torq@torqmrr
A Payment processor helped a QR parking scam steal millions.
And the parking scam was just one tentacle.
Behind it sat a machine.
Started in 2016 as a company called Linkmedia.
Grew into 300 companies and nearly 3,000 websites.
Run out of Dubai.
Fronted by 100+ shell companies registered to random houses in the UK.
Everything was dressed up to seem like streaming sites, and normal harmless offers etc.
But really this fraud ring was running MRR in the back end.
The same model as most of you.
Recurring billing, big portfolio of MIDs.
The difference?
Their front end was EXTREMELY ILLEGAL which made everything else also extremely illegal.
But, it was kind of elegant.
Instead of buying traffic, they stole it.
Fake QR codes slapped over public parking meters.
Free traffic, zero acquisition cost.
You scan to pay for parking, land on a 1:1 clone checkout...
And then type your card in yourself.
Card Details stored.
Passed to the processor.
Drained with MRR
Maybe the cards were then later sold.
The processor pushed nearly £50m of it in a single year.
Extremely illegal.
And they ran it for the better part of a decade.
The processor kept depositing.
Kept raising caps.
Kept issuing fresh MIDs.
But more importantly, KEPT IGNORING.
Their own risk team flagged this qr scam merchant a long time ago.
Money laundering mentioned all over the file.
The higher ups response?
An internal doc telling staff not to disclose the "master merchant" structures.
They instructed the risk team to not disclose the shadow networks linking hundreds of MIDs, hundreds of entities, and thousands of websites as a single "master merchant".
They instructed their team to ignore all that.
In writing they told the risk team that they "should not have any knowledge of them."
They didn't miss the fraud.
The risk team did their job well and caught it.
The higher ups just documented a reason not to look.
Why?
Heres why.
By 2019, high-risk clients were 2% of the processor's workload.
But 13.6% of its gross margin.
2% of the effort.
Nearly 14% of the money.
Thats why.
They didn't want to walk away from that.
Not for fraud.
Not for money laundering.
Not for anything.
So they built a high-risk department and quietly weakened the AML checks to keep them.
You are not a merchant to a processor.
You're a line in a margin calculation.
Fee revenue on one side, liability on the other.
Chargebacks, fines, AML exposure and the odds it ends up in the press.
They run that math the day you onboard.
And every day after.
In this case it was a fraud ring laundering money at scale, and the math said protect them for a decade.
So what does that make you?
A bet.
They price you like one.
What you pay in fees against what you might cost them in chargebacks, fines, and heat.
That's the whole relationship.
The relationship is whats important, but the relationship is all about money.
Remember that the parking scam got free traffic?
No acquisition cost.
That meant their economics worked in a way they could afford a higher fee to the payment processor.
And the payment processor accepted.
Run a clean ship all you want.
It doesn't automatically buy you safety, this is why we see clean wh offers going down all the time.
It just buys you a slightly better line in the model.
But you'll still get cut the day the math flips.
They facilitated a fraud ring for a decade because it paid.
They'll drop you in a week because you didn't pay enough.
It's not ALL about how clean you are.
It's about how much you're worth with all things considered.
And with the card network monitoring programs, you've become worth less.
My point?
Maybe you should pay more, you might get treated better.