Anonymous “No-Site” Payment Hops in Offshore Gambling — Scam-Or Project Compliance Briefing
Executive Summary
A growing cohort of offshore casinos is steering both fiat and crypto deposits through anonymous, website-less “payment hops” that conceal the merchant of record, neutralize geo-blocks, and facilitate transaction laundering. Test flows (e.g., CoinCasino) and traffic intelligence (e.g., Freshbet) indicate recurring reuse of identical domains across unrelated brands and operator groups.
Mechanics of the Routing Layer
Instead of visible gateways, operators employ operational endpoints with no public pages or corporate disclosures. In practice, these endpoints:
-
Obscure the accepting merchant behind a proxy layer;
-
Circumvent network/territorial controls imposed by acquirers and card schemes;
-
Allow funding from restricted or high-risk markets via cards, wallets (incl. Google Pay), and crypto.
Functionally, these domains behave like shadow PSP portals: they suppress merchant identity, can misrepresent MCCs, and hand off card/wallet traffic to offshore gambling operators. The result is a classic transaction-laundering pattern that defeats card-scheme transparency rules and weakens AML/CFT controls (opaque UBOs, shallow CDD/SOF).
Compliance Exposure
Card-Scheme / Banking Infractions
Visa and Mastercard require accurate merchant identification and prohibit proxying or disguising MCCs. Anonymous hops enable masked gambling payments often involving merchants rejected by processors.
AML/CTF Gaps
Missing or unverifiable ownership data, weak customer due diligence, absent source-of-funds checks, and poor sanctions screening contradict core AML statutes.
Transaction Laundering
Processing for an undisclosed/prohibited gambling merchant via a front domain renders screening and monitoring ineffective by design.
Regulatory Posture
Supervisors and FIUs have repeatedly warned—or acted—against operators and PSPs facilitating these flows, particularly in high-risk gambling.
Market Signal
The same routing domains repeatedly surface in traffic logs, payment traces, and redirect chains—evidence that offshore sites (CoinCasino, Freshbet, MyStake, GoldenBet) are courting users in regulated jurisdictions (EU/US) without local authorization.
Recent Observations
-
CoinCasino – Deposits observed via pay.channeltopay.com → checkout.agpayer.com → Google Pay; the site markets both cards/wallets and crypto. (Source: CoinCasino.)
-
Freshbet (Ryker B.V.; payment agent RYKER DEVELOPMENT LIMITED, Cyprus) – Terms name Ryker B.V. and the Cyprus agent; traffic analysis shows checkout.agpayer.com as the primary outbound transactional target. (Source: m.freshbet.com.)
-
Santeda group (MyStake, GoldenBet) – Terms/PDFs indicate SANTEDA INTERNATIONAL B.V. (Curaçao) and SANTEDA INTERNATIONAL LIMITED (Cyprus) as the payment agent.
Routing Infrastructure (v1)
| Domain | Function in the Chain | Example Brands | Known Operator / Agent | Notes / Jurisdictions |
|---|---|---|---|---|
|
agpayer.com |
Central routing / checkout hub |
CoinCasino; Freshbet; MyStake; GoldenBet |
Freshbet: Ryker B.V. / RYKER DEVELOPMENT LTD (CY); Santeda group for MyStake/GoldenBet (CY agent) |
Recurrent Google Pay / card flows; front end at checkout.agpayer.com; also seen with m.freshbet.com variants. |
|
checkout.agpayer.com |
Final checkout (incl. Google Pay) |
Freshbet; MyStake; GoldenBet |
As above |
Dominant Freshbet outbound per Scam-Or Project traffic logs. |
|
pay.channeltopay.com |
API/gateway hop |
CoinCasino |
Unclear; previously tied to high-risk processing in Scam-Or Project coverage |
No public site; reused across multiple offshore brands. |
|
rapidob.com |
Anonymous backend/router |
CoinCasino; MyStake (observed) |
Unknown |
Ownership opaque; further material requested. |
Scam-Or Project will continue to curate and expand this reference for banks, PSPs, card networks, regulators, and investigators.
What Stakeholders Should Do
PSPs & Acquirers
Require, and verify before permitting flow:
-
Merchant-of-record attestations;
-
Descriptor and MCC mappings;
-
UBO files + CDD/SOF evidence + sanctions screening;
-
Valid gaming licenses for all targeted user geos.
Operators & Agents
(e.g., Ryker B.V.; SANTEDA INTERNATIONAL B.V.; Cyprus payment agents)
Provide fresh registry extracts (incl. UBO/PSC), processing agreements, and proof of local authorization in every market where customers are solicited or accepted. Freshbet’s Curaçao/Cyprus structure is acknowledged in its terms; documentary support is requested.
Compliance Teams
-
Add the above domains to alert/block lists;
-
Strengthen geo-fencing and SOF triggers;
-
Escalate any card/Google Pay funnels that rely on anonymous hops.
Conclusion
Anonymous, no-site routing domains are now a systemic conduit for online-gambling financial crime risk. They undercut card-scheme rules, AML/CTF safeguards, and consumer protections across the EU and US. Scam-Or Project maintains a living dataset to promote transparency and coordinated enforcement.
Contribute Evidence
We welcome redacted submissions such as: onboarding packs (MIDs, MCCs, acquirer IDs), gateway logs tying casino deposits to the listed domains, descriptor-rotation records, settlement/chargeback statements, and header-only correspondence among processors and agents.
