Revolut Rail Atlas Interim Report: Tracing the Regulated Open Banking Backbone Behind Offshore Casino Payments
Overview
The ongoing Rail Atlas investigation by Scam-Or Project has uncovered a consistent structural pattern underlying offshore casino payment flows aimed at EU users. Instead of direct processing, transactions are routed through anonymous gateway layers before reaching regulated Open Banking providers such as Yapily, Perspecteev (within the SaltEdge ecosystem), and more recently Powens. These providers then initiate payments to banking endpoints, including Revolut.
This interim report shifts attention away from casino brands and toward the licensed financial infrastructure executing these payments—raising critical concerns around transparency, merchant verification, and AML compliance.
Key Findings
- Multiple offshore casinos analyzed by Scam-Or Project demonstrate a multi-layered payment architecture.
- Anonymous gateway domains such as Pagagate, Urbenics, and Supergateway act as entry and routing points.
- A second orchestration layer includes Impaya, Aceiro, PayOp, and Paysolo/Pellopay.
- The final execution consistently relies on regulated Open Banking providers:
- Yapily (UK/LT regulated AISP/PISP)
- Perspecteev / SaltEdge ecosystem (Lithuania-linked infrastructure)
- Powens (France-based ACPR-regulated institution, CIB 16948)
- These providers initiate payments toward endpoints such as Revolut (oba.revolut.com).
- The structure reflects a systematic routing model, not isolated incidents.
- This setup introduces a potential AML and transparency gap, where banks may process transactions without full knowledge of the originating merchant.
Executive Summary
The Rail Atlas investigation has reached a pivotal stage. Across various cases—including GoldenBet, Paysolo/Pellopay, Impaya/Aceiro routing layers, and Luckzie—a recurring pattern has emerged:
- Offshore casinos do not process payments directly.
- Instead, they rely on a layered ecosystem, ultimately dependent on regulated Open Banking providers.
This report identifies Yapily, Perspecteev, and Powens as key bottlenecks within the Revolut-linked payment ecosystem. While upstream layers remain fragmented and opaque, the downstream Open Banking layer is licensed and subject to regulatory oversight.
The Standard Rail Atlas Model
Based on transaction simulations and whistleblower submissions, Scam-Or Project outlines the following canonical flow:
↓
Anonymous Gateway Layer
(Pagagate / Urbenics / Supergateway)
↓
Routing / Orchestration Layer
(Impaya / Aceiro / PayOp / Paysolo / Pellopay)
↓
Regulated Open Banking Provider
(Yapily / Perspecteev / Powens)
↓
Bank Endpoint
(Revolut / EU Bank)
This structure demonstrates how offshore-origin transactions are transformed into seemingly legitimate Open Banking payment requests.
The Regulated Layer: Key Entities
Yapily
A well-established Open Banking provider offering payment initiation and account access services across Europe.
Observed in:
- Paysolo / Pellopay routing flows
- Bilderlings-linked Open Banking transactions (e.g., GoldenBet)
Role:
- Payment Initiation Service Provider (PISP), enabling bank authentication and connections
Key Question:
- What level of merchant visibility does Yapily have during payment initiation?
Perspecteev / SaltEdge Ecosystem
Operating within the SaltEdge Open Banking infrastructure, Perspecteev has been repeatedly identified in casino-related payment flows.
Role:
- Payment aggregation and initiation
Observation:
- Its recurring presence in high-risk stacks suggests structured integration within gateway systems
Key Question:
- How does the SaltEdge ecosystem identify and filter high-risk merchant activity?
Powens (Newly Identified)
Powens is a French payment institution regulated by the ACPR under registration number CIB 16948, offering Open Banking and Open Finance services.
Services include:
- Payment initiation
- Account aggregation
- Financial data access
Observed flow:
- Luckzie → Supergateway → PayOp → Powens → Revolut
Significance:
- Represents the first major Western European regulated institution identified in this infrastructure
Key Question:
- Is Powens aware of its role in facilitating casino deposit flows targeting EU users?
The Unregulated / Grey Infrastructure Layer
| Layer | Entities | Characteristics |
|---|---|---|
| Anonymous Gateways | Pagagate, Urbenics, Supergateway | Low transparency, uniform UI, routing functions |
| Routing / Orchestration | Impaya, Aceiro, PayOp, Paysolo/Pellopay | Dynamic routing, fragmented supervision |
Key Insight
- The unregulated layer conceals transaction origin
- The regulated layer executes the payment
This separation is fundamental to understanding the associated compliance risks.
Regulatory and Compliance Implications
1. PSD2 / Open Banking Transparency Gap
Although Open Banking payments are user-authorized, they often lack full merchant visibility.
Risk:
Banks may approve transactions based solely on authentication, without knowing they originate from offshore casinos.
2. AML / Transaction Monitoring Challenges
Transactions may appear under intermediary entities such as:
- PayOp / Transferop
- Powens payment requests
- Other routing entities
Potential consequence:
- Transaction laundering via Open Banking infrastructure
3. Gambling Regulation Conflicts
Countries such as Germany and the Netherlands impose strict controls on:
- Unlicensed gambling operators
- Payment processing for such operators
Key issue:
Accountability Framework
A. Open Banking Providers (Yapily, Powens, Perspecteev)
- Merchant due diligence
- Use-case limitations (e.g., gambling)
- Transaction monitoring and AML controls
B. Banking Layer (e.g., Revolut)
- Visibility into upstream transaction sources
- Risk classification of Open Banking payments
- Detection of repeated high-risk patterns
C. Regulators
- ACPR (France – oversight of Powens)
- Bank of Lithuania (Yapily, Perspecteev ecosystem links)
- FCA (UK, where applicable)
Key Questions
To Open Banking Providers
- Do you have access to the identity of the original merchant (casino operator)?
- How are gambling-related transactions monitored or restricted?
- What AML safeguards apply to payment requests initiated via third-party gateways?
To Revolut and Other Banks
- What merchant data is visible at the moment of payment authorization?
- Are Open Banking transactions categorized by risk level?
- Are repeated patterns from specific providers flagged and analyzed?
Conclusion
The interim findings from Scam-Or Project indicate that offshore casino payments are neither random nor isolated. Instead, they rely on a structured, multi-layered infrastructure, culminating in regulated Open Banking providers.
The critical shift in focus is clear:
- The issue is no longer solely about offshore casinos
- It is about the licensed financial systems enabling their payment flows
This raises fundamental regulatory concerns regarding transparency, due diligence, and accountability within Open Banking ecosystems handling high-risk transactions.
Whistleblower Call
Scam-Or Project encourages insiders, compliance professionals, payment experts, and affected users to share confidential information via the Scam-Or Project Complaints.
We are particularly interested in:
- Merchant onboarding documentation
- Open Banking integration logs
- Payment routing configurations
- AML alerts and internal risk assessments
- Additional payment flows involving Yapily, Powens, or Perspecteev
