Winnita’s Pay-by-Bank deposit flow routes player funds through an opaque chain in which the player sees neither the offshore casino operator nor the ultimate economic beneficiary. Instead, the visible payment journey runs through the anonymous gateway payment checkout.instantbankpayment.com, the regulated open-banking provider Token GmbH/Token.io, the customer bank Revolut, and the named payee Domus Payment Solutions, creating material compliance, AML, and consumer-protection concerns.
Key findings
- Winnita’s Pay-by-Bank deposit rail uses the generic gateway
checkout.instantbankpayment.com, not a clearly identified casino-branded payment page, which immediately reduces transparency for the player. - In the Revolut authorization flow, Token GmbH appears as the regulated third-party provider initiating the payment via open-banking APIs.
- In the payment review screen, the named payee is Domus Payment Solutions rather than the casino operator or disclosed gambling merchant.
- Public materials show Token GmbH/Token.io is a regulated PISP/AISP open-banking provider active in Pay-by-Bank services across Europe, including the iGaming sector.
- Public materials show Domus Payment Solutions presents itself as a payment platform and wallet provider, while external compliance-focused profiles link it to high-risk payment activity and historical regulatory questions.
- From the player’s perspective, the transaction is economically a casino deposit but operationally appears to be a transfer to a payment processor, making complaints, disputes, and forensic tracing materially harder.
- From the bank’s perspective, the visible beneficiary is the processor, not the casino merchant, which can impair risk classification, transaction monitoring, and gambling-related controls.
- Because Pay-by-Bank is an account-to-account push payment rail, players generally do not benefit from card-scheme chargeback rights, which increases the consequences of merchant opacity.
Overview
This report analyzes the Pay-by-Bank deposit rail used by the offshore casino Winnita, with a focus on the transaction chain Winnita -> InstantBankPayment -> Token GmbH -> Revolut -> Domus Payment Solutions. The evidence indicates a payment flow in which the player initiates a casino deposit, but the visible payment counterparties are a generic gateway, a regulated open-banking payment initiator, and a payment processor acting as payee rather than the underlying gambling operator.
From a compliance and consumer-protection standpoint, this structure is problematic because it obscures the identity of the ultimate merchant from both the player and, at least on the face of the payment instruction, the executing bank. This undermines transparency, complicates complaints and refunds, and may weaken the effectiveness of merchant due diligence, AML screening, and transaction monitoring across the payment chain.
Rail description
The observable Winnita Pay-by-Bank flow begins in the casino cashier and redirects the player to checkout.instantbankpayment.com, a generic payment interface that does not itself disclose the gambling merchant in the manner players would reasonably expect. The player is then redirected into a Revolut authentication and consent flow in which Revolut asks the user to authorize Token GmbH, indicating that Token is the third-party provider invoking open-banking access and payment initiation.
A subsequent review screen shows the beneficiary as Domus Payment Solutions and states that Token.io is initiating the payment. The result is a multi-layer structure in which the player’s bank account is debited for a casino deposit, but the visible beneficiary is a processor and not the casino operator or receiving merchant itself.
Condensed rail view
| Entity | Visible to player | Apparent role in Winnita rail | Compliance relevance |
|---|---|---|---|
| Winnita | Yes | Offshore casino / deposit originator | Source of the payment intent; gambling context is clear at cashier stage but disappears downstream. |
InstantBankPayment (checkout.instantbankpayment.com) | Yes | Generic checkout gateway / front-end payment router | Anonymous or minimally branded gateway design reduces merchant transparency and frustrates user understanding. |
| Token GmbH Token.io | Yes, at bank consent stage | Regulated open-banking PISP/AISP initiating the bank payment | FCA & BaFinregulated, Key regulated chokepoint; responsible for partner due diligence, governance, and risk controls proportionate to high-risk sectors. |
| Revolut | Yes | ASPSP / executing bank for the player account | Executes authenticated push payment, but may only see processor-level beneficiary data rather than the underlying casino merchant. |
| Domus Payment Solutions Domuspay.io | Yes, as payee | Named beneficiary / merchant-of-record / payment processor | Processor intermediation can mask the economic purpose and ultimate gambling merchant from players and banks. |
| Underlying casino operator / merchant | No | Ultimate economic recipient or beneficiary of casino deposit | Non-disclosure creates consumer-protection, AML, and merchant-identification concerns. |
Token GmbH
The BaFin and FCA-regulated Germen Token GmbH, commonly branded as Token.io within the group structure, is publicly presented as a regulated open-banking provider offering payment initiation and account information services across Europe and the UK. The Open Banking directory lists Token GmbH and Token.io Ltd as regulated providers, and Token.io markets itself as account-to-account payments infrastructure for PSPs, gateways, acquirers, and banks.
Token also publicly identifies iGaming as one of the verticals it serves, which is significant in the present context because Winnita’s deposit rail appears to use Token’s infrastructure as the regulated payment-initiation layer between the checkout gateway and Revolut. This does not make Token the casino merchant, but it places Token at a central compliance chokepoint in the rail.
Domus Payment Solutions
Domus Payment Solutions (Domuspay.io) appears in the Winnita rail as the named payee on the payment review screen rather than the casino operator (screenshot left). Publicly available Domus materials present the company as a payment platform, wallet, and international payments provider, while external compliance-oriented profiles describe it as a payment processor active in high-risk environments and note regulatory-history issues around its Canadian MSB status.
For the purposes of the Winnita rail, Domus is the immediate beneficiary visible to the player and likely the payment-facing entity visible to the bank. That role is highly significant because it separates the payer from the actual gambling merchant and can obstruct both consumer understanding and effective transaction classification.
Compliance analysis
Merchant opacity
The most serious issue is the disappearance of the actual merchant from the payment journey. The player begins at an offshore casino cashier and intends to fund gambling activity, yet the payment instruction presented in the banking flow identifies Domus Payment Solutions as payee and the German Token GmbH as the initiator, not the casino operator. This is a classic merchant-opacity problem: the commercial reality of the payment is not accurately reflected in the payment-facing presentation.
This creates several compliance consequences. First, it frustrates the principle that payers should understand whom they are paying and for what purpose. Second, it may impair the bank’s ability to identify the transfer as gambling-related if the beneficiary descriptor and routing logic point primarily to a processor rather than the underlying merchant. Third, it weakens auditability because the user-facing evidence chain no longer clearly ties the debit to the underlying casino operator.
Consumer protection
From the player’s perspective, the payment is functionally a casino deposit but legally and operationally resembles a transfer to a processor. That distinction matters because account-to-account open-banking payments generally do not provide the chargeback protections associated with card rails, and industry materials around Pay-by-Bank explicitly market lower chargeback exposure as a merchant benefit.
As a result, players face a particularly adverse combination of risks: no clearly disclosed gambling merchant, no intuitive route for complaint against the ultimate recipient, and limited post-transaction recourse once the push payment has been authenticated and executed. In practical terms, the player may only see “Domus Payment Solutions” on the payment screen or account record, making it difficult to contest the transaction as a casino deposit or to connect it to the offshore operator behind the gambling site.
AML and transaction monitoring
Merchant opacity also matters for AML, sanctions screening, and high-risk merchant controls. When the visible beneficiary is a processor rather than the actual gambling merchant, the payment chain may appear cleaner or less risky than the underlying economic activity justifies. This can reduce the effectiveness of customer-risk and merchant-risk models at multiple points in the chain, particularly if onboarding and monitoring focus on the direct processor relationship rather than the downstream casino portfolio.
For regulated actors such as Token and Revolut, that raises questions about how downstream merchant activity is identified, classified, and monitored where processors or gateway operators stand between the bank and the underlying offshore casino. For Domus, the issue is even more direct: acting as named payee for deposits that are economically casino transactions may amount to systematic concealment of the true merchant context from the payer and possibly from bank-side controls.
Regulatory Chokepoints
The Winnita rail demonstrates that regulated entities remain embedded in the chain even where the gambling merchant is offshore.
- Revolut is the customer-facing bank, and
- Token is the regulated PISP/AISP facilitating the initiation layer.
That means the rail is not outside supervisory reach simply because the casino is offshore; rather, the key compliance question becomes whether the regulated participants are adequately identifying and managing the downstream merchant risk.
In high-risk sectors such as offshore gambling, regulators and payment partners would reasonably ask whether onboarding, due diligence, and ongoing monitoring sufficiently identify the ultimate merchants, the jurisdictions served, the legality of the gambling offer, and the transparency of the payee information shown to end users. The evidence in the Winnita flow suggests those questions are not merely theoretical.
Comparison with other rail cases
The Winnita findings fit a broader pattern observed in other offshore casino payment-rail investigations, where processors rather than gambling operators appear as visible payees in open-banking deposit flows. FinTelegram’s 1Go Casino rail investigation documented another layered flow involving InstantBankPayment and processor intermediation, including a route in which Domus Payment Solutions appeared as payee rather than the casino operator. That recurrence strengthens the inference that processor-level payee substitution is a systematic feature rather than an isolated technical artifact.
Read our 1Go casino rail analysis here.
Conclusions
The Winnita Pay-by-Bank rail is not merely a neutral payment architecture. It is an opaque, processor-mediated structure in which the player initiates a casino deposit but is shown neither the ultimate merchant nor, apparently, the true gambling beneficiary in the bank payment flow. That opacity creates material consumer-protection harm, weakens payment transparency, complicates complaints and recovery efforts, and raises significant AML and merchant-monitoring questions for every regulated participant in the chain.
The central compliance consequence is straightforward: when the visible payee is a processor such as Domus Payment Solutions instead of the actual casino merchant, both the payer and the executing bank lose sight of the true economic counterparty. In a high-risk sector such as offshore gambling, that is a serious red flag because it can conceal merchant identity, impair risk controls, and deprive players of meaningful post-transaction remedies.
Call for information
Players, insiders, payment professionals, and counterparties with knowledge of Winnita or similar offshore casino rails are encouraged to submit additional material to FinTelegram via the Whistle42 whistleblower platform. Relevant evidence includes payment confirmations, bank statements, screenshots of deposit and payout flows, merchant descriptors, support correspondence, KYC or onboarding documents, and any records showing which processor or beneficiary actually received the funds.
