The French Supreme Court (Cour de Cassation) has just recently firmly established the liability of payment processors like WorldPay and Seroph Holding (AlgoCharge) for facilitating unauthorized binary options schemes. As restitution payouts loom, this critical ruling sets a formidable due diligence standard that could ripple across the EU, offering renewed hope for victims pursuing institutional giants like ING‘s Payvision.
Key Findings
- Joint and Several Liability: The French Cour de Cassation confirmed that primary payment service providers (WorldPay) and their intermediaries (Seroph Holding BV) are jointly liable for victim losses when they fail in their statutory duty of vigilance.
- Ignorance is Not a Defense: Processing payments to entities on a financial regulator’s blacklist (like the French AMF) constitutes an “apparent anomaly.” Payment processors cannot claim ignorance of the unregulated nature of the merchants they serve.
- Jurisdiction in Cyber-Torts: The Court provided crucial clarification on the “location of financial loss” under the Brussels I Regulation, affirming that victims solicited in their home country can sue foreign payment processors under local law for torts and quasi-delicts.
- EU-Wide Ripple Effect: The stringent duty of care established by the French courts provides a powerful legal framework that could significantly bolster cross-border recovery actions, such as EFRI’s multi-million-euro claim against ING’s Payvision in the Netherlands.
Analysis of the French Case: WorldPay, AlgoCharge, and Seroph Holding
For years, unregulated binary options and Forex platforms (such as 50 Option, Triompheoption, and Finch Markets) wreaked havoc on European retail investors. The financial plumbing that enabled these scams relied heavily on licensed payment processors.
In the case reviewed by the Cour de Cassation, French victims wired funds to bank accounts legally held by the UK-based WorldPay AP Ltd. However, WorldPay had leased or made these accounts available to a Dutch entity named Seroph Holding BV via a “Payment Processing Agreement.” Seroph Holding BV is the corporate entity that operated as the high-risk payment processor AlgoCharge.
The Paris Court of Appeal (in 2022) and the subsequent review by the Cour de Cassation found severe compliance failures. Seroph Holding operated without the proper authorization to act as a payment service provider. Furthermore, the funds were being funneled to brokerage brands explicitly blacklisted by the French Autorité des Marchés Financiers (AMF). The courts ruled that WorldPay violated its general obligations of vigilance by failing to verify Seroph’s regulatory status and by ignoring the glaring red flags of processing transactions for blacklisted entities.
Jurisdiction and the “Location of Financial Loss” (Quasi-Delicts)
A major legal battleground in this case was jurisdiction. WorldPay, a UK entity, argued that French law should not apply and that French courts lacked jurisdiction because the victims voluntarily wired money from their local accounts to foreign-held accounts.
In its statements regarding the “location of financial loss and the applicable law in matters related to torts or quasi-delicts”, the Cour de Cassation had to interpret Article 5(3) of the Brussels I Regulation. The Court noted that purely financial damage affecting a local bank account is not, on its own, a sufficient connecting factor if the victim voluntarily transferred the funds.
However, the Court determined that the harmful event was not just the bank transfer, but the entire fraudulent solicitation mechanism. Because the unregulated brokers actively targeted and solicited the victim while he was residing in France, the tortious act was sufficiently connected to French territory. This allowed the courts to apply French consumer protection and civil liability laws against the foreign payment processors who facilitated the scam.
Hypothesis: Implications for EU Jurisdictions and EFRI vs. Payvision
Hypothesis: The Cour de Cassation’s ruling establishes a “Strict Vigilance” standard that bridges the gap between AML/KYC regulatory fines and direct civil liability to victims. This precedent will likely serve as a blueprint for courts in other EU member states, severely weakening the traditional defense used by payment processors that they are merely “neutral technological conduits.”
This is highly relevant to the ongoing legal action initiated by the European Funds Recovery Initiative (EFRI) against the Dutch payment processor Payvision and its parent company, ING Bank.
EFRI has compiled evidence that Payvision processed an estimated €131 million for massive binary options boiler rooms operated by convicted cybercriminals Uwe Lenhoff and Gal Barak (e.g., Option888, XTraderFX). Like WorldPay, Payvision allegedly provided the vital financial infrastructure for unregulated, offshore shell companies to siphon money from European consumers.
If the standards established by the French courts are mirrored in Dutch or German legal systems, Payvision’s defense will face a severe stress test. The French standard dictates that failing to identify that a sub-merchant lacks a required financial license—or ignoring regulatory warnings—is a direct breach of a processor’s duty of care. Because EU consumer protection and financial directives (like PSD2 and AMLD5) are largely harmonized, it is highly probable that Dutch courts will view Payvision’s alleged failure to conduct basic due diligence on Lenhoff and Barak’s operations as a similar “quasi-delict.” Consequently, ING/Payvision could find themselves jointly liable to compensate the victims of the boiler rooms, just as WorldPay and Seroph have been ordered to do in France.
Call to Action
The walls are closing in on the payment processors that turned a blind eye to the binary options and Forex fraud epidemic. If you are an industry insider, a former employee of a payment service provider, or a professional with knowledge of how AML, KYC, and due diligence checks were bypassed to onboard fraudulent merchants, your information is vital.
Help us hold the enablers accountable. Please share your insights and internal documents securely and anonymously via our whistleblower platform, Whistle42.
