The backbone of cybercrime and scams are payment processors that accept the operators of illegal and/or fraudulent business models as merchants. And process the illegal money flows. Without them knowingly and willingly facilitating scams they wouldn’t be possible in the first place. For example, Pradexx, a company with an Estonian crypto license, which we discovered as a PSP in a series of broker scams. Most recently with iTradeFX. In this case, Pradexx allegedly connects to the scams through Coriunder, an Israeli payment gateway operator based in Cyprus. This configuration of regulated PSPs and API-connecting unregulated PayTechs has become standard and is a good way to hide. We’d like to know more about Coriunder.
The regulatory question
In our definition, both – the gateway operators and the PSPs – are payment processors in their respective capacity and, as such subject to EU payment regulations. However, the PayTechs (especially the Cyprus ones) try to argue away the need for regulation by referring to their “purely technical” function. Indeed, the merchant agreement is concluded between the PSP and the merchant, with the gateway provider as the connecting and enabling element in between.
The onboarding of new merchants takes place completely transparently via gateway providers such as Coriunder, and they also have access to the ongoing payment data streams. In many cases, gateway providers also refer PSPs and receive a commission for this. In any case, the gateway providers know the merchants’ identity and must perform appropriate KYC and AML at the transaction level. It should be possible to detect scams in the process.
Another Israli payment provider in Cyprus
With the slogan “One Gateway to rule them all,” Coriunder has borrowed from Lord of the Rings. For us, Coriunder stands in a row with BridgerPay or Praxis Cashier, which are unregulated PayTechs between the merchants and the PSPs.
The payment gateway provider (“backend-as-a-service”) Coriunder is operated by Coriunder Limited (OpenCorporate), which is registered in Israel under the number HE353958. The founder and CEO is the Israeli Eliad Saporta (LinkedIn) in Israel, where the actual operations should be. As with BridgerPay and Praxis Cashier, Cyprus, just under an hour’s flight from Israel, is the official location. All other employees linked to Coriunder on LinkedIn also state Israel as their location. But Israel is not in the EU, right?
We would like to know more about Coriunder, Eliad Saporta and his team. Especially in light of the fact that Coriunder acts as a gateway provider for scam-facilitating PSPs. If you have any information or experience we would be grateful if you could share it with us.