FinTelegram’s PlatinCasino test reveals a “bank transfer” deposit flow that is, in substance, a fiat-to-crypto purchase executed via Bitcan Sp. z o.o. and ARI10’s gateway stack (including gatewaycpay.com and aripayments.com). The UX is likely to mislead players while routing stablecoins directly to a merchant wallet—turning regulated bank rails into a high-risk casino funding pipeline.
Key points
- What users see: “Bank Transfer” on a casino deposit page.
- What actually happens (per gateway screen): user buys USDC (or comparable stablecoin) and funds are forwarded to a designated wallet (merchant).
- Who appears in the flow: Bitcan Sp. z o.o. (Poland) as data controller/processor + ARI10 legal docs and product pages (ARI10/ARIPayments) (Source: ari10.com).
- Traffic intelligence: Semrush indicates gatewayapay.com → aripayments.com is a dominant referral route; gatewayapay.com itself receives notable traffic from vavada.com—suggesting reuse of the same rail for other gambling brands (Source: Stack Overflow).
- Regulatory reality check: Poland’s “Register of Virtual Currency Activities” is a registration, not a licence/authorization; it does not equate to prudential supervision (Source: slaskie.kas.gov.pl).
- MiCA angle: EU CASP rules apply, with transitional/grandfathering mechanics depending on member state implementation—this makes cross-border compliance posture and partner due diligence critical (Source: esma.europa.eu).
Read our PlatinCasino report here.
What we can evidence from the PlatinCasino deposit flow
- Gateway handoff: Selecting “Bank Transfer” on PlatinCasino launches a payment window hosted on gatewaycpay.com (bank picker + “check the data” step).
- Bitcan named as the processor: The consent text explicitly references “Bitcan sp. z o.o.” as the entity processing personal data.
- Crypto purchase disclosure (small print): The same screen states the user is buying USDC for the fiat amount and that funds will be transferred to a specified wallet (merchant destination).
- ARI10 legal documents used: “Terms & Conditions” links route to ari10.com (Gateway service T&Cs), indicating an integrated product stack under ARI10 branding (Source: ari10.com).
- Redirect stage: After confirmation, the flow redirects to aripayments.com/t/… with a “Redirecting to payment page…” screen (Polish-language page prompt visible). This strongly suggests tokenized, session-based funnel links rather than a “public” landing page.
Interpretation: The casino “bank transfer” is operationally an on-ramp purchase: user’s bank transfer funds the on-ramp; the on-ramp releases stablecoins to the casino wallet. That’s a classic “conversion chokepoint” in FinTelegram 2.0 terms: fiat rail → on-ramp → stablecoin → merchant wallet.
Who/what is ARI10?
- ARI10 Sp. z o.o. (Poland, Poznań) is presented as a crypto-asset service provider offering an exchange, on-ramp gateway, and crypto payment gateway (Source: ari10.com).
- Bitcan Sp. z o.o. (Poland, Poznań) is shown in ARI10’s legal footer as the entity in Poland’s Register of Virtual Currency Activities (RDWW-227) (Source: slaskie.kas.gov.pl).
- Founders / leadership (per ARI10): Mateusz Kara (CEO & co-founder), Artur Pszczółkowski (co-founder), Piotr Bień (co-founder), Izabela Mazur (COO) (Source: ari10.com)
- Ownership signal (open registry view): rejestr.io indicates ARI10’s shareholding includes family foundations, and Bitcan’s shareholder chain points back to ARI10 (Source: Rejestr.io).
Traffic intelligence: why gatewayapay.com matters
Your operational observation (gatewayapay.com feeding aripayments.com) aligns with Semrush “traffic journey” style indicators:
- aripayments.com: Semrush shows gatewayapay.com as a top referrer and gatewaycpay.com also materially present, consistent with “gateway → ARIPayments” funnels. (Source: community.cloudflare.com).
- gatewayapay.com: Semrush shows inbound traffic from vavada.com and outbound destinations including aripayments.com and litpay.pl, which is consistent with a deposit/checkout hop chain (Source: Stack Overflow).
Compliance interpretation: Even if gatewayapay.com’s operator is obscured, it functions as a routing layer into a regulated-sensitive activity (fiat→crypto conversion) and should be treated as a high-risk gateway node.
Compliance assessment (FinTelegram view)
1) Consumer deception/transparency risk
Labeling this as “Bank Transfer” while the gateway itself frames it as buying stablecoins and sending them to a designated wallet creates a high likelihood of consumer misunderstanding—particularly where the disclosure appears as small print in a checkout step.
2) AML/CTF and illicit-gambling exposure
On-ramps are a first-line AML chokepoint. If the downstream merchant is an offshore casino accessible without meaningful KYC, the on-ramp faces elevated exposure to:
- gambling payments laundering,
- chargeback/complaint patterns,
- sanctions/geoblock evasion,
- “layering” via stablecoins after fiat entry.
Bitcan’s own materials acknowledge AML/KYC obligations for crypto exchange activity, but the core risk is merchant and funnel due diligence (who is being funded and how the flow is marketed) (Source: bitcan.pl).
3) “Registration ≠ authorization” (Poland)
Poland’s virtual currency activity register is not a “license.” It is a registration regime; this nuance matters for counterparties and banks that may assume “regulated” equals “authorized” in the prudential sense.
4) MiCA readiness and cross-border posture
MiCA’s CASP regime raises the bar for governance, conduct, and operational controls across the EU, with transitional mechanisms. For a gateway stack visibly used across borders (Italian banks shown in your test flow), the compliance question is not theoretical: who is the regulated perimeter entity, and which partners provide any PSD2/open-banking components (if any)?
Compliance conclusion
ARI10/Bitcan appear to operate a scalable on-ramp + gateway stack (ARIPayments, gatewaycpay, and likely additional gateway front-doors) that can be embedded into offshore casino deposit UX. In the PlatinCasino case, the design effectively turns a “bank transfer” into a crypto purchase and stablecoin delivery to the casino wallet, while presenting limited upfront clarity.
This makes ARI10/Bitcan a priority chokepoint for:
- banks (monitoring inbound transfers to on-ramp beneficiaries),
- regulators (high-risk merchant controls; misleading payment presentation),
- payment compliance teams (merchant category policy enforcement),
- and investigators (wallet attribution + gateway domain ownership mapping).
Summary Table
| Brand / Product | Domain(s) | Legal entity (published / observed) | Jurisdiction | Role in the rail | Key individuals (published) | Transparency / risk notes |
|---|---|---|---|---|---|---|
| PlatinCasino (merchant use-case) | platincasino.com | Latiform B.V. (operator, per your case file) | Curaçao | Offshore casino receiving value via stablecoin rail | — | Deposit UX labels “Bank Transfer”; gateway indicates crypto purchase + wallet delivery |
| ARI10 (group brand) | ari10.com, exchange.ari10.com | ARI10 Sp. z o.o. | Poland (Poznań) | Crypto exchange + gateway/on-ramp product stack | Mateusz Kara (CEO), Artur Pszczółkowski (Co-founder), Piotr Bień (Co-founder), Izabela Mazur (COO) | Legal docs and product pages used inside payment funnel |
| ARIPayments (product) | aripayments.com | Presented as ARI10 product stack | Poland (group) | Redirect / funnel stage to execute payment flow | — | Tokenized /t/ URLs observed; not a typical public landing page |
| Bitcan (processor named in checkout) | bitcan.pl | Bitcan Sp. z o.o. (RDWW-227 per ARI10 footer) | Poland | Data processing + fiat→crypto conversion (per checkout language) | (See ARI10 leadership list above) | Registration in Polish VASP register ≠ prudential license; high-risk merchant exposure |
| Gateway front-door (PlatinCasino) | gatewaycpay.com | Not clearly disclosed on-page (gateway UI references Bitcan + ARI10 docs) | Unknown | Bank selection + consent + checkout step | Unknown | Key “domain hop” that reduces end-user transparency |
| Gateway front-door (other casinos indicated) | gatewayapay.com | Unknown / obscured | Unknown | Referral hop into ARIPayments (per traffic intelligence) | Unknown | Appears to route users from vavada.com to ARIPayments; requires ownership mapping |
| Vavada (indicated casino integration) | vavada.com | Unknown (not assessed in this report) | Unknown | Traffic source into gatewayapay.com | — | Included as “indicated” based on traffic journey signals |
Rail Map Mini
| Flow | Step | User-facing label | Domain hop | Operator (known / suspected) | Function | Confidence |
|---|---|---|---|---|---|---|
| PlatinCasino | 1 | Deposit → “Bank Transfer” | platincasino.com | Latiform B.V. (operator) | Initiates deposit method | Confirmed (screenshots) |
| PlatinCasino | 2 | Bank selection | gatewaycpay.com/gateway/…/select | Gateway UI; Bitcan referenced later | Select bank / country | Confirmed (screenshots) |
| PlatinCasino | 3 | “Check the data” + consent | gatewaycpay.com/gateway/… | Bitcan Sp. z o.o. named in consent | Consent + disclosure of crypto purchase; wallet transfer described | Confirmed (screenshots) |
| PlatinCasino | 4 | T&Cs / Privacy links | ari10.com (Gateway T&Cs) | ARI10 Sp. z o.o. | Legal docs for gateway service | Confirmed (screenshots) |
| PlatinCasino | 5 | Redirect | aripayments.com/t/… | ARI10 product stack | Redirect layer to payment page | Confirmed (screenshots) |
| PlatinCasino | 6 | Execute payment | User’s bank domain (varies) | Bank | User authorizes transfer; funds go to on-ramp flow | Corroborated (flow logic) |
| PlatinCasino | 7 | Stablecoin delivery | On-chain transfer to merchant wallet | Destination wallet (merchant) | Funds released to a designated wallet (per checkout text) | Confirmed (checkout text); on-chain verification pending |
| Vavada (indicated) | 1 | Deposit journey | vavada.com → gatewayapay.com | Unknown | Traffic indicates gateway front-door | Indicated (traffic intelligence) |
| Vavada (indicated) | 2 | On-ramp layer | gatewayapay.com → aripayments.com | Unknown → ARI10 stack | Routes user into ARIPayments rail | Indicated (traffic intelligence) |
Call for Information (Whistle42)
Are you a player, payments insider, bank compliance officer, or former employee/contractor with insight into ARI10/Bitcan/ARIPayments, gatewaycpay.com, gatewayapay.com, or casino integrations using “bank transfer” as a wrapper for crypto on-ramps? Submit documentation, descriptors, wallet addresses, or internal policies securely via Whistle42.
