domuspay.io) reportedly appears as the named beneficiary within the Winnita payment-review flow instead of the casino operator itself.
Publicly available materials describe Domus as an international payments and wallet platform, while external compliance-oriented profiles associate the company with high-risk processing activity and historical regulatory questions related to Canadian MSB status.
Within the Winnita structure, Domus appears to act as the immediate payment-facing beneficiary visible to both the player and potentially the bank. This intermediary role is highly significant because it distances the payer from the actual gambling merchant and may obscure the true economic purpose of the transaction.
Compliance Concerns
Merchant Opacity
The central issue in the Winnita rail is the disappearance of the actual gambling merchant from the payment process.
Although the player clearly intends to fund gambling activity at an offshore casino, the banking flow identifies Domus Payment Solutions as the payee and Token GmbH as the initiating provider. The actual casino operator is not presented as the visible merchant.
This creates several potential compliance problems:
- users may not fully understand who receives their funds,
- banks may struggle to properly classify the transaction as gambling-related,
- audit trails become weaker because the economic beneficiary is obscured,
- merchant-risk controls may become less effective.
Consumer Protection Risks
For the user, the transaction functions as a casino deposit but operationally resembles a transfer to a payment intermediary.
That distinction is important because Pay-by-Bank systems typically do not include the chargeback protections associated with traditional card networks. Industry marketing materials for account-to-account payments frequently promote reduced chargeback exposure as a merchant advantage.
As a result, users may face a difficult situation:
- the actual gambling merchant is not clearly disclosed,
- complaint pathways become unclear,
- post-transaction recovery options are limited,
- bank records may only display “Domus Payment Solutions.”
This can significantly complicate efforts to dispute or investigate the transaction as a gambling payment.
AML and Transaction Monitoring
The use of processors as visible beneficiaries may also affect AML monitoring and sanctions screening.
When the bank-facing beneficiary is a processor rather than the gambling merchant itself, the transaction can appear operationally less risky than the underlying economic activity would justify. This may weaken merchant-risk assessment and downstream monitoring controls.
For regulated participants such as Token and Revolut, this raises questions regarding:
- downstream merchant visibility,
- ongoing due diligence,
- offshore gambling exposure,
- merchant classification accuracy,
- risk escalation procedures.
For Domus Payment Solutions, the concerns are even more direct because the company allegedly appears as the visible payee for transactions economically connected to offshore gambling activity.
Regulatory Chokepoints
The Winnita structure demonstrates that regulated financial entities remain embedded within offshore gambling payment rails.
- Revolut functions as the customer-facing bank.
- Token acts as the regulated PISP/AISP initiating the payment layer.
As a result, the payment rail is not outside regulatory reach simply because the gambling operator itself is offshore. The key compliance question becomes whether regulated participants sufficiently identify and manage downstream merchant risk, including:
- merchant transparency,
- gambling legality,
- jurisdictional exposure,
- onboarding standards,
- transaction monitoring,
- user-facing disclosure practices.
The observed Winnita flow suggests these issues may not be merely theoretical.
Similar Patterns in Other Payment Rails
The Winnita findings appear consistent with patterns identified in other offshore casino payment investigations where processors, rather than gambling operators, appear as visible beneficiaries in open-banking deposit flows.
A previous Scam-Or Project investigation involving the 1Go Casino payment rail documented another layered structure using InstantBankPayment and processor intermediation, including flows where Domus Payment Solutions appeared as the visible payee instead of the casino operator.
The recurrence of this structure strengthens the view that processor-level payee substitution may represent a systematic operational model rather than an isolated technical implementation issue.
Conclusions
The Winnita Pay-by-Bank structure appears to operate as a processor-mediated payment rail in which users initiate gambling deposits without seeing the true underlying merchant during the banking flow.
This lack of transparency creates substantial consumer-protection and compliance concerns, including:
- obscured merchant identity,
- reduced payment transparency,
- more difficult complaint and recovery procedures,
- weakened AML visibility,
- impaired transaction classification.
The most significant compliance issue is straightforward: when a processor such as Domus Payment Solutions appears as the visible beneficiary instead of the actual casino operator, both the payer and the executing bank may lose sight of the true economic counterparty.
In high-risk sectors such as offshore gambling, that type of opacity represents a serious regulatory and AML red flag.
Call for Information
Players, payment professionals, insiders, and counterparties with information regarding Winnita or comparable offshore casino payment structures are encouraged to submit documentation to Scam-Or Project Complaints.
Relevant evidence may include:
- payment confirmations,
- screenshots of deposit or withdrawal flows,
- bank statements,
- merchant descriptors,
- KYC or onboarding records,
- processor correspondence,
- support communications,
- payout documentation,
- records identifying the actual beneficiary receiving the funds.
