We’ve heard for years from BridgerPay founder Ran Cohen and other operators of unregulated payment gateways and payment processors that they didn’t need to adhere to any regulatory requirements. Cohen recently argued again on Facebook that only PCI regulations would apply to BridgerPay. This is simply false. In all jurisdictions, we know of, facilitating criminal activity intentionally or negligently is punishable by law for any person or organization regardless of regulatory provisions.
The Facebook Compliance Thread
In his postings on a Compliance Thread with PayRate42 and FinTelegram, Ran Cohen claims that BridgerPay would be a “self-service” payment platform that could be used by all merchants and therefore also by scammers without any further checks. Because PCI rules would not say so. In an answer to PayRate42 for compliance responsibilities, Cohen only asks to quote PCI regulations that would BridgerPay force to check their clients.
This is indeed paradisiacal conditions for cybercriminals but pretty much bypasses all legal and regulatory requirements for a company in the payment industry.
Under prevailing court rulings in the EU, payment service providers are legally responsible for their services regardless of their regulatory status and have to put measures in place to prevent illegal businesses from using their services.
A Not-Knowing Self-Service Payment Platform?
So, BridgerPay labels itself as a “self-service” payment platform. But is it really? Not exactly, here is why:
- You can only become an Enterprise Client at BridgerPay after a conversation with the onboarding team. We would call that merchant services.
- As a website operator – like scammers are – you have to
- register with personal data and website data;
- confirm the email address;
- install the BridgerPay plugin on your website and activate it via Activiation Key. BridgerPay then knows the phone number, the website, the domain and the email address.
- optional, you have to select your payment processors, which are then integrated via webhooks
- finally, you receive s phone call from the BridgerPay onboarding team within minutes after registration.
This means that all payment transactions on the website are processed via BridgerPay and can be continuously monitored for suspicious transactions. This is usually enough information to detect and shut down a scam. BridgerPay does a complete cycle of an onboarding process, doesn’t it?
Yes, We Monitor Our Merchants!
A communication participant also accuses BridgerPay that many investment scams would use it to facilitate client transactions and asks what methods BridgerPay would deploy to identify these scams. Now Cohen responds by saying that there would very well be monitoring:
Bridger as a company decided that we do not want to cater any prohibited business. And we defined it well in our website. And that is to allow us to close unwanted merchants that come in through our no touch flow and become clients, clients we do not want. We are monitoring our clients websites and closing each one we see that does not fit.Ran Cohen on Facebook (link)
So, with that, we have Cohen nailed for once. He admits that BridgerPay does have a monitoring system to weed out bad merchants. Apparently, however, BridgerPay monitoring doesn’t really work in the face of so many scam customers. This is again a sad testimony for the operator of an AI-powered payment platform.
It can of course happen that a payment processor – in whatever role – is used by scammers and remains unnoticed for a while. However, the number of scammers facilitated by BridgerPay is so absurdly high that this already suggests intent or gross negligence. BridgerPay naturally addresses the high-risk segment such as Forex, Crypto or Gambling where the boundaries to illegal activities are naturally blurred.
If you have any information about BridgerPay, please let us know through our whistleblower system, Whistle42.