At Aldi, REWE or Karstadt: Almost everybody in Germany has likely encountered PAYONE. All the customer has to do is hold her card to a reader, sometimes the company’s logo pops up, and then, in the background, PAYONE makes sure that the money gets to where it is supposed to go.
The company itself says that it has 277,000 customers and takes care of more than 5 billion transactions each year. The Deutsche Sparkassenverlag, which provides services to Germany’s network of savings banks (Sparkassen), owns 40 percent of PAYONE – as clear an indication of integrity and reliability as it is possible to have in the world of German finance. One might think.
"Dirty Payments" is a reporting project involving DER SPIEGEL and 20 international media outlets, coordinated by the consortiumEuropean Investigative Collaborations(EIC). The project is based on documents received by EIC and DER SPIEGEL and shared with the other partners.
The stories published on the basis of those documents offer deep insight in the dubious practices of a European financial giant. The publicly traded French company Worldline and its German subsidiary PAYONE have processed payments worth billions of euros since 2014 that have benefited unsavory porn and dating sites, prostitution, online casinos and suspected money laundering.
"Dirty Payments" shines a light on the structural weaknesses of the financial sector. The reporting shows who stands behind the well-known scams and who their victims are.
But there is another, darker chapter that PAYONE isn’t particularly fond of talking about. One centered on so-called high-risk customers – merchants in the less pristine corners of the internet, such as operators of dating and porn sites who are suspected of having swindled people out of their money using underhanded tricks. Internal documents indicate that for a time, PAYONE processed payments for such dubious providers worth a total sum in the three-figure millions.
A joint research project involving DER SPIEGEL and 20 additional international media outlets, coordinated by the reporting consortium European Investigative Collaborations (EIC), now provides a deep look into the world of payment service providers and their colorful palette of partners. The "Dirty Payments” project makes clear that PAYONE failed to carefully vet its dubious clients in violation of legal requirements.
The greed of those behind the company was apparently too great, and sympathy with the victims too limited. Customers of dating platforms in the PAYONE portfolio would repeatedly notice payments that they couldn’t explain. If they didn’t pay, the merchants would send out the collection agencies. But for a long time, PAYONE simply turned a blind eye to such practices, presumably because they could charge such shady platforms significantly higher commissions than they could earn through transactions at the supermarket checkout desk.
Exactly five years have now passed since the spectacular implosion of Wirecard. The billions of euros that vanished, combined with the fact that former Wirecard executive Jan Marsalek was a Russian spy, tends to overshadow the fact that the company had many sordid clients and wasn’t particularly vigilant when it came to money laundering. The Dirty Payments project indicates that some of the merchants that propelled the Munich-based company to success later moved on – from Wirecard to PAYONE.
What did the Sparkassenverlag know about these distasteful deals? And who are the unsavory clients in question?
The businessman Ruben Weigand hit the headlines five years ago when he was arrested at the Los Angeles airport. U.S. investigators branded the German an "architect” of an elaborate fraud scheme involving a marijuana delivery platform. Because many banks in the U.S. wanted nothing to do with weed, the deals were disguised as pet food and cosmetic deliveries. Weigand denied the accusations – yet he was convicted in June 2021 of conspiracy to commit bank fraud and sentenced to 15 months behind bars.
The case attracted a lot of attention in Germany and the Federal Financial Supervisory Authority (BaFin) began taking a closer look at Weigand’s activities. The trail led to PAYONE. As would become clear, Weigand had referred hundreds of operators of porn and dating sites to the payment service provider.
Weigand, now 43, had excellent contacts in the sex industry. Photos can be found online showing him at porn industry events. In one of them, he can be seen in a leather jacket and scarf, a friendly expression on his face, posing next to a scantily clad woman.
In 2015, Weigand began working with PAYONE on a commission basis. BaFin wanted to know more about their cooperation and hired the auditing firm Mazars to take a closer look. In a 2021 report, a draft of which has been obtained by DER SPIEGEL and its partners, Mazars offers details of the relationship, including the fact that Weigand’s consulting firm referred 311 merchants to PAYONE that were based in Cyprus and in the United Kingdom.
In 2019 alone, the transactions from those merchants totaled more than 50 million euros. Weigand’s clients secured the majority of the profits for PAYONE's high-risk business.
After Weigand was arrested in the U.S., a new company based in Montabaur, a town in the German state of Rhineland-Palatinate, took over the businessman’s client portfolio. The owner of this company was his younger brother, who had earlier worked for Weigand’s consulting company. It is suspected that he was merely acting as a front man.
When reached for comment, Weigand tells the story rather differently. Via his lawyers, he says that PAYONE had transferred the portfolio to his brother’s company due to "potential reputational risks.” An investigation performed at the time, Weigand claims, revealed that there were "no irregularities” at the merchants. PAYONE opted not to comment on the issue when reached.
The question is just how thoroughly PAYONE vetted Weigand’s merchants. The auditors from Mazars did learn that a "risk assessment” had been performed. But a comprehensive examination, "especially from a money laundering perspective,” did not take place, according to Mazars. Despite the fact that payment processors like PAYONE are obliged to proceed with particular caution when it comes to high-risk clients.
After follow-up queries from BaFin, the company made further investigations. According to the auditor report compiled by Mazars, they found that numerous websites showed "demonstrable daily multiple use of a card” – a strong indication that somebody had been wrongfully using the cards. Also of concern: Technical data indicated that some internet sites hadn’t even been visited. "However, transactions for these very websites or merchants were recorded by PAYONE." What, then, were the payments for? The report provides no answer to that question.
On the whole, the auditors found that PAYONE’s handling of the Weigand portfolio had not been "fully sufficient and appropriate.”
Ruben Weigand says that all services provided were "standard market practice.” He says he had no indication that "systematic criminal transactions” had been processed on behalf of the merchants he had referred to PAYONE.
But there are additional indications of compliance problems. Commerzbank, where PAYONE had several accounts, took a closer look at PAYONE’s high-risk business dealings following Weigand’s arrest and came to rather devastating conclusions in 2021.
According to internal bank information, only one or two PAYONE employees were responsible for monitoring potential money laundering despite the company taking care of payment processing for hundreds of high-risk clients. The bank identified several "red flags” indicating that PAYONE was not adequately vetting and monitoring these clients.
Specifically, Commerzbank examined two Cyprus-based companies which, the bank noted, were part of a network "related to a scam.” According to the bank’s findings, customers had to enter their credit card details to receive access, but that data was then used "to charge high fees for a service the customer did not intend to sign up for.”
According to reporting by DER SPIEGEL and its partners, these companies operated porn websites and belonged to the network of Ray Akhavan, who had been convicted in the U.S. together with Ruben Weigand. When contacted, Weigand confirmed that he had referred these clients to PAYONE. In his view, he says, the clients had demonstrated "any irregularities," according to the guidelines.
At the time, Ray Akhavan ran a franchise system that included thousands of sex sites, earning him the industry moniker "porn baron.” Many of the companies in his group had also worked together with Wirecard. Jan Marsalek would even send him affectionate messages ("Hey my love”). Akhavan occasionally dropped by Wirecard headquarters in Munich to pick up six-figure sums in cash.
Originally from Iran, Akhavan had frequent run-ins with the law, including illegal possession of weapons and drugs. During one search of his home, police found a pistol in his bedroom. Akhavan died of a drug overdose in fall 2024.
PAYONE CEO Niklaus Santschi long played down the problems. In April 2021, he insisted to colleagues that all merchants referred by Ruben Weigand had been vetted. "We are still convinced that the portfolio is clean from a compliance perspective.” Just a few days later, PAYONE parted ways with all of the merchants that Weigand and his brother had brought in.
Businessman Ray Akhavan ran a franchise system that operated thousands of sex sites.
The story of PAYONE got started in the northern German city of Kiel more than 20 years ago. Two young entrepreneurs founded the service provider and managed within just a few years to establish themselves in the payment processing market.
In late 2014, the two achieved the dream of many in the startup scene: The Sparkassenverlag bought an 80-percent stake in the company. It was a move that attracted attention in the financial world, with business publications seeing it as a challenge to PayPal, the leading payment service provider that had already become a key player in online commerce by then.
PAYONE’s involvement with questionable clients apparently accelerated after the Sparkassenverlag became involved. Revenues in the segment that included the high-risk clients grew by 60 percent in 2019. The small team involved, which accounted for just under 2 percent of the company’s total personnel, generated an impressive 13.6 percent of the gross margin in the so-called card acceptance business.
But the Sparkasse subsidiary had a hard time on its own in the rough-and-tumble market. Following several fusions, the French financial firm Worldline became the company’s largest shareholder in March 2021, with a 60 percent stake to Sparkasse’s 40 percent. The headquarters of PAYONE moved to Germany’s financial center of Frankfurt.
PAYONE headquarters in Frankfurt.
[M] DER SPIEGEL; Foto: Ben Kilb / DER SPIEGEL
The new joint venture was established at a sensitive time. BaFin had just begun its investigations. And PAYONE had a portfolio of hundreds of high-risk clients. In many cases, that high-risk trail led to an American with a past in Hollywood.
Andrew Garroni is an old master of the horror film genre. In 1980, he produced the cult movie "Maniac,” in which a serial killer murdered a whole series of young women, whom he would then strip and scalp.
Last year, theNew York Timesreported extensively on a Garroni family wedding in the exclusive Mulholland Tennis Club in Los Angeles. Photos show the film producer, a portly man with a bald head and sunglasses, escorting his daughter down the aisle.
Less well-known are Garroni’s dubious business dealings on the internet. In 2006, the Federal Trade Commission in the U.S. filed a complaint against him and his business partners. The complaint alleged that they had operated a film platform for which customers had to download a software program.
Doing so, however, installed a program that would open a pop-up window telling customers that they had registered for a "free trial period” that had now expired. They had to pay up to $99 to get rid of the warning. As part of an ultimate settlement, Garroni and his business partners had to pay damages of $500,000.
Elements of Garroni’s company network processed payments with German assistance. Emails and client lists from Wirecard indicate that the Munich-based company was deeply involved in the film producer’s business dealings. Companies in several European countries that apparently belonged to him operated porn sites and dating platforms, like pocketsfulofyourlove.com, which are no longer available online.
Even at Wirecard, there were suspicions that Garroni wasn’t entirely upstanding. Problems with payments would repeatedly crop up, to the point that the termination of his contracts was under consideration. But before a decision could be made, it seems, Wirecard went bankrupt.
Now, internal documents from Worldline and investigation results from Commerzbank suggest that PAYONE also worked together with companies from Garroni’s network. In many cases, they were the same merchants that Wirecard had also attributed to him.
Following Wirecard's insolvency, PAYONE apparently took even more companies onboard. According to internal data, PAYONE had business ties with around 80 merchants marked with "iMerchant/Eureka,” an apparent reference to the companies iMerchant International and Eureka Multimedia Group, which can be linked to Garroni.
An internal 2023 document from Worldline, PAYONE’s majority stakeholder, provides a rare look at the secrets of the payment industry. In it, Garroni’s group of companies is described as on of eight "master merchants” that Worldline works with.
According to reporting by DER SPIEGEL and its partners, however, these are clandestine networks that operate up to a thousand websites and are involved in dubious online business practices. They frequently entice customers into expensive subscriptions that are difficult to get out of. Some of these networks focus on dating and porn while others operate purported giveaways and contests.
Worldline was intent on keeping details about the "master merchants” secret. The 2023 document indicates that employees were even trained "to not disclose such type of setups in any external (schemes, audits etc.) communication since they do not legally exist and WL should not have any knowledge of them." The company declined to comment on the issue.
Worldline headquarters n Paris.
[M] Lynne Brouwer / NRC; Foto: Worldline
An internal Worldline investigation concluded in 2023 that something wasn’t right with the Garroni portfolio. Several dating sites were found to include fake profiles and exhibited large numbers of fraudulent transactions and chargebacks, made in cases of disputed credit card transactions. The investigators recommended that cooperation with the companies – one of which was apparently also a PAYONE client – be terminated.
DER SPIEGEL and its partners tried to establish contact with Andrew Garroni with no success. As part of that effort, a reporter with the U.S. investigative portal Drop Site News visited the offices of Garroni’s company Eureka Multimedia Group in Los Angeles a few weeks ago. A young man opened the door but refused even to provide the reporter an email address. Rather strange behavior for an online marketing agency.
As the problems with the high-risk clients continued to mount, the owners of PAYONE replaced the CEO, and in April 2023, experienced Sparkasse executive Ottmar Bloching became the new head of the company. He had already spent several years as a member of the supervisory board. It seems questionable whether he was the right person to credibly distance himself from the business dealings of the high-risk segment.
PAYONE CEO Ottmar Bloching: Attended a meeting about the problematic clients.
[M] DER SPIEGEL; Foto: picture alliance
As he took over control, he was described internally as the "godfather” of the joint venture between Worldline and the Sparkassen. Employees didn’t just learn that Bloching enjoys cooking and gardening, but also that he is "obsessed about business and win:win.”
He had been informed about the problems with the company’s list of dubious clients. They were on the agenda of a meeting of PAYONE’s risk committee in April 2022 that Bloching attended as a Sparkasse representative.
The BaFin investigation was addressed during that meeting, with an employee reporting that partner banks had blocked payments to clients located, for example, in Cyprus. PAYONE revenues in the two-figure millions were in danger.
According to minutes from the meeting, Bloching asked whether the merchants in question had other alternatives. A colleague apparently answered that they usually worked together with several payment service providers.
Was Bloching perhaps concerned that PAYONE might lose lucrative clients? There is, in any case, no indication in the meeting minutes that he advocated for parting ways with these clients.
In September 2023, the public learned of the disaster with the dubious clients. BaFin published a statement saying it had become aware of "serious deficits” at PAYONE "in compliance with and implementing the required enhanced due diligence obligations under the Money Laundering Act.” The websites of some merchants, the statement noted, were "associated with fraudulent subscriptions, phishing and fake online shops, among other things.” PAYONE was prohibited from processing transactions from certain high-risk clients.
When contacted, PAYONE said that it has since implemented "a range of corrective actions,” including a mechanism to prevent future business dealings with risky clients. This was done "in line with increasing regulatory requirements and in full cooperation with, and under the supervision of, the regulator."
DER SPIEGEL and its partners are in possession of the names of hundreds of companies that PAYONE has had to part ways with, apparently due to pressure from BaFin. Among them were dozens of merchants from the Garroni portfolio. Worldline has also cut ties with the companies. When reached for comment, the company said it had terminated risky merchants who did not comply with the company’s new regulations.
In February 2024, the company informed its investors of the financial consequences of the measures it had implemented. Revenues of up to 130 million euros could be lost, with 40 million euros of that total in Germany.
But have all of the dubious clients really disappeared?
According to the documents, PAYONE terminated relations with several companies based in Switzerland that operate dubious dating and cheating platforms. The companies also previously worked together with Wirecard. One of the companies is called Paidwings AG and runs platforms like Fickbook.de and Singletreffen.vip.
Internal documents indicate that their transactions continue to be processed by a different Worldline subsidiary – something like a sister company of PAYONE. It looks a lot like at least this skeleton has been kept in the family closet.
