Following our Feb 19, 2026 compliance report on Zentoria Limited and the NovaForge casino network (Robycasino/Spinsy), a whistleblower has provided email documentation indicating that the card billing descriptor “Spinsopotamia.com” is connected to xpate (xpate.com) — a payment services / e-money firm that states it is authorised by the UK Financial Conduct Authority (FCA) as an Electronic Money Institution (EMI).
If accurate, this is a meaningful escalation: it suggests the “clean EU/UK-facing descriptor layer” described in our original report may be supported by an FCA-regulated payments perimeter, raising immediate questions around merchant onboarding, gambling exposure controls, card scheme monitoring, and transaction laundering red flags.
Key Findings
- Whistleblower attribution: The whistleblower concluded that the descriptor “Spinsopotamia.com” belongs to xpate and relates to card deposits into Robycasino.com. Xpate Email Communication
- xpate response (documented): xpate support described xpate as a “payment processing technology provider,” stated it is generally unable to resolve claims directly, and said it “exceptionally forwarded” the matter to the “relevant merchant.”
- Original structure remains consistent: Our Feb 19 reporting connected Robycasino deposits to the descriptor “Spinsopotamia.com Dublin” and to Zentoria Limited as the Irish-facing entity in the scheme.
- Regulatory perimeter indicated: xpate’s public disclosures state xpate Ltd is authorised by the FCA (FRN shown on xpate’s site) to issue e-money and provide payment services; and xpate also references an EEA entity (xpate SIA) licensed in Latvia.
Compliance Analysis: What This Update Changes
In our original report, we described Zentoria Limited as the Trojan Horse payment layer: a seemingly legitimate, EU-anchored merchant identity (Spinsopotamia) used to route deposits for offshore casino brands (e.g., Robycasino) while avoiding bank/card-issuer gambling blocks.
Read our reports on Zentoria here.
The whistleblower documentation now adds a possible upstream payments node:
- The whistleblower contacted xpate seeking recovery of funds tied to “Spinsopotamia.com” charges and received a reply indicating xpate forwarded the complaint to the relevant merchant for review.
- This language is consistent with a scenario where xpate is embedded in the processing chain (e.g., as a PSP, facilitator, or platform providing payment rails/merchant services), while the “merchant of record” (or underlying merchant) is treated as a separate party.
Why this matters from a compliance standpoint:
If “Spinsopotamia.com” is indeed routed via an FCA-regulated EMI environment, then the expected control set is materially higher: KYC/KYB on the merchant, gambling policy enforcement, monitoring for MCC/descriptor manipulation, chargeback patterns, and high-risk merchant review (especially where the underlying service is unlicensed offshore gambling in multiple jurisdictions).
The “Facade Casino” Strategy (Revisited With xpate in the Chain)
Acquiring banks and card networks rely heavily on merchant identity signals (descriptor, website, category/MCC, jurisdiction, onboarding narrative) to detect and block illegal or high-risk gambling flows. The method described in our Feb 19 report remains the core pattern:
- a “front” domain/descriptor (Spinsopotamia)
- connected behind the scenes to offshore brands (e.g., Robycasino)
The whistleblower emails strengthen the hypothesis that the scheme is not “just a domain trick,” but potentially a multi-party payment stack in which a regulated payments firm may be providing services to a merchant entity that is linked to, or used by, the offshore casino network.
Read our reports on Novaforge here.
How the Bait-and-Switch Works (Operational View)
The transaction pattern described by FinTelegram remains the same, now with an added processing hypothesis:
- A player deposits funds at Robycasino.com.
- The card charge appears as “Spinsopotamia.com Dublin” on the statement (the “clean” facade).
- The whistleblower asserts the descriptor belongs to xpate, and xpate’s support acknowledges involvement by escalating the case to the “relevant merchant.” Xpate Email Communication
- The issuing bank approves a charge that does not obviously present as an offshore casino deposit.
This is precisely the compliance blind spot that enables transaction laundering: the bank’s decisioning engine “sees” a benign-looking merchant identity while funds are ultimately used for restricted activity.
Evidence Note: What the Whistleblower Documentation Shows
Based on the uploaded email thread:
- The whistleblower lists multiple card transactions in Dec 2025 showing “spinsopotamia.com Dublin” (20–30 EUR amounts) and states the real recipient is Robycasino.com.
- In a response dated Feb 20, 2026, xpate support states xpate is not the direct provider of the goods/services and advises the cardholder to contact the merchant / card-issuing bank, while noting the complaint was forwarded to the relevant merchant “as an exception.”
- In a follow-up dated Feb 23, 2026, the whistleblower tells xpate no merchant contact/refund had occurred and urges xpate to take action, referencing FinTelegram’s reporting on Zentoria/NovaForge.
This documentation does not by itself prove the full acquiring chain — but it is credible signal evidence that xpate is operationally close enough to the merchant setup to route escalation to the underlying party.
Summary Data: Updated Nodes
| Category | Details |
|---|---|
| Suspected Front Descriptor | Spinsopotamia.com / “Spinsopotamia.com Dublin” |
| Irish-Facing Entity (per original report) | Zentoria Limited (Ireland) |
| Offshore Casino Brand | Robycasino.com (NovaForge network) |
| Newly Identified PSP Node (whistleblower claim) | xpate (xpate.com) (Source: Xpate Email Communication) |
| Regulatory Perimeter (public disclosure) | xpate states FCA authorisation for xpate Ltd (UK) and an EEA EMI licence for xpate SIA (Latvia). |
Actionable Compliance Insight
For regulators, card schemes, and banking compliance teams, the immediate next steps are straightforward:
- Merchant KYB review: Identify the legal merchant entity behind “Spinsopotamia.com” and any links to Zentoria Limited and/or NovaForge brands.
- Descriptor/MCC integrity check: Review whether the merchant category, descriptor, and website content accurately describe the underlying activity (and whether they mask gambling).
- Chargeback/fraud monitoring: Map chargeback ratios and complaint volumes tied to “Spinsopotamia.com” descriptors.
- Jurisdictional gambling exposure controls: If underlying activity targets EU/UK consumers without local gambling licences, this should trigger high-risk merchant remediation (restriction/termination) and SAR/STR assessment, depending on the facts and the jurisdiction.
Call for Whistleblowers: Help Us Complete the Rail Map
FinTelegram is expanding its dossier on Zentoria Limited, the NovaForge casino network, and the newly indicated xpate payment node.
If you have:
- card/bank statements showing Spinsopotamia, Zentoria, Robycasino, or other NovaForge-related descriptors,
- onboarding emails, checkout screenshots, payment pages, or merchant receipts,
- insider knowledge of which acquirer/processor is enabling these rails,
please submit securely via Whistle42.
