A UK casino player has lifted the curtain on yet another payment setup sitting in the grey zone between regulated fintech and criminal gambling flows. Her email chain with Olky / Nun-Tech / KYCOIN describes how a Luxembourg-French “web3 payment” structure allegedly bypassed gambling and crypto blocks to send money straight into the wallet of Gamblezen, a Curaçao casino owned by Altacore N.V. If her account is accurate, which we believe it is based on the evidence, KYCOIN is not just a “utility token”, but a highly efficient payment facilitator for unlicensed gambling.
1. The whistleblower and her case
The UK player (FinTelegram knows the name) is not a passive victim. Over several weeks, she has:
- Documented KYCOIN-labelled card transactions that her bank’s fraud team later flagged as suspicious.
- Explained that gambling and crypto purchases are blocked on her NatWest account, yet KYCOIN payments still went through – implying non-gambling, non-crypto MCC codes were used.
- Shown that these transactions were in reality deposits to Gamblezen, a casino operated by Altacore N.V., licensed only in Curaçao and explicitly targeting EU players (Source: IGamingExpert).
In her emails, the UK player accuses Olky/Nun-Tech of:
- Deliberately miscoding transactions to evade card blocking (neither MCC 7995 for gambling nor 6051 for crypto, as confirmed by her bank).
- Sending funds directly to the casino’s wallet, leaving her with no real “KYCOIN account” or control over the tokens.
- Completely ignoring repeated GDPR/DSAR requests and refund demands, while obsessively flagging her negative Trustpilot reviews instead of answering her.
She escalates to Mastercard fraud, the CSSF in Luxembourg, FATF, the UK Gambling Commission, UK MPs and investigative journalists, and copies FinTelegram on the entire correspondence. Her allegation is simple:
Olky/Nun-Tech, via KYCOIN, knowingly or negligently process payments for an illegal online casino, while hiding the nature of those transactions from banks and consumers.
2. The official story: Olky, Nun-Tech, and KYCOIN
On paper, the structure looks clean and sophisticated:
- Olky Payment Service Provider SA (OlkyPay) is a Luxembourg-licensed payment institution, supervised by the CSSF and passported across the EU (Source: Olky.eu). They claim to have more than 1 million dlients.
- Nun-Tech SA is an IT / software company of the Olky Group, with a registered office in Luxembourg and a French branch in Marseille trading under the brand KYCOIN (Source: pappers.fr)
- Olky and Nun-Tech share the same registered office address in Luxembourg.
- KYCOIN (symbol “KYC”) is branded as a utility token issued by Nun-Tech to access services like OlkyPass (KYC passport) issued by Olky, bank-identity aliases, and “FIAT or crypto order routing within a network of partners” (Source: nun-tech.fr)
The Nun-Tech T&Cs describe the mechanism clearly:
- Users must acquire KYCOIN on kycoin.io, olkypass.com, or partner payment pages to access Nun-Tech services.
- Payment Orders are routed by transferring KYCOIN from the user to a “Beneficiary” who must also hold an OlkyPass.
- Once routed, OlkyPay executes the underlying fiat payment.
French central-bank guidance even cites KYCOIN as a model “utility token” whose circulation is limited to a network of AML-regulated partners (PSPs, PSANs, etc.) (Source: Banque de France).
And yet, Olky’s own marketing for KYPAY boasts that the product can be used “for all activities, even high-risk”, and allows merchants to collect cash via cards and instant transfers without a distance-selling contract (Source: Olky.eu). This positioning, combined with the tokenised routing layer, makes the system extremely attractive for offshore gambling operators.
3. How the system can be weaponised for illegal gambling
Based on the player’s detailed chronology and FinTelegram’s analysis, the alleged flow looks like this:
- Player visits Gamblezen (Altacore N.V., Curaçao). The deposit page includes a KYCOIN / Nun-Tech integration. It’s embedded page behind “Card” or “Crypto” buttons. It is not a clearly branded option in the cashier.
- Player enters card details. The merchant descriptor later shows as “KYCOIN / Nun-Tech / Olky”, not “Gamblezen”.
- The transaction passes because the MCC is not 7995 (gambling) and not 6051 (crypto) – both of which are blocked on the player’s account.
- Internally, Nun-Tech’s system records a purchase of KYCOIN and immediately routes a Payment Order to the casino’s OlkyPass/KYCOIN wallet. The player never sees or controls any KYCOIN balance (Source: nun-tech.fr).
- Gamblezen credits the player’s casino account in fiat or chips. From the bank’s perspective, the cardholder has simply bought “KYCOIN / IT services” from a Luxembourg/French tech firm – not gambled at an offshore casino.
This aligns disturbingly well with:
- Nun-Tech’s own T&Cs, which emphasise that routed payment orders are irrevocable and that Nun-Tech only “uses best efforts” to help in cases of fraud, while stressing that only the Beneficiary (here, the casino) can restore a KYCOIN balance (Source: nun-tech.fr).
- Player reports on CasinoGuru and other forums, where KYCOIN appears in connection with Curacao-licensed casinos using “wrong” MCC codes and where Nun-Tech’s reply is simply to “contact the merchant” (Source: casinoguru-it.com).
From a compliance perspective, this is exactly the “crypto-purchase disguise” pattern FinTelegram has already documented with other processors: card payments presented as token purchases on a “regulated” crypto/fintech platform, but instantly forwarded to illegal gambling schemes.
4. Behavioural red flags: silence to the victim, noise to Trustpilot
Throughout the entire email chain, one pattern stands out:
- Zero substantive response from Olky/Nun-Tech to the player’s GDPR, MCC-code and KYC questions.
- Repeated attempts to remove her Trustpilot reviews, forcing her to repost them, while she simultaneously copies regulators, Mastercard, MPs and investigative journalists.
For a group that presents itself as a highly regulated, AML-serious fintech, this behaviour is striking. A genuinely compliant PSP facing allegations of miscoded gambling/crypto transactions would normally:
- Open a structured complaint case;
- Provide at least partial information on the merchant, MCC and KYC used;
- Coordinate with its acquiring partners and, where appropriate, support chargeback or refund.
Instead, according to the emails, Olky/Nun-Tech appear to treat the issue primarily as an online-reputation problem, not a compliance incident.
5. Regulatory and compliance questions
FinTelegram’s analysis and the whistleblower’s evidence raise a series of concrete questions for supervisors and card schemes:
- MCC misclassification & card-scheme rules
- If the player’s bank correctly states that MCC 7995 and 6051 were not used, under what merchant category were KYCOIN transactions processed?
- Were these descriptors intentionally chosen to bypass responsible-gambling and crypto blocks, in breach of Mastercard rules and national consumer-protection law?
- Use of a “utility token” as a de facto payment instrument
- KYCOIN is formally restricted to a network of AML-regulated partners. How did a Curaçao casino (Altacore N.V.) – already banned or sanctioned in jurisdictions like Sweden for targeting local players – qualify as an acceptable “Beneficiary”?
- Is Nun-Tech/Olky using the “utility token” label to effectively operate a cross-border money-remittance system outside the perimeter of stricter gambling-payment regulation?
- AML / CFT and KYC procedures
- The player states she never completed a KYCOIN account registration or KYC process yet was able to transact large amounts. If true, where exactly was KYC performed – by Olky/Nun-Tech, by the casino, or not at all?
- How does Nun-Tech reconcile its AML obligations with the explicit disclaimer in its T&Cs that it has “no control” over the nature of the goods and services delivered by Beneficiaries?
- Group governance and responsibility
- Nun-Tech’s statutes show Olkyrent SA and associated individuals as shareholders, confirming it as part of the Olky Group (Source: pappers.fr).
- Who in the group (board, risk committee, compliance function) approves high-risk partners such as offshore casinos, and how is that decision documented?
- CSSF and ACPR oversight
- Given that the CSSF has already issued a warning about fraudulent activities misusing the name of Olky Payment Service Provider SA (Source: cssf.lu), what steps are being taken to ensure that Olky’s own group infrastructure is not enabling similar abuses – this time not by impostors, but allegedly by its partners?
FinTelegram does not claim that every KYCOIN transaction is illegal. But the combination of token-based routing, marketing to high-risk activities, weak response to serious complaints, and recurrent links to Curacao casinos is a textbook red-flag scenario for payment-facilitator abuse.
6. Summary table – Entities, Roles, and Links
A. Brands & entities
| Legal entity / Individual | Jurisdiction | Role in the system | Notes |
|---|---|---|---|
| Olky Payment Service Provider SA | Luxembourg (CSSF-authorised payment institution; FR branch) | Doing business as Olky (Olky.eu), executes euro payment orders routed via Nun-Tech / KYCOIN | Provides KYPAY, IBAN, card & transfer rails; positioned as “neobank for everyone” and “for all activities, even high-risk” |
| Nun-Tech SA | Luxembourg (B214016) with French branch “KYCOIN” in Marseille (annuaire-entreprises.data.gouv.fr) | Issues KYCOIN utility token and operates OlkyPass / payment-routing layer | Part of Olky Group; shareholders include Olkyrent SA and associated individuals (pappers.fr) |
| Olky Group / Nun-Tech | EU | KYC passport giving access to KYPAY, KYCOIN wallet and partner services | Required for both users and “Beneficiaries” in Nun-Tech routing model |
| Altacore N.V. | Curaçao | Offshore online casino allegedly integrated with KYCOIN deposit path | Altacore casinos have been criticised and banned in several jurisdictions for targeting local players without licences |
| Various group entities | LU/FR | Crypto-euro wallet and web3 strategy arm | 2023 article notes recruitment of Karima Lachgar to lead Olky Wallet and regulatory strategy; Nun-Tech cited as “entity of the Olky Group” (dehfi.com) |
| Karima Lachgar | Luxembourg, France | CEO of Olky Wallet / Group Head of Legal & Regulatory Strategy (Olky Group) | Key figure for group-level compliance and web3 strategy. |
7. Call for information
FinTelegram will continue to investigate the Olky / Nun-Tech / KYCOIN system and its relationships with offshore casinos such as Gamblezen (Altacore N.V.).
We invite:
- Current and former staff of Olky, Nun-Tech, or associated partners;
- Bank and card-scheme insiders familiar with KYCOIN-coded transactions;
- Players who see “KYCOIN / Nun-Tech / Olky” on their statements after deposits to online casinos;
to share information and documentation with us – securely and, if desired, anonymously – via our whistleblower platform Whistle42.com.
Cases like this show that regulated-looking fintech shells can become the perfect camouflage for illegal gambling payments. It is time regulators and card schemes take a very hard look at KYCOIN and the Olky group’s “high-risk” ambitions.
