Main content
Search
Footer

Back to article

Scams, porn and illegal casinos: the dirty money of a French online payment giant

Appendices

The group Worldline gave us the following response:

Worldline is a payment service provider that assists merchants and institutions across numerous markets and industries, primarily in Europe. The payment industry is facing increasingly stringent requirements from regulators, schemes, banks, and other stakeholders. As a leading player, Worldline is continually elevating its standards and enhancing its framework for customer onboarding and monitoring.

Worldline regularly publicly communicates information, including about its High Brand Risk (HBR) merchants portfolio, that currently represents 1.5% of Worldline acquired volumes. We kindly refer you to past communications of the company.

HBR includes business that are viewed according to International Card Schemes rules as high-risk, such as online casinos, online dating services, or adult entertainment. By nature, these sectors exhibit elevated chargeback and refund ratios due to customer behaviors and business model structure.

It is important to note that regulations applicable to certain activities are not identical in all countries where the Group operates.

For instance, while online casinos are prohibited in France, they remain legal in most European countries.

Therefore, our activities cannot be observed uniformly across jurisdictions. Similarly, regulatory frameworks differ depending on the services offered by Worldline, which can range from acting as an acquirer to serving as a technical platform.

Over the recent years and, in particular since 2023, Worldline has reinforced its merchant risk framework and terminated merchants not aligned with this framework. We have been constantly enhancing our monitoring on the remaining part of the HBR portfolio. Those merchants are subject to reinforced risk framework and specific processes to ensure continued alignment with evolving regulation, international card schemes rules and our risk management objectives, and under the supervision of the relevant regulators.

Worldline prioritizes the robustness of its business practices. Our emphasis aims at upholding the highest levels of regulatory transparency, and resilience in our operations. As an indication, according to the latest international schemes reports, our fraud ratio is below the industry average.

As regards PAYONE GmbH, the German financial regulator BaFin initiated a formal supervisory action, specifically related to onboarding and monitoring practices in its high-risk online merchant portfolio. As a result, in 2023, PAYONE ceased transactions for identified merchants, leading to the termination of a number of relationships that were no longer aligned with regulatory expectations or updated internal standards. This measure was linked to audits that were already ongoing at the time, and which reflect the normal supervisory cycle applicable to licensed entities in the payments sector.

As a group, Worldline is committed to the best standards in terms of compliance and prevention of financial crime and has reinforced its resources in that respect. This commitment has been reaffirmed during the 2025 General Annual Assembly and leads to continuous reinforcement of supervision, in line with increasing regulatory requirements and in full cooperation with, and under the supervision of the relevant regulators.

As a listed company, Worldline may not communicate to third parties, including journalists, confidential information on a selective basis. In addition, Worldline may not comment on individual past or current customers’ situations.

The general comments set forth above must be read in conjunction with Worldline’s public communications and may not be used outside of such context.

PAYONE, the German subsidiary of Worldline, 40% owned by the German banking group DSV, gave us the following response:

As is customary in the payment industry, PAYONE GmbH is regularly subject to audits of diverse scope and nature by regulatory authorities as the company operates under a regulated license.

In Germany, in 2023, in connection with supervisory reviews, the financial supervisory authority (BaFin) required PAYONE GmbH to refrain from executing transactions on behalf of certain online merchants. This decision was linked primarily to concerns around onboarding practices and ongoing monitoring procedures within specific segments of the e-commerce portfolio. As a result, PAYONE GmbH took prompt action to terminate selected business relationships with both partners and merchants operating in Germany. This measure was linked to audits that were already ongoing at the time, and which reflect the normal supervisory cycle applicable to licensed entities in the payments sector.

To take into account the findings, PAYONE GmbH immediately initiated enhancements to its risk framework, governance structure, and control environment, supported by a comprehensive action plan.

Worldline Group and the DSV Group, as shareholders, are actively supporting PAYONE GmbH in the implementation and supervision of these remediation measures.

Following the conclusion of this audit, PAYONE GmbH has been implementing a range of corrective actions, including mechanisms designed to prevent future transactions with similar customer profiles that may pose elevated compliance risks, in line with increasing regulatory requirements and in full cooperation with, and under the supervision of, the regulator.

As a general remark, please note that we do not have the ability to comment on individual customer situations.

Thierry Breton, operational head of the Atos group and chairman of the board of Worldline (then under the control of Atos) from 2014 to 2019, gave us the following reply:

1. Worldline has been listed on the stock exchange since June 2014 on Euronext Paris, under the ISIN code FR0011981968 and the mnemonic WLN. This flotation marked the separation of Worldline from its parent company Atos, making Worldline an independent body specialising in electronic payment services.

2. When a branch becomes a listed company, even if it is still mostly owned by the parent company, its legal and operational independence becomes a lawful duty. This independence is framed by several key rules and legal texts.

3. As a reminder, below is the legal framework for the independence of listed branches:

1) Rule of legal independence:
The branch keeps its own legal being (art. L233-1 of the Code de commerce). As such it must:
a) Make all its management choices (customer dealings, trade and working strategies) on its own at chief level, without meddling from the parent company;
b) Hold its own estate and bear its own tax duty;
c) Avoid all confusion, whether in estate or choices - strategic or otherwise - with the parent company.

2) Additional obligations for listed companies: Their standing (AMF code) calls for:
a) Full following of the rulebook for listed companies (fair treatment of all shareholders, independent board members, full freedom in trade and working choices);
b) Drawing up its own accounts;
c) Guarding against clashes of interest through tighter compliance steps.

These, then, are the grounds on which I sent my first message in reply to your first query. Having read your message, I now stand fully by what I said in mine, all the more so as regards yours:

Without being able to check its content, truthfulness or size, I have never had any knowledge at all of the matters you set out.
The board of directors, between 2014 and the end of 2019, was never told of them at any point.
This can be clearly confirmed by the firm that holds the full records of all board meetings at Worldline.
Further confirmation can also be sought from the independent board members who have sat on Worldline’s board since 2014.

This is why I again give you my initial piece of advice: turn to the general management of Worldline for your questions, as once again, I have no knowledge or information of any sort on these matters.

Emerchentpay gave us the following statement after the initial publication of the investigation:

We are aware of recent media allegations relating to the processing of transactions for online merchants, to which emerchantpay Ltd has been linked, and which we believe fundamentally misrepresent the facts. We take such matters extremely seriously. We have initiated an internal review to understand the full context of the claims to ensure we respond appropriately.

To date, we have not been contacted by any regulatory authority regarding any investigation or finding that would support the claims in the article. Should that occur, we remain fully cooperative and transparent.

Emerchantpay Ltd is a fully licensed and regulated Electronic Money Institution (EMI), authorized by the UK Financial Conduct Authority (FCA). We have always operated – and continue to operate - in full compliance with all applicable laws, including Anti-Money Laundering (AML) and Counter-Financing of Terrorism (CFT) regulations. Periodic audits and reviews performed on emerchantpay Ltd. by the card schemes and independent external auditors over the past few years support that statement.

Back to article

Support a 100% independent newspaper

And get informed with confidence thanks to a writing free of all pressures

Mediapart is an independent news daily launched in 2008, read by more than 200,000 subscribers. It has established itself through its scoops, investigations, reports and analyzes of the news which have an impact, help to think and act.
To guarantee the freedom of our editorial staff, without compromise or renunciation, we have done the choice of radical independence. Mediapart receives no aid from either public authorities or private sponsors, and only lives on the support of its readers.
To support us, subscribe from € 1.

Managing cookies

We use cookies on our website, and similar technology on our mobile apps, which allow us to collect data about your device and usage of the site. Some of these are strictly necessary for the proper functioning of our services and cannot be switched off.

Others are optional, and their collection of your data can be either authorised or refused by you. Please note that these both enhance your experience as a reader of our website and contribute to its performance, and that Mediapart does not sell any data about its website users to third parties.

Do you consent to Mediapart’s use of cookies or similar technology in order to enhance the services it provides ?

The cookies and similar technologies we use on Mediapart are of different natures and allow us to pursue different purposes.

Some are necessary for the functioning of the site and the mobile application (you cannot refuse them). Others are optional but help to facilitate your experience as a reader and in some way support Mediapart. You can refuse or accept them below, depending on their purpose.

Do you agree that Mediapart uses cookies or similar technologies for the following purposes ?

You can make your choice, for each category, by enabling or disabling the switch button.

Mandatory for the operation
of the site or application

Subscriber login, anonymized audience measurement, sending of push notifications, tracking of failures, highlighting of our services these tools are necessary to track the activity of our services and their proper functioning.

Here are the various cookies and similar technologies included in this category :

Authentication cookies : subscriber login.
AT Internet : anonymized audience measurement
Display of multimedia editorial content : videos (YouTube, Dailymotion, Vimeo, INA), social networks (Facebook, Instagram, Pinterest, Twitter), documents (Scribd, Document Cloud, Slideshare), sounds (SoundCloud, Spotify, Deezer), maps (Google Maps, Mapbox, CartoDB, uMap), infographics (Highcharts, GitHub, Datawrapper, Flourish, Infogram, ThingLink, jQuery, Google Fonts, Bootstrap), live blogs (24liveblog, CoverItLive), media integration support in Journal and Club publications (Embedly).
Typeform : optional questionnaires to collect readers opinions on our digital products.
Datadog (only on the website) : technical indicators and load balancing.
Selligent (only on the website) : communication with the subscriber, highlighting of services, offers and benefits.
Batch (only on the app) : sending push notifications and in-app messages.
Firebase Cloud Messaging (only on app) : required for push notifications to work on Android.
Microsoft App Center (only on app) : app update and failure tracking system.

Statistics

These tools allow us to collect statistics on site and mobile application traffic to understand usage, detect possible problems and optimize the ergonomics of our products.

Advertising retargeting

There is no advertising on Mediapart. But we do promote our content and services on other sites and social networks. For this, we use technologies made available by some advertising companies.

Content Access Management

We use the Qiota service from Opper Marketing Suite to configure the activation of a datawall on certain content (available only on the website). This system, intended for non-subscribed users, requires the input of an email address to access the relevant content. By providing this information, the user consents to its collection, storage, and use for statistical purposes. In accordance with the applicable regulations, users have the right to access, rectify, and delete their data, which they can exercise by contacting dpo@opper.io.